hxxps://cdn-discordapp-com-attachments-png[.]vercel[.]app/api/115032488403195089812009140610308505808jthWYF[.]pngex=65c7e960&is=65b57460&hm=cb2e0fe2bf22fce7667694c8345607a008ce37de7eef62da8e18dfe33520828f&

Resubmissions

05/11/2024, 04:56

241105-fkn43sveqa 3

15/05/2024, 12:16

240515-pft9zagh4z 1

27/03/2024, 16:16

240327-tq4zdafg52 5

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn-discordapp-com-attachments-png.vercel.app/api/115032488403195089812009140610308505808jthWYF.pngex=65c7e960&is=65b57460&hm=cb2e0fe2bf22fce7667694c8345607a008ce37de7eef62da8e18dfe33520828f&

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 61 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
3420	msedge.exe
3420	msedge.exe
3052	identity_helper.exe
3052	identity_helper.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2748	mspaint.exe
2748	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
720	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2608	taskmgr.exe
Token: SeSystemProfilePrivilege	2608	taskmgr.exe
Token: SeCreateGlobalPrivilege	2608	taskmgr.exe
Token: 33	2608	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2608	taskmgr.exe
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeDebugPrivilege	3008	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe
2608	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2748	mspaint.exe
720	OpenWith.exe
3008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 1488	3420	msedge.exe	87
PID 3420 wrote to memory of 1488	3420	msedge.exe	87
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 3604	3420	msedge.exe	88
PID 3420 wrote to memory of 2168	3420	msedge.exe	89
PID 3420 wrote to memory of 2168	3420	msedge.exe	89
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90
PID 3420 wrote to memory of 2752	3420	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn-discordapp-com-attachments-png.vercel.app/api/115032488403195089812009140610308505808jthWYF.pngex=65c7e960&is=65b57460&hm=cb2e0fe2bf22fce7667694c8345607a008ce37de7eef62da8e18dfe33520828f&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb0846f8,0x7fffbb084708,0x7fffbb084718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2329637556095951424,7964596489274091036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2608

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\StepStart.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:3052

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.0.1745153437\456501980" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547a6594-8211-4b98-8f61-735b7cf40297} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1948 1497eac3558 gpu
    3⤵
    PID:2624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.1.760719915\620973557" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68ba643f-01e9-4afe-8459-2476eab228df} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2348 1497e63ef58 socket
    3⤵
    PID:2532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.2.1536898038\755680923" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3128 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92013c64-1541-4ec6-ae57-d9ee18d6f0df} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3044 1490c3a0a58 tab
    3⤵
    PID:2980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.3.1897287838\37214726" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea1ce2bf-393c-427a-8582-8cefd44d2c33} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3580 1497b965958 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.4.2053207054\726832879" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9fab30c-b38d-427e-81c7-f58f273e3483} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4520 1490d2e9858 tab
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.5.1759900176\1945992162" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5068 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {088ed948-e239-40d6-b972-e11a73d620e0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5116 1490c351b58 tab
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.6.873763412\799993638" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b71fd62-ceaa-4d50-aad0-9aaa07e733bc} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5248 1490c351e58 tab
    3⤵
    PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.7.1618468029\1386382590" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4078067d-e91b-4d10-9a66-60629b48075b} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5440 1490c353058 tab
    3⤵
    PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
578B

MD5
4ab9babaff1527d7bbf3a6be5da15d88

SHA1
1801daa966a05abe5734c381e9f7446a743b6a43

SHA256
e597dfb81be5b47475dd8b72447869edbe0fca4baa26593386d2f6aecd1ec1d9

SHA512
9bf5db87f7229ce21ca12f794b68263b26ed4f860e019c892c26b6078d6c1dbf5d99114679d397ed7ca5b432b5a458e7524f450b896f711a1fa0a556c6798932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4da28d04667eb0bf93d6589e982850d5

SHA1
404ff8e798b5af92612a861901075a00c6be9da6

SHA256
93a1a069f7807ff58512c279188584176e61610b18ee7b9e47a18ceef6066003

SHA512
2d8e9fa0f0afcb9f7fa8f0a18bbb83c1ba8558bb628b589df1ade212824d23e793eba5c2912cba1f9492a02ecce5b8f7a5d371bc6b84c5ada479a971a1c4d55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee071b7cd5806abd04b6cd92b647a9ab

SHA1
6f063d6f9c00ec6206f06fa9dc72859a7b3ee8b4

SHA256
f252e8066b30723ee77158f1e6225679c115223ef105b3af6094e87fd39d4c24

SHA512
c5bc173d0ff9ee88955d7a8cd656b17c441b499553e79d9bf62080da421037c6ea93f1f1ae033f842748e800a8f6cf7329577bd9f75b07a20ddbbf7b9aa84661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c7ec27d94da04714401b9adf0b17756

SHA1
3e18d51664cd7c8036552c1557391ae0e7d3363d

SHA256
57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52

SHA512
067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
705e5861f42833074be7f66ec9fda73a

SHA1
3daf36d296dab60be95ecddad07fc01859c2e6f9

SHA256
57b8cb8e3afeb2f5e27d57e8600fc5e6ab0c35333e2de23fd78b5158d612f583

SHA512
c199b28b61ec32824a931e0949616d95996dfda60da130a31c0073feda1974d4279ffd6631b942d6b7cb50491bf8d30f3d335c0b7e01014f4724308eaf3e9f40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\A72798DEF4F924983D5A0DB82D383C613B515FF2

Filesize
13KB

MD5
625597811f3691a45c6eca98afb77720

SHA1
347854df57c7cd786e44eccf9d6365f06c913d92

SHA256
35a810eb62ab891d41532eb32d63ca8ec46e147e3fa1da3538ef947cb718cc34

SHA512
49e4599e647f11167008a348023f565bfda89f43269c814ed5c831cfbdc247ed89f290ba5213621be9da73ebaca1a3b765efbbf947a23eecb108d29030019dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.8MB

MD5
cc4fc43047b69d515f51f19acd1165cc

SHA1
884c38bab9b2100529b9ac511f69f458c7e56f48

SHA256
6e9c640dabc07c56bb011ba8d05d7b9d0967fcdf711e082aa63c476bee4c52ef

SHA512
2913c492fe56aebf455603bfd3a4e9cb950b919882afcbe74f949dc6b9ae47830647aea0dbe7a00381615e484ea9ed4142692974d17df3e4e85317b2749441a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e996c00297a5f7875fd74f152cbb8f5e

SHA1
b7393644f278d7c601e2a3715afb2bbe4848fafc

SHA256
94f33da6ea9b755d2723da13a9d1e1afb6896ad170d565bc215d9dacc67d422d

SHA512
a55f126ffd51de3c1fe471f7c9e8cf90417bc459a2e6958276a7230f8759a6d15adee516745a3fd60498db609fd73604baa84de8a07ff32f525d465996b83c8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\14d80c2b-bc34-4ddb-be31-9caf9d4b4d21

Filesize
746B

MD5
f7dfd08c2da68020a6b2d7e20f143814

SHA1
52fdfc537ac9f535718fa737c794384bb98738af

SHA256
dcf614cc257aaddc6e5b25f60f5ead58a54cc342e515fcf590d09d0d5a5410cb

SHA512
440e12517649df38aba14be8c8dd44c2f4b2b77fd060de8b44bfecce58f69f20eb11bdd3ed868a738e35e5ad06a3eae883198e888977863a5cd91ccc71b427d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\b408eba2-3c7e-43c0-8f27-640d5e40cc4c

Filesize
9KB

MD5
f4bce173b53f8c0334bfb2ff49237ebb

SHA1
19de4655999ff6e4a07a1ef90cb16d9b6e9ac4b3

SHA256
17fd21c1da7d5d71d3ee9842425141f2f377086e94ba8dba78a08b37a2d195fe

SHA512
f392aa485896cb2ec72ecbe6ae8769d70322328a7923bc3bfb6bb817ad7b33c5fe0aaa7f8578b30ec2e7e13a35fe4a6e875173346e9276cc1f150f30d5731cb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
3.3MB

MD5
df7bb216aa2652063ad18a28b1b41a1f

SHA1
5b4ab86d91660d0ae0fbf4ca6b01367d57ae231e

SHA256
0ccb1861618718890fe81b94303bcfe9952f8eaf096bcc2e0f96df7692f98c23

SHA512
73261511c86df4091e77f27a3c906ae41bd74e9af49ba95ef15b58baa1dd752a1b436f5e98512a4fec5ce603e68b9f9151bbbdf491ae6fe2b65e41571e2080a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
5ba38f39f22e9332f889c4dd1305d34b

SHA1
05ccbe0f1f42d9b0f7f7aa256c7d6354737de235

SHA256
c36fd1d05b297b2fbc6d2b92a03ec5883f5042eaa8c25fce23fe4d52817f12f9

SHA512
2da52823326aaf0bdeb953cf726d4e085edf24ba83246a51f2a088b4a8cf035f96e04efca405711b814b8e4988452f070d546cc157017b8c5cda593ae3e5f3db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
9KB

MD5
1d624c34c0acd6dc863f6a38f538daa4

SHA1
49a1aa46b316716e426fffb7d8ea7c7d110204b2

SHA256
85afebee93d894dd188013e4d1f835e7308366be99d4a06a4b5a5b93ffea02d7

SHA512
19c44e3e99eb67b1ffb4ca39a6aff3d5f0a26bdb8da8914d41ae769c8623c767950e5966d17031dc9ee169a8f73d66bc6dc71cb612cd7718a89329b16066bf55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

Filesize
6KB

MD5
515c910b7ac167f0d891c998bcc848ce

SHA1
013f50c237ae6c9feccc57ca7ac59b2c828cc3ff

SHA256
ddaacc6b9de34da1490c2f8ab19d7ee7e6a0c2c3dde5d3760273275b3acf4d4d

SHA512
b4d59c4351d7cd6dff2639a9793f7031bfca5bca6ef5cadd1446d07f8bcb7cde614f9b237d73364598d67e1d5ca4586325cc8a0d5e5f92ab4e85b6dbae918abc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9ab86f6685a919e51306de73811fcd68

SHA1
b2d2fb4a4b3e0d39d275f1152e9faa867d908753

SHA256
eca5cd4b6ab0769c8eef5369315f42790147c65e38e2bcb6b7e3eb020a1906ae

SHA512
de81b543763b2f46f189bbf17055e9c04822fa8317b767a78d0e4ce5105e229d5fa70b86a4e880186db78f5015a993bdc4e1f13baa6300953c2caac0209c28ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit
memory/2608-144-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-149-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-138-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-139-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-140-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-145-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-146-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-147-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-148-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/2608-150-0x0000020C23300000-0x0000020C23301000-memory.dmp

Filesize
4KB

Download
memory/3052-166-0x000001BD6FF80000-0x000001BD6FF81000-memory.dmp

Filesize
4KB

Download
memory/3052-151-0x000001BD67370000-0x000001BD67380000-memory.dmp

Filesize
64KB

Download
memory/3052-155-0x000001BD673B0000-0x000001BD673C0000-memory.dmp

Filesize
64KB

Download
memory/3052-162-0x000001BD6FF00000-0x000001BD6FF01000-memory.dmp

Filesize
4KB

Download
memory/3052-164-0x000001BD6FF80000-0x000001BD6FF81000-memory.dmp

Filesize
4KB

Download
memory/3052-170-0x000001BD70020000-0x000001BD70021000-memory.dmp

Filesize
4KB

Download
memory/3052-167-0x000001BD70010000-0x000001BD70011000-memory.dmp

Filesize
4KB

Download
memory/3052-168-0x000001BD70010000-0x000001BD70011000-memory.dmp

Filesize
4KB

Download
memory/3052-169-0x000001BD70020000-0x000001BD70021000-memory.dmp

Filesize
4KB

Download