734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.exe
Size

12KB
MD5

a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1

761168201520c199dba68add3a607922d8d4a86e
SHA256

3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA512

89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
SSDEEP

192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3244	MEMZ.exe
3244	MEMZ.exe
2620	MEMZ.exe
2620	MEMZ.exe
3244	MEMZ.exe
3244	MEMZ.exe
3244	MEMZ.exe
3244	MEMZ.exe
2620	MEMZ.exe
2308	MEMZ.exe
2620	MEMZ.exe
2308	MEMZ.exe
4032	MEMZ.exe
4032	MEMZ.exe
4012	MEMZ.exe
4012	MEMZ.exe
2308	MEMZ.exe
2620	MEMZ.exe
2308	MEMZ.exe
2620	MEMZ.exe
3244	MEMZ.exe
3244	MEMZ.exe
4032	MEMZ.exe
4032	MEMZ.exe
4012	MEMZ.exe
4012	MEMZ.exe
4012	MEMZ.exe
4012	MEMZ.exe
4032	MEMZ.exe
4032	MEMZ.exe
3244	MEMZ.exe
3244	MEMZ.exe
2620	MEMZ.exe
2620	MEMZ.exe
2308	MEMZ.exe
2308	MEMZ.exe
4032	MEMZ.exe
3244	MEMZ.exe
4032	MEMZ.exe
3244	MEMZ.exe
4012	MEMZ.exe
4012	MEMZ.exe
2308	MEMZ.exe
2620	MEMZ.exe
2620	MEMZ.exe
2308	MEMZ.exe
4032	MEMZ.exe
4032	MEMZ.exe
3244	MEMZ.exe
4012	MEMZ.exe
3244	MEMZ.exe
4012	MEMZ.exe
2620	MEMZ.exe
2620	MEMZ.exe
3244	MEMZ.exe
3244	MEMZ.exe
2308	MEMZ.exe
2308	MEMZ.exe
4032	MEMZ.exe
4032	MEMZ.exe
2620	MEMZ.exe
4012	MEMZ.exe
2620	MEMZ.exe
4012	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

Taskmgr.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2380	Taskmgr.exe
Token: SeSystemProfilePrivilege	2380	Taskmgr.exe
Token: SeCreateGlobalPrivilege	2380	Taskmgr.exe
Token: 33	4224	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4224	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe
2380	Taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MEMZ.exe

pid process

3812 MEMZ.exe

pid	process
3812	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 4616 wrote to memory of 3244	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 3244	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 3244	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 2620	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 2620	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 2620	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 2308	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 2308	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 2308	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 4032	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 4032	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 4032	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 4012	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 4012	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 4012	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 3812	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 3812	4616	MEMZ.exe	MEMZ.exe
PID 4616 wrote to memory of 3812	4616	MEMZ.exe	MEMZ.exe
PID 3812 wrote to memory of 536	3812	MEMZ.exe	notepad.exe
PID 3812 wrote to memory of 536	3812	MEMZ.exe	notepad.exe
PID 3812 wrote to memory of 536	3812	MEMZ.exe	notepad.exe
PID 3812 wrote to memory of 4524	3812	MEMZ.exe	msedge.exe
PID 3812 wrote to memory of 4524	3812	MEMZ.exe	msedge.exe
PID 4524 wrote to memory of 736	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 736	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 3348	4524	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3812
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffd4de746f8,0x7ffd4de74708,0x7ffd4de74718
      4⤵
      PID:736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
      4⤵
      PID:3348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
      4⤵
      PID:4396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
      4⤵
      PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
      4⤵
      PID:732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
      4⤵
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
      4⤵
      PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
      4⤵
      PID:5820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:5828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
      4⤵
      PID:6140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
      4⤵
      PID:2044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
      4⤵
      PID:3896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
      4⤵
      PID:5124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
      4⤵
      PID:5176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
      4⤵
      PID:2172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11333749435918476265,9218313057447624443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
      4⤵
      PID:5596
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Checks SCSI registry key(s)
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd4de746f8,0x7ffd4de74708,0x7ffd4de74718
      4⤵
      PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:4376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd4de746f8,0x7ffd4de74708,0x7ffd4de74718
      4⤵
      PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd4de746f8,0x7ffd4de74708,0x7ffd4de74718
      4⤵
      PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\41d2d2a3-e0f2-4727-8a91-a24b52460876.tmp

Filesize
11KB

MD5
2efc85af6b9a63d5d024da1e469f929a

SHA1
9ecf74a12320d0fba7bf4751253381ea2d037fde

SHA256
d4958cdba22c9fe25c3789697a0c747ba603de6ff202ff1755fbece3a0d03dde

SHA512
e681868819ccb7f34e304e65a4f1afbad6802b631d0d43e162a77b9cde1d61d7ad4bfa881f11eef4a713d16f56418c32c53c60842b06d0b166a024a0037163b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4246078a12887669_0

Filesize
317KB

MD5
e8b46cb5423841963f00b592e8532c6f

SHA1
bb1aa233ddfc7f06351cf3e2e4b1dbcd877e3b35

SHA256
c44a3b4bf25f9ada1e5525902057d00eb49ba84ae8eef17a997590b08d950398

SHA512
85a91c9ecab019d31ad114bc84a04fd57d38ec6713ff6900f0126b4b00127a7303ff199942ae8a5c3cd890d2b5112553ae523704f7af0c45671136a4048a0e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
9124e61be4fdae0fb43be8623679144a

SHA1
95102f8af1815b7c1c02632ab9ffe59efad9716c

SHA256
0c43693c738d96b74fa213b0c0d01f4ba7d97f9ad79379475b8f202f4a58c7e1

SHA512
9e31ce08b56960aba134c9619eb81502ed34f29d7356db0302ff4d3325a91105c4afd691a3d64e0c7fcf4d8e434a06d90d4f63c3cb657eb9396954e86bdb2087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
0cedfdd2e2e99e5401c48b6dbc5e20d9

SHA1
8573a9176210f707fccdf8f21602d5d02b712d16

SHA256
b4ba796c2c75fb5b640d4bf29e873945fa20521828bf98641a9de484010a1f63

SHA512
70969ab6a42c0531a3293bac4ec52a795d882b1b8a5349fd583009ed074c1152505154e009bd9162b6f630874ff50f9a02c8c8ae923003815ea4a12f3119d390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c585c027489e718413815c49b4f77041

SHA1
c76ebc1834b4eca12fad6a6e9efaa22e719d9684

SHA256
2a6191f55ccb115e0c3eed9e54a9b0f0cf2ed7cf4bfa19bbfee270a8ef7388ab

SHA512
cf9ca5a5372c3833d016d385ed114b60d05df8542f2333f9f4063aafbc192801317d95ba90a9abaa2dfca9019761f3dcaa9c138006fe300b8384f16e2212691c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
96d05446a0ed9491eb7085855c2336a0

SHA1
ec60c73e41bae09a13538b345e37f93ad1d5df5e

SHA256
8fb5340bf2a57bfb6e68f45576b403342d11d85c34e4280989820341eed4bc3f

SHA512
75e919e08d2f6fe4ccfb18766af9e95f0f7a0bb5739e4bbdf07b95b3fd95dd6cd724d52ce0b418ce715dd8a6b5cf8629079e39bbc78784ab53e70662485771e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1005B

MD5
deb98f22b188cf07b2e928dfd53581cc

SHA1
28be6d58adf0c2cd28a064115868299e83ff7873

SHA256
9644e3676280151e5b1e5f61f420e2d4df262f54d56eacb1fed731e5a299f8d8

SHA512
fbf6b607ad79d5f6d5aa89f533c8b783517db8590690e984e2958837e025743a25512747dd77e11e9b60c00b05dc69477aab5c344441534d1467f2a3543f7e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a92a47493aeaea3f3494f875ad969ab6

SHA1
c7a44954b15f3c7fb66e3d22bbc81547c1dafcbb

SHA256
23ab397fd9727254f65b6b851d4f59372ca6cf8e70fc73a1a4b293d9071662e7

SHA512
811e45276185c8d233947e38f93bf5edda72b0842c61926cbcceb5ef02d026089d43c73fe5f290bd11716d8977328a6a6bbaae5d55880aee66238878728aac4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efc772b9fdab3bfefa5c84a4a5200799

SHA1
e5772aafff517833b31218e84c0d2bc47daf49fc

SHA256
8607d43aa3b617dcade05151b0fa2c21edaec98df005035b458bbaea66761dd1

SHA512
aa74c823a540000dd0d451ef56feeca653a3639c6f02e2440c6228e577f5a81c4ef139bf0eedbcd29a19bc1c5849e742075556bfb84bf78475378638d2cdd063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c87cde631b2563c4920b23baab6b7c4

SHA1
1ccff3ad2bd13b32f795af5f2283a1c86638e5f3

SHA256
a32ec5e4cccc264f6d3efcdab60a17e107611e4499da6719f89d0c62cd796a2d

SHA512
bd2f574182736ae71dea760c89a9d87179e8aa33c909bcb5c2a0a9d0f5f8c32135910183f850e71ac7e9d800ddfcef3cf4e556eaff60ca6c722a00ccd7a31305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9301e851ebe15775df022769e3405249

SHA1
4772bd05b135f56669abda4ba6e620913d4f44b9

SHA256
ad5543f184f39d9a5a81a3cff9a3aaa16f9953d12c367d1bba68fde0f5670184

SHA512
74445bc8d992eb4651467a5efcf55edf3747f8c1404e30ad675c62ec40feba6c711fbb1c0406e3a18eeb3dbe87f1bb9741d421ffa08c20ced9a8bfa81b18e9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c6a776f9-4cd1-461b-8548-9eab77a44d03.tmp

Filesize
6KB

MD5
812e15f7d73abc720fb60cbba6998aff

SHA1
d77528c9fbe982ffaf3581fcdf6cd5d8a1ce8419

SHA256
fe7b74a63a483077c75e904c01f05a531bada8544d986f66799f882871525847

SHA512
a587f8d1ee7d7667795d1b1bf75d83df1b3492c07eb933e722477315cec929146417ebbc021472c3daa9b4321e265b6176d097ec71756c6cdbb9fa55354f08a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f77a9dfc62d4234e9628e89cca6fa0ce

SHA1
c1176d7142b88ecfcee058fdd7b81de508dc9ce8

SHA256
9dc666f941777266966b850546c9dd81b4da23d13cbe5da1ab0e7067d141b8a0

SHA512
fdcc255d0dee2ffd2b5d1a2c179d27f4db03412ee1a65db4dc0c7b9732ccf7018feab36f1e5c4354619332634d096ceb7d8b643d4f3739d24420c3c5770c9543

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4524_LRDXSCFHPEMSRMAR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2380-98-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-100-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-99-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-97-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-96-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-95-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-94-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-90-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-89-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/2380-88-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download