37393231ee6c2f1e4e81bb820867302f509abe5108d7e6eac891fe1ab4b66ca5

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5ac1858b7313eca6ad65f6506620f1a.exe
Size

40.3MB
MD5

b5ac1858b7313eca6ad65f6506620f1a
SHA1

3b28ac50e965f2c56135616d0f52d5ccd9213c2e
SHA256

f214918bf7299ec08409db0c5c459d27a88edcc0252852a319f9988ef2970cc4
SHA512

ff23da07018e0e13dc85de8240c6ebfa3f06ccd1f75f4389d488b20097594e794d4f809db81ea3352e3743b87a5ca9ba253f5a23b0ee184d0c353c3c58c96e4d
SSDEEP

786432:cgCamkV/mkVeOO/nekao+GbQUAJ+kfCxGyLwbJ4LUMsQF9zmt37vDI7kot4+5:cgsEeEeORkao+GbQJEkfCQ00JuUFgo9w

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral18/memory/5532-1-0x00000000005F0000-0x0000000002E3E000-memory.dmp	upx

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_408500483\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_408500483\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_2077886350\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_408500483\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_2077886350\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_2077886350\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_408500483\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_2077886350\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_408500483\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_2077886350\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5ac1858b7313eca6ad65f6506620f1a.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870986586255385"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{7576618E-00C4-4C54-A01C-B8DB506073C9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5532	b5ac1858b7313eca6ad65f6506620f1a.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5532	b5ac1858b7313eca6ad65f6506620f1a.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5532 wrote to memory of 5228	5532	b5ac1858b7313eca6ad65f6506620f1a.exe	94
PID 5532 wrote to memory of 5228	5532	b5ac1858b7313eca6ad65f6506620f1a.exe	94
PID 5532 wrote to memory of 1928	5532	b5ac1858b7313eca6ad65f6506620f1a.exe	95
PID 5532 wrote to memory of 1928	5532	b5ac1858b7313eca6ad65f6506620f1a.exe	95
PID 5228 wrote to memory of 2328	5228	msedge.exe	96
PID 5228 wrote to memory of 2328	5228	msedge.exe	96
PID 5228 wrote to memory of 3288	5228	msedge.exe	98
PID 5228 wrote to memory of 3288	5228	msedge.exe	98
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 5620	5228	msedge.exe	99
PID 5228 wrote to memory of 1068	5228	msedge.exe	100
PID 5228 wrote to memory of 1068	5228	msedge.exe	100
PID 5228 wrote to memory of 1068	5228	msedge.exe	100
PID 5228 wrote to memory of 1068	5228	msedge.exe	100
PID 5228 wrote to memory of 1068	5228	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\b5ac1858b7313eca6ad65f6506620f1a.exe
"C:\Users\Admin\AppData\Local\Temp\b5ac1858b7313eca6ad65f6506620f1a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/gsmframe
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c4,0x2cc,0x2d0,0x2c8,0x2f0,0x7ffff56af208,0x7ffff56af214,0x7ffff56af220
    3⤵
    PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
    3⤵
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1900,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=2996 /prefetch:8
    3⤵
    PID:1068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
    3⤵
    PID:6040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3512,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    PID:1232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4364,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5176,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
    3⤵
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3940,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=3992 /prefetch:1
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:8
    3⤵
    PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5284,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:8
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
    3⤵
    PID:1740
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:8
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2612,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
    3⤵
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=2844 /prefetch:8
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6564,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3456,i,10034597669554680808,8403248469740819514,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
    3⤵
    PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web.facebook.com/profile.php?id=61553612032449
  2⤵
  PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5228_408500483\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5228_620208412\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5228_868054949\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0fc29ed4-ea0a-4e50-aaba-8d18251d15b6.tmp

Filesize
40KB

MD5
ef56f847c96d09ad046f1f20b9d7b03f

SHA1
e069d5e0e4350e34ccfdb2347faf2c47319c69a3

SHA256
44c89671d47aa5706b3ee05222b40e0185d688f4e17882f9b5672ce8cc989672

SHA512
5849919cffb3f7fda94325ae47b2bc3fc01621b5288176a645960812760063ec630957f600c59c994981b9e89407cfe4cf44aa7a0d8e97317f369248aa7ae703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b0a6e2ed3ee37059ce0601e5b0933333

SHA1
17b591033445db9d75e4086cc9786a9008ba06cc

SHA256
4c99282476d95d8ff1f125c78f2054700102bebc62f363abb67e49c1e00d20e4

SHA512
4c33204b7154b038ce2d520133190aa6e3f95e33299fd8d9ead4c2c9dd5a6f125079d546753b842a1d45a2152795c6581e5d512757a3d4aa3d7b6c8bab8fbc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f3c6.TMP

Filesize
3KB

MD5
ac34f4d2071a9736caabbe7a462ad84e

SHA1
289859e5693c205ff46174957aa192a4c36bc375

SHA256
bed42e25158cf8f64135ba4decbf7da7c8a067f67466dbf50590a4d2892bb9df

SHA512
ca2ec8cc4b995d7a7e0b423033f9cb1de70ebf75b2df6c25350df5570dbff6cd1e2085beeec7e695d23b9c685fb5ab734edaa591478f117e4adb3d8bf1da31e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8e3ceab4351982def5eae7be7a5358d1

SHA1
47e60b8bb35fb963293fdd574aed5c258f54e673

SHA256
66faf6a2b077828e703ab4a22077b858e5b81a436f3296b161ea9570754f6f15

SHA512
c5e391ae8dddc29871e42007591997336eee1c237d1cc67140e9736645c49a053959cfb336dd10b8b1c1fc602035dcb019f3d8f3e3996b71dce4ad59bea5e8a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
24335c1ffc2e17a8de489123549d3bbe

SHA1
071cd6cf81783ca4db5ba33eb127aabe90176212

SHA256
21bd4c34dda694e6ba6a855101cd1556d6bb5ea1fe927b25a304fb6b17427c5e

SHA512
e822ce2a2c636bbcbf8a66d59b475c0274870c6be39c1f0bdfb6004b82137b5812c3e6d447fc1728f911bcd649dd13fc3ca9225e0cf72814d23b42116e4a2fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0c156e458510a5ea4728796684aceac3

SHA1
e1eba2765dd27ae78b5643c2d69058d6de3eae93

SHA256
0ece6b1b0181e3cba1ce2786945c165748c23a5a9be0c646787c609cb546f59b

SHA512
456ee14d856a7221569a87800a0e4a39a91259da10a92a0b9dc6ae7b24bb54241c9f2bee2c7188d36d3890b0b92e43a9075856b155831e0bad3382f6383bad67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
01a5a012f9d4e1eb6084cc9c096f08e4

SHA1
774f7213c357d2fb19074e3f5450ba02b476f6e1

SHA256
5850504a69d010193ce7b45dffbc82fa201345ffac6d430d37149d8fc9af9c8b

SHA512
b8b3f8e7d627208df031db948c7152d2db58d787619809be4e855c4a16fbc1ebd0818b10bfc1934a56dacf4a6c634fdb857637bfa282c9d1e00e401fa835c1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
254fff316fa3f2c6a4c571d0c90399ec

SHA1
7f623376ad175aca69c662e41ddbfafa5a0c914c

SHA256
f156203842032778c6ad538a604e34fe9e27b00bd4572e92b30a217f529f17d4

SHA512
174cee3a92656602b689f478e34ffaf8d7fca56e2cdc64384c1173c70e0de1083f1e7598806b4b4aaa0392fad1714fcc9a265b0f9958d9a08db178b246a53dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
b16188036953c5f6294db00be36f4990

SHA1
49bb4032750fdb266f4bfeb1f13bef069197a0ef

SHA256
427d33b87fb9dd3b2bd9e4e4bb9dafd033cf6fd5d11bff32c363546bc6d5242b

SHA512
d485520a0168f4a28c68148b4efdb410f7ba0ed8b18742d81c2413397d94170f6c2412bff24c99b5718aa15ad71c75c3180611392c095ad41dfb21ea54038d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
4a78139b3a9acf040c3291816c2c5760

SHA1
aaff4ed36d0c21b66c2d384d7e14f68edafca204

SHA256
ad134f90ec5818a7630d8843e8bee416fab4c89670a34c4287211e5ae86a8c6a

SHA512
77fa87e7c03fdb672f7131d8e14181f4811b1d671da39bfff17311fa4f26eb7b49c69751dfb74ca3eca00661f2bfda566db0eca80da56f290c591e6d38921aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
74f031d5ac58e6992d7d102052bd95c3

SHA1
a9fd492ff8b3194edec87a12e0f31c06550d867a

SHA256
7b5312acd6ecd09d249e964e4bf80a5293cb6ce17f7be4c3b6b53faed5d3bfd4

SHA512
891c1e6f4c591ff0b85d4e19bf0094a083d4478dab7e970601b4d1eb27ac642563e740ebda7ddd9c64076269a7d88cc8e78731abf63314c8097dae1d9f20edd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
abb794f17eeedd475fad98103eef1d81

SHA1
23f2105622a5a3dff2e0c44baa2231dab8057e65

SHA256
678cc4d5826b1e31d7c41a8b294a7a4043df9fe13e67301c049e5fad56d8d650

SHA512
dfab1e72ae6fff131c7790420f3da036848a738a8a0209f2967d6615267814c8838c2afa0d9dc15e177ef2bafe0f168badb993721175317fcdd5db5a9502eab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
c3b777f66cb487177372502d9fbc98d9

SHA1
669d548c9fcba074ea0f35216b39959f5af6f3b1

SHA256
d1d9a39fbf073633b4516873f1c4ef48d771fa1136b248f6ea00954c728479c6

SHA512
d674e1972f30fa4e83e5991addf7143a23eceec79e0e7d4bed4523d696789e604b6fccb47a7f35009a40139d95a82a5e7a46af17c45b66f69c45d2cd4236e83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
2cc66a8ec584d31c4a34ae58e702b062

SHA1
43407508f1e8277bb4f9b9efc8c1d823f469189a

SHA256
8dbce1872718f58bb0a5b01e58dbe317f72bfb81539e8431124cf24e0224a618

SHA512
4a9dd68e7e582c570371a1c670b2e44fd19f1eb756a3320b6d4dd658e0dabd14dd7c74a19a3db52ba54c2799047c16147d0a74904f136f116e4b920dbe2d778c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
e9a1d0f4542d3e737048e4cdfa4e8199

SHA1
ec217230b3b5b03a0231137ae357c16d935217ae

SHA256
148d78a788e9a245aaa40b3ac7bd3d6e0b769ecf4bbf488a85d38b72d884dd19

SHA512
6646ede1d8924c00868d2aa40e2ba6e6308853d98803c970279c6cbcad204f0c6dc16aa39735809321ed7d45c440718386b08a4581546d7a9455764f35dfd35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
940ebadad6709efd28b0db09a609f8ae

SHA1
8f08c3f4baec1fcc45071114ffa7574f25aabd20

SHA256
ef981673da530204af94818a8d560cb46b7f248b3e3d6a721f98f6e86b0d775a

SHA512
d22f8837f5cf5280c4382174d59cfd2ff60a8add4b4158327881c3bc1540b6dcfe4c237b7a3da10f9a39a3aa9b8277b091dbfd48898b0d5e02ee46ab1fe0a778

Download Submit
C:\Users\Admin\AppData\Local\Temp\SamFlash.ini

Filesize
199B

MD5
72f84c992a3045205db7e219fdf9e659

SHA1
61c2cfe006c9a077ee338c722e4c1cad1f336c6b

SHA256
596fd8bab743b07443cc338793fa3342208039fb5a115ecd013685019afb3f2a

SHA512
d8b01015abbcdedebb9a5c467e0a02cb5987574344b9d52f46a66b1d4f5346f5ab378a7dbc3a682b128059cf44c4bdbe8941f82e8f6fe0d14774c0072d966613

Download Submit
memory/5532-13-0x000000000ABC0000-0x000000000B3B0000-memory.dmp

Filesize
7.9MB

Download
memory/5532-22-0x0000000074ECE000-0x0000000074ECF000-memory.dmp

Filesize
4KB

Download
memory/5532-19-0x0000000012380000-0x000000001242A000-memory.dmp

Filesize
680KB

Download
memory/5532-18-0x0000000074EC0000-0x0000000075670000-memory.dmp

Filesize
7.7MB

Download
memory/5532-21-0x0000000074EC0000-0x0000000075670000-memory.dmp

Filesize
7.7MB

Download
memory/5532-17-0x000000000C7D0000-0x000000000CB24000-memory.dmp

Filesize
3.3MB

Download
memory/5532-16-0x000000000B3B0000-0x000000000B5C8000-memory.dmp

Filesize
2.1MB

Download
memory/5532-15-0x0000000007CB0000-0x0000000007CD0000-memory.dmp

Filesize
128KB

Download
memory/5532-14-0x000000000D050000-0x000000000D4BA000-memory.dmp

Filesize
4.4MB

Download
memory/5532-47-0x0000000014D00000-0x0000000014D66000-memory.dmp

Filesize
408KB

Download
memory/5532-12-0x000000000A810000-0x000000000ABC2000-memory.dmp

Filesize
3.7MB

Download
memory/5532-245-0x0000000074EC0000-0x0000000075670000-memory.dmp

Filesize
7.7MB

Download
memory/5532-0-0x0000000074ECE000-0x0000000074ECF000-memory.dmp

Filesize
4KB

Download
memory/5532-20-0x0000000013760000-0x0000000013812000-memory.dmp

Filesize
712KB

Download
memory/5532-11-0x0000000008B90000-0x0000000008C8E000-memory.dmp

Filesize
1016KB

Download
memory/5532-10-0x0000000007DC0000-0x0000000007EE0000-memory.dmp

Filesize
1.1MB

Download
memory/5532-9-0x00000000084E0000-0x0000000008A4C000-memory.dmp

Filesize
5.4MB

Download
memory/5532-8-0x000000000D750000-0x000000000EAE2000-memory.dmp

Filesize
19.6MB

Download
memory/5532-7-0x0000000007A80000-0x0000000007AD6000-memory.dmp

Filesize
344KB

Download
memory/5532-5-0x0000000007950000-0x000000000795A000-memory.dmp

Filesize
40KB

Download
memory/5532-6-0x0000000074EC0000-0x0000000075670000-memory.dmp

Filesize
7.7MB

Download
memory/5532-4-0x0000000007980000-0x0000000007A12000-memory.dmp

Filesize
584KB

Download
memory/5532-3-0x0000000007F30000-0x00000000084D4000-memory.dmp

Filesize
5.6MB

Download
memory/5532-2-0x00000000077C0000-0x000000000785C000-memory.dmp

Filesize
624KB

Download
memory/5532-1-0x00000000005F0000-0x0000000002E3E000-memory.dmp

Filesize
40.3MB

Download
memory/5532-23-0x0000000014AE0000-0x0000000014B02000-memory.dmp

Filesize
136KB

Download
memory/5532-24-0x0000000074EC0000-0x0000000075670000-memory.dmp

Filesize
7.7MB

Download