218a3a1f233acd4e53bc25d4be1919a926cf72ac5f787c779c8b52e3c9a66e44

Resubmissions

22-01-2025 12:48

250122-p189maxjfs 10

22-01-2025 12:46

250122-pzmdgaxjat 10

22-01-2025 12:43

250122-pxynqawrcy 8

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-01-2025 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

474B
MD5

10957f24772eea915bc129c12ad964c9
SHA1

875b9ce0b9fe2f519d28cc8a3e8e957db9779360
SHA256

218a3a1f233acd4e53bc25d4be1919a926cf72ac5f787c779c8b52e3c9a66e44
SHA512

dd351894c8596e496a8e3ee3411e7b4a9cca1b9d13919eaa333c1b093377c18c93d8b2002b36027fb398685907b558a9021e60d8af51b2711c4452b1ff8d1602

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4508	YouAreAnIdiot (5).exe
2900	YouAreAnIdiot (5).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	raw.githubusercontent.com
50	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2780	4508	WerFault.exe	114
6036	2900	WerFault.exe	120

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot (5).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot (5).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 809352.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 387543.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 973319.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 387245.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 478139.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 82711.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
760	msedge.exe
760	msedge.exe
2484	identity_helper.exe
2484	identity_helper.exe
3436	msedge.exe
3436	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 6080	760	msedge.exe	79
PID 760 wrote to memory of 6080	760	msedge.exe	79
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 3756	760	msedge.exe	80
PID 760 wrote to memory of 2236	760	msedge.exe	81
PID 760 wrote to memory of 2236	760	msedge.exe	81
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82
PID 760 wrote to memory of 248	760	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc68d83cb8,0x7ffc68d83cc8,0x7ffc68d83cd8
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6648 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3856 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,17064693258672330811,16943853088609755954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 1228
    3⤵
    - Program crash
    PID:2780
- C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 1200
    3⤵
    - Program crash
    PID:6036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4508 -ip 4508
1⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2900 -ip 2900
1⤵
PID:6064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
492717e07dec9431e9cd0b038fc63e45

SHA1
ebb6fa503e445b809bd621386eae51e6c0014eb3

SHA256
c715734418ba26f4323c5a614658857ae941bcd0e2d149da713ddb8a2a1c0f85

SHA512
7ec84a73b5a00b8a8e86d03d6433a7af3e380ad81f11559cc59915e632e290689cf93bb30e8ba655776f29c931d0bdd4ddb24269458779d96eb35c8e8432535d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2834135b84460ebf3cdc5b5c6dcf59a0

SHA1
3cfc19df7a2d4c437b10a8ca09c6c28e9cce2cc1

SHA256
166080e5351706fd67f012ddd10ec5c139ec0a75e74d7ad224ab1b41b25abed9

SHA512
9275d71eabf498ec74467cd6d34b99f59713407c7f0600ac4221d2a2106d93c61220a71896c04b2a03f06d8750d0ac2b3760c096b0612a64ab49298902fc3205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
744B

MD5
ca20076cdfa95cdcadc9860bdff8e60c

SHA1
4f836dd29a2ded2752b3a59193e73a11d9691542

SHA256
11ddf33d543af574fde4352adb7bce45ca6f1770d5a57e7d05d817f10bba966f

SHA512
28539b61c903722a6eb484ff6b41996819348730ed1fc46cd6b0044d907d6c5690aa75652379502d68e7454fa91092129e02ada876a02992756f87a627728588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcbbb1be093b7c86c1880ac3c04904c7

SHA1
c6b9bf0f4609e9bb6c7d9150724f5a609a962020

SHA256
2e1247e30ab9f3f237af9caa17414c92048b73a2067aec47c2b80692eb1f578d

SHA512
2ba1b98c37ecdc7d9643696e0e36279ae2cbc99221a01299d5a912e9b62c73e6f207f450b467e3b4691b72cb33010a3c853ec7b3c26a653373405faf4e948b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
441ef037a03ce422f200cc739ca8edda

SHA1
7297e87d41fb1360ee1cab41ee4d163213d2502a

SHA256
8481bff65dfb4861251197ff7ead49f1a8cf6c5fbf2d78cfef4504fca4ea3096

SHA512
4ae467a0ebef28caea8175162cf0d9c1a4965cd55af3468ad3137dfed68ad8fa99f390c3759811fe6656d60de01ecc71409497e5151d383facbe7360d866f4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0cce709b38068aef689eba75a836850d

SHA1
c69571ed2df14ab75b2ae98fad72de87cc35847a

SHA256
586220b43862bcb6ed1aeaf11c4853377ad14d534f6137aafb183dc840e27c9a

SHA512
1bb1e6738b991dc7a9fe8c6526dff50350f92878b3ca296471bbd3a5d680b65bec346dc511adbad0705cc555b6a367db64eb42eb09e9a897170eca2fcd7519cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1f3ed0fa2a513af9abcb87fbacc16b5

SHA1
d1424b6544e76f0c09e90a2f4762100e98ea45a8

SHA256
9cb3616b9733c1741cf4b20d5ca897caba7c2506cac251eb5a1245d97593790d

SHA512
b73168753de3907b25b90b52323bc0b04ab3ae82fcdf466be6f294f9408bc33d46d226c617297c14447b34be3cd01018f4fd1e13697f13bd91f65b7a115a1340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
cb6c93818ae7b9b34342825e4c2b938f

SHA1
141206417734c591d246bc7affc40f5f30047ad7

SHA256
2ebdec882acdc3051dd0521c1ddd80c058eec71cd96abf3a57a201ff2ccb8e03

SHA512
5ec617810d64e4487aa71609318466dd762d8b23a58fa4ddd5398a09da183aa4bed5b9d55ea4b9ba230ddb49985f52ffc88427c9f4853b03b5f4d2ab3b27bb46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61a3af602bda27a3ddc9c93da30dd808

SHA1
66ce8082cd90186bd2aa23a9dbd7646eb29b3927

SHA256
08d7741610cf161fed3bbb5427a21a1f8a09fb474af10697d38c44494bea187b

SHA512
586269de954cba48d85d33ba07003e9a62dea85674f860922e86a4e4cfcdfad78dd96155c16578677ce7b0e4944f5e915a639aa699735fdeb620421e3c40881a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cb137f6c966db2d72961d3281220d492

SHA1
873c01a1f04b57d3c3733f1f2e6e9f2c501d9144

SHA256
54995750f6ecf8f908a7cbd87dac0cf9fe025f2695e283f42eba4e70ce0572ae

SHA512
2f3133dc340697d71c9c7d7ddacdeaa76a153f1cd0aa3c757660b4b0157fea5b98d41d666585a559abcf2620aeecf4d2ade71e210728c292a457567618e48c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83efde51e0b0d7ce3a84afa48f90081a

SHA1
6860a51098a98d563d8d6e110e8fbbffdbbdc681

SHA256
bc0d7710eab7b41fc8ed80dc3af120a46fa2e307edc99ccfe81d2f47f4dc36f0

SHA512
e080d349da9c5685766eb192ae7444a4a6d3a3527ce4adc5b1dec3555d824d337b25c9e68a343d10c1bbf169d7c31e38290ae2843b5506b55e1b8bdc2a702eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b48f4539bc49e8589ceb60683ac631d

SHA1
d34ae7349171d68beab132eaa5abfd8b33fa2f50

SHA256
1c570435bfa12d52e408154ad83ae29942934db6dfe168feb5cc92bda843bc7b

SHA512
1311f530d396e1e8e83fcd0a746401a97cc74ec80e1d69c3a2681813fbb628394bc7df48b564f61686371ef9e24f903eca8e810ef2dbd18605b4af53ce39065c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e3b4.TMP

Filesize
538B

MD5
94c265fda4f72daf81742f06d2820166

SHA1
fc67879955846980dd12ce10350dc1f7a3c21141

SHA256
73f15018a62d8b1032c88e59ee303238b99dfcd9323c2567b59da240b0c464c2

SHA512
4fa1df11eb1bd317da1da092796d0a2d5e36101a42051732e41bef3bcf6b73f7653660a86afd4ba8be1fcf1ca7d871268fbb9c80d6ed5b7ded02bd803bbe2d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6dbc295feaa7be27282269676db8bdef

SHA1
2bc0d720205f28bccb852e9f7fc81b5868895bfe

SHA256
eff814f8c158594ba9ceda17738a2b46d08baa58d71336ce572b8e85d9b10278

SHA512
67783d6f1623ef7f36532745d79e0f016d719580d6fb7c599e14860d66c2787b69f44cfa62f1618d26b3360069b5c81788e8ea0f7bb3ef134e3955eaf6714b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bad44a5c52796d19bfe11ec54f80ac65

SHA1
7e7efbe4a904a4a26aa8f2732b5422cf19c5a826

SHA256
ef016d5bfee5b803509bcb0071ebc8390ca5a95e16268ebe3612f9c506bca5de

SHA512
50a1eff95bf43293061729e5880f891a5bec6f52fde8245e6a3c6ad0b126abfb283fe29b4d60dd03f7cf3a8fb1c2efdcdeded6f05eba0a9bb105b8e06d441742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e55e697e5a573195683c1361dfb1798

SHA1
ffa6504d0cfdd9a5bf271e1aa61f0c68dd4d7a11

SHA256
43a5ec181478a10801b008c758f66eb4eaab83af13f15264c7fce4e400a1febc

SHA512
5774b569d290d49ef92b52a17f0a17c4d366c05285981045660e0d3ff59ef56015dfa1b566ce8a4ccc04ce4221150fb16b5a4a13ec21e7c9728fcdd4074e2bf6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 82711.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot (5).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4508-730-0x00000000008F0000-0x0000000000962000-memory.dmp

Filesize
456KB

Download
memory/4508-731-0x0000000005310000-0x00000000053AC000-memory.dmp

Filesize
624KB

Download
memory/4508-732-0x0000000005960000-0x0000000005F06000-memory.dmp

Filesize
5.6MB

Download
memory/4508-733-0x00000000053B0000-0x0000000005442000-memory.dmp

Filesize
584KB

Download
memory/4508-734-0x00000000052D0000-0x00000000052DA000-memory.dmp

Filesize
40KB

Download
memory/4508-735-0x0000000005620000-0x0000000005676000-memory.dmp

Filesize
344KB

Download