407cf0f38b4b6b3dc030e70329d35be5eabfef45829240cc6df0442768189cec

Resubmissions

03/08/2024, 05:30

240803-f7mjrszape 3

02/08/2024, 08:56

240802-kv898aycqg 3

02/08/2024, 08:49

240802-krbvjsycka 3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MSIAfterburnerSetup465.exe
Size

56.0MB
MD5

17acf57e921224883fcfeea2e010f690
SHA1

a2010ac597dff8eb54b4f62dbd5447ee3908e748
SHA256

623b0f1f518e7c03e1d540415bdd159e2d03fa019d76e2024f6e6ec7489a6266
SHA512

709b11b4071c750914a7a7d2013576950cdf7f769e3a7ea75b458f3cdb4f8e0ed4d5c424bb8bffa388d3fbcf97df60b2529fed822ddf3911cf5276a64ff1f2c6
SSDEEP

1572864:i3Mu6Bw/3Zh8xIc+9q4qBn8pzpzhaaXMxAAPJm:icn+RCxI8/Bn84XyAPJm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIAfterburnerSetup465.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1266786182-1874524688-71015548-1000\{AC9753FA-20DC-4BDB-B44B-2606866DA3F3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
2548	msedge.exe
2548	msedge.exe
552	identity_helper.exe
552	identity_helper.exe
1256	msedge.exe
1256	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2340	2548	msedge.exe	89
PID 2548 wrote to memory of 2340	2548	msedge.exe	89
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 868	2548	msedge.exe	90
PID 2548 wrote to memory of 756	2548	msedge.exe	91
PID 2548 wrote to memory of 756	2548	msedge.exe	91
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92
PID 2548 wrote to memory of 4256	2548	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\MSIAfterburnerSetup465.exe
"C:\Users\Admin\AppData\Local\Temp\MSIAfterburnerSetup465.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc9fb446f8,0x7ffc9fb44708,0x7ffc9fb44718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12336601690095209615,9755485302100223028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ffd468ded3255ce35ba13e5d87c985a

SHA1
09f11746553fd82f0a0ddef4994dc3605f39ccec

SHA256
33103b1e4da1933459575d2e0441b8693ba1ede4695a3d924e2d74e72becabd8

SHA512
5d5530c57faa4711f51e4baef0d1f556937a5db1e2a54ee376c3556c01db0ddf628856f346057d3849baa5db35603b96a0a9894f3c65a80c947085eb640348ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23b6e2531d39ba76e0604a4685249f2d

SHA1
5f396f68bd58b4141a3a0927d0a93d5ef2c8172f

SHA256
4a486d7be440ddf2909be2c2b41e55f0666b02670bbf077ac435e3cddc55a15e

SHA512
a1a7fef086526e65184f60b61d483848183ef7c98cf09f05ac9e5b11504696406120ab01da8ed7f35e3145aa5fc54307c9397770681e4d10feea64113e7a57cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
5b6eb9202abfde97e3d691a835509902

SHA1
515f8ea6e88d5bde68808f1d14e3571bc04d94e7

SHA256
f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab

SHA512
309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
74c0a9aceda2547c4b5554c0425b17ba

SHA1
d5d2355e5919dcf704192787f4b2fbb63b649b0f

SHA256
3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d

SHA512
e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cf82939794d204dfad1c2c270015c420

SHA1
9c5aad2653254b16673a43ee0e801a3cce3a6771

SHA256
cdf1e1131dfbe14200b40f3a99335a7a955bfd9de2f5b4bfe263c0877007a208

SHA512
a4e15a9610b62f04a7f3ebed482df481a202f73da76a19d7309c7baedf864942ad91db5a2ef7a64e2fb88affec4472608a7e7ba08c3b21ff4f12652cf8a1279f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a115cecbd75c9dc3a9b1a60bb3998d40

SHA1
2766a29bb7c7995d357cd029d7181873847172dd

SHA256
810563fa10a57c9bdbc6de63b35641e6686fb65e2fe6cded037d27635a9d115f

SHA512
2884ff8ba0a9f08e9c6c3c6b06d7f373dcbc11a009f5cc6a89ee42afe01ded007ea8601b813bcc571445419dce247168b00d599a2cac0bd26e1b09e1ca9b851f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
081709db9eeea43602c294c3c14a1ffc

SHA1
18dece2458833c08a5a15d6620d751da6954628e

SHA256
a40f687879daacc4b4ada2153a71fd1eab1ab728e8e88d4f4ecfb434493640c8

SHA512
bcda101bf1bb49df5eb8d7d04436b489a222cad9f9c3d056be5e89ee4707d32ad67517ce1f6ec77c09c78067697bcb065d3989788ec5d46c59893d461d633fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca81b9f3170970674af252849a73120c

SHA1
5b0ceb426a9977842f7820b7112ffc02db146539

SHA256
594f7868c77d5afada0d6b80bbdc0ca537ea1164b7acf6ffb7c6ff2fdeb4daa4

SHA512
0fa961582e3cdaddb8bfef09d0e4c42e9b0eb363dff23a64244600a0dcdd9404b1112938a57047d0d7f7955176089f0ddb7a75f8a9dbdfcfa10b0afcfeb27cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6791555dcab73a96423accc34017298

SHA1
8639c44c184ae375606a3419e1e3a810dc5bb727

SHA256
12d9da540b3b0a0572dc85656bbb806cc11038c4ac5678715c7dcc9fe6b6bbb2

SHA512
a0cba119b8344dcffcb81f2cec93efc0c0e7a3936499503bf6b811dd94d1996a378277c74cdd82f2e99e3626141a4303317e72d321d130faaeff31b51793c7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc6ae9a79b6e3a54789312baeb991317

SHA1
4b8a84467e992e1b423e5b8f83053b20fd8001be

SHA256
e77a4476347dc53a97358d939a5fb91ce480fbeac0c9e316e08b68755badee72

SHA512
9a71e3516dd78a35d872e6a21256d926a3c478cc5a06c607242687e0bc09a562c83c206dce0aae0ae936b9430a8064c4667d3826ce513298ede7e2715abbda1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e621859d6c813d599d4b7507d94ec85

SHA1
110ac5263aa46b0a1c1db60c1ca1f3c06f66180d

SHA256
b0222caae37b3818a9aab93efb668356fb8735eb2d59bba5018e66e6d843a19a

SHA512
b7e17c0b7698b59faa3c1438e717eb8e8320f21f2fe3abadddf54500f40105ecbd014ede155bf1207541d144f83a8737b657ff54c1933f0b159fbf6cf717c081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0b95fa37092c82d854f497a6b21a0cf1

SHA1
6967ac46e368b2a046cd6f41ccd99d5523063a59

SHA256
b4631363cb2d1ecbcfdb9e06c4bc7336ea87672240c6267ef2b560fc22d1587e

SHA512
9b69695936615c62afafc7e1cc09b82bbb88a7592d51893ce7467461243c3285d922d747db975603734bbe58275e6bdfa511a64266e09feb450826ff20a267c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d6340ec23dc395c2494000c9b8369075

SHA1
b8f841ca7b7bb5b5080e352b20be70af2af53119

SHA256
eea9dd82a09627884bc10a0f8e048e4d0459700d6fd0edd72a475abdc6f2ed5f

SHA512
a4a2ea562cbcdda3494d9244303a087333ee43f6d036f88dd3fd0a88c487fc6d5b300311b1526f3e3ec0489cf8315afc0bcd254dd7f1faf9726e11038c3ea459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
476cf6ef978980a9e186d12e9c45a7b0

SHA1
1ce446030b66f471963161e9931777b278c8c2f1

SHA256
b02a0e71a45fe4b09f9c7e5604f2ea7a43db65b12965da6a5947cbb75593f4d4

SHA512
30cec44e41eba13ffdb0aeeadbbde9d76b7ce07fe16afc7dc42b4be7c9a72355ad1bfa0474549675ddad705462a8d18eee1b54b42e60e7ad7c227fba06bd1017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65c1fa502b5ce4848d4fd743d1e730a6

SHA1
6fccedc3952daf1f01981e2f9899461469acdd01

SHA256
e5775b517936bf25da40cdbed5b7c79d4bec3e76ef86447e04038bd24462c2ad

SHA512
bde6ca20890396e2085652ece026f5fb25324bbd3259593f3411b5e8d56dfc144fb8fcdeecdbd35edbf4f2b3d813c72942dbbb7ab4df3b1afd50496da0579db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7990f428aa34217acbacc85a0cd5958

SHA1
7d272102cf1c5be0c00d35aa7a309f35681857b2

SHA256
219581777941ad3a1067dd027924b2332ac92da2f65a044bb22a1af4cd477083

SHA512
ba2a243b53bd535b96675763d54ac6b37dd9b329d59992dad7941bfc65401109f8629b669a375c0919ac111ba9f9738bab4796af115ca992d9fbebaba9deea97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70163c0f9e34886633b499f08028bf19

SHA1
32d8db53e06f9fd611e679ae34ee2b975bc0d08f

SHA256
731544b77027c15a70ded1240268a6eaacbd2f25263544095b23838e0796cd8b

SHA512
9fd5e4527a814b852de64d6ed1e356f6db87a620437e922d9dfd3f2c7d7307c67e42070988c98de41b48623909db25b811f4a95f96a8f2c2f05d68e1291ae8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c5c974335ebc95d154adc6b4aa31b20

SHA1
b918b94550818a0efce7af8e949b19b4e2d5fae4

SHA256
e8fcb7eff4f1a5c84a7f86b6e5e9341c40aaab034108db1420a5be92ed90ea97

SHA512
8870ff9fe26e89dd23d223a735a3f3efadf8519f4f108775ac8a74b89ec9670d9ae33cb10f9d4bcb74da824626ccec0591a65c6adda80b996230619c2664a8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0eab7c43d7a67136ddd92f4d3d52a33

SHA1
55c0836487f165d84df19952cede40dd775d1bec

SHA256
cc40db6670e02c74dfd4ae6f6b6ca7704645bebb0d68a79377305ea4cb29a044

SHA512
3628c13e6f5564fab10869d2544d1fbd6caf21b41baeb6a4b5b9f32773d2d6090800cf5e90390fe5f6c7260c2ae2f4b9bc8e3494ab755096c15172eb8b71fe23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d3ec957deed337b93e726e491cbb66e

SHA1
72d0c0cdbb941e55ebcea956ad3d091866389436

SHA256
a54a90d9f518b4680f00bfd6df68e867a8f8475039e01e28907ab8b6143c5e11

SHA512
a62420ff864cdfae46d519ff386949e0cb06fb7cfa698c3b732c2d46b7dc5bc05817620bda355ab20f4057264e10317527a520b5ea0e4db1ed4fd885e5f27235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585f13.TMP

Filesize
536B

MD5
e51a22b1b232c6f994ff699ba00578f4

SHA1
30164b87d67cff9bbca8ce29d3e4efb6b2183770

SHA256
1f2a6caa05a989fed72392e5df053909e6b9a2accf549004b75b14db24fdc01a

SHA512
b48cb61659bb602c13e0f86b0d8086c4ee9e866b614f10a14bbcd4ca31ba1180e7aa9ce4f19d1f5d2bba11fcaa403563993c19072348246ceb6934a0a0221f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73171cb7ce88a98d5e33a47a9b1fb451

SHA1
044ebf2b086cbd0fae44c7c9b3500a32b8144f7e

SHA256
ca788e95f729dd781c26bee040734f624155ff5925792fa99608692ab6c591d4

SHA512
34ee6b6de82b453f8b63ceb10cd8fee24f6e749c90f3223aba51d012a7bf2c22aa505047b39bafce81105158acd12530a57a971d4bb8efa096ceac0484a4ef55

Download Submit
memory/680-8-0x0000000010720000-0x0000000010758000-memory.dmp

Filesize
224KB

Download
memory/680-0-0x000000007462E000-0x000000007462F000-memory.dmp

Filesize
4KB

Download
memory/680-7-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/680-5-0x000000000FF00000-0x000000000FF08000-memory.dmp

Filesize
32KB

Download
memory/680-9-0x000000000FFC0000-0x000000000FFCE000-memory.dmp

Filesize
56KB

Download
memory/680-3-0x000000000D060000-0x000000000D222000-memory.dmp

Filesize
1.8MB

Download
memory/680-2-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/680-11-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/680-1-0x00000000006E0000-0x0000000003EE2000-memory.dmp

Filesize
56.0MB

Download
memory/680-6-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/680-4-0x000000000D760000-0x000000000DC8C000-memory.dmp

Filesize
5.2MB

Download