c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06

Analysis

max time kernel
1347s
max time network
1136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.15.exe
Size

796KB
MD5

653c07b9b5f1b22c84f72c03b0083d18
SHA1

54c25b876736011d016dc0ea06a1533365555cc4
SHA256

c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06
SHA512

b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8
SSDEEP

12288:wuHbakEAdS7SdsgtNaFoGQ4jEr+xpS1nmkFmZ2ojKU:/HbTHSINooGQ4jESxpS1nmkkK

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
95	discord.com
96	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674939729421697"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{DF066933-9BC1-4BF6-B6A8-5E6F6FCE3612}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4276	WINWORD.EXE
4276	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1680	msedge.exe
1680	msedge.exe
2416	identity_helper.exe
2416	identity_helper.exe
5020	msedge.exe
5020	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
2468	chrome.exe
2468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	3708	BootstrapperV1.15.exe
Token: 33	1792	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1792	AUDIODG.EXE
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4276	WINWORD.EXE
4276	WINWORD.EXE
4276	WINWORD.EXE
4276	WINWORD.EXE
4276	WINWORD.EXE
4276	WINWORD.EXE
4276	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3856	1680	msedge.exe	107
PID 1680 wrote to memory of 3856	1680	msedge.exe	107
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 208	1680	msedge.exe	108
PID 1680 wrote to memory of 1204	1680	msedge.exe	109
PID 1680 wrote to memory of 1204	1680	msedge.exe	109
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110
PID 1680 wrote to memory of 400	1680	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.15.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.15.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2856

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\UnprotectOpen.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbd72a46f8,0x7ffbd72a4708,0x7ffbd72a4718
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=244 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17672286644666512528,5457765103302690899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbe5b9cc40,0x7ffbe5b9cc4c,0x7ffbe5b9cc58
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4632,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,9000317965593012076,8724388893810417009,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:4760

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5369ff38eaf3a45408164d6774d4790d

SHA1
8189582fcadb89b4a4b508294434ccad27325192

SHA256
61873790218e504b9522238fa25152f1c5de1d0c655a82350bd16600f2913e0f

SHA512
a38ef020d98f1882a6e28dffbfa7335c84ec45c68bb0e2144d3848c916cdf6ffabaabbb9df747332fbb521347dcc5c13a0073336888665da2b700d8680ce261f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ce69cf9b3998e2ee3550fe9f53c1909b

SHA1
91674e3190070d195519d8c73e764f0b045d649f

SHA256
d2ec5592abbe6508be5e5ed6dc8f10c1869d51c9c572e6f9cc9a8a2ca8eaaaa3

SHA512
c24dc840155f5782170c8499cb360bbc67aa781bd2127cf410f13972b6ebd372b4fb1f335c8ea1b41e15eac07c3cf411f45de2843894d5aea2304837922d0635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dd46867c1716f9cbe040c7175ab9cfeb

SHA1
700136becbf5605715fe5648a09c16c7279a6d0c

SHA256
bb9dcfea55cdc42b005f3737ec87e155ec38a36d2644e3077815aa1894901526

SHA512
f831f9088228db37bfb52e4845ce2627830f55c4dd40f5a9405b7ee6ac0ed7515f2ed97a6120027050c2c0806905acc063898a91a734669fd545042e980a77b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2df3662b237ef693d5979253d46737eb

SHA1
989d730f4bfd7eeddec247e0780623ce5304f3f2

SHA256
1001b14f44ad0a30da859092f25758314e42bf7ae4df764b8c694767856aef6e

SHA512
f863ea52ee5243b2bc5cf7ecda2b86595e0b4faeddbead857506d0c8de958421c4c81e2d9b8b7e6209b8e416dff8ed706e8dfeb750a9ade4bac74f81e0cbe59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
47a8b685daad21774d7bdacb61fdaff5

SHA1
165f233ecd5512dec5126d2c01c1e4ecce8e3f94

SHA256
80d6c0233254b7ff3df694776f6579c536f1986625230e47aebf81bbfdcb75c2

SHA512
b2d55cf96a86d5a01398ea629c97e5e2de317564921d3bc491661f2f0432ffce8d5e7c578bff603641ab33b48f4a459508b296ec69a90693a5b366381df9d310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a6d39eaf9cb70f3416f6b277c39cc988

SHA1
c3c96279a346d64b7cbef5c748cba20e9e32c2ff

SHA256
22a62a801e5ee0aea007333f750834607532f27ccdd8032a01c784112449459e

SHA512
80726ab450e52214b707c04f7bd064ca40d286ee9094d832cdf04e01f37a354bc4ae48a9324c943b89bb7bec89801da4529044811344f50d5e75adf07c985874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
60b698eea4464cc974ba366eefebb221

SHA1
ba8b47c74db6d83f0e0a9f64ce9872f596b98f95

SHA256
7699f6c1ffbf16c2384debfa595b9cfb431319baa22c9d5d0347ad4ca62aeb1d

SHA512
afbdc724b776cf34c339d652ddb96803b2691174c7aeead57e82ed2d3512ef873a8373b1a01a83a3e6e3cb4a5105c0d5cb4e4ba2478cdc525aa2d13da2556651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebc024cdb324eb41f33c6ec63d1458d

SHA1
f623e96981ee63c1b6879f682c4364fd5c2265e5

SHA256
23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f

SHA512
6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709c6f4a32b317f6487b598788b6353d

SHA1
50f44d43be9630018f0bd2acb1528df07cd05b7f

SHA256
353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b

SHA512
4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
cc6a7af85ef808b23fb0d7856ed6aafb

SHA1
9c32e7d7b33e9769211fbce53001a17848d546b5

SHA256
0d8b4860b16e4ee74beff0e2034bd195352dba61a455efdeb35d6ede7c4c7391

SHA512
d9e9086a0d6827ba073028b67a73e8d0936ff9813238075af53dd75af0f7417b56dc4642417ced05af36ec9e66bac671ab8ed9d0f73dd7b84a6695026ba2abf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7b23c15e463ed2d322fc8f2c41014bbb

SHA1
b7b14624570cd3f71cc58c83d4860f3a85ac29f9

SHA256
da7e517ba9b7bbeff623db5bcad8290648cddff97b1e31663d2bea4b2518e8e6

SHA512
c0d422d5d957a928b720ca5528819a193ebb958da6f0981b8f0e1239efaa0bde4a8faa97cb55bc5e31922f0fd563e8bcecc69cb5b59ecfa9dfa8ae050f63247f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d632592f5dd839a5e2edb35e7b497061

SHA1
e9643aaea4fa5d852b28d49d8e4fcdf43fa6b0ab

SHA256
d56f1870527958808efe2fdd81010877766a159c0e9a107f5e2662e97589ac9a

SHA512
4ddf53e70bfbecbd57513ca94d652b94b5556cb27530bd153e08d6322c32739f0b36ffcac2c9cf0253ac7b487e9e94d0ecfff550e2b81aed18a7b71b4a99ff36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c7083a9028a8beea167aa115897be2bc

SHA1
9c5b5c28fb9497ef2a86c70c947487fdaa0bad1f

SHA256
d18c25447ae09800f9fbeea3146f82e74354a1c33b9b79fe7bfbf74283782fff

SHA512
3e842a5b92536363427288ca66a5e6f656cf9ed1265b3583330744096bb32a64be169b94bb66652933aaee148ffe73b0e8934f6058efc55ffca13c630624cd8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
755B

MD5
630e80ff4f5193365db8a1b1d743b934

SHA1
0788b52d7668e26c1f06d6793805ad72d5ce224d

SHA256
b43dbfab78820e65d067f14874b1e98d4963d3af9958639f05120c4afe7f7dcf

SHA512
71d17a88643f5009662de9000e9cbc75e2deaac3858ae30d97f4dd1c4711f20065d393e1edfb70b017d90b7aec127f4d52dc7e167f17e8770867bf11b895e79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2dfa69e1ba8baeafff5e7841dc09c003

SHA1
3ba036578cf0294e6c834cc4110066e0fa4c9487

SHA256
7d98a21ef21e97dab9b9551cb0e3f513214486743538122c68664717c9d9cfe0

SHA512
9d5f3867ebd7d8d3689bf9f390a2ce9dd22def2fde2399e002f098c1e04307227ca4174484dae6c86145f69424f25b4c68915626be95abf25bf9eaa695ce7286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c70decdd1a65f3407d70c9ee37fd718f

SHA1
4ad92d7ba24904cae9f003aa27a8e8fbe1c9fb84

SHA256
b4fba8c5c67ffefd9ef1b746dc6e3069fedc47d36c716f71707546339ce0e56d

SHA512
d64db4edf31d8a3fb75cc0f67393d5a9b2000e0f6ef062d694e197816842ab75606435189adfdb6e9266dd43bd118e1276c9bf96bb7fd10d533a973968d7ebbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71c80c1779be1a857d149195814566b9

SHA1
f02321aa205352c59914c02b871e79e1c7fa48c5

SHA256
7f084648cb2a80c7c32791b80e4bad6ab0b2edae5cd49c310baeb31c04975d39

SHA512
707bf8064086af4c93988fe7e49933e8ebc3f1e5746454f272243efed71b2b6f87118e37ce2c31fdbd9f06ebc81d6b4bf124f1caa6e838650102d9986f0414c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
663aa8d61e45039c2263c724febc332b

SHA1
a5bd91a54b322ff2dd28d1a02dcde640da0b35d2

SHA256
fb8d3e517c9982348c98e8ea185c205e2f4e5d75d0d59b11f0216829e428d044

SHA512
9ed8e4182e3a4012392bc4fed35b8d64f22843d1f9a18ae8073b37656c8a1b7f4691d977ac95ff273f34eae758dcaf18b1769e614451251bfa38a1edb9cf4dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89435b86f3ed50a443e42bb6b189d6d4

SHA1
f8633ac5dcfaf9b06b353149b257e13cfea896b3

SHA256
19de14b81540f894554601ae8aab9e1b1dc1ccfaf41b6647f57ea03a9ca276f2

SHA512
96384375add0ebb40143fd66fbddae337a31443ef0aeb4c06e91a2ae470138586dab003c6d01e77ce73347ebedb0b85c5d1d2d44911070108f3ff901d5b43364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28f1c7ba10323e041d02569de24fdd69

SHA1
231b4ac714a35629912aea11645a9adfcbacf4f1

SHA256
02e447c99f7d5b7fdf22f532cb430c623dcd597318cb729ff6141895e6023145

SHA512
61f73a24de8a84c9829ca732ba1f5435edae46fde1e41156f5a76be0577d7487b963d5fd3be8b9584abc7c43972499d0d47133729669159f5499b95f28e0dcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7990717ac7dbca05c430cb9a63b87999

SHA1
674412c90e22169b7deb9b8b89944152f599b24b

SHA256
045e9e8a4687e06b812f1321c0f2fedb770193da09725667fbd247cfba6a1294

SHA512
84b2493f61755e64fb8d221bf5cc4535ab02a46c18c870f8bf3bb2e08d73064cc2aa3aaca9bdd88b72f23d85abba681c4f7ba3434db31e686015d44f632bcf83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b04a384f91be3976726ecefdf6f7803a

SHA1
b5da1fbfb39aa0c6e820402ca13cc832ba2d62ec

SHA256
942a3dcc833db7f9c7bec071b924ffe1e070e09b268494f6404382d7a8d98862

SHA512
5e6e56afa81e73fe243f99a7a0cb9a94d80522c11dff39d1c051f3c4b8f43f2e21ddb2832baae67f308fc535cdcff3221b4b7924493ec77b3b711f4ad8658074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17acf2c5902b197b764aa521f3c96c96

SHA1
7fb4f7a70fe523fff67321267d02ab3b7b7332be

SHA256
79bcfbcf69d2e95eafb5f477f191cb1b23cd1a94b313fc613ed45ab6de814d03

SHA512
f52760f6a4c1c9eb1b7dd403649c113b1bb475fe35da67a400459ff8bd7a03d88b664a1e99c1228faa90593c90c6d9fd8d7118ff78fe75be199f73081a8ba88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0a981af905bf0a2732cec8946cf1b38

SHA1
40c4aa14935deaa6baf03ef2ea1c2a9631ba199f

SHA256
cbc127168e08e82636f3f71f0a734d88d4d10b708056b68374a5841988755742

SHA512
ef1dd6c434b48fadaf4ab8563fab871974a7cd7988f20156372e388d96ce5bde1a13059081fa437273b93f7cc7ad1010802cc007673ef3e8b996e4f82a50d6ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
773f964ca057a61129ee33994d317b87

SHA1
6e59dc241736aa16bf022d8e5d11017c220151f6

SHA256
915d25883a56ae0b992f2270172b18970b7ea13c7710309b00069e19fb53af63

SHA512
25e13d39e4d53e7dec5ddc44d52ab2e080c5b56ecd1ad24959a45b2cb4d0b248170a5c864c78575ae62122b88be706ebe155ddfb6c0647857e7148d6e7cbb063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea49789e3ba6f3ba7b7e7d8b749cee6c

SHA1
018c4e3a668adcbc4e6080da53575521c2f2d405

SHA256
3b8f54345c50867291fa1f6a1a17288068e9ac9fae50fc604c06f168f26db831

SHA512
a687d5a522307f226b2aae11d276d24698c4865689bf861fd0a9a9bfdc495d2c174800f357c903877c659526dd50e49b8ffb8ba513cd1da4f5fde4bb327064e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
494a861dfe3fb61b7f6e9a8e1f92d179

SHA1
903db9c91a888cdd2a359e921ea2c1a958228aa9

SHA256
46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690

SHA512
f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d61a607e8aec09cc747879cd642d002

SHA1
de5e5ebf0e0884b088a0413f74d66f4b6595d806

SHA256
77e5e082769c71821bbeec788582dd2950766707236402de543ed0bf39b25f13

SHA512
13a3dc9c313feb4d58bd14455690dc4c2d1f092cad5cc1f8b568b4b751e46a0079adab9f043e041df5fb27ca28d63586e9418fb0c89bcde1454f58b1ba68db62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
1e3067dcd6eab066fe833467fd2ee133

SHA1
dabd976d39753e0286336efe129472cef0532f13

SHA256
cf7927d75e7f6165d5d49d018ad0a01befb48e70c935ec7f6c2f94b02abe34d9

SHA512
44d3ff739635718b48cddb856065262f92281bcb29a16ef6461b845a6e5fac43583a5f0331fed55b3495d60b68e0224c7a8949df2f4126f33af0dc5186788431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e74ad04de33a3a6929d5cda36047050

SHA1
29d6d6605ce0aee52e67342beb09c530d268885c

SHA256
c168e6b9905f0fee2d6592f8afd938582ef1cac02c2ffc6e2c81d41308de71e5

SHA512
00c230affdb17ca82706a9fc1dd67854d4601a283d50b0777a25fac40b8db8373ef702ac5ff642e88fa022adf5ec29aecfed2925736057bf2ac6e959e2d442e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
590dd25ebf7016b75c51016bdb2603a1

SHA1
a5cad40c1577a44ebf706c0237ae2ed8df06eb6b

SHA256
84e102532c325e21ebc16e6e2a393249731a14bcbe385e6b5b349df623732dcf

SHA512
353c15426217e73d6381e2e963d9604738884a78f09a90060c13af435ed2fa5a75f24411455ed7ff52826d2a5ab0b4600ae1988a0c09fc704556a5ef7389b070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
860a97324b5549045468b5104e53c69b

SHA1
cbf6efc633a4e4c23a48df05099c1cb2719da4a7

SHA256
2dc4a03c94915891e475e2f144cc096a865a02446bd2169dbb3c1e0f4c4a325e

SHA512
3595621e29290041b18ab852c55537f1b1fa4e95dd9f5a57fe662ef7892d62d93b5157cffd570d9ef073c6b69bb58515d437bc7ab3a0ebb87154290928a02e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a5054.TMP

Filesize
538B

MD5
b00ed26ad43f8d8320ec10c931bfb2f9

SHA1
93aaa151686cd0f05b2a4d1dd235c999c201eef7

SHA256
96db27d18ba24220f4c54045cc24c38e0f7da98ad7d0ee9e539fa234c41ac4dc

SHA512
1ceb9fe031609a1ff2797b16b86288236aeb7d9ddb844205101878c36fc4a4f6464b228f1cdcaf7841193fa9c4b766bd83a09543d99fe19212b643f282ebb057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
741ad979e7b3650a2d22d61bed8527e4

SHA1
d831dc9e11aeeca2992be1261ee4f5d291d2b8dd

SHA256
9b04dcd17f6906b3ecd443227c1665e45557fccd745af08a906d2c3f369e620a

SHA512
50c26378d2c3aead02da5453192275ff69b6cc0279185ca1c08d1b6acfab2b482b3d0cc02793f1cda045a54cc83154f567d598a72a1e0743874ac462a93c7d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
41a123c9b9cf7e57e963c63fcc07057f

SHA1
c228864504287ccd537b60294716e19452f24fa2

SHA256
37ecafdf8ca32db720299f57dfac27066b0d071ec61098b064e4b57b87fef43f

SHA512
cc706198bee8f253e1f2340bf0649f0af69436256d92fae7f6a0a3f7fd62b2500139c74890eceedea89b9cb979b06b90b1e603ecd6e323a10ac30eebb9f37f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
a2e302333ee7fb7ec8ba7cfd876774f5

SHA1
8075cf879dc7dc31a328abcdd29885056a19de60

SHA256
c86369df2581a906ecba87efe8af2fd8c3fe9711ff784e5903f9d553f7743ece

SHA512
ab175f67f7e010e5f97f6c10135dc738eaa3032fe933c14c586db655aef06c62de537ccf6eafc0b1f953f483eb60acd837394b706eff48afeb6e6a8280d6463a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
5e89d803d801004ce6332f6ee5b33aa4

SHA1
880dc1a84a0f7b41d7f02985232f17e3360cdfb1

SHA256
272a63b6e864f759d133bf0eb716948c0f1ce74cd75cab640f469a29275aa0ce

SHA512
c2bab5839915849732277516eed6fbf1d0dfcb9bc3de5e1b89d75a3aa3cf8c7ccbaa58da7b4eafb92c8814be3319a9d5d77556097d1e3f2185de10b383a3858f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
350B

MD5
9f34e15f7d3e9b24325f083032f31fd8

SHA1
110578fe698c7bdc48b42cef668047fd3fe980eb

SHA256
9ca5ceeb4163a4399443b7482d35972508f368adad83f32ed0d4f72e5e21501d

SHA512
ad847490bbc34f28c9e3775938835eb2bd55f33938db6ef7a900085097476a2411537fdcad533d0d6dbf7a5cf989a0c2a02c6450ecaecc726aae23f64edc2ea2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
014112f36cfbaaa95938380c9fa71c93

SHA1
0401b58adc9d3eb3f4464d9ee7ff34d6bee93478

SHA256
b71022abacc36ad9acbdb2e75d841aca38348535526c264c6ea666648e910938

SHA512
00e35fb35522e4b7e11e24aa601a64000fcdfbe8c3a79b3bf833c90ce53a23405404cf7bece33bc440f21466de18d856d103af2256b58c5ee0f7465bd2d9cc01

Download Submit
memory/3708-0-0x00007FFBD6B73000-0x00007FFBD6B75000-memory.dmp

Filesize
8KB

Download
memory/3708-1-0x0000028CD1B30000-0x0000028CD1BFE000-memory.dmp

Filesize
824KB

Download
memory/3708-2-0x00007FFBD6B70000-0x00007FFBD7631000-memory.dmp

Filesize
10.8MB

Download
memory/3708-3-0x00007FFBD6B70000-0x00007FFBD7631000-memory.dmp

Filesize
10.8MB

Download
memory/4276-78-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-11-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-23-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-15-0x00007FFBB2DD0000-0x00007FFBB2DE0000-memory.dmp

Filesize
64KB

Download
memory/4276-76-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-16-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-77-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-74-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-75-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-24-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-19-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-17-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-9-0x00007FFBF500D000-0x00007FFBF500E000-memory.dmp

Filesize
4KB

Download
memory/4276-22-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-21-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-12-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-13-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-10-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-7-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-8-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-6-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-5-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-4-0x00007FFBB4FF0000-0x00007FFBB5000000-memory.dmp

Filesize
64KB

Download
memory/4276-20-0x00007FFBB2DD0000-0x00007FFBB2DE0000-memory.dmp

Filesize
64KB

Download
memory/4276-14-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download
memory/4276-18-0x00007FFBF4F70000-0x00007FFBF5165000-memory.dmp

Filesize
2.0MB

Download