189c456c653e587b81b4f3950b102a94c4570c2a7057c50b138b511162a2c46a

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

897b60be5611091a83c5ceb48f7d2bd4.exe
Size

8.5MB
MD5

897b60be5611091a83c5ceb48f7d2bd4
SHA1

c397499a37f458adc9afd3bb7ecf19d5893202cd
SHA256

79068d9df13cad52bfbafafb7b6caf4207f9b92cb64bb78fefe839e9a73a9162
SHA512

0f1786389bb0d7af71401a4826468a6f2c313fa40a56462aa88dba77f4b3a6bf648dae7a4ce9085be1a9a0ac488558689bb68ac5f978b9b2d70dae8ddefd8404
SSDEEP

196608:UOW/od/SWu0VwCnYuo+JBSe7PS6O3YmOZdgkSI+:ULQMWu0VwCnzo+vSe7PEmgkSB

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
53	discord.com
54	discord.com
42	discord.com
43	discord.com

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_422451324\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_422451324\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1228338130\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1228338130\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1228338130\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1228338130\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_422451324\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_422451324\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_422451324\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1228338130\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	897b60be5611091a83c5ceb48f7d2bd4.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870979866919660"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{6E18B07E-E8D6-4BDA-8FDA-AEB4E6241494}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{B970074E-C114-4F8D-98EC-4E28B34FC47B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4272	897b60be5611091a83c5ceb48f7d2bd4.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 4880	4272	897b60be5611091a83c5ceb48f7d2bd4.exe	88
PID 4272 wrote to memory of 4880	4272	897b60be5611091a83c5ceb48f7d2bd4.exe	88
PID 4880 wrote to memory of 4680	4880	msedge.exe	89
PID 4880 wrote to memory of 4680	4880	msedge.exe	89
PID 4880 wrote to memory of 3304	4880	msedge.exe	90
PID 4880 wrote to memory of 3304	4880	msedge.exe	90
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 6140	4880	msedge.exe	91
PID 4880 wrote to memory of 5256	4880	msedge.exe	93
PID 4880 wrote to memory of 5256	4880	msedge.exe	93
PID 4880 wrote to memory of 5256	4880	msedge.exe	93
PID 4880 wrote to memory of 5256	4880	msedge.exe	93
PID 4880 wrote to memory of 5256	4880	msedge.exe	93
PID 4880 wrote to memory of 5256	4880	msedge.exe	93
PID 4880 wrote to memory of 5256	4880	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\897b60be5611091a83c5ceb48f7d2bd4.exe
"C:\Users\Admin\AppData\Local\Temp\897b60be5611091a83c5ceb48f7d2bd4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/Vnq3xargTX
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7fff5e62f208,0x7fff5e62f214,0x7fff5e62f220
    3⤵
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:3304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:6140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2424,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:6000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4840,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:2524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3792,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3816,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:8
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4292,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
    3⤵
    PID:2460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    PID:2640
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
    3⤵
    PID:5704
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
    3⤵
    PID:1956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:8
    3⤵
    PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
    3⤵
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    PID:1464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
    3⤵
    PID:556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6560,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3132,i,1969726109310700073,11943142041321915256,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
    3⤵
    PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1228338130\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4880_1731229278\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4880_896810836\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
35b0de7779d0db91e7768e76f1005391

SHA1
63b0543ca68a913b19f43973d36f78208b47db1c

SHA256
40d3987c270d465f3c33fcd930d4c14af5c29057417bbbec545206514b4b1b6f

SHA512
09c2ee47df64ba8557b6dfc174c514632a587cac9fd70b0a16bc78741e1bc621bb16758b8440d5944580157f72d7e9ffaed03ad49368b878bb0da35aa52af10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583b9d.TMP

Filesize
3KB

MD5
87066ed264e38aa551b1e7b46fbfe1d0

SHA1
2a623da88152a985f626cbac544bac7e4167c640

SHA256
90172ddd115395962ea9e36788e9802e596763bcb42ea6e18eaff7d89968deee

SHA512
443f34083b3b59e111be961325ac32493b3c1dda756e92fc44efdcad9e5e2ea235d66fae988c2d9003363add818c4fceb5c2aa1241a3f990b605dcdb3fb87510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fa7e23ac3b58ddb08a2e9db8337f48e1

SHA1
88ca1c981ce2c894d9aee53982cac78b84d4e04c

SHA256
d6e976dcfdd640508ddf49b65a3c1b577e8d54d951d6528e36fbd8a613840c92

SHA512
73a7cc6d73a031908ffae7bfd2d0da2a69d2f60ec48aabaf8a79475e5af76afb037fd101f907cb9cb7f069014a22fa343b3aa621b7379b61e1401568688e32de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
296cd02abbf98992567d66901121c1af

SHA1
d5ea659d84d7409fa31ff81417dc019278615ab4

SHA256
17b4d513c5178a116a50848444335b36103b067a5d9136c0c003aa947afaecac

SHA512
d57d1617ff1ad18b66daedf61c0d462bccf2b74340ece5eef0542a71f8f7a0498f6357510884388d7ee044ae47240b7cd08a988f59cbf74b1ea9a50013bf758e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
11c28fc929e57de2959aa4836875dca9

SHA1
977f318ba7ab8a01b02072599d48d02c1f60672b

SHA256
03aba4d2191b58bdf1aee594614637d08b9239b65a94292c170b5a8d85ded4b0

SHA512
fdf8aee04740c5f135420bb5113b42ce6ab60148ae7d0de1d78fd2f1afb00bdbb7ea050e5173a4555666260ce24363107b46b439da005f02dc6ca96e3553a938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9551f6cb8887e790bd5fd587e457eeb1

SHA1
48bf2157f7569fb6bdf4bdbcc1d481be49242c19

SHA256
b09f76b88899c34c90d768de0787ca7dbf2fb3aed16db6f0582c1ddc0cc35bb4

SHA512
3950b6ef7041204e2255d2ae93b2d46616709344a86f743eb09e732d95efea18007de1b2f113884765e18ca17ed7a174d7dee63ba54e3e32d66fb0732739146e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ff2c4551ecd21cefa365e45ce7cc3978

SHA1
354ba56f9fe663778737ebc2b2b667c37cad2048

SHA256
bb6a2f8dac0836bf3126a9894597788b1e1ac1f7c39727df72161382a366711d

SHA512
39a9f2f2fe31e428c61ca2bf91ca86135390aa9ad0bd8ae920f8f76aa951c5a83c53f8fd611e4a26b19c2f435309e5f72aacf93a410bb72e52709151c309811b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
26c457f4c36fdd033cb455f10fb861fc

SHA1
511f69e1615dccd4fd53de4d64162d5fdd12fb51

SHA256
c24546f3c280a9ad8df512fb60a1175536840f9b1bdf53c4f3350d376bf0eb00

SHA512
bc44eaeeae9796146dcac055ce50b51b844a612c8f0263daeee78ba70c376775715fdafc17f9dccf2734df9d212227dcd556978ab834cffcd36bf7c601e168f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e355c6ea077d4433dc502afe42d96227

SHA1
481dbd4c9779f8b16d97c70bc5b1aafe3cece5db

SHA256
47750980ffb6b36a2a10c973cd0491bd3fe4e73d027507e4a565e536d43cb03f

SHA512
7b09a78910c5e4ed746c4cf67db66307ed2444f7207af6eca0afcdfef34bc43a1a767350febf9555fd122623fbe7dcc95ccd4c1a7ef7fd006436eacc07b66c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
aae2a526a31ea70c25b9be0d7c84eb4c

SHA1
2049d4b2ba4811d4b1ef536dd5be346148b4c21d

SHA256
58230042e000bbacc6d87b4d6c2527fef67d2407743a3bb31505fbd007abfb54

SHA512
5b7c1227550ac8840bc7fd62f9b474cda3da3b03f8983553400d092c28f8eba78d1f21efd81260eccbe522a34eaa7f5a913bb6d9a082781f09b8ee61df56d1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
9bab45a8c9b7975270241acaa1615256

SHA1
7d0e955d9eda3333c1aa222ef786c2882449ea58

SHA256
cdbf0dddc3ac2ae78adbd6d4f5d7ed177b4a420ecd1dfcdcee6893ddddad1928

SHA512
1690c2839a23e2c2e539a5896fe41db3e50bd9d14cee21396f529a620dc04be246b22a8845a695c2cba12ad50aee7f4e2214f18761247efa65104ec0e743a50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
506cda8e69d8aa60d2404169a9abe3aa

SHA1
a65a5394a34db74bd91467e26faf287d76675872

SHA256
6dbff887b84e46ceb686574d0cdac71ccaddecf8ca219fdfcccc49bcadfbc447

SHA512
c88b468c460d8ba28b303ef2a4a0a53e5d2d3ca0c7118b4a1ebf2395b1217cebf26fb0ddd80622a8ff3fa9e0c3bcc7814e7fa907da7b55f3b99413fb9317dbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
5b13e99adc8ca0ed6e42271f8dc1cca8

SHA1
b38ae16984ae1d732b73c7feefffa64602a1cfcb

SHA256
f8b2fcf71d64d5ef9f65c257c75f4712a4525a44258949fb767ceffb2155d699

SHA512
7f54c39dd8b3840077121b8cf84924f5144c098869c0b38e0254ef1243d57c33af85d6686513be958047adc801067eb6ea0b08a902e3aa11a3c513b45201ab32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ceb7c85bd0f909d978326b7aa2393fa5

SHA1
85c0bd0964e3f48cd9bdb60cfd01dc391667e20c

SHA256
6db2ec3e06a0b923af46c2accd4e1b6a5afc363767d99e095ee80d6c805ee287

SHA512
c6fc62a1aeb2a52f8b5a71f46e7581d6949b66ed900d10e1d706144d3145a4374185de9e40e2f7a707381c1cb3f59147f12404c4ead3ba0cd1556bd6730e335e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
7e369c5b9f98393f5ebc384b45d57e9a

SHA1
b8c1df7f5f8935bdcdcbfb35e393c63ce2d7c3c5

SHA256
df78a61bf3981ff02481c6c732f6e2075db4f085d16b8f114afb63b415e6c9dd

SHA512
acb11e13065ad5d8c6fcb9ea7e43f8bda0658f50c93b7e264238439eb1f65a1153d2f7167b5c744e637514594fef441b2ffdc5f37494ccfa222412b4b14ae6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8f07ac8046b80c011fff60ca08c72784

SHA1
dcc08e24c4f8681c8d7c9c336313f6c08c0cf229

SHA256
ddb46342d47c549fa392cde2d210724dcdaeb4669be52348fbe5972de63b5738

SHA512
29602f652820154571f1b18d47fb87a78a1c567b40f9b09e63d43e7373efb50b66b10a21dd55438cb626cb168a16fcf49cc9113e02c1a25044b19b452c827810

Download Submit
memory/4272-11-0x000000000DD60000-0x000000000DD82000-memory.dmp

Filesize
136KB

Download
memory/4272-7-0x0000000006850000-0x0000000006C26000-memory.dmp

Filesize
3.8MB

Download
memory/4272-0-0x000000007485E000-0x000000007485F000-memory.dmp

Filesize
4KB

Download
memory/4272-12-0x000000000DD90000-0x000000000E0E4000-memory.dmp

Filesize
3.3MB

Download
memory/4272-15-0x0000000074850000-0x0000000075000000-memory.dmp

Filesize
7.7MB

Download
memory/4272-16-0x000000000E360000-0x000000000E3FC000-memory.dmp

Filesize
624KB

Download
memory/4272-10-0x000000000DC50000-0x000000000DD02000-memory.dmp

Filesize
712KB

Download
memory/4272-9-0x0000000006150000-0x0000000006164000-memory.dmp

Filesize
80KB

Download
memory/4272-8-0x0000000005FD0000-0x000000000611E000-memory.dmp

Filesize
1.3MB

Download
memory/4272-14-0x000000000E160000-0x000000000E19C000-memory.dmp

Filesize
240KB

Download
memory/4272-6-0x0000000074850000-0x0000000075000000-memory.dmp

Filesize
7.7MB

Download
memory/4272-5-0x0000000005E00000-0x0000000005E0A000-memory.dmp

Filesize
40KB

Download
memory/4272-4-0x0000000005BC0000-0x0000000005BD2000-memory.dmp

Filesize
72KB

Download
memory/4272-3-0x0000000005C10000-0x0000000005CA2000-memory.dmp

Filesize
584KB

Download
memory/4272-2-0x00000000062A0000-0x0000000006844000-memory.dmp

Filesize
5.6MB

Download
memory/4272-76-0x000000007485E000-0x000000007485F000-memory.dmp

Filesize
4KB

Download
memory/4272-89-0x0000000074850000-0x0000000075000000-memory.dmp

Filesize
7.7MB

Download
memory/4272-1-0x00000000009B0000-0x000000000123A000-memory.dmp

Filesize
8.5MB

Download