discordrat | 295cd12d448a0960ae0b2502505bfb0c23b11b651a28ff92f5c04c18712c787f

Resubmissions

08-04-2024 09:27

240408-le461adh44 10

08-04-2024 09:27

08-04-2024 09:27

08-04-2024 09:22

08-04-2024 09:04

08-04-2024 09:03

08-04-2024 08:59

Analysis

max time kernel
541s
max time network
545s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
08-04-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

ad8199a07ecbffb2b61f1866d7a32fab
SHA1

9fef07bdbc58f57a0dc118fcabf255abbb74cec4
SHA256

295cd12d448a0960ae0b2502505bfb0c23b11b651a28ff92f5c04c18712c787f
SHA512

517440347557ad4e3cae8f53df037ba37afa56bf59ec413d08ec70794daf1dd629e6eba302bbe1461368c00981eeeb899c209ad94aba8785a9173484dfbdb39d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyNjc5NDI2OTc0Mjk4OTM1Mg.GGcfSn.O22YiEnqD05TMhl029CMEeHyqw41ZN4YIb_np8
server_id
908750895850872873

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 22 IoCs

Web Service

T1102

flow	ioc
50	discord.com
60	discord.com
63	discord.com
3	discord.com
46	discord.com
51	discord.com
1	discord.com
5	discord.com
22	discord.com
43	discord.com
44	discord.com
55	discord.com
57	discord.com
61	discord.com
12	discord.com
13	discord.com
83	discord.com
84	discord.com
64	discord.com
81	discord.com
45	discord.com
56	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2772	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1016	msedge.exe
1016	msedge.exe
5108	msedge.exe
5108	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
944	identity_helper.exe
944	identity_helper.exe
5724	msedge.exe
5724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	3828	Client-built.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: SeDebugPrivilege	6044	whoami.exe
Token: SeDebugPrivilege	2192	firefox.exe
Token: 33	4212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4212	AUDIODG.EXE
Token: SeShutdownPrivilege	3828	Client-built.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
2192	firefox.exe
2192	firefox.exe
2192	firefox.exe
2192	firefox.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2192	firefox.exe
2192	firefox.exe
2192	firefox.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2192	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2576 wrote to memory of 2192	2576	firefox.exe	84
PID 2192 wrote to memory of 2568	2192	firefox.exe	85
PID 2192 wrote to memory of 2568	2192	firefox.exe	85
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 1628	2192	firefox.exe	86
PID 2192 wrote to memory of 2464	2192	firefox.exe	87
PID 2192 wrote to memory of 2464	2192	firefox.exe	87
PID 2192 wrote to memory of 2464	2192	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3828
- C:\Windows\SYSTEM32\SCHTASKS.exe
  "SCHTASKS.exe" /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I
  2⤵
  PID:5740
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C whoami
  2⤵
  PID:5996
- - C:\Windows\system32\whoami.exe
    whoami
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youareanidiot.cc/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9986a3cb8,0x7ff9986a3cc8,0x7ff9986a3cd8
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
    3⤵
    PID:3056
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4940 /prefetch:8
    3⤵
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:3048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
    3⤵
    PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:2452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16585518581165037833,3747085655971089017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:4612

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\WatchMeasure.xltm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.0.1814244378\133817309" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1772 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4eb6f4d-0a42-479a-8a7b-0411cb89f876} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 1872 1aeabef5e58 gpu
    3⤵
    PID:2568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.1.1109660727\252144352" -parentBuildID 20221007134813 -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcdd9f0-7de3-4d6f-ab39-41bb5fb3492e} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 2248 1aeabe0a558 socket
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.2.53598008\38348682" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf09f653-07d3-4b4c-817c-a78490223099} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 2976 1aeb11a8358 tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.3.120158419\201764339" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bf13c1-6545-4dd3-8282-37402a70f1f7} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 3464 1aeb1298958 tab
    3⤵
    PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.4.1954065300\1622566259" -childID 3 -isForBrowser -prefsHandle 4528 -prefMapHandle 4524 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e56a70c-d2ed-4bda-b5d2-a88f1553aff3} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 4540 1aeb2f13858 tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.5.530382240\834648709" -childID 4 -isForBrowser -prefsHandle 4548 -prefMapHandle 5044 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56aeb374-f438-485d-854f-3843b936e49a} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 5064 1aeb2f13e58 tab
    3⤵
    PID:3380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.6.1892567115\1405745289" -childID 5 -isForBrowser -prefsHandle 5140 -prefMapHandle 5144 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec96f6f-ff60-4c76-8c23-c6b06748d35e} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 5132 1aeb34a3858 tab
    3⤵
    PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.7.1316887288\1886329416" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba0677b-e585-4fb8-a175-c040ff149529} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 5324 1aeb34a1458 tab
    3⤵
    PID:2948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\DisableBackup.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9986a3cb8,0x7ff9986a3cc8,0x7ff9986a3cd8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14852575074639925918,2967814921463647412,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14852575074639925918,2967814921463647412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14852575074639925918,2967814921463647412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14852575074639925918,2967814921463647412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14852575074639925918,2967814921463647412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
6f23d7f17f29589539de0e265a415ff4

SHA1
f29416849b73b6d0e6dd8825d3d135c5146ee8c7

SHA256
e6d2ca3504df7819cd9d1f7e37e034e84492a3010c8d9d3cf0b3333353c52571

SHA512
79cfe474c0d41e06bcb6868036622a12389fda9041ba7ca4c8c8a4356de34645707751163a6c1242d9cd045b52fb5ade2ecf0cdf244a742aa57f886ca06e4e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
cd3254d068233e8e974321dffccd9f20

SHA1
d7567499249cfde1b9cf47367abe45aa81c4e2b5

SHA256
5a48466166f9eb55d2ab90c8aa9641bbc3d64793b3b3096e852d63da41bfd148

SHA512
8a770f2f23e6197508c4b361d227a033ac5da20f8f7061ebf5024df96672eb04f02a6e8b94e56c9551d8bb58b8ee9b3f328268a3409bb931f89d7383e1ead7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
80bf9241653b7e063015dd846718e941

SHA1
57ea54e76f8927801a7b6d8cda1e06906eb4526e

SHA256
d78ec956adaf325a565b49a789a92bdd5448a906054f2e1b117d9557b6d46f81

SHA512
a13d2c848ba0223a2587d5634f80383f95e273ae9fe76f356f78d40bccfbe7d806236cc3f6b0dc5dbab6e3b2ba4e2d82a97c076045fb0fa489429dd9e9e08daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6dd5dc366fab0df47918251462758224

SHA1
56defcc7e06ad7130943d7beca1e545532e6f105

SHA256
bd52615e4c9cba284b3ff51d2aaf7c4d7439bcb4ff665b8f33a7d5545b8ea1dd

SHA512
06f2e62a9e15662ba166474f72a75afb70f1cc3754fedcb42496389c448f3051b9290f35cab07eb72a42c7c1e9757eb393180a7646026393e187c8e48d28db36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
d157d6b1bbd428efe1e203f53714037d

SHA1
6288708d20ef9bce68be400db2a0e7a2e41cbcca

SHA256
fdb69fe8606512f940f7120068427868c9a0c9e5bba0b0701407ecc46ee74f48

SHA512
e5714c610e025af12fa181fbe19987059c1b2b517ba7d91f045d1ea0bf49a3372e5f2d477fd561ceb06fc3a293cbd322943e6cb43811a85a02281765bdbca218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
522B

MD5
37b552e018f5f4ff3742166825d6dc91

SHA1
7db6f50ee52f33c942a682031493653f21508a25

SHA256
45770babdd96fcc53df36b2972bd9f7821c56d80c2c487836abe11ec66bfe488

SHA512
d42fc9b6105a440357f7eeb92b81920e869115d70e3f1cc76b69bc1afaf5d743877bb15bbb4220a89ba59d9baf6ccf4c3f2dd4b1a7b9e1b0b1bc2c6890a3b9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
f3995502e91c9bab309c80c294db3a74

SHA1
8b0d375f3739d73c13fa4479e48d0e85af705fc3

SHA256
edcfa88952642e7b11c806175c10a72b5993f00d9c8a0f38295fc3b8a8ecad64

SHA512
cc6c906d69aa4d469a1d4915a103b88aa273ebb2b08f04908be4208332fc33ecd2683fd48558427c45106ff34ba6873a09b405fad885001b02c27f69e5608a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
e9973a4a3836c6d819e113294eb06a2d

SHA1
509df2e7c877137f7e0ff3460006ff90061f3160

SHA256
03e7a788f2a07f07308655a71f9887df58c18fed8b330398e8e2a48cd9cf3b49

SHA512
d6a9b861bc5d364e67cb918366960b4c9887429ee285afb283a32a4c0429f73ddb567640e17c89ab286997ff2c1bfbc60a1918adaf77f555515cdd07c3002163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
b88f247eb29ab18ceefffcc93358b1df

SHA1
7695a17a01bf978f93603de7349ca8e52bec87c4

SHA256
5a36b6618062d5914e152044e662f742f99f433655d106e7e59d2b005d5702c3

SHA512
82ec3d18f129fd6d8691c7890ce7268b8211b1b21486e37dc43bb9000ceb29f79f429c0c9a933d0356a415823f53502ab08c5eb2af4fae272b337b31ec70e558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2353c797f53e0be7f652980d72d72151

SHA1
f3176788a1469f568b24f1638867cb90cc8b4ef6

SHA256
550f044603816aa449b53afdd0156c1c163fea24f8a05354cc3a5574087e255d

SHA512
93a3ec09c325474b9a0bb4557208de85948af3ba904e5217733d49f677374a1835268f1c75edf6f2e2b40015ec15dfb66d260489f6fc08dba80b89ae0bc03a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79e0558fe7662597186fff2a949a9ff3

SHA1
e9d715bddd26c272835049ddd98647543eb65a58

SHA256
890923396d37b247b72b136ae3ae8c51d9c44b4f9d4c84741cd5e53e54a17958

SHA512
c49f5b419cfaad57a91491687c6b5f84aadd78fcc9da3e6a35b8881c83aef2eac314ea31e54e5e67d81d112e121c65f5c1c0a65160b6b207a72ee9ca9f162368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96852f35219ce8046d067e3ca8162f4c

SHA1
47c2d5a45fd3c1f5893bbe080d5d8da398e08053

SHA256
a8b97e40ce605bc4a3223f2375f89573d47d07d8744017f448fb1861e35f649c

SHA512
1c6404c46a4e053e55eac9946cf02fd8edce5ee36b25d002cc729628b6c91207eed5811a16ebc8f230bc97238986a1484a22ea505a0e340bcd7b99e03f4db29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0778b6b1811e3c361aca91dc6610290e

SHA1
ad5fdd1908b0d9f638b074b66548ce1c47cd670d

SHA256
06339a2ebe2a79200435ff269903a3f997fd230691fcacc6dc9626796f3d4348

SHA512
0490d11845f40cd43b3cd94629f41697f0794ef9786fe38cac85a098dcb716d9016bcbb3c7e6836c1e3898515e57812e1a9d4b50b6261ecc791cf9cd37b8abdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf46b723050a4153fe921a324c88721c

SHA1
93b302522bcf84b8d6180d35c7515bee830678fb

SHA256
477394ce3087f831ad73f7a444ca11a13772226a99f339fc835d9e694c1c7720

SHA512
17d983337888e1e6acd897da33173fc686275779cc3c40ee28ccbc3457657854eee590cab03196926eec5c06a301207b2f66c0e0dfde61cda3713df7774b0b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
2b011ec182b052021807da92f2975787

SHA1
65322e8d4a0bb1f5492f2e9191ee0a745c1accc3

SHA256
4bc7b3f869955057c1612823e6bae4f83e84937dade4b6a5f9441138555853c3

SHA512
1902e82a6527051f0b69cac04e91e2619b06c330e1d9cee5822f77a8b3862eb87c986274c00f86856d0d772cf514e614cdd3f3d007710f5cfcd8b97770ae5c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357040957496439

Filesize
1KB

MD5
dc3526f80a76b5c39e30fbc148fc64b5

SHA1
4d5ad4de13003ebb54ea0d729f0029dea78980e9

SHA256
885a0035acd0ddd51ecfb55a48aeee75728eef19477d34fbc9f7fb8f35ad2082

SHA512
d06f21e266b317a27ec9833819927e313e18e48695ca9630a0d6053d1e5f24708941f73dcf3049038f973ba604741dc26e5069ae3b041dea33fe776fb63b37cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357040957583439

Filesize
1KB

MD5
66545daca8c53bfc3bad595ef20324e2

SHA1
ad5647036a4bc31e1b2012e664b36682b8a7ebb7

SHA256
0eda4387956305c9fc45c211cb89e2a0d141332195cb9a9c8b98cc81d782a060

SHA512
d736b4ad5fcaf3670b3b62e8e41e25a5bf34f6fb5505866be69479226e72d8fc4820308cbac30ec8e8b614ef18f7194ce3a0c03b62c3e34cbc45fc2463a6d006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
06f6688e5b046ccad56526577b0ac0e3

SHA1
96208116be9ffeb4f935172aa250bba987a60442

SHA256
187abff4a7a9033a2fe3420016ee037576229d1de6b96c6a8032ce321d48d47f

SHA512
78a2a154eab20407c916ed2d5e042a3e5c828070d6ec038f2f88d22ec1fb99a8eeed0ad640be16f02d5c03699f8b41af9062e12dd9eb258bab3cd1861d7906a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c5b508e9d50f8fc4e64abba22b438792

SHA1
088860e38220f9239d0f4f88b27f6c53798870f6

SHA256
f678012e8313dd424d4bc95ae9a9a826d23aca1409fa0311a6fc33906089e024

SHA512
92b6b8d0fe8f939fd2284dbe42e399d35a568e9ff4468cc59d00b837a9af07199a5a8e26adaebadb35d2e381bcbe95b794959a4e4de34748f1a2714da44745b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
544aa281a721dc77161bdcdf6bce5b9f

SHA1
086a2303b87f93101fd9a1ad063c7d8f2fe39e26

SHA256
cc3003ab3e29408fdf1b7fab5049336021158cfca0ac392dbd5b58819e8a736f

SHA512
0a692c4784af80579d22d9befecc60999fb6a36acba54e1a2e0bcd3d4ee3a2c9fea4b2ee34baad3186b47456169d4389ad751a1594a22fd1cb3cda2ed049be80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
85bb33fc9399ff66599096a4a5866a51

SHA1
2a14a0631e078d88a74a59cba235283514b4bd0d

SHA256
58dbe200080b2a3a0bc473076d44985afaa1d16a994100b81633047719a6af3b

SHA512
e81bad743f162aa0abc16cb37be211d80cb2937f2f3b2b737db6385d778f8b22d0eb252cb40412a048b916ee589734f01bb29f8125206b4916d20e166981205d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
9045c674f433432af3765a38cacf074d

SHA1
3ce564376a4ca9101ec484ae1d072686cbfed3fa

SHA256
416c3ee753cb2e8e948f41c6c7cfa3c7fc678d5a9bfc6399e05e4fc5e6cad40e

SHA512
c360e50eaf76e55486fa81b15544abb841018c5d645b39e836fa7feb9ca92e0438ae078d3a5afda69b4a6179e1ee7d6eacca63f44959c7da8013ac3118350e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7aacaa6fb23794d675b5208fadd005be

SHA1
d34150644079e160e37ae053a23d80eab39a922e

SHA256
146b4b5d8482ea3a95153292e728c48f3ed20a88d91dba81b1877205a8a5ff75

SHA512
dd07832c67e0e7a6156d3c35962d7472b8a123fa980c4d07bff57ad7ce2bb71388dfa3fb35fd98f513a8a17fc89b6dcf731dc2fe47aee6fba12fb82bea6b92a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
cf47fed48d735df2240661452088efc6

SHA1
5be1bd9ddadbac40592a9c80bcedc98c090e6106

SHA256
db17a8d01112fa165c4acd08f1eda5e25a73e7dcfc95fa91a88b1d2419869bd4

SHA512
0d856231430dc153b09366f83219189470bc1b4bd5ddbfe88748fb6470707671e806d11d528e1c60c77316549029c4d055d72aa7cec7cef66739b872c0186960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
8d21889c4abcdcb95ef127d3c027cf7c

SHA1
a02998336dd57ede359302bf5e4e9b043e422684

SHA256
57328f89396492b0a411447ef45e61cccab4b601f1c2b0550152598c56dabe1e

SHA512
89924c4cff145d38da84462c65152dfb834c5dbf43fbfd413c457d8a29032fe0ca1bfdb8b32eb791496ccaaf67dca2618928e6d1880da5fb441f87951fc0bad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22dda15d91f95cc703f9537c35ba832c

SHA1
f3bd6cd97a1fe5851e4c7db3a186d18bda30d8a6

SHA256
263826a8074ddf330e57b2cf88f11811c28a1d9dbabf249d1b99ec4f77c32507

SHA512
6319905e25a81dccb88ae1b8978a6e3f7fef1efc81a942d0c80c8e133b0b81922b388653d7fe0ebf5473401a0386659994c269d5c527925d0d238e82437a2b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf48742cb470ee1a687e9110f043145c

SHA1
d81329913097a2bb1130590e56ea399d74e824ce

SHA256
a2c671cb326978eae72bbcf7813ad53014193d5c34d5613f50b442d1acf7d4bb

SHA512
ef0bf178c614cf9d53c240668bc32fa51320ad291bc8832ea14cb873fe14efff5ee5f3b4dc77a2ae78da06b92cc34a62b25192665a69ceff4782655d5b7417ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
91f201466b96fd303ff8aa3f7cedfdf3

SHA1
e5b4ef08fb4d62da833dacd3ea87a6d792d5ca68

SHA256
ade97908779bd55c355bf52d2bdbd302f8bc7288808aeb9bd8b2e6b8a2bb51e2

SHA512
72287caf33e0d1daba9b2723605a493a92a97de416f86630d49812f875b237245a841176dd0db32840f9e37a08f6011d9ca4f62cb9faa0303d7df2c6f22b71d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ri34bmyn.default-release\cache2\doomed\19394

Filesize
9KB

MD5
9e6b367abbfd0275877c91244b1640f3

SHA1
7cc25e971db4a0d021fcba655cfacd159a4e283f

SHA256
17c1edddb41c6fc5c8bc83163fd61b954f54325d609ac307e639240c0eca5d40

SHA512
1ff966f20ac7c8ad3b9272994de56ee85ea57f9dd7c08c70e96c4e35546a90c9ab86ad3d8805b1fe22a4b15bd5fdc535b74d6e06367cd153a9c543eafd4caace

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ri34bmyn.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
c8578c9c9322fc464eac65c0b50c63d2

SHA1
f272bd6887e6b0842a027bd316425231707458b4

SHA256
173a882f20fb356ce2ff352d1b5fa0b1fd062a9d40c4102c718de63865c4212a

SHA512
4cb37e2480125c3bd350cf26c8225d201778f1ead2a300a8bae80c64b3825300a433c52649eaa8e75af78f2afd4501dc8a202bea3bf81c7bb2e10dd10ed20b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
26cd3f010859d32cab9e27495656e084

SHA1
cf030ddd13b194dea077c2621f17f31a7e03c258

SHA256
172c3e3e8c186518d988f0a85b0c5dad200a89b5c814cb82f93994c2d2455283

SHA512
74d7a43b5ecaed6e4fbb92a9a91254842deba78773d501b8ab73e9915cbccefe52be8aec42c8e228b0079a30a9edffb57f94d189226497889af63e52bccbbe78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
53cde2ab9c651daf22bc94cd0b3635d2

SHA1
bda7e04e22bdfac3340e9dad8c03ce7d41eed174

SHA256
07dcae604fc4059d69f77397d209f0520834227ef59f3cc021ba35bf95ccd21a

SHA512
980637f2b140fc596d26a013b6da7d6449f0db544c330fbb006d3b442c8e9bcbabfc1b950015e5a7cf3ee08bdcdfad13799e9bfdd2186b6422e301890f7547dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\pending_pings\64e94a71-7e2d-4ac1-b44f-ae03921f8388

Filesize
746B

MD5
d352b40c4d89df41c9c364d8edd7f089

SHA1
1d49159292329a96603b4dae7e200c80a3c619ff

SHA256
f88bf9cabdc4b52728dd196124c98dc03858486d132773ee2611c88f32ebd993

SHA512
b1d5f21e7726af1c1a1dc5e871effc873e3918e81ef100a5b06ef7d2c3833b5279a379264c6770c1e0ce65b062b264093952bbfea3295af5efe04072c6621662

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\pending_pings\9ebf51e2-128c-4315-b8f4-1b774a9d918c

Filesize
11KB

MD5
57a7c42f9b66cba3c4971ea88103675d

SHA1
ac8df7ab4da09af9a5dea45a7ebf3b505f39ee4f

SHA256
6fbc1b7b95010063d419109edae3f8aaedc2e741ae1700b0efd100213f3b5755

SHA512
a5e24b57cf4d53b0616c44cd3014d0ed545e0735df53820f6cc1c044154a5019984d340c162efcb88b4b13e3e95c51adcfbb46abf8bf7fa4bec65c3854e9713c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js

Filesize
9KB

MD5
0e3c336847225a214c767b5b9483f0dc

SHA1
23a52d6fd19e532253b62da6fb98b5a3c0010d38

SHA256
e69b2de9701f0ea1ed047a187bf66392328f4a5de8e497a329c92e66e7855a52

SHA512
c86872d8064e7b202672a7766bac43192ba4e752bae6beb8bb6f339836c5179d0ea658cd340b59bd7b3669e20d594aac52064a0eb24c40a0dd34f52f0630f2e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js

Filesize
9KB

MD5
06c20fb05ba1d7864fba96134c62e412

SHA1
aec20d3cb69a684a569b49d4f2c9fdf0ecc2187a

SHA256
5246b41ba03a30c8a9fb6b146584f2599c526b121410acea6db750e8276d984b

SHA512
d3ef984f47a14e71ebbe097cd7d0d3df441b4fbbca27486defb3bd74745763639af254919d4070cfc0a04bb4f2d6b8859e2f9e59fae8e41edc3e1ce7e5973b11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js

Filesize
7KB

MD5
ad418dce82bd783149450ec20a81da88

SHA1
8264d0646ed5e9bb6b0e2b09f6a80e64a6d89cf7

SHA256
638f09dbaaf67fa7239aff8a3f6826e3bd78ff31aec6d0e5b9831c2bc2e5a9c1

SHA512
a21124b141ac0bd7e9d9d234db3c8166da8b09f225fbc7e4e867cd727963dce6edd06003646622234c3c8cf9fbaa4ac238c7cf4a00f453fa74804818c09a635a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs.js

Filesize
9KB

MD5
44d0ef693b19d401e0232e5494e913ee

SHA1
23841a9b505fdcb73edcd732648623212aa8e912

SHA256
9affb4c067a0f5e77101145e132c5f7e97a2bfa967d78d6fe411229aac539468

SHA512
a3dc2dcbf84c603603aca53dab0a9310dec88b1ad0e08b9209ad220ecc590aed66c9637a84d3e94f5f002ee1ee088e5e158f0c2bb61ed117154170ec80aba96d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
92870fa576fa0ed7d3965150415b0ccc

SHA1
06f20de1afa3a9df6f87796e1184477c449cd9b8

SHA256
9c2728729c9ff2886d49c21ce0ebe2f3c6e5a8e6946115bbf7a9c7f9d2c4d76f

SHA512
a6f61c4f0b42ce0c0b6691864d51d6cf043c8ce665bc2c87b3c9eabd1df27a12968aa2d4a734deadf421576819434ada0137f546b287fb4b44f611ae6484df6e

Download Submit
memory/2772-19-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-18-0x00007FF97BED0000-0x00007FF97BEE0000-memory.dmp

Filesize
64KB

Download
memory/2772-51-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-50-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-49-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-36-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-35-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-6-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-29-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-28-0x00007FF9BC780000-0x00007FF9BC83D000-memory.dmp

Filesize
756KB

Download
memory/2772-27-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-25-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-26-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-24-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-53-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-23-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-22-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-21-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-20-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-52-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-17-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-16-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-15-0x00007FF97BED0000-0x00007FF97BEE0000-memory.dmp

Filesize
64KB

Download
memory/2772-14-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-13-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-12-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-11-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-5-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-8-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2772-9-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2772-54-0x00007FF9BC780000-0x00007FF9BC83D000-memory.dmp

Filesize
756KB

Download
memory/2772-10-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/3828-0-0x000001F17FD10000-0x000001F17FD28000-memory.dmp

Filesize
96KB

Download
memory/3828-31-0x000001F101A00000-0x000001F101A10000-memory.dmp

Filesize
64KB

Download
memory/3828-7-0x00007FF99CFD0000-0x00007FF99DA92000-memory.dmp

Filesize
10.8MB

Download
memory/3828-4-0x000001F11C0A0000-0x000001F11C5C8000-memory.dmp

Filesize
5.2MB

Download
memory/3828-3-0x000001F101A00000-0x000001F101A10000-memory.dmp

Filesize
64KB

Download
memory/3828-2-0x00007FF99CFD0000-0x00007FF99DA92000-memory.dmp

Filesize
10.8MB

Download
memory/3828-1-0x000001F1801D0000-0x000001F180392000-memory.dmp

Filesize
1.8MB

Download