1757688cca2ef3af1d59e495aa964f4c8f56535e8c6681261f54d9f4a0fb5afc

Analysis

max time kernel
147s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22/04/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

link.docx
Size

13KB
MD5

955ab7877a9e7933961016ddab822d0f
SHA1

10fac05824211542837581a5e1a2ef82cf32e3cb
SHA256

1757688cca2ef3af1d59e495aa964f4c8f56535e8c6681261f54d9f4a0fb5afc
SHA512

3030acb0751d8a7937154ce89f638f236d27a3cfd2e911e5ee081ee31bd914616fe9f7e7ce8a66ca74048e6c4a46b531ec4f83f99518605ab67350d169804fc8
SSDEEP

384:adutS5vMEpwT2riCRGSlWNLEv76jRU1R8:Ntydpwa2pIu+m

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801878912-692986033-442676226-1000\{374B4B53-5BB9-4A10-A8BD-0ECC4B1E71A7}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Remittance Advice.pdf:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1060	WINWORD.EXE
1060	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
4348	msedge.exe
4348	msedge.exe
4796	identity_helper.exe
4796	identity_helper.exe
1588	msedge.exe
1588	msedge.exe
4676	msedge.exe
4676	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3140	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1060	WINWORD.EXE
1060	WINWORD.EXE
1060	WINWORD.EXE
1060	WINWORD.EXE
1060	WINWORD.EXE
1060	WINWORD.EXE
1060	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 280	4348	msedge.exe	85
PID 4348 wrote to memory of 280	4348	msedge.exe	85
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 332	4348	msedge.exe	86
PID 4348 wrote to memory of 3464	4348	msedge.exe	87
PID 4348 wrote to memory of 3464	4348	msedge.exe	87
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88
PID 4348 wrote to memory of 3116	4348	msedge.exe	88

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\link.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff124e3cb8,0x7fff124e3cc8,0x7fff124e3cd8
  2⤵
  PID:280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6748 /prefetch:6
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3016 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1892,16716539245028551552,11176235889974949938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7188 /prefetch:8
  2⤵
  PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5e869975d65ad786022d6fc8b47b747

SHA1
14b030f53bc86bdbec766b2f3942804ca742043a

SHA256
d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f

SHA512
fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae7fbf62fc07f0bdb15169d2de3dc768

SHA1
9155eb973df31a7d6fb95f03058dd523171b4f0f

SHA256
ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624

SHA512
1539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5b34ecbb930b2411579e96dd70f3e360

SHA1
ba927896abae22da819ddd731ff7532dd9297760

SHA256
a620ce8aede467aeec0d4ce6355ca153a160bba880fd4553ab94d960414e315a

SHA512
b907d376c8e2b9de8042658c48ac68cfb8fda468764688d6f5692d6c61abb32c94e7167cc795ac02bfa74c6ac3647961bce57750a22052355b849c45c424ef5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2f7a15c258d078a810c8b797bf37406f

SHA1
264d15d67188f7e7d1aaf3ba82d0b219661ee7d0

SHA256
acd467368ef9112ea5909904c08e7eaf4fd33b3be8b463e00f4f4d4953525ec1

SHA512
bbe152bf94f26d0224654bb712645f821df8f72c502e3c2f4aaf7916587350f8ff9c322112762dcccbbe9ee5d151789bc90220e6bacd805fa9aa93a6bdc13fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
573a7a73670ba03be8debeb108fca49b

SHA1
7c14ebc5ace33eb9e1cccec3b2bfebeaaedc3dc3

SHA256
6b181df9739ff80bb29cce036a3eedc0670b2cbcefd709160bdad27b6ef3dc3f

SHA512
f80eec63be77083a64fa8b400775425e57f86263c3ffb00e5fd4a52a720ec7cd4c23ba4439457f1ef3719c728f1f67a1b99df8bd17dd3104c1c4131aaa0b4eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c2be1ae97a245821ed9c67897e22ca2a

SHA1
9cd128915c1a574c866839be7327f92f966c0580

SHA256
f03495b9a49d602830d9dae33c64cca75c2063abab46caae95b732c37335dc73

SHA512
7b74434a740e4137877709c762ae2a7bbfa2982ac2a1eb3fa079007cb21012a075154bf5c9f29da2f31c5fc241c079af64ed665088e191ce6d9bae71630e1aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7fb20f4eccdb9d999049178763d9f368

SHA1
3073284e88b386bc0afcb4eb5dffcd6544372886

SHA256
7818445faabc7ccb4ebde9cbb15d95e254020480974056f08738fa6cb0d00aa4

SHA512
766022777dfbb7b44ed4526d10522a1214c1649312a56971a5f47c1af5c48afbdbdbdd317ce313a50299ec9043911ad9d1f10c143a5b528889411e033d954f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
57a721ee9b1751033d354c6a6329a71e

SHA1
99651bc67fe530dc456d6e80d2d00064bb59d459

SHA256
9f7fff4783a374ab90a831102c96081d0e54b9724a595a529a6170a813cd4d48

SHA512
7e4de0e27c58a557514166a5e9c722bcc6c7be241ed51ea305ce152080581f708694144a21103f847e11c4bf04827f0d3c0bf16dbb204bc64e7cc5398b6832b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
247eb77326a7bc7aa45299a3fe44b66f

SHA1
82e145e43a6835c4d04d7141e2b5c603cd4cdf6b

SHA256
65109fadbfc066c9c1ef03e99e0d0ddfdb660ad6d913c2b639ec0ca235d31f4e

SHA512
942c484c7f6a1476baa7875dea7d9de8eacf167553242fe16143f1d88f68c39a322afe52a33a2f1ca7e3ae98c3885d507a0159766de52b4fbbed50ad1a02e385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
406970a11a9a2151b240957110cb7fb4

SHA1
304ecb0b5cb2f868b1fd0c402a997f34d6c7d693

SHA256
69fecf6b456959685790e530712dc5fe88dc2e7df96889233f8a8d16842bc627

SHA512
311832b5a93a1541e45a7d3bac8394e8117867b34aec9e85a9f59c0536ff22003c56b020be6f1e9557a8a3f8f7bd735865bc2569922a718f95e0743dda52211c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c73a6bb3763fb14c3165c8bbccac3aa

SHA1
4961fa18114fb22a12ed7f7db716efb95ff85ca2

SHA256
5ae9789b0817c9c51d03454885c63884ff0edd934569fba8aebd8f7f6fa57e69

SHA512
89dd135dfc153c652d27ef05a67c32423525d2a97d1c2f2fad44c809f28ca48b5e7a4aaee0a856b3edbad6faf8b5b5c5c489e6d5d109aff76135caf9ffc65b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2c03a1c17071e1c26b77217734f5607c

SHA1
d7acaf3071c75ec73679bc73e9f9a90137d1ff89

SHA256
50714c35ffce777878c7161df37f7e83fe260aa47a4c7f9ea936847a1691ad78

SHA512
b508d9c6a9f65671755b4909462217c0a3af2a9645a0e1d09989433054a7b13dae01a93cc64dc564d9bfe69d37dcc03c270073f39168a5f0aa38c3aeeb3d95e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d915.TMP

Filesize
48B

MD5
bf7863da7f9723c2bd0ccb605a3073fa

SHA1
4246a43c4d6c26de00f176381af36daefb8d3b1e

SHA256
0157f6975fb5b638daca4afde0aff70a073cf1f016959da74aeb1a9d9ce2b40a

SHA512
677437a9aed442cd89fb8548706152c239036ad13fa02a8398cf5ab35a025ccf9bcd1d1c21f626f4101f6262528ad90578cc3c7d3bc7f94d0c6ba26be85cd001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b1bfac7af67f09796839dd4ed33c89c4

SHA1
cf20c7ca168e9c045b7d3227515d36146a7dbdda

SHA256
05ecd9322ddadeb5032a6471c28b9753e4a67c3426b86022ee71df9a937623e4

SHA512
ae244be1f8d6a17ab18c97488e35f627fd8a65e526844d771e1eed7dc0f806ba0daab069a5cac22341547d05eb2ab8b64f5a51c1a47088f2479dd8a10f191f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7699b517556667e1ccacdeccd4928146

SHA1
79adc5f1b12fb82ec7e982c89a0de2461de4cfc0

SHA256
74635dbe719705c35f54d58cf9b2523f3bf5030b3df6d44836f6eafea24ba6e9

SHA512
b8b56592b5805516b9a31e0a4d92047c588291dd293e56d715c4246e466565822bfb4a1b806e5db224353448cd2cae7ac103badc597acdb19fdfe5f133bf06e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8c153cd6622cd5e446ffe4b209bddab4

SHA1
e5440431ea997d42be05f694a1152e0e1017b6f0

SHA256
d480c4df86db0f81f8b1c13553ce395a70a9d5b274e78e53a33593ce23956c97

SHA512
6fe2fec116562ac19915178872b8d04e110cab57ab5a7e42acff2bb38907cb4a68df3a7d266ae533e661d1acba4dfb2462826ce100e5f4e5bd85329d1ea361a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
69ef7f8cd6c21adbcded6a98680a60e7

SHA1
c26409dd2e7a6371084935c54a8a2d8b14f9d401

SHA256
5cd665ff80de4004963c58f96535c22e5a70a744085c44baf0d4503572dc0a2b

SHA512
8ec5e767bc08f98ab1b6d0ea66588644f315475f3add881c0d667e2ff4b48689935c6635f39c241399f9ef145a037731a616d5e4ba92f991f582b68611f07588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6c734201a7251b227be90e417ce4037b

SHA1
7c96fff0b50bd0d7aff85deac6c7c2b4e7dfe7c2

SHA256
7d4c080ff110baaa7a123121b6a6e4a6865d974d5b918d6e16f14af5b66eb01a

SHA512
cbb632a91897467d8ad626587b69776fff93a0e04e90c2bd9f1f5d429e738b3738bd9c96408561f91d782732bebe51220671ffb4d8592c43409a7f9844494c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5856d5.TMP

Filesize
2KB

MD5
52b6df6f347b7a169698e71ce8fedc34

SHA1
ed7cc1469fdd4882c1860620278347bb0236064d

SHA256
ca2c653dcc9b88114aa1eea2a3eaacaad6c2b2e05a239dfd550aad3fa94061d4

SHA512
633843ea0c2c8d3aef549dc651d88e32f553dfab09efe0168e5fd91bead0b796384bedeea290dabb7cf56f8e350c071f0269b4d18886c2cd1ac2e1c25c590e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
707b8a7a6fc87c3292b589a998a98b21

SHA1
b4d8b4aeb3f2b92ca9fe1271a2dba2eeffee9849

SHA256
d39960dad9833b00db4aba41cd42b8b0a4083e7ca1596090a70ac63a09ada81f

SHA512
099eca18c26413831d09a2216bffa7613a605388d62ca60bfa720a2d36063b8cc0d0832d8a99f020dec94c329c746fead9c6b0d76587ec48c4266cff028760d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDBD08.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Remittance Advice.pdf

Filesize
184KB

MD5
8325a5f0b6c90fc68be0821e41bc8b9f

SHA1
4f0544c86fd2a12b7dacd78e915137a63812f1fc

SHA256
f2dd557f13990d15ad49101e2d79f102279b22564d8138f67756bef3d871fa57

SHA512
9c93639ba8e129dd509cabcf09027696a2f5108204e43e2b77523903baa1f34f0a17d02f0f3108ddf16ae7ad1cabc7fd82b82974d1932cc2a7740f25c692196b

Download Submit
C:\Users\Admin\Downloads\Remittance Advice.pdf:Zone.Identifier

Filesize
488B

MD5
96bd559cd95a094ed2de4801f4894776

SHA1
9c07e5c563432036fc6534727125085a55df11b6

SHA256
5cad7ee3eb8b2af085467b5333a30608bb5798d5ab26a1a64cf2d0c494d7ff3e

SHA512
9ba9f6dbbf02e7c11e5d955eba3e923113a221f18c96a3d6e35c180f51fc17a4ddd8f5dbd573fd85458184d27bb3253317bedb866c62cf71dc9853df2c2e0b56

Download Submit
memory/1060-13-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-516-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-515-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-495-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-496-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-23-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-22-0x00007FFF3D5E0000-0x00007FFF3D69D000-memory.dmp

Filesize
756KB

Download
memory/1060-20-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-19-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-18-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-17-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-15-0x00007FFEFBB50000-0x00007FFEFBB60000-memory.dmp

Filesize
64KB

Download
memory/1060-16-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-14-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-0-0x00007FFEFE0F0000-0x00007FFEFE100000-memory.dmp

Filesize
64KB

Download
memory/1060-11-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-12-0x00007FFEFBB50000-0x00007FFEFBB60000-memory.dmp

Filesize
64KB

Download
memory/1060-10-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-9-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8-0x00007FFEFE0F0000-0x00007FFEFE100000-memory.dmp

Filesize
64KB

Download
memory/1060-3-0x00007FFEFE0F0000-0x00007FFEFE100000-memory.dmp

Filesize
64KB

Download
memory/1060-7-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-4-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-6-0x00007FFEFE0F0000-0x00007FFEFE100000-memory.dmp

Filesize
64KB

Download
memory/1060-5-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download
memory/1060-1-0x00007FFEFE0F0000-0x00007FFEFE100000-memory.dmp

Filesize
64KB

Download
memory/1060-2-0x00007FFF3E060000-0x00007FFF3E269000-memory.dmp

Filesize
2.0MB

Download