Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://rentry.co/AX...

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rentry.co/AXRJ8VDa_ZYqlpQ

Score
10/10
lummadiscoverymotwphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://juniirsoow.shop/api

https://potentioallykeos.shop/api

https://interactiedovspm.shop/api

https://charecteristicdxp.shop/api

https://cagedwifedsozm.shop/api

https://deicedosmzj.shop/api

https://southedhiscuso.shop/api

https://consciousourwi.shop/api

https://tenntysjuxmz.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 24 IoCs
  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
    phishingmotw
  • Suspicious use of SetThreadContext 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rentry.co/AXRJ8VDa_ZYqlpQ
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c694718
      2⤵
        PID:1816
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        2⤵
          PID:744
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3636
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
          2⤵
            PID:368
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:704
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:2952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                2⤵
                  PID:4728
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                  2⤵
                    PID:4716
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                    2⤵
                      PID:1444
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                      2⤵
                        PID:3024
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                        2⤵
                          PID:1964
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
                          2⤵
                            PID:1480
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
                            2⤵
                              PID:5196
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                              2⤵
                                PID:5276
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
                                2⤵
                                  PID:5348
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
                                  2⤵
                                    PID:5420
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
                                    2⤵
                                      PID:5668
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
                                      2⤵
                                        PID:5744
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
                                        2⤵
                                          PID:5824
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
                                          2⤵
                                            PID:5832
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
                                            2⤵
                                              PID:5968
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8456 /prefetch:8
                                              2⤵
                                                PID:5980
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8456 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6092
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
                                                2⤵
                                                  PID:6140
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
                                                  2⤵
                                                    PID:6128
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                                                    2⤵
                                                      PID:6380
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                                      2⤵
                                                        PID:6388
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
                                                        2⤵
                                                          PID:6396
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
                                                          2⤵
                                                            PID:6404
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 /prefetch:8
                                                            2⤵
                                                              PID:6788
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
                                                              2⤵
                                                                PID:7028
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                                                                2⤵
                                                                  PID:7040
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
                                                                  2⤵
                                                                    PID:7112
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
                                                                    2⤵
                                                                      PID:656
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
                                                                      2⤵
                                                                        PID:5840
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
                                                                        2⤵
                                                                          PID:6148
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10024 /prefetch:1
                                                                          2⤵
                                                                            PID:2524
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5928 /prefetch:8
                                                                            2⤵
                                                                              PID:4716
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:1
                                                                              2⤵
                                                                                PID:6588
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9564 /prefetch:8
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:6528
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
                                                                                2⤵
                                                                                  PID:5896
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6564
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10156 /prefetch:8
                                                                                    2⤵
                                                                                    • Modifies registry class
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:3592
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
                                                                                    2⤵
                                                                                      PID:1704
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
                                                                                      2⤵
                                                                                        PID:4424
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6928
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
                                                                                          2⤵
                                                                                            PID:6768
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2112 /prefetch:8
                                                                                            2⤵
                                                                                              PID:2352
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
                                                                                              2⤵
                                                                                                PID:7012
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9868 /prefetch:8
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:1152
                                                                                              • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                                                "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:5912
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:1628
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:3504
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:6988
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:6560
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5138083361763547717,3137819260319994863,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9268 /prefetch:2
                                                                                                        2⤵
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:4156
                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                      1⤵
                                                                                                        PID:32
                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:3424
                                                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                                                          C:\Windows\system32\AUDIODG.EXE 0x4b0 0x4b4
                                                                                                          1⤵
                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                          PID:6836
                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                          1⤵
                                                                                                          • Modifies registry class
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:1564
                                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                          1⤵
                                                                                                            PID:1140
                                                                                                          • C:\Program Files\7-Zip\7zG.exe
                                                                                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\" -spe -an -ai#7zMap17346:120:7zEvent26109
                                                                                                            1⤵
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                            PID:5500
                                                                                                          • C:\Program Files\7-Zip\7zG.exe
                                                                                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\" -spe -an -ai#7zMap19736:148:7zEvent6876
                                                                                                            1⤵
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                            PID:5576
                                                                                                          • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                            "C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe"
                                                                                                            1⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Suspicious use of SetThreadContext
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious behavior: MapViewOfSection
                                                                                                            PID:6400
                                                                                                            • C:\Windows\SysWOW64\more.com
                                                                                                              C:\Windows\SysWOW64\more.com
                                                                                                              2⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious behavior: MapViewOfSection
                                                                                                              PID:1164
                                                                                                              • C:\Windows\SysWOW64\SearchIndexer.exe
                                                                                                                C:\Windows\SysWOW64\SearchIndexer.exe
                                                                                                                3⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:4088
                                                                                                          • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                            "C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe"
                                                                                                            1⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Suspicious use of SetThreadContext
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious behavior: MapViewOfSection
                                                                                                            PID:6172
                                                                                                            • C:\Windows\SysWOW64\more.com
                                                                                                              C:\Windows\SysWOW64\more.com
                                                                                                              2⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious behavior: MapViewOfSection
                                                                                                              PID:6060
                                                                                                              • C:\Windows\SysWOW64\SearchIndexer.exe
                                                                                                                C:\Windows\SysWOW64\SearchIndexer.exe
                                                                                                                3⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:5188
                                                                                                          • C:\Windows\system32\werfault.exe
                                                                                                            werfault.exe /h /shared Global\065174a3c3284bedb3b3d4b7ec6fb070 /t 5936 /p 5912
                                                                                                            1⤵
                                                                                                              PID:7140
                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                              "C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:3412
                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                              "C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:3512
                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                              "C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:5644
                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                              "C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • Suspicious use of SetThreadContext
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious behavior: MapViewOfSection
                                                                                                              PID:2888
                                                                                                              • C:\Windows\SysWOW64\more.com
                                                                                                                C:\Windows\SysWOW64\more.com
                                                                                                                2⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:6272

                                                                                                            Network

                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                              Filesize

                                                                                                              152B

                                                                                                              MD5

                                                                                                              e4f80e7950cbd3bb11257d2000cb885e

                                                                                                              SHA1

                                                                                                              10ac643904d539042d8f7aa4a312b13ec2106035

                                                                                                              SHA256

                                                                                                              1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                                                                                              SHA512

                                                                                                              2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                              Filesize

                                                                                                              152B

                                                                                                              MD5

                                                                                                              2dc1a9f2f3f8c3cfe51bb29b078166c5

                                                                                                              SHA1

                                                                                                              eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                                                                                              SHA256

                                                                                                              dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                                                                                              SHA512

                                                                                                              682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              ddd5d38a01ca2c742083717a5dc3d163

                                                                                                              SHA1

                                                                                                              dcb83e72203eb2d5ea8379d1e043f3cabe2988b9

                                                                                                              SHA256

                                                                                                              a49f6201fc84905c9f2605e1538ff4594234825efd38e9eb2ddb0f844ad8c984

                                                                                                              SHA512

                                                                                                              ea4d6bd9d8c9ca06171538435c4edc957ef4a535ae9b898587167c7fcae034bb5d40ea2fc11491df22e84bd9d4c350a78fd60f812846ccbcadff24a5ab45831d

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
                                                                                                              Filesize

                                                                                                              16B

                                                                                                              MD5

                                                                                                              46295cac801e5d4857d09837238a6394

                                                                                                              SHA1

                                                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                              SHA256

                                                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                              SHA512

                                                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                              Filesize

                                                                                                              9KB

                                                                                                              MD5

                                                                                                              fda86c265181318b850478dd9d5fb3ad

                                                                                                              SHA1

                                                                                                              72f26555c26ae18e571055a96475cb696fa89070

                                                                                                              SHA256

                                                                                                              892f2e1399ef9bb89c97e68b741972f1762610c66e5a7bcf49ec8a6dc72cacf4

                                                                                                              SHA512

                                                                                                              36b3dcc38c8de684f6921169b34e588943dffa6a6bf082e8f298d9b7433873943b6d6e44179adbcd4fe979c362b9a642bbee78df48d3902f3f93c1eaab6d1858

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                              Filesize

                                                                                                              5KB

                                                                                                              MD5

                                                                                                              d91b15a19c939ab04df7c7892984e2ce

                                                                                                              SHA1

                                                                                                              f29298dce004e07561f13f7ab93e75ab460a1559

                                                                                                              SHA256

                                                                                                              f0d097c4b7e1d044d2fb1bc47cd267935d7d334ddc86ec53abb6cf2692b031f4

                                                                                                              SHA512

                                                                                                              49a123775a16c3b0c83a73958627444905c675bd1f71287107d4676cc72253e3df11695dfd7513aecf17aa453931bdf534d793380cc7b58f0b67bcb28b7632f4

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                              Filesize

                                                                                                              14KB

                                                                                                              MD5

                                                                                                              0d58961cbf55d9dab427204000ded440

                                                                                                              SHA1

                                                                                                              f4582c8a84c4a115ac5767a9cc1bc3870c1ccee7

                                                                                                              SHA256

                                                                                                              2cd1f8a2eb3a90b4df8e2ce9d9c47167d2b535416046bf86780f180d1c5034f7

                                                                                                              SHA512

                                                                                                              c551186a7d1fcf9858318fefc2608b1d4a4d3dbe40065d046ba1105eb16f6a1a9d0853304db7545c7eebd5370c695f4b45e81764ef0f74bf28bd5f9da00a761a

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                              Filesize

                                                                                                              11KB

                                                                                                              MD5

                                                                                                              61968f8ce9f0d64640e0252350114963

                                                                                                              SHA1

                                                                                                              900e2f241e7aee97059b918ff0880373192f739a

                                                                                                              SHA256

                                                                                                              e2332b0f5ef3e589213ffba54f3c8db55bb2b2ed006b83c0775701ae64e40e25

                                                                                                              SHA512

                                                                                                              4093520ba87817c442d2fb8a7d18c5c0ea9ae1494180197c0f5565914e80a835cd2e58f3c0abe714717f82c8cfa4218985cf7808812b7dadcf8ae88ccb6a69e6

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                              Filesize

                                                                                                              15KB

                                                                                                              MD5

                                                                                                              60fc088ce876eee7492294e49e545532

                                                                                                              SHA1

                                                                                                              23fbdfc77b706f3be2789a0e6b6e027156804263

                                                                                                              SHA256

                                                                                                              2dd21a53ffeb1174f845d23864b076fa725e3e1edc0664351058a65f77d27f4f

                                                                                                              SHA512

                                                                                                              1c178c64ff69ceefe5212aebae3204f622b9b9e3955dc3fd61fd9fa8b896066b75d01fb9bedef5fb72742b9a594856c97fa6f888a33671e4b4488300c71a5de9

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                              Filesize

                                                                                                              15KB

                                                                                                              MD5

                                                                                                              d3252dc7d47ecd93c59a14d26e97d669

                                                                                                              SHA1

                                                                                                              4495b0cacc309c70abd4e3ec88ecc150028025f2

                                                                                                              SHA256

                                                                                                              2fdd59c3406facab5d6313ff14f3301b1e2b64eff2024db33e8d63c152d978b8

                                                                                                              SHA512

                                                                                                              c018d5f10f98e0704ff31751341dad954cb772627a7d429b59bb9eae0b5bf9989aaa2802f398bee697f56f6a90602f3b63b02999e59f7fff02bafc6e493f2bfd

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                              Filesize

                                                                                                              15KB

                                                                                                              MD5

                                                                                                              151e7eb60bf6cb19508abce0e1750d7d

                                                                                                              SHA1

                                                                                                              ac898049119a52de73691ace0006cad6c748d532

                                                                                                              SHA256

                                                                                                              b14d9a34ad83c54b27d52cbbe34b3d979beed8fa00d11d5a542e135372dca548

                                                                                                              SHA512

                                                                                                              03f8ff07aaf5ef1876ca34eb3a9d923345731dce8eb778c2110b9035f70ebcd413f23b436e256e547f80170958216214a7ef96083f7c869eb649ec7827986347

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
                                                                                                              Filesize

                                                                                                              41B

                                                                                                              MD5

                                                                                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                              SHA1

                                                                                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                              SHA256

                                                                                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                              SHA512

                                                                                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                              Filesize

                                                                                                              72B

                                                                                                              MD5

                                                                                                              4c4defa44992c1759dd5046574c871e5

                                                                                                              SHA1

                                                                                                              e35fc220ea76f43c67d8673a3b460e43994736c4

                                                                                                              SHA256

                                                                                                              9ac97137f0dbeb75f0a4b2d65155ae87bd31f9de1d3c27f6d3b39110ef7b0259

                                                                                                              SHA512

                                                                                                              125bbddd55b9b437d0d29cb914b6919d10127fe1e2539408696af7fc7229db046e70d9fc5c7ab8e9609bf3705cc2b250ba04f4bf933434a48d301bd4ad1d1604

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580a2c.TMP
                                                                                                              Filesize

                                                                                                              48B

                                                                                                              MD5

                                                                                                              b890db3a15dbdd86fe7587e7be0bc8fa

                                                                                                              SHA1

                                                                                                              0406745443725aabd9a01e120b9ba8867538b571

                                                                                                              SHA256

                                                                                                              a33ae28a6bb053170368e3025db979fc09039915b1a898e0449024497a00961d

                                                                                                              SHA512

                                                                                                              bb7900693498c730a6809331c94810c7e1642c8bdd41ce3442cbecfbeb8dc9732169a0beb45d732b128b84262ba169b631d6d65cd5e76107cbb1ec1931be1829

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              MD5

                                                                                                              62c5cbf85f70244be3d8d2df8542c3a3

                                                                                                              SHA1

                                                                                                              6411b21b1d0f32a0e8424758d2251a40718e3543

                                                                                                              SHA256

                                                                                                              998ea996ca6ad75560662cf86f1531d9658314d30c12ba68828e397ff0d12794

                                                                                                              SHA512

                                                                                                              f609d2bc201edfed3f8e52bcf14f777cd8a08027b096ad7275cb55a48bfa2e8697c7b1302a06d0b59630d1c030f4820eb5c6a7a75b75196208a74dd691d28684

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              MD5

                                                                                                              9d8e282f1d964ef2afa8ae4611bd123f

                                                                                                              SHA1

                                                                                                              2263898a8486171d80bb4432ec3eda2241c18b5f

                                                                                                              SHA256

                                                                                                              2e916d32aa6a8be475584ebf3af02310a4b132aa4ebe2dcff88d24cd3c25fa85

                                                                                                              SHA512

                                                                                                              bea9c69307764915db82ebe741b1b3cfb71dbb114fb808774bc0c00ffee0554b73d9506c206f48699680b7edfe4295615c3836123321e51d0a9efcbaab252e72

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              MD5

                                                                                                              7fcad3686c9ee74ec7f7dd2dd9272e41

                                                                                                              SHA1

                                                                                                              189565395c12b4bb0a2e2bd7db8645a16f349a32

                                                                                                              SHA256

                                                                                                              60d01a5f3fd8b7fb53145df317b32c81290424f60d84ad0628338d576adc8313

                                                                                                              SHA512

                                                                                                              3db1f9f2e2a0f9d198fa59a357f34656570e6358dbdf58319136ffdf26c3e95372c9f6037ba1bd117a9ac68fcca1562af3ae249d12e818a63b52b882690d7071

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f05b.TMP
                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              a19f158b3e85ffdbed346779be1e03bf

                                                                                                              SHA1

                                                                                                              91d60a1d0aa7d95f8b55f13a69a4e010bd397d99

                                                                                                              SHA256

                                                                                                              927412b25ee362cfa3990df0fe8dd2a93818a32324e2de1bd3b54cb01b8be68e

                                                                                                              SHA512

                                                                                                              bcfeceb5724b0f7dc601f95dd990b0be3fbb760a019a98ba8c55d33183c24962f4de994298b80295fe867b78778068389dc4dca7742a3a9584ac0d2b9c9dc698

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                              Filesize

                                                                                                              16B

                                                                                                              MD5

                                                                                                              6752a1d65b201c13b62ea44016eb221f

                                                                                                              SHA1

                                                                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                              SHA256

                                                                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                              SHA512

                                                                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                              Filesize

                                                                                                              12KB

                                                                                                              MD5

                                                                                                              85e1c5b5638699d011d0652a12d33da8

                                                                                                              SHA1

                                                                                                              045d0d322ae1bc63eb2c2a1ba5601378ed4229cc

                                                                                                              SHA256

                                                                                                              4ef9c1c652bca09904984e0a3116770ad55f1bac5dfae0fd2ac60da0f38a7bc5

                                                                                                              SHA512

                                                                                                              2d14bb9cb52c1bd5f54cb21a7af8b147d21847d421c6063b7f82c26d5de071730fa7468db5f690a9e4d916aa6bdebad5b848059b82d4fd2f98149828f7687c2b

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                              Filesize

                                                                                                              11KB

                                                                                                              MD5

                                                                                                              d3f64941a99b3bbd9306f83daba3453f

                                                                                                              SHA1

                                                                                                              f1d4dc97b81b115169dbe3945eeced9862f488cd

                                                                                                              SHA256

                                                                                                              07831397a2a95ac2d1ee88b1c67a52d9fef13c08c6d8800fb36d542b15904438

                                                                                                              SHA512

                                                                                                              b7a46fc893f1179b1ff68d551ea4c60d43e9c8a8f69f4abbaf78c2832dcdc9a6b729b725cd227b2683186535df2a2bee521236e82a43cec1e385d5d7a3bf52ba

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                              Filesize

                                                                                                              11KB

                                                                                                              MD5

                                                                                                              99cdaf91e8c321baa4982ae9ac93d608

                                                                                                              SHA1

                                                                                                              06046f3e064f26a218b91eeb7d93c0ea5df81127

                                                                                                              SHA256

                                                                                                              9ec609f5d0e3c5e525ba770685fd7ac71929fc418952efd406b4ed1ea940bac5

                                                                                                              SHA512

                                                                                                              f4ee72edffd6653c1d8538289c5cb04f5d85b21cad08b282c5dbf7214d1c9d9c611f51dee28e5dc448ba7a20477a325a44c0a55322a77441e09a021e5f51c6a1

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Temp\9c2e2473
                                                                                                              Filesize

                                                                                                              1.0MB

                                                                                                              MD5

                                                                                                              740f1433ef0842ca1cf641021cc86891

                                                                                                              SHA1

                                                                                                              b9bae248043bb21113558f664b4a43791ccf6587

                                                                                                              SHA256

                                                                                                              dfb8c6e672a49a5e703faa469bd5e4dc434a2a4a9f60ac8d2f34bc76831fe3b5

                                                                                                              SHA512

                                                                                                              b593364962e240453c5cb152909acb192f941cef39daf3f6911cfbbec5e5377577afa53e863f4e91742afc113a6db18c3920f14c4136bd9ece077705c597ae56

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\Unconfirmed 814696.crdownload
                                                                                                              Filesize

                                                                                                              3.8MB

                                                                                                              MD5

                                                                                                              46c17c999744470b689331f41eab7df1

                                                                                                              SHA1

                                                                                                              b8a63127df6a87d333061c622220d6d70ed80f7c

                                                                                                              SHA256

                                                                                                              c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

                                                                                                              SHA512

                                                                                                              4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔.rar
                                                                                                              Filesize

                                                                                                              9.4MB

                                                                                                              MD5

                                                                                                              18525c80b3fdc710112ddc1e3a15c59d

                                                                                                              SHA1

                                                                                                              1eee848f44f0513df3be61ec46cc66870dbc2d4a

                                                                                                              SHA256

                                                                                                              c6d67292c6034b1668a5c8f334d9bbeeb40a534983b7a5a47d0973de89e3decc

                                                                                                              SHA512

                                                                                                              b9b862c65380ec1987ce3aced97d0a1c37896bb92347ad561fcb535a7320ea08e15c2dc1660400d63b146856f1b30b678d3b95fca23440415120b544ab0b7897

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔.rar
                                                                                                              Filesize

                                                                                                              9.1MB

                                                                                                              MD5

                                                                                                              03c9e14dc45aaa79fc31376e7702dd10

                                                                                                              SHA1

                                                                                                              1c5726050764eb15b08f0751728d7db36ace9058

                                                                                                              SHA256

                                                                                                              238baf1490183fdca9ed50164e48b420ef6ef37f2dfeec71c89d346e99fb3ff4

                                                                                                              SHA512

                                                                                                              a3b8cc2a023af960606e6290b9e9947be428187c2433d683b0aa0e26403e47c34da770cce8b2e631fb5d3af79c47f0d855799b41b472718ce7e2d86c49743cb0

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\ProductStatistics3.dll
                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              MD5

                                                                                                              59c15c71fd599ff745a862d0b8932919

                                                                                                              SHA1

                                                                                                              8384f88b4cac4694cf510ca0d3f867fd83cc9e18

                                                                                                              SHA256

                                                                                                              c4ed07ad748661ce776ac6ebb4f8bef7619586bfb4443ce58c92d4b889f3d5c2

                                                                                                              SHA512

                                                                                                              be3425d55dcaa361bc8481b87b2086454baca79a3c948de9acf9ef7d3084d6d987c328d665b45dfcd0510e2c97c980aa63d7cd669fe9fc1a67983c325593481e

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\RegisterIdr.dll
                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              MD5

                                                                                                              58d0a7eeb1c40e27d20139a2bc8d94aa

                                                                                                              SHA1

                                                                                                              e3374ae7fd0c5a18f5011af14ee7eb93bb0050be

                                                                                                              SHA256

                                                                                                              b93f7273c347faa15ae72fb3f14452ec2d5d96b729bc61f35b83f2f2ba69de8d

                                                                                                              SHA512

                                                                                                              f50ec8e925e2048aa3e874fdba35c926b8a0b41c0beb1c703fc16db71415c12e8e5990db3d217b0b9a34aa2cf01cef5b7fc707c3c5db711921e4254561719e29

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\Setup.exe
                                                                                                              Filesize

                                                                                                              2.1MB

                                                                                                              MD5

                                                                                                              db7e67835fce6cf9889f0f68ca9c29a9

                                                                                                              SHA1

                                                                                                              5565afda37006a66f0e4546105be60bbe7970616

                                                                                                              SHA256

                                                                                                              dbd3057a58fd3407c95418bc5d9c253adc8c658ee338f22d58374ed3ea37b738

                                                                                                              SHA512

                                                                                                              bc2714bb408715e5e1cec1337b831e26dbda208183955a07ec8653a38c9c0f25f60f333a154b738927ce085e7bbff438963b941a6c2773b3e7325cd900e7651b

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\mawbgs
                                                                                                              Filesize

                                                                                                              71KB

                                                                                                              MD5

                                                                                                              48baf9e909a340c0a1ce5c1b31554eae

                                                                                                              SHA1

                                                                                                              aa0e91f7f22511c1db997a56696fcdb67264ef0c

                                                                                                              SHA256

                                                                                                              02c25588f82269764d930d5ab8e087f0998ceec5920d2a571b1963fb9d415a46

                                                                                                              SHA512

                                                                                                              5b3fcb58d1522cf6da21a993b7fefb6505f5b116ed25b967e248c7b32aa302490cf7e3aa97bd82aefa87dccf5b337bdfe62dfe08195e96aefe690231de170c8d

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\Downloads\✵s͜͡etUp_Use_2945_P͜@s$C0DE✵✔\「SetUp・H€RE」✔\oet
                                                                                                              Filesize

                                                                                                              835KB

                                                                                                              MD5

                                                                                                              f9acbae7aa13728d72ad007991c0e254

                                                                                                              SHA1

                                                                                                              5c9dd9095a894fd822a72e0c6dd8d3c8b28fdb4e

                                                                                                              SHA256

                                                                                                              aa5d4b2bd513eea317ddd1900bf5e547d51d44b97937dc9167424dae2056076c

                                                                                                              SHA512

                                                                                                              e812f1f14a724a6e57f61e2d475ca663cfd51b502bcc967999a83754c681e93b7d5b7bb738298576c7b596f7933c8f5bc4e80529f06c9cbdbc1c0cb37d71995e

                                                                                                              Download Submit

                                                                                                            • memory/1164-717-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/1164-691-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/2888-754-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/2888-765-0x0000000002EC0000-0x0000000003032000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/2888-753-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/2888-752-0x0000000002EC0000-0x0000000003032000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/2888-751-0x0000000002B60000-0x0000000002C7E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/2888-761-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/2888-763-0x0000000000400000-0x0000000000669000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.4MB

                                                                                                              Download

                                                                                                            • memory/2888-764-0x0000000002B60000-0x0000000002C7E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/3412-727-0x0000000000400000-0x0000000000669000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.4MB

                                                                                                              Download

                                                                                                            • memory/3412-728-0x0000000002CF0000-0x0000000002E0E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/3412-729-0x0000000003050000-0x00000000031C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/3412-726-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/3412-725-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/3412-724-0x0000000003050000-0x00000000031C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/3412-723-0x0000000002CF0000-0x0000000002E0E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/3512-740-0x0000000000400000-0x0000000000669000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.4MB

                                                                                                              Download

                                                                                                            • memory/3512-737-0x0000000002E20000-0x0000000002F92000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/3512-741-0x0000000002A50000-0x0000000002B6E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/3512-742-0x0000000002E20000-0x0000000002F92000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/3512-739-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/3512-738-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/4088-721-0x0000000000A00000-0x0000000000A65000-memory.dmp

                                                                                                              Filesize

                                                                                                              404KB

                                                                                                              Download

                                                                                                            • memory/4088-722-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/4088-750-0x0000000000A00000-0x0000000000A65000-memory.dmp

                                                                                                              Filesize

                                                                                                              404KB

                                                                                                              Download

                                                                                                            • memory/5188-760-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/5188-759-0x0000000000C00000-0x0000000000C65000-memory.dmp

                                                                                                              Filesize

                                                                                                              404KB

                                                                                                              Download

                                                                                                            • memory/5188-776-0x0000000000C00000-0x0000000000C65000-memory.dmp

                                                                                                              Filesize

                                                                                                              404KB

                                                                                                              Download

                                                                                                            • memory/5644-749-0x0000000002F50000-0x00000000030C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/5644-747-0x0000000000400000-0x0000000000669000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.4MB

                                                                                                              Download

                                                                                                            • memory/5644-748-0x0000000002BF0000-0x0000000002D0E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/5644-746-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/5644-743-0x0000000002BF0000-0x0000000002D0E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/5644-744-0x0000000002F50000-0x00000000030C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/5644-745-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/6060-714-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/6172-693-0x0000000002E30000-0x0000000002FA2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/6172-702-0x0000000000400000-0x0000000000669000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.4MB

                                                                                                              Download

                                                                                                            • memory/6172-694-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/6172-695-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/6172-700-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/6172-692-0x0000000002AD0000-0x0000000002BEE000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/6172-704-0x0000000002E30000-0x0000000002FA2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/6172-703-0x0000000002AD0000-0x0000000002BEE000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/6272-775-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/6400-683-0x0000000000400000-0x0000000000669000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.4MB

                                                                                                              Download

                                                                                                            • memory/6400-681-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/6400-674-0x00007FFCAAD70000-0x00007FFCAAF65000-memory.dmp

                                                                                                              Filesize

                                                                                                              2.0MB

                                                                                                              Download

                                                                                                            • memory/6400-666-0x0000000002A50000-0x0000000002B6E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/6400-673-0x0000000073920000-0x0000000073A9B000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.5MB

                                                                                                              Download

                                                                                                            • memory/6400-670-0x0000000002E00000-0x0000000002F72000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download

                                                                                                            • memory/6400-684-0x0000000002A50000-0x0000000002B6E000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.1MB

                                                                                                              Download

                                                                                                            • memory/6400-685-0x0000000002E00000-0x0000000002F72000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.4MB

                                                                                                              Download