hxxp://securedonedrive[.]wordpress[.]com

Resubmissions

10-01-2025 03:12

250110-dqb1lazmev 3

10-01-2025 02:56

250110-dezyaaskar 8

10-01-2025 02:03

250110-cgz6dszrbk 8

10-01-2025 01:55

250110-cb7naaxqct 8

Analysis

max time kernel
166s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://securedonedrive.wordpress.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 895726.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
1204	msedge.exe
1204	msedge.exe
1040	identity_helper.exe
1040	identity_helper.exe
5276	powershell.exe
5276	powershell.exe
5276	powershell.exe
6064	msedge.exe
6064	msedge.exe
6048	msedge.exe
6048	msedge.exe
6048	msedge.exe
6048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5276	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 4100	1204	msedge.exe	82
PID 1204 wrote to memory of 4100	1204	msedge.exe	82
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 4776	1204	msedge.exe	83
PID 1204 wrote to memory of 3804	1204	msedge.exe	84
PID 1204 wrote to memory of 3804	1204	msedge.exe	84
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85
PID 1204 wrote to memory of 4920	1204	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://securedonedrive.wordpress.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab23f46f8,0x7ffab23f4708,0x7ffab23f4718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12434920958404696080,13116094819670243646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e32db1f-4545-4ffe-bed8-545d89a4a5f3.tmp

Filesize
492B

MD5
153c7b5998c4b7046e25cd53498c4b2b

SHA1
5e18ad9d1acc3519afa5ff5854e9bee32b0ae4d1

SHA256
18104ac7d69e99bd34e5f9687fc3963b7720ced8623823cf7b40ea85e8275f9e

SHA512
07776e9af8bf720b1ec71824828cfd3f5d493220acc819ad00c3a44576b9f3c2ed230229ac0b090cd2f2f62ae498ace3ad797ea6da1d9121d272bb7bddcd9da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
216KB

MD5
03c03aea8deff4f76c36c79390923584

SHA1
6b4528e8fa44db0b5c9491e46b3a9bb640fb90bc

SHA256
de15d90dc28cd725b544092491300cedfaaeb9a1f1eecbdd1dbb31111a2d6eda

SHA512
eee0995f9322a6f9d6951e3cde6e6fd61add157e86532048dfaa65289fcf89b772d71e9d4230f68e0b6ae08c33e4ad8f0a0b9ec464c2f97fa29754eee7fbbed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ad33156171d1d6dabc8f8b901d9f10dc

SHA1
1102d5d6363ff643663e9ca961e6918638f6363d

SHA256
678e36d3e28932b9ec9c07ea1674656740bd6e3a115874aa1aaa40603ddbeb2b

SHA512
1545cda6b5ac88f90c5cb185866533b9a844bc39ef7c6eba2d01f6b2345fc54543cb22915d14f6a02c4915b9b4f19c44f0f387006cd1f0345f836031463fad58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
adf9dc00fec3dd61bf4aab461a35b6cc

SHA1
a8f9fef918a1f2481ca205f930c6daa1e8d727bb

SHA256
2642ede949c1430106d32cbe5a5c736c3b036368643d1d9137337d33e212bb86

SHA512
49d663ffda06e6af772163d4aa02cdd60d4e56f34388dd15a0e1b93b446797beb51f8c70068817e0dfae14c5e213604820bb8fe306833ca580f2bb141aef40af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0db7a007fd5f09a35be60ae89e20bce9

SHA1
3f5e4ba9b4e82f0a02ad589ebed78db1ca4c5790

SHA256
c07e4ee91316c1647680c48f5be082615fd4f07d6295202bc708da7a3bf1ac45

SHA512
feb2cc1cfb8fb74d245cddd124bf642946f6d6ff35416bc9b30487277a0045635ddd118bc7e6d460a0ab09ded66dc99f4f337bb52f5a46f7dc2a2830dc181ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c497637a9d4d0300d72e2e5d303b317

SHA1
838cf4bdb31154b1bf0792605a62e2078208f7f2

SHA256
7a929365d90421bd58c9fdc352d32c8b17685fb599ff0136649d6f793c32f19d

SHA512
c65c5cf64c25c13dd652773025aabb2c03f7381589e9d5da2ffce98266c9f1cbbb12cee778dbdc633a1a325007b4fe1fdeecc90d0c050fc5c9e3ef581156ca91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6908e73513dfe22c6af93025baaa5a37

SHA1
126782cc72528499c2dd37bde25f3f8d0f76abdb

SHA256
aac44f35ab52c4a6d5dce41c0d1dde0ca753f8859f6c0c59a63daa7f9dc57318

SHA512
eace285b5b5af36dc5674e9b2ec15dacac3da4ecfe027aa313b91f8a2c6b17d82ed9991e605536de86023966934602312fdb27119622d8d95df473fa896fbbb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
506ab7103edabbb27bea187688d8c199

SHA1
1af7f6465e552fd87f8f3c0ff17938cf33a53875

SHA256
615c12f0ba377a347d906ed9ab30b1a4ab54b99f70798cbf76cb05e0d55da49a

SHA512
f03785640dfc4a6d84eff7d81b89b6fbdb4d10f4b5a1e88fc3b5631c3e5a8e8846f3c66208a205c91788ba55bc517d57f40f22b808f3ff797ed05a22e16cbef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b344fc1f0af69dc933fc7a1ec25eb2f

SHA1
1f10a37653cf66301d281bd66bebccfc44d691a8

SHA256
d1774519d886d61097e0fa5cabba44b73a91cb6ddfb33499ee73879b2f8123cb

SHA512
ce15fbda1c18cd1f38fbf573ddb7eadbb79792a02ae89be625ca1626a723d9064a5761b1caf34fee71a435453505b9011f26ad5b939496c1e20c42dc3e301728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fea2e43c44d96d421a848e45c04f3ba9

SHA1
9768cb2c5a347f08856951d34fef4b336078cbd1

SHA256
ea9e8adaa9065e82bfd88c08ab8877933c2b8067e69fa21b0d0d0b4299ebae60

SHA512
3497314beafd113da8a02bb577c74a027961abd973dc6bfb8923b0a58133d8d7b4af5c3260b9ded4d4004a157266212716317c7b3b36e0c9ecdf817a26dd6359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b70a90cd8a622affcf078bf1c0438e3b

SHA1
2b52b641861cc315ddb53cb4973c6d5cf872437d

SHA256
15f516479fcb0c65427b9d755ac8ab6acf733f2465cf8c82d7b238fa01a16394

SHA512
0f069895caeb5587bb116ee96feaf75fd5ef2c4028246796196af4301f807b9c957c9fa6a7200c8e9062b836f0b175bf92e305fd58da6dc493144e742dfe16f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\fef2c50b-0efc-4c31-b8e6-c78d65a8eab2\index-dir\the-real-index

Filesize
456B

MD5
c7ed9beebe420665a6f05b1b18d91ff3

SHA1
55f26bc78ea489c5fdb6503a27e1d7c919cde91e

SHA256
3f20e2a310af5e49edac8b33c2c10bc3f71ac93bacee9cff15b3411cf43e134b

SHA512
8a814413b866da3b8dc3c8601fe94ea45fd31f9cd0038d74644f3a60131d4bfc72e2bce30df0c2c6d07a74d1cc5185f0a10d762bd7980a94ff8780c5e53c7455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\fef2c50b-0efc-4c31-b8e6-c78d65a8eab2\index-dir\the-real-index~RFe59fb9c.TMP

Filesize
48B

MD5
5bf62817ce3c65f172193f95d4586753

SHA1
455dff845ccc202a89b8a6b794cf9777becebe24

SHA256
bbbb6273e4d2055bfbbc430d86bb24099a0d031bbd446f20eb20dba1ba303437

SHA512
98ffd24ec271cfd96e5eeb92a5e0211ab43648f892c7c3e82e745c2266ef629d9823a16376ae7d327c35d6b736fa373f8391935a6caeb516eb374bf49ccb0c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
95B

MD5
f626d3a5b32c0b6bcb6bdab0a7100661

SHA1
383d7c223c03ce9d8cb4bfbee3890169f603d6ad

SHA256
4148a37f306fffb79f9e587a99f19abc5fed6bb7a00a01aa0895d63e9b4b54a2

SHA512
8b14782b5b49b2bfbcede735ce9dffd483964ca8eeadf36af249b062eb579c3399b7329d7fa8bb8f77ccc28544c8bd3ebe0e7b6db11a73542c3d9d5b8a35ceda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
90B

MD5
89d2e3adb63629f6eb0ddbaaf1486d4e

SHA1
ad8afac43790fb8891385e1f29fadbcb931cb9b5

SHA256
11efc0fcac3264e4604714c5c725c7f004baaebf555aec99a1b7f71bfb4a2d21

SHA512
75aea53f76e6a4a9f8ab42a636b6cb32839891d37c9204c817d457ceb5796e936827a2a491b25698da518d8678c6978a1d178303721ba047d61c8b26c7cd3fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b1aa8582bd3cbeb21b15514a19fcb839

SHA1
208bc332999f62322084c4c056e4ac5f54a92059

SHA256
0d29e42dfe7bd6e310b87fc7483428c195d0cedf6a398bc531e58c4c66a94588

SHA512
31e0ce1419df281474d32b903b8ee1e607f5b780cecc36de33ff87d42294c5a7f4d2604f45091549c8d40788c770e10229bc99715eaf3b062980034c5d0b5f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593493.TMP

Filesize
48B

MD5
5cab76fbac36023a61823526bfd4779e

SHA1
3dc7cb41afda811af4714561d349db696e7878ca

SHA256
8ac49549d0a39058d9337b873a74fdbda013307eacb09d80d115e83cc4c431a2

SHA512
15dd54ca1a0fbf26b8aae22e7e56614303b7cc9ea3d0574dd9a373943e8975564b0405087e0a5c7e3b5a56b4e58dcecf3710973604a94e200c9637f6ff77a6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0539bfb2bdff962d3209679148b4232e

SHA1
86c6506b3f272d80ee503381ef2c7efc7317c4ab

SHA256
ae37fafb95dde5d23f891ebbe3db67c059ca3abd1c8a775b894309e326173fe1

SHA512
d09999f6fafac6c1b760929441d9678f92e0a71247dc58a5da1c1339a6229df4a108734537d24aa5bf39eb28e95f4b98f907fc5867c54c3b42208b737801777a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fbb1.TMP

Filesize
539B

MD5
7f1f42238c0d632f32caf6b89d371f6d

SHA1
77a9e3f8786f2fb35b063fd9dcc1307b327ccf12

SHA256
d2ba85cb9dbef94227bd357523b076658cd4b16cc76246c1c14d2e176a5c0082

SHA512
63d3e388718f5b8af29381bfa377d9e833ac776e7b669b40f291ab34d8df65f43673c29290fc470de2f0c296c0b6b5ea2bc449ef59e51d4c64f93a0e4af59012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05439de219066f0eb51182080199416b

SHA1
f9363d4df71b61517114ab4be712d9814f417fc9

SHA256
cca968afaf98f04becf9a2c0bf9e9bc7f714d59b666afc6d476078d0c13e9ca1

SHA512
1bf86423d09c796470c27c1eb9518b50c6e70869e994eb135fb89870e78f5d61c181cdb9290764ad726213308836c68f757197640d106232739b39a0ad927795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48ad82193e0bf4b702b22f00d51bb9a5

SHA1
34655933f99afce2c576409a7a22c52736ea7f39

SHA256
6b9c3ad5cad79925069f24f647a415322d41257abcd6d0ded0c7a9d3beea83b5

SHA512
da0d108cb2c4489672cb01cac7e745df665d03d78e4c0dd2c6e2969f161c2ee5ac054e8569d7c54db7386183dc107e81beb9993ae25227fd1e825239e303c5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c3b6506fccf49eeed6f0d8e031fc7e6d

SHA1
19e53676c8c00b3b974ac6cb4a975d048409867c

SHA256
e0c4480bd3c38f2ab1d1b26604224f527ee6d08b6cb9b71e5b7ea87cd64109b7

SHA512
8a74b15d1f110c0b52f9765d00e3f9d00fc6d6759c59b6b72e5c6fdab5952b96a8971fe290d7492da7003b35e4f6f7c18ffef8195e535f25007e157c4dca5c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6a597787c532a33539ab9f971fb8833

SHA1
d91bb268d4300c3f3a1568fae19d528351450b6c

SHA256
b9ea93910b42b79129c8f24f1dbf81b4e51e8fac7ac08c875c8aa74e47b5f56f

SHA512
44ef84f1f20f3c94a8a1ec6a021cf04c2c3ba3f716af66b717ba321982bc5a2f36e5e8946f024f982448f7050e8c73a07840d286038d1de79ce850534ace65c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0lrljb2c.mqi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 895726.crdownload

Filesize
5.4MB

MD5
3d8c035b151f3a3b1af97971e593d36d

SHA1
7942e611482606bd1eb6f589cf1f649117a926e0

SHA256
a5c4592fe672c2b3fe55bffd41a2cfaeef50e40fecc91db1a442f60c92fca332

SHA512
aa1356161550d504aa96b70a62b9b8a203f0e096f97a9c6a9892f269e0f86f170075708a681d6d161de07a7a987500a2dff53bdecadcd4492c0393d1d4f82185

Download Submit
memory/5276-107-0x00000180FDEC0000-0x00000180FDF04000-memory.dmp

Filesize
272KB

Download
memory/5276-97-0x00000180FDA00000-0x00000180FDA22000-memory.dmp

Filesize
136KB

Download
memory/5276-108-0x00000180FDF90000-0x00000180FE006000-memory.dmp

Filesize
472KB

Download
memory/5276-160-0x00000180FDF50000-0x00000180FDF6E000-memory.dmp

Filesize
120KB

Download