hxxp://normalnastrona[.]rf[.]gd

Resubmissions

03/09/2024, 15:57

240903-td5p5ssaqc 8

03/09/2024, 15:55

03/09/2024, 15:54

03/09/2024, 15:53

03/09/2024, 15:53

03/09/2024, 15:50

03/09/2024, 15:45

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://normalnastrona.rf.gd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4912	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 97605.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4560	vlc.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
2012	msedge.exe
2012	msedge.exe
4904	identity_helper.exe
4904	identity_helper.exe
4284	msedge.exe
4284	msedge.exe
5272	msedge.exe
5272	msedge.exe
5668	msedge.exe
5668	msedge.exe
5540	msedge.exe
5540	msedge.exe
5548	msedge.exe
5548	msedge.exe
5800	msedge.exe
5800	msedge.exe
5864	msedge.exe
5864	msedge.exe
5932	msedge.exe
5932	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4560	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4064	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
4560	vlc.exe
4560	vlc.exe
4560	vlc.exe
4560	vlc.exe
4560	vlc.exe
4560	vlc.exe
4560	vlc.exe
4560	vlc.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4560	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2732	2012	msedge.exe	83
PID 2012 wrote to memory of 2732	2012	msedge.exe	83
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3372	2012	msedge.exe	84
PID 2012 wrote to memory of 3348	2012	msedge.exe	85
PID 2012 wrote to memory of 3348	2012	msedge.exe	85
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86
PID 2012 wrote to memory of 4136	2012	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://normalnastrona.rf.gd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,6424691427614926225,10754446112819467383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x398
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4064

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResetNew.au"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Public\Desktop\Google Chrome.lnk"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,15649227434900869633,9453320507075566231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Users\Admin\Downloads\chrome.exe
  "C:\Users\Admin\Downloads\chrome.exe"
  2⤵
  - Executes dropped EXE
  PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
501f15e52b4b71879e8409455cac6d18

SHA1
a622abc49bd7c08d6413f55579527cff9ecaef9e

SHA256
6ccca8b65e3ca8cbe95c52985eb153b39ccc0ea3200bfde6b01a823975c861d5

SHA512
279a9112d0a05bfd8217dd19e6a04e3d49bc2a171af631300d1fc0f57eeebd9302713e593738d1312dd04c635d90235e27156db6bf4f56f1fe6eb30b01191836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fcfa6d3aa29d45314288f5f4f02122ee

SHA1
aec89210d524a522c77f2ad06f365d3ba1762696

SHA256
5e033ff50a73238129ec2efb0eaa11fa43d51528f61749eba9ce93f5df853c12

SHA512
293f4a7014f80dbed01c28bf35e7800e7ca237c23622b6a8d5ba6ab5d790e1e121e7db695691cf5d9f1ff0aa83818d651f3bb355622d91c9af0c78e7cac64e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1bfed86260ccdc5858cd56d33814233d

SHA1
ac60071bbfd416a6b2d4e6dbd84c58030680c192

SHA256
def393452f445985dfe1d61c11ef82d85c2d809335b3def0beb710d99e1baf9d

SHA512
e280c9607a8cf44042535c919d3a6957150d298cc51733804a23c14809b43afb0c1984d5b00c86b2baad240e95a3c811f44723b7b3ca3fc56b9d3ceabec0ce2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
74312ed6784033303ee68370a6c68ed7

SHA1
78adf4ca0aff508361e3687a5bfd91fa096643a1

SHA256
23cf27e20ec8685236cd81bcd26ccb1ea5fd6cfdaf6d4f98ce86923ba7191fe0

SHA512
63781e836c1b6b288781f056372d808fab6b758637b8e947f07a866a96aa096104b972466787ce3e371940c6cc3ab4548f9231e6e95bd40937039f53655d2359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
5be0807219f61c7765c2ddb026c2cdbc

SHA1
361b151475937e4c00366d49a295a67605353e85

SHA256
1b336423739d0195d5d4179383908d9c398575f31f2f803cada92eb8fbd54fb7

SHA512
54d588267320b0c8d2668cdaedd485741bfc869301dc12cd6128e77a4248cd92de7dada33dee9efcf6755ff2ec3eba1bd3a0c727a76c8255d1f427afd6184aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
d269dd2bd703cc90adec37610f7f5c72

SHA1
13e3d1a20ad3ff0bf39cfe0b92de69bda1ace8b0

SHA256
cde16a91a4cdb5e27a87becd821005f8064a4d0ff3ca3f1dbafa46b4cfd64751

SHA512
09dca111a5c64f80750f4ff11876e3ea85c4dc816c44578c8e30403d9b584754626131c73c3ddf9d4194fee8836a69ff6072479f45cc6fa14a5b0b2495c71d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5d5ecf7890a806be547d3f2df8687d1d

SHA1
1fdfb944b30f36f199dd87c63a0b4a633f381629

SHA256
456cedfc213ee06ba280f2fad4caa8ec921ffa2a1b8f248d80fd4460c2f8177b

SHA512
05040e926ea8c37ba0adacdab41415af4d6d3ddbcc433348c003474d280747eb6d6b74ecd6315588f4b67e1921a1b288d33091463ed4f5f7926ef99fe147185f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f90c2e6dea79d559f0a5c510bd48f2ad

SHA1
ccd09c7c9cd04e33a1cb9bb214ca5fb525f59583

SHA256
e352fcd1df5af9d5406cb03c524bda7313531c9e2e8cc9b0d5b1f5be29b046e8

SHA512
52cd685bb2602c0f59579471c15f03929c51974909951c8af7d327381f19dd2641d7bf78ffe7ad4fa921a0847a0c06543db1750d3c852cf4f9f631a7c08bc100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
33146aafcf1a6c1fc5792cbb67c56d66

SHA1
d74b21053256e7ec4431a571f0b4dc6d70890e4e

SHA256
a11d03c2449ea0475b32f0815e310305010189fab32cb2d976a199da4dff1f31

SHA512
351a2de37346d61e8db4a9e2fb854a7172a92b530046eba3ab58d5db2b6eeb38c9c1870f72e8aa414328ee381e7aa8e7b227fa428afbfe28413aca0dcfb2fee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
5c8039b8279e4e549c2aa18e5c35ab44

SHA1
f4229a34e58ad9657712b921dd98fcedbce1b492

SHA256
fc58405549fb7c63f5fa77a51626b11cfb2a087fee5adb39a1e1c33699a7b6c5

SHA512
10aeb4efc431d64cc000da8628d9634feb6c405f3c561a390c4b48d6afbe5a9c9167c4af683f95411eca73017c839265dd2d1c497ace8b4e8d4568b7cfe2eafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b57323ca4790e656bc5dad805035853d

SHA1
524c2cd46a614fd7236f982e8f99c01feb89f939

SHA256
c4029408e075e3038e7c378ff447c7224237750068bd3fe0d7fe044a7a2ba161

SHA512
c31173b7525d84f7e5a9d252eebb35d2ac69e2303973ea4170af603afb404044a44621e119bf1373d4e3bdf6ba1776d69583978654a2d0c33926ac99c4a798fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fe964af5fefb33a3d9fac14350defa1a

SHA1
72f89667a67ef7f6fdc6f8358cbf2b040c1fe9f0

SHA256
11ca0616982cc469e45b973298086dc7b89cfb2bd351a72736d318dc70dd0e45

SHA512
20afd458bf5121848a3db7e8e595dca3697a159c23254dc4412a559c9235fcd78ae791bf6ccb7ceb5ec72c51c99cd26d066d578ca367e11239a7aedd9d6c41d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
194f0b51eb2bd5d01591439e879bf190

SHA1
68d5e8f10420bfbb6e642c8f333436b881551eb7

SHA256
a684d182be691d496ec3c3795ce7113a4f49a85b1098a5beefe195c9e52dbab3

SHA512
8c9f973336d0e26499b46f4f5f6b84dfae2ede10b1636744ec559921d362d7b6194e631e7ad739e10bcec60ea599f7c1ef1fef6ffb3241bac132c74a3ab701ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
121B

MD5
e6b5b8c6bff2d4fed4c4188ca617914a

SHA1
f642b145f2c3fa5df525eec74c68fee1bd032b43

SHA256
e20ad05473a9b1d92961cf3430db450e987f482d8f7621a8ce2b67903d81ea44

SHA512
347b5cd6f1520fac177197bfa825489fcd7005974e57156ed0523f32a7d2c4c32bf303a98ba2855e6d3b706ef06eaf64969f95631111d6e52fc94fdae3864bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
8ea434bd2a6f91b3782f0409d4447cf3

SHA1
eafcef29a52f7158211c668edce7f4a45503ec6c

SHA256
4f5348b025beaa9dddc5d8eb55a4378a137db9e1f12c5e905086f58ffaee4064

SHA512
b9a84e0bb12a2f65e0bdb21d0f39448bec421954ce7620194e5bc58cbefe08ccf8bd86fe623107cb4d7500b58f7052ca9c7a74a0d27de7f43417ad04f4e77da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5ae98f8bfb5b47a4ccebd1b4ad546173

SHA1
9ee70ff6ad9106eb22bc761c585cb608f08cc603

SHA256
8c822155da44e81b495e370f0ad550619c0eebd9bc5925b9f9c1f82f3acea775

SHA512
642ba2002e93fa7c1db8b3e5658769a1a32d43db37542f405b219e4b282d40f0821b923a225a29d0926eb1aca5800ecccdf32f9b008ba99d6229b6bcef25da36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4d703f6ce11aee65d70393ffc9e9d313

SHA1
6457bd98ab8dfefc3ce8035d1ef672573cb4e8be

SHA256
e5021812c936ef202419e06c484129a7543ee0c2910cc8e3cb37b2cbacc3bc17

SHA512
ceebbb9ac788dbdd13f2e2ab786c06f321560000897826ba92163a3bddae179af0eb9581b7fce64a3e80a406d9bbe06672f2a1277e938150457e92884a46568e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06aad31be18a59f020ac0af53dbfdf45

SHA1
333b6841cf976e5e64f2a7240eebf55797b65e6f

SHA256
70fa37e1f45d6d5acd8929942436cd7fb7330d1f43bf379e4d1d2300c54f029a

SHA512
f2dc7ce5f85f3a93e40a22efb545f0cf3106d6f0c9d7f45131a5aa2c082e00261d1c642f2714ce25a339f66481f74fc713d60bb5bd559541cb280eeafa004eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94c1db7bc5cf492b1499aaf95c1d1f44

SHA1
9925d3c8f8dd0c941d0221a22c34e6b752b89a31

SHA256
316935430cc3132fda30d61fbf3b88e8f037c3a7c8432232a0785390ef675b6b

SHA512
7cc3eb53287e8113efb9368580ec4bd62303f82529821a530bc64a35b817ee0247df8de30d18687fe731b80b2a7117dd5672303b8e953b59e96c266e31f2c413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
437d8cd84ef6cf0f00a5b5d251322abc

SHA1
4f7796e39a5d54774d7e546f7f35b620cc81f4a2

SHA256
952938a206909688d61f4e04ff684338b913ade198e63278de1158d7af4131ee

SHA512
c65a66e8bb393cbb557a606f554fc780c78fd71ac537d73bb5dcd49c0a33fd15c2b3352c3fd1b0110a807371abfb7ae6151d60a5770c834eb9992d29c2bbda0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61b36c3ca94145167a2e9a3a2b9aaafc

SHA1
bfe3135a318fae7d183b98614eae8809d02a976e

SHA256
8472b4292bc7b55b82129527a60d201eaf742d3e1e681b992d0a062d5652526d

SHA512
633e7d4c27bb8bd734dcb8e28c0f806c363726f1e0ae075e5e4ebda7eeeb4efd324166f9c7ccbc6c5462e8d2d471185ecbb6e8231518f7f9c0565e6e720a4ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1d397a8fa0bde2954f9c59fde8a820ef

SHA1
1a850669d3df8abb04ce53b0ee4e57d91079c46a

SHA256
ae2457527f9e4efee37c73b06592f0eb7b12cc2afa7ad9b5b50e2358b3ed4bb9

SHA512
5f8b37277d90be7a3de72e659ea53d5cb4051ca39ed346220de57625bd8ca5a7baa9fcdcbbd550f2029a86d5a4bc0193172b87e7bcad5311e7ee3556850dc2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ed6de6086efec944aa4d9093ea539ec

SHA1
1f52dfc11321faf97d0b2520a7ee08285e01d7b0

SHA256
debf084d25a645a44f2f51ab039734f5c46f4edc0971c99387b03d47ec18979f

SHA512
36e301a9401705d010c4af33c876d12a5030560cd3df1b0f06b8863d5d348ec1ce04a1bf321a7f2e3b8794d11a5a47b052cd74fade43f55d8d6778eec775fb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
038c8d3b838fe78bcedd0fdef9ec36ed

SHA1
1b3f969ba5fc7f09f10b3429ec94b3aaedb55209

SHA256
f80de5874a685aad2f35df91249b762771bbbd380621afe5bfe85d92a3a8f6dd

SHA512
ff61e64d1cd54077e2948de8b72e6eff5452e5b21b3154175546a265b44b3d07f99ceaa3007732023198f4139a33db487beba987bb54dd3ab4bc3bde7ef0ac4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
115e5188a8b7eb71283551ed948bd20a

SHA1
979aa984b64124b6791f71352779b5bcb10befc6

SHA256
a7c3fc83a71327d7e648c798707ee724a29a5b72f2b3ce81ce0ab2f1dfef51ee

SHA512
d1c7d7262059085e6250e61124732b5033142748525e1923b22c10a8de881589191bf61303512863fd5f60c4e5ed05ebc45093a35b1d39f4b5f3b4dca420be50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
963B

MD5
866e1129be7808dae2fb7bf7b72dd0ec

SHA1
a4ebd42c1755b60e22f3fcdb1efe23c965bc5ab4

SHA256
e6de6e3c6db08fa9b301583b702e53298752f95d5b88d73d8b41bb31444d6e9c

SHA512
3b6bc2eacb06751fffd15d6c5ba1ea82cdeac045e4e845315f8ef3c2ea39fe5f81b992f6b84c0a67ce535a26184b10c62c7c6f40873ee35b33610b15097fa9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
679dce7dd1bf62cba9e1bb1c4fe530c3

SHA1
3ca470bc9fdde366b86438d67591f027fa7fa2e4

SHA256
6334e85493b99884f27eaf4ee130441a05662bc1552db694712a7ae75cc38d9d

SHA512
aaf8fc3cabd0268eb79cfceb515baf6651baf17b89b2133c969691938e9e8b1721d213c3140f721cc0e65646e89632dd5d91aeb3a1e626dd60a3007763051aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369852543322041

Filesize
7KB

MD5
e235f7173b34e3251d9d24054bdf8e2e

SHA1
432d5bc51ac6437d7483b59ff929d21b11b17ac7

SHA256
1f34e23b90cc93d9f6775629678138ea1f3124c381ae8df41eaa288c62bdd671

SHA512
8c72e4a8018d7244bef7b669a256bccb7aa675368f7d99db6da50bf7114dffbed672d3a2712cc619fce2a3f54c6c57e7c191bf2ba8b97bcbf33760502d619fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
244B

MD5
8e69fc8311bc2324e5328993c1cf9d02

SHA1
5a6db546a4f90a026f387e56aca6e8dad7319271

SHA256
0101897355c9092c8f009f0169d562e16d3cf73dd308f36b3c2bf9b0b4221618

SHA512
0ab4e3a30594282d94a3ac5cbc4e011b6e8966526e6e4d9230bfe721488aa0daf6bf73be091bac11b3f2cee95e68a3ccc96db54adbf21a27cdbd75a896f6af19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
777b02c40fad537b92902ff581fd3216

SHA1
8b7b613b9d2d32dc38046b8feef79108561c2d66

SHA256
eb47b972c563cb62b9c0b1b163ade52fddb94face1bf3ed4861c571de01e01a1

SHA512
e28b0afffe34dcbcbc75ad26dc99edb2f79f674a5a4c4d18eecdcae3f6ef7984f5aa3ea60d45c2a8f157d320440635f1fb9e50274217068e6f3c203e22935515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
55f8fac95a8df11d0ef9d818b5536dec

SHA1
46a33a68eec6a31c120349cc4327e96edf21db33

SHA256
54a8a8f5566be09c5cb98c83c5642bbf8166786d7cf0674ceb3b44a09fb2006c

SHA512
6e0d29042197ce789ce309aaa1c9b8134e33a369d1b4a53f74478b50cab55c0f08771cdd4a9f7469ef786870da2b7d015cfea2e5fa9a591b6c411fd240c772ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7731e913247d8f64b2d4dc573f861629

SHA1
905a24b7eac7b04336373835bc151306f35bd1bc

SHA256
290dbfdf0a181804a1193df25a19e4b475978506ab9f44ecfe317fca7201f916

SHA512
61b3981aa004f7168c8d616407cfc1156a4e9a1bb934b04a42bfab91ce643ceb1dc838b5a93262d2ac26624beed2eebb006b3c01e5d065a93488ccc420e56770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5855ad.TMP

Filesize
203B

MD5
6cab628ac65d6b763c8d38d0765b0044

SHA1
d0afa96c6e08b94c57403c7f3de040cd0593795b

SHA256
1fba5feedde70df61c57b05faffe20b985ade62e01755899961742419b557cdc

SHA512
39f9aabc8c8cadc216e6daa134ae778475e4ee41058b3308d74c98ce37efb9b25161fc32bb5c649a5c9fe7275a7aa19ddc3c387ad7a0cab611c01ce542f74102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fbc3afe25d684a0c2f2925aa6d09e447

SHA1
b98fa3e23eefb90ecc0a1283ce01426adf55b900

SHA256
1da7de63e0ccb0bddf8ee19715c77c365a95bd2004719c8c94f5f593cc1e7499

SHA512
f32016b2872ff87c7fc2f2bce820182154ddfed7982654e1620515294e8cd16b0044d8d6b4b0320d693288ba5fa70733a448f1a74f5ae3da37517f9356efb185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
52KB

MD5
f9fbb6f48745039ca8659c094132b437

SHA1
4cb71aed5629be452c3df502a54cbfd14f354b3f

SHA256
3119c1e23c95e3e74c1cfa5a53d5a5085a717986af5f7c376b5f39529a20e650

SHA512
2783e78e21ccbe1e28c23474a324515d5dbf186d9954666f251bfdccf699a2550b5ac2ae3104a5d4f6697863ef0df3c975f55d698b86290c4c9dbce1bf780ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
20KB

MD5
901a639a41fde69a47eba39e0b1c266a

SHA1
90d3a26bd1e8393c77cdc4b94a72a92172f8d0ff

SHA256
3bcbf43c827d8d70f0dfc2096d9d947d8c20dac071053a4a340292ab4b951392

SHA512
8920576505b6f99faf84090bb713e21b835705461f56e558f48206241784c94961d96787525b20b510be11e40d2806561b2b9413557593b9fe5b8344fe5cfb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d3ec61b9e7d14e3c81507e05910defc1

SHA1
346ec249b96632363cd441a5042ba95f58d6e327

SHA256
516aa407ca13c6ddbf6f959c0b7536ec5d9dd06c0f3a8d1ac651e1b14566c85a

SHA512
82e16894c5aca1cfbcf4b56474f13f2adf16b743068bdfe8036ce9e07dddb12e48e69c503b2ff4a62b87766930d653338f36440355ef819f5b70a949c5442f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
0678f6126407674eaa974ca5eab0904f

SHA1
c9c83cacea2024cd328340962e5d2d765903ffc2

SHA256
3ad8db20e550b83c5b5afb3d1349d5ee7238d19b9f327d58242d6ee36cb607aa

SHA512
b2dc0d0fdbeac33a89ed4587b599d23065923d2a81eddc726e42827bc1d0b473148528f25d8677a1e261a471cd7a28bee5c1f919cd339fb010942d9506858f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
5c0db4503b802ddc5587d0afc01a265c

SHA1
041de8e4436639ab18388cbe7d9bbe091e864c09

SHA256
007f962b2d18e290b2f9d078800411e8daac947835aab7d627a3863d8f2e4b67

SHA512
66483d6b7a3e99415f0534de5be7ae3713e08b171be166a5b1d80cf36d20d0ed95be46e33d695bfbad9da0521b54818cdfed481b3eaf22f07bf02bc95c4ad193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4d6aacb0e924a9d76595d7e16f3d70a6

SHA1
026c1da848e6bd144b1a3b8c9f4ff8f0d3de5942

SHA256
22e9158acf193344c44a0d046c773f6d5e0466fb4f79289f1fdd36c83e7d9f6a

SHA512
2cefc59d89182ef9681d33553bcaa73fa6198219e2b33e3255ee80991fae54992bd81e2629b23516f9e391c4ac500a488faa7a1278ae1df3277742783613304e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8fba1a942e417c34f4cc436eab1cf943

SHA1
0dd517396e9fc9b07812a4953ac5272df3dc776b

SHA256
66e4e8f83195728011143616889eac791553d5fff0aa6341bfa94fcccd77d5b2

SHA512
964db129daafa5b70b3b4986dfcecd0745789f116ec0ce4ad4608ec45d2d5d19192f44721f7e9551a050cf6dee0c6f02ce97ee27ea8fdd3f9dfe7ad38fdc1ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
7052d5b2446321cf52206c8458cfec2c

SHA1
9ce3c9ce99168225f795532dff6b95a57f2d75ea

SHA256
e8c9a23d57450a6b44f3f8fdc4f0bc56d8e6ad19ff4dddeb09c8589b33ef7628

SHA512
86d2f76720a38eeb11b4aaee2856e0f641b9c4f293ebf3afacfe9a2dc468cba9e2698c5dd94b30800ba36a65e4aabaa3c2e74535671de66fd334182180c380d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
19KB

MD5
224859ff4912ea771c591c6c0d6b8c76

SHA1
bca46136f55b29816ec41e0a72f6925a865c2c2e

SHA256
ad78e3585c8ca04d3cdaf44c8eae4b16325c72c08385445d9015052732aca099

SHA512
d74648fc75b852c78292392214c7b3471fd3cd0d320adea1f7ff50dca716b44137f39f4e6ff0cc42267661f5380535adf06d1ad592b0cce6c05d8a9b463cde9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
31KB

MD5
2f1ec27c2803176aa1f7cb1dfe10ad06

SHA1
5b93f0a2a9322f1b34f1a63b356e3acdc836c99d

SHA256
f8bd05774df8f324683471354366e3160cacce57fb7b8aecf061722ec75f6532

SHA512
f8139ae2e0375bf05bc94c8631dd980bae5be9714ea78730d9e7f0c3c2438ea4d2fae17601c04649bef2c95a684062cea826efe0e08336ea2a8a35aa420c39ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
cdbc1f93b42d23ebd92676d94b17a6d3

SHA1
24ae184db5010254242a2a6ecd01a6fe4ccb9bb9

SHA256
b1ea61fdb85e5b19079cbaa607396cc8125844b3985d1ac34a5f8d75f97efe42

SHA512
aa1fb2d022c4bc4d487a47bf41d1ecc765585309531a9701c05d5b4c4fb775eb8c11c4ca81347a2c32c3a0dc634a7b52b2ae9ff96d82f7a4667301d74de0d563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
2e68f7fb40b89156b6eb280408ba0b33

SHA1
d1ef510d03ad27a029514fa76142920e2a92fefa

SHA256
e49ef4f9f70f75d92e37922874c2b3a7fe2ee4e7dc7421c6e1070b19819f2c95

SHA512
85506ffc415b63bbd047e0eb6c048057f5ff727e6c5c6d854b0364f762a4471d5f8d70084826b2df04970f989438da8e58c2d5dc1b1b82f829d256440dd92b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5642b29aaf6e44d383799ab810f4047e

SHA1
1065ed8d0a42c055c132f0ccd87d19aa794eeb92

SHA256
f2b75cb61d28bacf21a2d49edd236f1b7f4c02ab23c9e5c9a72db0cd9593a67d

SHA512
996223211991bf243e3d9af92692df5a7871db96179a03d0bcb786682f7665e235ca788c1e61e0e588e81c654c5c8a95ab174db6d99cb8814d753b179d3b9663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7af9c16c906981621950566c8919b9b9

SHA1
7ef34302bad0ce583f819c0a6e1ca9af81a0eb22

SHA256
db6e1548b3b21c179d9db10760052dd03e94e02b4f76dfd49e9dbf225f038a73

SHA512
e9b4337195dfd3ac0f7c8a557a5bc676c9aa4fb3163554a57d729d7b0d6767d720e2f82506303d08af447d8ec1ef88d4a51a9a68d62393fad3c1d6df59ae9fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b5c3d0cfcc4e0f95c87c0e94a080b9be

SHA1
b178254b526ed75c28dd616f7615f8bea8b41718

SHA256
5d79bedf7e2e1736377f0bf13f45ac8c0920b8252589961e3356aa5b87f0c519

SHA512
cc216652694ba445c13f9c7b1586d8bc454b543bb54f1a60dcaf37783a84a84cfba94d9f01a56b560a20e3c0cd21ddd0f5b19208ff5a6d2be1cea90417468d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c53cf5fb3ef3645c122738e93d739d57

SHA1
1d4e3f6c72aac5b780250043ea2193efe5d99a2f

SHA256
921b9c8e11306ece000926232df832d2c612eb5f9d544e70fdf48e6bb9aa104c

SHA512
2c8f535c1efd9b4778928aa756ca3c839ffc86d8a2a06e44673b8750989c5241f10adfcbb88d26815cfb95cd3e583afa53550a5165181901a99a6ee83cab6a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ee0f908d5f2b77c0a44b268997b18be3

SHA1
3448ddfd1b9cf9ce9493a4687a49733d882a623b

SHA256
000ade09a4fe9085f0f1403a84544a9b4d96ce244e1d40b56aebec20c0e9387e

SHA512
89c4128e5e230760b3bf6f73387fbed16e0139f74a4ea03aa6529ee9dc628c7f8b0dea1d597dd01567dad8a8020f8eac16e23ca41cca6baa9e69072eb409c578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
ca96e15d4a05f18f33cd0e0041dd4c5c

SHA1
34166bc99f460153303d77f03a478d634e9f5ddf

SHA256
4ccefbc58b090ca4e69ec31133667a631561162d6b6ef637e451deb7f1f2759f

SHA512
b158adf6ffe6510bcdd3cafbde3f67336fe5d9d97543bdde7fe8b7fd8c0c0af8ff3d708f33412486dcac743abef4d5be033d26d2c4e06608ead3e2acb0d6574a

Download Submit
C:\Users\Admin\Downloads\chrome.exe

Filesize
2.6MB

MD5
f2e161162def9b01d0da016d5f1d8c72

SHA1
7240449024e742ba6ba39de5885e9bd290d8ed31

SHA256
f7c1b79bbd7fd294b948871fa7d6130caadf101471cb4d69185cd0e7103a1b10

SHA512
3bbd85522d70f5aaa02eab07a23da47ab6f36e06deab8a5a9ea63557c96fb41bf3d16c62cabcdddcb458a442754228f69532db376df5260d004547484e067758

Download Submit
C:\Users\Admin\Downloads\media_images_jaczup (1).jpg.crdownload

Filesize
63KB

MD5
7625ec198fa4f96f2eb3f48a9792ca98

SHA1
e1b255e4029ecdca97489d39102113fe6fcd6cf1

SHA256
25539eb30a24e86165f9611f8c658617a3ab337e6c683ac788d14e7172152ef1

SHA512
598dfeccd4293990061cdc6117e96ac5d133ad60766fa81431341caa255ef3ac620bc32b7579e9a67eecf78d92d04b11015b3f37aedd1f540a246d066279ff44

Download Submit
C:\Users\Admin\Downloads\media_images_ptoszek (1).jpg.crdownload

Filesize
27KB

MD5
9e4b1b3e7c52e090c8e70df1a98bad85

SHA1
f4367b1f35b1032f0f1112e7af4c016a52a033bf

SHA256
2bf3b01afc66b991275909dae575ed1185ac3356d537844fd4f0cd9a1804fb97

SHA512
753dc9f3329b8630baa22b0a513e5d659b2c9ed0ecd62894527dc37c03ef688f27368bc342766b6aae10755d11277c466e409b5a677428779df89b0f1db68e5b

Download Submit
memory/4560-375-0x00007FF905790000-0x00007FF906840000-memory.dmp

Filesize
16.7MB

Download
memory/4560-374-0x00007FF90FA70000-0x00007FF90FD26000-memory.dmp

Filesize
2.7MB

Download
memory/4560-373-0x00007FF91E930000-0x00007FF91E964000-memory.dmp

Filesize
208KB

Download
memory/4560-372-0x00007FF7317B0000-0x00007FF7318A8000-memory.dmp

Filesize
992KB

Download