67215362ba3caf84c2b18e75c7d3612cf1cf4136bc6f30ae713f1a7c5fb17715

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aiken.exe
Size

3.6MB
MD5

908918286f456a6514bb9428dbbbc168
SHA1

5009a72abfb09220235df7e86c41540e1fb2b0cb
SHA256

3acee62d98e0313325f192e8ab31d2d5323986bdc6ce17c9104bca082f0596ce
SHA512

7dddfe8af1696ceace9202022b55a46926f1ac4187cf797bcde67aa98a82836760d5e2d950334b54382bf13be94ccc1ab505aee72093596bf7f652560002bab8
SSDEEP

98304:X1BPJse4v3ujOnAex8TVcguqCSQKBTLOlLoAISj+lySav:FHL2+jOnAU8fuVKh2LCm

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Aiken.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Aiken.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Aiken.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/3536-0-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-3-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-2-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-4-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-7-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-8-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-6-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-5-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-236-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-237-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida
behavioral2/memory/3536-381-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Aiken.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
25	discord.com
26	discord.com
12	pastebin.com
13	pastebin.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3536	Aiken.exe
3536	Aiken.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350944739-639801879-157714471-1000\{6B9B9082-5646-4880-B03A-37B93A016E41}	msedge.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
3000	msedge.exe
3000	msedge.exe
4652	msedge.exe
4652	msedge.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
3536	Aiken.exe
1976	msedge.exe
1976	msedge.exe
3932	msedge.exe
3932	msedge.exe
4760	identity_helper.exe
4760	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 3000	3536	Aiken.exe	84
PID 3536 wrote to memory of 3000	3536	Aiken.exe	84
PID 3000 wrote to memory of 336	3000	msedge.exe	85
PID 3000 wrote to memory of 336	3000	msedge.exe	85
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 4556	3000	msedge.exe	86
PID 3000 wrote to memory of 5040	3000	msedge.exe	87
PID 3000 wrote to memory of 5040	3000	msedge.exe	87
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88
PID 3000 wrote to memory of 3952	3000	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\Aiken.exe
"C:\Users\Admin\AppData\Local\Temp\Aiken.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/yuseicc
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b4346f8,0x7ffc5b434708,0x7ffc5b434718
    3⤵
    PID:336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4756 /prefetch:8
    3⤵
    PID:4832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,3810374721181174830,18335941105610782279,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4008 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Aiken.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:752
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Aiken.exe" MD5
    3⤵
    PID:4624
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:928
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc5b4346f8,0x7ffc5b434708,0x7ffc5b434718
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,4706355266855005585,15999274649074840750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
e553fcc84990959aebb9857d4946efac

SHA1
9abe6e4e0f542f69ee5b0f90047c05e3562c273d

SHA256
c5b0043232208d215117c9846fad8c21df30519bae4854b10effd04bf25037ff

SHA512
505be6f7efe934dd10bca28533153f7e40d054beff2f7a599a3cc7aed3d1e80e743e969d212af0c8dc95781dfa1d926553059ca4ee39a0b9a034e19482790dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
696d196a261c9efdccee3ed20a904b21

SHA1
721923545dc3da50bbaa1a4914e5f4997b70aab9

SHA256
06d1c210041f24cd68646d15e53768fd2d37a1803b4325707511aa53302c6282

SHA512
4737a439860ac96efe2723a46518a4eb448e2c8ad69435dc61fe2c4711db34d30d49be0f45f8b2a177c97f913ed9248917ee0733cebcfb70ba8dd06e6e1e18f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3ad731c37f02e0f71a4c374e23293ee

SHA1
27300e072236ad2c5486b71e6abd8584220e0381

SHA256
804c379f4fadbe3649316341bc175ed4e3c43bea6b746f35d569fb153ad44396

SHA512
2c4ee7e8e6d1e4e76589fcb455619fafdf67126476d99bd77d26dd1ca78d06bd8bee92f61e98ee9f9e2dc08a4c52ca6977d4430a104a6009aaf28440a85fbb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
e64a18f5f42982351b80de76c67a746e

SHA1
a453293fb90d0b6a333572487cc38c5aab1e3bab

SHA256
16f196c4150121176d654cb1903ee21cb395c2f0650b3753e94646983ff842d0

SHA512
b8259d01be3f0d6e3ef9ec9f8097930b288e860ed372f1ae006b649ff66e376ccab8fc841641de3a7e406ec5d7cb26542cc7b32b8203a1ab0d090e699c730b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
815b68a5d04630a791303772a744f6e5

SHA1
cd3821751c6fd1b4268620685166a2a655bd54c8

SHA256
4e17bbca2abbeccce9d4ddd485736f9fe75edb0156174bab755cc25d6c869443

SHA512
8d3c42cf20a1b7803d93879824db215042bce8c442637d798cec1505436352d41e13772186935ab5d155c89327f9b9b514786eae86f0d9f6f0dd962566c9d62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
1f07987d92bedebd40a04a9b1be3a154

SHA1
d2e393cb61d78a7f91463593949ca6c52d484f23

SHA256
64c9874ea7ef91dc903d32e6a59d9fbb24b21ca93d37b907e21f73ecd0f475e9

SHA512
682ba08f9edadfc1296906587db2982059c5af0bad3955f35e0a429bc8c54e652e64977b5c44e60c2e9eee3dd58bc17ddf3b1ce9a998f13ec4841486fbb40979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
233de0dbfbd138e5f44a7f0adc6c2a32

SHA1
c2991b43699cdfda98f0cd999a210db5f78d1bc4

SHA256
1226a852171c1af56f26b603615d957a69229995f85604b7f2013920d9c5bc9c

SHA512
2b8352ad5c0f958b6ed769e4a303cb253516c0f86f3582aa052613aac7a110b7b9cc3bc755f779092113056f8a137d57fe8b168dc8c4fec3dbe6e38bc6865288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
122b140658ac3cdceabd94b3386705e6

SHA1
7cac2b8a792d9ede15aabe14a95819c30e2eb37c

SHA256
cfff9a46a980a4be938b737c8463d316c7add6140c84d1944e3a859a54594c30

SHA512
a8a8ff9b6794631f1efdb351e45e1193912dfd930b2d4632c6fc2ab4d0a8066de9d889a19029890f58384cbf8bc5a775569dc36ed18abbb828055876ba83b2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
66b6a09e7d4a9fb9bb2e53bed7cc0b90

SHA1
ff889c2e9ba917767fe6ded95ecc1f8a3933e377

SHA256
438d0000f48061dba73253680cbafda5588c784c57491fd5022b7d28fc492e82

SHA512
902fcc44ae65708c4f5013ed6b74b7376fac47129ea88838a28c5b7a7651decaff90d4852c7ac753b5f46f157b04028d1bde0a2220d87390a405cdc8f0edf6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9e052e3eb68364e62326c0fee60f601e

SHA1
456ef67f29c42c48906cebea76d95eb536481a29

SHA256
7c4724ea43e99def65de71fe4a5777e1b3d3d4f7611352e4d3745be37f7ac6cd

SHA512
bd63d02a99b54e64a190c5573c01ad618fc61d45c14d623ba8af479058a16b978f9906c0bf9fa551f3a8543e5ba15451020b66ee3c30d458336c77db9cbfb3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
536B

MD5
5cb1b8a282be170ae1382e75c547e00a

SHA1
9e7bd839456f33c728ad787ea7f078a4c30bbff8

SHA256
8163e5ecbb51efcb58c4820dfb720c36fd3f560e6e6b6f93e5aaf8b7b999d3aa

SHA512
87517da1988c197e426cf9ba6f5c5c56745ad4b9a6537571386ecdf6a3046daf3e2b6e3b2048960ca3c2a9baac944efd9a047d8fdcec94896bc1ad502fa6906a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
b33f828ae145e476a3fb80bdc5b2fb18

SHA1
e520c9e9af406e799e9ebc605fa3323faae4ba68

SHA256
b271524eae26abaa79d8269a1fb0c98dd71f6adac52f3cad1d9e9ca3e39e4a0e

SHA512
d4c7e244b7fa59dcc6fa7e5b68e34480725853f79981f690c9522f8f9ac9bd0ebdee0f5fdbde3cba9d8110092c6d15888e8b101f04ae777289cd1dbcbb6bf56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
56d5eebfc7d05e7d174fe8fa03757546

SHA1
1e96922b2ed7b630864996940836991b0f1d6a8e

SHA256
2ff13353dfc47dfba299c6089236a1fee4de2019b88c59e6b00b77a7e0e16f07

SHA512
e20c8a676cc799f817605bb6357c72f7123c469e6be6f0e52ca145ff6000d73c09d2dbf17e396705a2baafa65bf5051513685e0ff09b9aa9ca886a44a738da51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
495B

MD5
b7f0606319c6c0acb4a57e9b527c11d2

SHA1
0343ba0819544731e1eb56c96dbc9f7e05c9bb78

SHA256
16440a4a72ffa32326d0e108b72f3d46a716a1850cbdff8d5fde0033d6e46442

SHA512
79d65d90a898ebc2029b982be9a0d0224cbc4b00cca1c9d4b6c93a1054dc7712338fea03895a07424e0d5aeb0d53686eeb6cacdcf92ea5bed1ee430197f3a586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
247B

MD5
94bd83393ee4e3c749f28c3414160cbc

SHA1
68effb04ecc392f2ae4ad7bdc1e99b9116da474c

SHA256
e1dbf44fca250f32925910fcd7f59276e46d0d916eff30fdf9f85ef91bcd3d4b

SHA512
203109a405cd685a195e6cdae5d0a624abcd6c6a9333b88f312e50f96bafa03057366bd78bf62df8784ec97f14677d56f8b78b472000044618a784bcf7af3e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
061c9ea4352a15eed8ee20fd42cce32e

SHA1
acae7f60f9041849d21e6cb35d1ced69cbc2b958

SHA256
db69832b27cb8af390e5fad21c2cbedd8bd576f69418cff43cb11f2ef6757d41

SHA512
1c5b23dd98c38872c1688d09547a16bbbc395aeb41bd6838d7f088c7a478b16582ef2984e8f579abaeccaa94eb00e55418ef7ba2fbb7a9a02bb25f7f4118fb19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7064c4488b33fe9d7944d95ab2aba0e1

SHA1
517cb9b637be7fcd1fa76abeb31488115046905b

SHA256
ffb7509e12b7dcc02b2608f2c20382b2e1531cf6a5dafd6bcf7d0c024424f7e2

SHA512
9b7973f51c8886ce6207aacfbbcdae5ed66beb90112cf33daf874b30a348510bc29be1c82d6c1dc3045011258692544522089a4e9923ebbc5ae8a49a83714c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79e19e1788d4165f5ada35610a1b0864

SHA1
ad1a91c44e5ee1914fcb0feb54b43c7d29c9180a

SHA256
e2b0823bf131e4669ef8037a8b98d4d2aa2bcd95698b1f0678b689e1203afc87

SHA512
723886392e354a3bb2baaa2fb9bdf2603366bd910e64fef27c955fccbcb656af2fbe8e18fc2ceff04c776ff15e8b2f27778d09da02a5fa6a91da38ccb38f7c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
816c6361adf78c1e3e6000bcdfd2d156

SHA1
e2919aae82975180ae65cb4f3aa84c8edca4b75c

SHA256
950ba867c428bd588f35b8a7ec4622099fc8d713b16ee1667b7ce4fb6c502862

SHA512
4a772ca0290a87c51cb385a5c576bedc88b1f99f0d7433a302bdc1d0105c98f455de55d0306c20ca695ac7aba5052eb67adecfd3dbc0d24ae292d1f6c79c51ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08584fec0df933d3be82274f9e303efd

SHA1
62e8c33be7c9092a9b6e4b68e5efe0963f2119ac

SHA256
6b3d656b4f19052e50c959ffe03c90fa065777b553d0ecc8952bd3a493877568

SHA512
ab507f5df0642b66e4cf0b05746db95ea7e48eff16e74ce55e7464d28eb43af5a70578eeb25d041f1030eebe0e20f9a4060936b211d5cd4f29206fc96266420d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
857c68dfadf7daa9452d761507bffa49

SHA1
cd30eca564aa683b83a3c9472cb22b59825167e3

SHA256
a6c6270b0910476b4a985696b7737a48393f31bb725ffac64d73d338456f2475

SHA512
830d51b1c19f12fd8edbe1c8e0a0b2775d1b155c2fbec7dfca93917ef79fa36f63b08a2ff7a2d77550edc8cca6deb19b9014a6dac1245f76c214d8f3949e0a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
501B

MD5
e20b598e5d45e86f99b74440d5e20d98

SHA1
f9ee89bcaf0047bb448674d5b70dc9240e135463

SHA256
4216c036d51558d5722b8853ff4f6c9f4a0a48ec42b241fda0c9b93f4fa60415

SHA512
104f2a58062e15cb334371dc1ec706bafc37499d4d07dfcf8974fff4bbdddee2a01561b4b18203b1474153deea762e76d269dfaecd48e0e929497c1971ff0c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
6038e87fee5d8e301498f2688b6774ed

SHA1
8742177378a20699c31e971f790bdfe9e587219e

SHA256
58c1fac461b9899a35e3d87c7d19d8fe12fde0070ff69cb2c5507e291e69c163

SHA512
5032309a026eec1cc7591e584f77c634360012d155c84442c42fbcf28cf66a6dcbf2e99791c43cf3e925c6381967dd85edb961c35659d4cd7e5bb4274d1d6f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379267123282062

Filesize
2KB

MD5
cc067405f8dd1efa61795827a700f17e

SHA1
27b38dbbeb9c6e6035baf469a448c32adb5633e2

SHA256
510859191a91da0643b0dd0c29cf4dc13da6845cf97793edf70c2288e0ea5ced

SHA512
a21ad532cf0ce931155d289540971650d04ed36fbc953e8da4d9e55fbb7767b9242fab1a84b5026e781eb1d52ff0b6b7af5ff20fc665269083ad5c9063b5dcf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2f892b8bbbb76e35d967a0972b657e90

SHA1
0fff40d4506dc5de930cf5fcfcafef7867c11dd7

SHA256
8ac75539db0b978d2107734c6c57af3acd8680e1c7c02dfc9aa1c48160a3c12a

SHA512
ec9e73bd10f600f55e72b6d991d4d0f7e1dc7e5a1da8af40b4a1c56522f33aa4006a2c2271d6d29248e7e3cf482c343207cec42ab922109b58fa08b4e3df403f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
bf6a98a61d8438981172b9d9c6223282

SHA1
d72fc782cee3850b16ba8c91cf632c59e6aa6619

SHA256
fd36b56a1ebcd4193173d9d2f36eced2c9a1e716991de3be12e10d09b7660d9f

SHA512
1e12884eb7c5c9a9e605a7b9f2d0051ded0a925e584b2c0af9c8ba1ea73afa63dcc4271859ab9ba15823db98b6a98ab26a0233937de581f40af681e99236b27d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
21ba8b6f11950b85047586b300630c5a

SHA1
05ab6a5983abc8566aaa45f1a20e5153c854ff5b

SHA256
a57a9c93951a1a09117ad51295c612bcf82b7b56b495db1f5ed97104f9c84b4d

SHA512
5c972843729c64ffc538b0bd54461c1024e87cd0b6325a451e0d0e3582811d46291a6b4547a15db1ff1c27f325b073c0c676610595ab8d54a7f246d3b053f1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d278b294bd7f353d9ab62cf1cda66bf1

SHA1
0209c7df85b236619b969fd1f701f3414c3c2c04

SHA256
6c70b77b318855e5e15ad4e776564983b1a6625ea4d52a3d1ecafb05f76d3969

SHA512
bc3ee7dab30258db6bc19185ffb29e587c5ba35edaac4c0e26a865559458159c1eea97940b9ae6b2bd14a3cc249266451458697c6ad1702654e75170644f3e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
7681ab2a31abad77773cfac3632c80eb

SHA1
d737977850b4a2e51ca23c074b3e7628f5d7bb1b

SHA256
0cc07a48caa3f972c904106baf1de9569b68e45da851445a2bc3c6c36a5da3c3

SHA512
585dd6f176a089f7d0fd9fa32a78ed7e06000dbb961d335bfbe213ebebebc7cec71bf06edf289521bce2e14cffb581feb424acdc973b486688a345d3798535a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
2a6378b60ebff50da23983c744ab547f

SHA1
a0634d1be49ee98a3bd43d76a5c9c7f5cfc00a4f

SHA256
ec9a2dedbc6b5586bb38a0dfcaecc0b4eae16fa0dddd4e626478e2b23ae842ad

SHA512
8d5a679d6d1b6d2b2b0b542868460e9480ddc1fb637cb787393ac8bb3fcc279f2ec37b426633e1466701e5320d0f22cb54c0b5919561937c840fae764151b822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
638a71b631aa9e73aec7c879847ad503

SHA1
c52c4852bc20c7ee85a8161bec1574c3a52d19d8

SHA256
c82526ff06fc6ddac0b7fb1a23fca32c013f2de620d4e11980e8c21ed41c4a2c

SHA512
2598a60e8f71e79d6e8e79d18299b2228a742bc2079fe449fd93d65d72cb3d475ca60825882ee8835f3c24b2976312adc935e05882fee11a10936aabbdf59c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
cd10764bfcab9f705c8f03c891ee2544

SHA1
ec1447bacbc06e16f4b7891aac42090ee05bd7d1

SHA256
02a0e245cf15b868ed57acc6eaf6ec30964be0f6375c9dd212cea31af4df42f3

SHA512
2cc886ea683cee675f8c015c3970d0c5ea26e3b626ce0efb9e4827ebfec524e03c06f54012e7a88e9a48a1c45485eb4811e823f8c4b75348c387e1ca45ad6694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
fd0bebee6bd1285ed4e4a81f0d327c22

SHA1
e841ced307eddd5c16e5968c270b0ea6002f9b61

SHA256
39b137e7658b221149d7dd2323c2268d28b4474bb5a780691c5e7c85f1776c5f

SHA512
ef2c4aabb81727f0cbdc9628da9a57d4cdae5fed0cc33ace7421d4d4da728d97f7f3f7654daf0c1c29c994e8a52ddf30262b7ff23145d32581cd5b26dc8d075e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
18KB

MD5
b9935768bbf9ea7aa82d695154bb54b5

SHA1
0174f4890ededf665dc03ff77d0a035c027343f5

SHA256
0a51ae9ce946c48a3801add47513fa1363ab880e2d12d740ef2289addd3e6166

SHA512
627b2d42c02e9d9b2c38dafb1c578cbd4c5ccc879d129da00f71c4826b5f1bc853bb12efb7b40d007d9a286d85039c3a65fd2a4d33f9adee9f2b760c4e43a3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
09815f061ab43c21c52b8d1a808ed5d4

SHA1
b67bff335f7e35e3d669b9c73d0c7e0fad84bbc5

SHA256
e84aeb5d20e526501ed9a3b417de98187c1c712c6fca7ace6f856312ffba5cef

SHA512
69970f047714c446c7f8e9be0681f22d335328418bd6109dc979ad35f85583c7086692d3d209352bf0743d0514db62b65b4648ee2c5d259fca7feedaccf8e35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
ed78c6e72fa2e36afacce977e1e7af2e

SHA1
55b558fed29d02a3c92a40e9212f38901219a07b

SHA256
8d7a76208e0dad3a0af54a16422eea49a369fbc04c98cb7d4d645aa026855bc1

SHA512
19356d2d8b93f8d84040b32d709547ac1395be20360119e0c47fca1050088f2cf5378526c9607f925bd51a444c857b475b0510bd5966ceb8c5a73c1a9c894592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
21KB

MD5
0fcc7e6341a0ab30c5f720ac73fea7a2

SHA1
1a381a7daa29c58bd5abf60c8ee33dcf6ac4fce5

SHA256
e18057644b78b32ef9d4e1f034bd144a4cfc8728ec9390192d5eadfca749b4c8

SHA512
cae450f3acfd3699ba28a8fd7e9f3ad0ddcf92ca84b494d23d417ced04629b2c24d63b2d173d2bdf3a0dd05a1642818c7f0268f90046bc6fb4e033e13dc13be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
21KB

MD5
2f1836d6cd0940fe34eecaab43267238

SHA1
c529fb7cfb68e5b6e14f9630eb9beb3e1e7e31eb

SHA256
9b6995d63af64d4b4b6d822ee10abdb919dbc665ea3d8d0e256f3b1218798ab8

SHA512
889f0c4fc43f9576966cd47d6c84edfb702746afff1fd8cfdaf57483b3c3030341feb3c29f7db24c4f5db155f3d81065ba00f7f4ddf3e827cc0af9ce4ab098aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
17KB

MD5
814ef91d260a01b64320418d73b58e4a

SHA1
e9bd687a68d4e3c41532568399be9e165e1fcf20

SHA256
6a386e4a42c789eb0a136826e6c1babe03736c05ff3f5503894611fd7f8c00d8

SHA512
bde2466256bb5741fa23bc05746533ac45dbb9398ed4653133994134b5c445bf632b7acec5db58a671b9713286e2e7d9f5299143f8ef8d0e6f3e66298245616a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
23KB

MD5
7905d2880e34ca9374ee3399d24222fc

SHA1
d7a0c63a1deb47b92a9960205941c308449da9f8

SHA256
73126a6fe8619888f41d5030a556fe19777a6025541505ea6a79167e6c1c2199

SHA512
c02992277f92f925bd7ddb4eed47d4026d7e63a9bd407c87fce7e2ecf8e4c8edde4dc55336240dbfd8710ed06b5aa42fa6e01d30c6fc15a59b2b37d848277346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

Filesize
16KB

MD5
744b883cef35ac452b27e29cd695c295

SHA1
4b93e744b67678362c1692cb31dcce5f25f7a4ad

SHA256
2b7be61e9dfa867719759bedd4facc12fc76bff43f72e8bbe43dcdc2c40178ba

SHA512
792f7010d60f3b4ab88501f272bf91879d88285af9067dc32f807b9766ac67a258eddb59fb278186ef79a01b3d8cc3d6859d47dd7d6c0d4285d196344a96a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b

Filesize
24KB

MD5
bec5da811318a330f6079187e50e4cf9

SHA1
25a536ec5af7c266d9b013617657ee8c5cbe4fb7

SHA256
f0ef18e7dafb2cd16e044313d07402e1334ef8158ec5e3d3a81630df892e0330

SHA512
cb900827c142b06919c48cfbf0dc115830e083bf1b53a9b41fc98a28292a0c63439d24d0923d27e1915cec0642d78f7196f1f09cc3d52b7dc4c11dca140bd26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

Filesize
18KB

MD5
aba0c643aa297eafd100f54d53797590

SHA1
6d9ffdc9f9926c8bc50ba28039f4c8a70cbf1bc9

SHA256
8a6e5427aafcf96583485e64fbacf92829c17e89526a504e1a86bd4a477af987

SHA512
0a05a0985808ac89fc78bac0d9988a3e14c6c0d98c9f63432001fd1ab3bde76b4ccf276519e63e0ecf8adaf83e3a898ac87773f1fbe724c1b1b087d46be54b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d

Filesize
17KB

MD5
9548854eecf5dae8a2966643145a8e6d

SHA1
8d8313816a0584ac762ca2e7f1e1737306da3798

SHA256
54eeca0dffbcccb488b055dd02ea169b16e7c421ea809a8d476ad5c3d00c264f

SHA512
cde609b619258b5999325e6a2b00c22b2081995f95edbcf4a074b6b4ec1a3b20910a26e50d35544ffba3185c0b5d7ced22ae694dc523f6aee2a4686399f92f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e

Filesize
16KB

MD5
808684f521065888d8a375f8bff90a17

SHA1
eca380de3eafa04bbb2e44dae8ab549e5930db0d

SHA256
a22ba754f580ddbbad7babb3e2d70d6f0ec85a9813252bf001ac9b33868c8b4e

SHA512
eb8df479a923880214ad2298fa49cc67d2c48d4fb0b821d016a0bf94f4730a6e5e279f8216db9b580ca89394680af9d5acc87911cceed6e04b35d484214f503c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f

Filesize
20KB

MD5
1b9e493ea6e6f254abe2fe4bb27a13e5

SHA1
eb38f0a0c112cd919d7c36cefa0e24c291397e9f

SHA256
1653ab113f5f161edb1e149b208b6af6a4efa7ba380acd4bd79fbe4a04bd1ac3

SHA512
a2e80ebea938a76069adf24b98dcfbbbb0009e19346b3953eb5b20ed4999239af5534d1716c19d41957bfe58c8b67c43b62fedc137b16e136f719781ea1c0370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010

Filesize
16KB

MD5
8dfc735c1346063140116b08c847c113

SHA1
bc962423b3338b20d36d2715cec5a41aaf856f66

SHA256
cbdfd737983e9e128e7fdbeb815f69bd94c338de2535adfc3c2e0f40d4d70f10

SHA512
68918e970c317ade1ef532913602ed87bf5132a83ebe445ec9e838139920b22aaa8bdc0db8f3bcb5b9a127b779ce50199a5ce1c606ce06a23c4f05a0b63db43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000011

Filesize
17KB

MD5
a2a8d4620524be9eca7f61eac3fb3c52

SHA1
68caf758966594d7c2de8ae9430a6b21d76eb82a

SHA256
39f3ff198c8f282157f3c4fa3e41ac5fca9954a9780c2b4cbac94e69aafbad3a

SHA512
682efab9a1c9709d6d66bd86c73624160108df4eb9cad89fac62e2371ce3078cf4f7303c9b2dbf37705f4e0ed5fca1cf2a8be8fb504d685ad2b10dc7d9dad59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000012

Filesize
17KB

MD5
517bfad588ec7851568b098f07f91b91

SHA1
8c1568e6549e0d544e9e6f4bf8aa0d33141171ac

SHA256
0a592ef27e1181262cd2edbe7ba33463105425d0517f52884a162144c63edb1f

SHA512
981e768c6900964635571a0ad2f12b10687ed215d7ad608f61a58ac294f59224e1f74c58e2c3779fe79a2f146cbe6d2f61560ec054b3de84c1dcf11636be932f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000013

Filesize
17KB

MD5
9d94395346f6683bb6b116c66d2b643f

SHA1
62e3103ae9b8d5eca5b64a2feb18d77ce925c864

SHA256
8eca00f18dc0287afaf00f6404d330652a4b1a810f7dae73c774bb9b01dbd982

SHA512
7eef3ff363f58c948a44a88a648be00a788d9fde4e133a5bb136856972243fcb287c32bbb12288c20c2621a19570dc5fef994ec6f761fe7b41337b3e1ae36349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000014

Filesize
17KB

MD5
f0d08439cd47e39ffcf4db8e4ec35688

SHA1
2475257b6eb81c4e2b3c50097f485c7d5db6cf5d

SHA256
661793d32c8907806879a1ec589738d80015e9d41faa5eba109e7d2534c6fe3a

SHA512
616a1a805d914e49b140980e588cdcfdd645f4a3630ecf52ca3c73706bef6cbc0fa6c35d9f24444b73db1b97a3294e35e47014ba7aaf2f0171ee85d3b59ba655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000015

Filesize
19KB

MD5
a23cdd3c23881bc62921984b149d44f4

SHA1
022409d277b33739657826ffccc741c16309401a

SHA256
d67ca9845f60702efbbc4478ad7737a872869237921e805dec7806211baf2b05

SHA512
d7a1264274d1ba59b725c8844a55d0c12a5b4d91018b68a52e9ac9830319c0102793582f9449881f076e3038fed25a2421280f696497b4e762f422ed50cb0bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
511c4a2ac864ad36674e1f1818afcfc0

SHA1
9165f1af1365e5f63ac508bcee9e96e23a39d6fd

SHA256
7c8bb730570308a0a998b2f44545881878ce912cec79ae7c85a0067255572aea

SHA512
9e3f25aef60a041c2b11cd905a0dcefba12a3c0f36252e0bcdea6df83875fefe92c48bc109a1b8fb814c87def36ee7cc1d23574dcde88bd1452fa79a80f9479b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc9e718ffb25d751f512ac29587f24e5

SHA1
4745bf6b740284e74167af9be4f14d8349e0226c

SHA256
4acd41a3efba0428d5d74d6b4cd7a484a09f13d507f47b8307c21106494c2e20

SHA512
85a3dfee2bb7cd7ff4875f221f70833e379ad9e3e78e7e55350a96da0c6287aa67e7901d3eaf17080cd24d2c9e437dc85280a9be60adc4ec9c688286e249ee82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
316b9e0837283fc8cc72e332f7ff112e

SHA1
b9d3e0ae559d8c936020233bd2ac199560d5d254

SHA256
51cb520fc2f9d97f513d1ccda7de8bfa6fc67d322fb5ec7b86da9060a0a8c69b

SHA512
f6117a856754951a894d7e586bd9c5e7a462a78d4808f769fb3ce864bc91a94a7bf52cc5359ebd75bb7e6e561788dcd6346778cb12f3886b139eef6f5b58e8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/3536-6-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-5-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-0-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-8-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-7-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-236-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-4-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-381-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-2-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-237-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-3-0x00007FF6CA7A0000-0x00007FF6CB186000-memory.dmp

Filesize
9.9MB

Download
memory/3536-1-0x00007FFC78D10000-0x00007FFC78D12000-memory.dmp

Filesize
8KB

Download