banload | 14cb8bf391e4e0868fc10179ab620db667fa2dccc8b48ae91341bb55cfc61884

Resubmissions

29/04/2024, 23:54

240429-3x99eaeb59 10

29/04/2024, 19:38

240429-yclcbsba24 10

Analysis

max time kernel
1029s
max time network
974s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Size

8.8MB
MD5

4e42b3ade18ab268553e676ef05ff4e7
SHA1

16bab4e5f73cf8fda1d976447c124200e1f4dd03
SHA256

14cb8bf391e4e0868fc10179ab620db667fa2dccc8b48ae91341bb55cfc61884
SHA512

65fe7a851853133fdd56e199197cc9bfe7a08e0ab4de2a00719b05f025e85bc7d7d9c16917ecb7f9de22ab5b01c834f2a7cf9f852b9f54834d07a55f54a0c1e3
SSDEEP

196608:YSFMKCIpPnswNIrIE22s/uAxJDdbb+tUW2dVjLqExr:YSFMVGnsRrIiwucdH4UTdVj

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589086049473148"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\Insertable	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\Insertable\	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\ProgID\ = "PowerPoint.Show.4"	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\TreatAs\ = "{64818D10-4F9B-11CF-86EA-00AA00B929E8}"	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\AutoConvertTo	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\AutoConvertTo\ = "{64818D10-4F9B-11CF-86EA-00AA00B929E8}"	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\ProgID	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C49173E-D5D8-5232-69B9-58DF9EDD417D}\TreatAs	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2188	chrome.exe
2188	chrome.exe
2512	msedge.exe
2512	msedge.exe
368	msedge.exe
368	msedge.exe
3516	identity_helper.exe
3516	identity_helper.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1064	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Token: SeIncBasePriorityPrivilege	1064	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
Token: SeDebugPrivilege	2724	taskmgr.exe
Token: SeSystemProfilePrivilege	2724	taskmgr.exe
Token: SeCreateGlobalPrivilege	2724	taskmgr.exe
Token: 33	2724	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2724	taskmgr.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe
2724	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1064	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
1064	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
1064	2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
3412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 852	2188	chrome.exe	101
PID 2188 wrote to memory of 852	2188	chrome.exe	101
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2612	2188	chrome.exe	102
PID 2188 wrote to memory of 2176	2188	chrome.exe	103
PID 2188 wrote to memory of 2176	2188	chrome.exe	103
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104
PID 2188 wrote to memory of 3732	2188	chrome.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-29_4e42b3ade18ab268553e676ef05ff4e7_magniber.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbfdddcc40,0x7ffbfdddcc4c,0x7ffbfdddcc58
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1748,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3416,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4844,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4728,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3432,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3484,i,18031597602714390532,13893956545359418095,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5016

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbfec646f8,0x7ffbfec64708,0x7ffbfec64718
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15055131760869937493,16548362131023234787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c55f6f17-c7cf-42f7-b96b-d5eb4a04f594} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" gpu
    3⤵
    PID:748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {794939e8-454a-4021-a0b8-beafe2bed819} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" socket
    3⤵
    PID:60
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2912 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2840 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d2a4ae1-3717-44e1-a2cd-27aab582c355} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" tab
    3⤵
    PID:1708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2808 -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98441eda-80c6-44c3-a349-3d9d960526c3} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" tab
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4688 -prefMapHandle 4684 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37657907-aca9-4881-91be-5ef9c4743bee} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" utility
    3⤵
    - Checks processor information in registry
    PID:5884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 3 -isForBrowser -prefsHandle 5112 -prefMapHandle 3704 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6271ed73-7a6a-490e-8aed-65f64160d86f} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" tab
    3⤵
    PID:5280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38fbdac9-d023-46aa-92fb-ad61765e30af} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" tab
    3⤵
    PID:5292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fba1235-4790-4c3b-8185-1ffc6803baf5} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -childID 6 -isForBrowser -prefsHandle 3560 -prefMapHandle 4120 -prefsLen 27069 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {893b0084-9062-4552-af2d-a2212d6f1fb9} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" tab
    3⤵
    PID:5612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Beenokle\ZenWriter\Settings.ini

Filesize
736B

MD5
f7c476fcd48ef1b09ff272c77b525a57

SHA1
9fb8bf791db516517624531eec69bdae5ca35473

SHA256
3ef72520ba0ea0f4eca103ca7dcb784e50630bbebcff2a0b816b5ffb23c03dc0

SHA512
40603a3484e87e92a7fb20fa7ffadb1c7793d69d1db45de2008241a631ff3e4ec528684f16be0727d4e9e900741891abfd6d48423128d05ea6f5de3fa619c28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\85988573-08a5-484a-b428-b29ce464e9a1.tmp

Filesize
77KB

MD5
e4cf639397e624a62f4ade5e5a7c524a

SHA1
ea230e278ae19606de41692b371270d5d2242ba0

SHA256
6b77ab91e908b7d4c280e3d33ab61680411e481f105089a74ef5e2328a9a7c9d

SHA512
8406044f9679afaa2f3d68f557e95308c7f353b5a84b6d665223612d92ff5e1e06b32a32095cdd79b1077b649c388e61b61679e2f21568ec2a66f3e4536778b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9eea18a34bcd8f00227296cbea813548

SHA1
83dbdf8c53073aa93de58bb66b9ec112df090966

SHA256
8d0748540a4d5ff7408947261b8a7c7ff126f2b63c833be50eb989d11ba23b8f

SHA512
ca56bdc795ffbd790931627ea8c1133e2c3fabfff68f0dbcc2eac920ac1bed4f94cf36968a0738876038b55a42ae4012d50050bf51af63509c94fbc3fe1a4e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5680f02e425f31fda26821669bb5c3f6

SHA1
d66f3e4f1385ba8e26918b382814a20ea838e7fd

SHA256
424c2b0d633b6e05514620b16d8bb73d2c05d6b43822990936ffe6fa24fd5cb9

SHA512
64a265645fe0fb6baf4220de4e16a6b7663c790a605a6ab7f6f09c1a0769280d9210c7b2d2b3051c8e2b785bb7dfdf3aa427efc0f36a513fd4ef650a430a732b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b664d134c32eec7d2f4929743819109

SHA1
39919b5e842fbda325f032d78fc0d2b74eb02e97

SHA256
d24a6d289d248b40161198cae0814c975d7c162164d8a5b21f078024e4cf616b

SHA512
63cebbae9f6d68750f745cd256da7957c4f383fe3a4340305034764d3029711b5c6abe5ee0ac8411a28d91d6bb81c98bd243fdc467340d8acfaf879e87900b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8903d9287c20a1b08b3df3f7148da1e

SHA1
dcd993fca4f5be8b482eee199c22a7a9800185ab

SHA256
cadbbf5eec3c47df1455f0196cab2a93dd17100f87ab5df10142ea55466186e2

SHA512
18350673e3c33c969640bb7cc5e47cd272dca7e3811467a7c4dd3931ed4ef9643218f16770468abdc80ef3bade3ee6664ef7778d28945054e48193cc820054e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cee564d5ee95573d55cdce09a0c5ed68

SHA1
268321c79f36bc6ef90653cbc1dc72efbfd5687c

SHA256
81d3e0a2eb17fa0da1c59433078f42b352efc632ff604879677d9b07e2c416c2

SHA512
8934259dda2e0e14ccb20ae4edcc97e7d893a3804cf5f428f5061e7bc91b6aede25a577e98b83285394e3a6d064c7bb9578d72f9c7def4d10bda61bf4d0dfafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
46ad840b5d1e0dcde308ccbf4ede9418

SHA1
b512280bcc04574cc529508a44c47cfdf8ae46b0

SHA256
f61c77feec97f5fef564750ac5bbf4491578ae75f6a7332adfe83a2d5dfe0476

SHA512
f2ae0edd9640ca97545065dad198b5b72e7409564b41ff78c36d9a76f4f328faedb2932bb15cc05d5f8e4d0a82fc90deac0b4fe37198c19083039cb4794d9c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
636a304f86d68cb77eae95614e4481f5

SHA1
a93302b31df227d8cc8632355446fc4b66493c7b

SHA256
859c0992c7c2fb5567b23ac141d405bd4741a5d18cbffd5d4d770068b9b82ca9

SHA512
88e4659b8cc12f79c81e37195a737dc629b2883d7d7f13823626487c63cded7093b0421405953b9b9ed9d809c1464c0877f654d17940fab2d1b6ba7b58b6a003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cb562609dd3ca471d59ed09a86f2dcc

SHA1
9e8196dcbe31cbf4b60017a55222971fad9c87b9

SHA256
b898f0b16cb5d509b20df17b2b081160ddd8b08ad0a7e0cdd1c4f7c8cd2dd400

SHA512
7aac2a9ba7955fdaf89eff8dfd7eca76752b3529c56771a13f4f9ce410dafb9aa84e73a397b90839c2c7f21e94ac8e77e88ef35a514af9e937395faf4bdb8f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
157ceff75edd57cf57c5bebef2048983

SHA1
15daa0f15d24edb940abb8bc71fe6b03d73acf6e

SHA256
5248b8a11e872ee58ee4706a163383643c203913efdc267a616152bccb10ec79

SHA512
bde37b7470ba1a67890f49e745cf84e4b016e06aa21d7b1181264dd09c7348c1bc810149329cc37ed4d16c8c7e6e15ea5f9a975b02fabec5f5a00a6bd8d1d805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8228dc90118f40df5da633e9845fb1e

SHA1
f7480d14ba38dc7ac3603129d20ce4a5970fe9be

SHA256
3031f30affd7dbf7a72f2d384b9243b93e3325ea7df92ca027a9e2e932e143d1

SHA512
9901f5e0473ca923f63e8e363c3eb68f98f8899162154a4b5217d0869864a0079c8f9a030e83ae8f31db63cdde30a8d35a6804fc6c329eccbf7f0f3b416c14a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b562d95a675f4e586a5b8eba9ae4f11b

SHA1
a532bdb66a8717c2a22afb7c769c759df876862a

SHA256
84fd302721653ab2a18e1dd1e81bc66dc07c6dc97af0ef1d6cf1af94abf8d6d1

SHA512
37644f39ba049ff1c45a204fe4c9336e409c48090f0a43ed3963d3205c831ed653e4f834bf473bd0f58596e49e552166f0a20fb4c85f4b96be586519edec3d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4d3082bcb9584e9df29a05c3464b0454

SHA1
0aa03d06ae90d72ee8bf39dc1c1107149840914f

SHA256
a24edb32e28a0aeda867b0528851bf0a3fd703dff51de20d57bc0a5008d8ead6

SHA512
af6d4a50ec4c19c9840bdc8986340eac42de54e69ff6ff71bf4d22d96ad1f9c59458e8d8b1afb0c4715e66731aa77f1e51f9d7a1fd26762a3534777fd6117b36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\a9whdnbl.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
93482a8b887c78e74fe15e4604d98b5a

SHA1
78519213efeac676874c84d7c81fe3a134970879

SHA256
180ece26a0d435feafb68fb5fbb7b75fc988d89eb37a1e3abc77fdbdb99864aa

SHA512
41c51a56f5dc8fe9b064c34dc70fdb9ed1fbeb07b61172ac927ace0478ca0f2a8a284adceedd4c4a01a0f1031b26cb02fa2704a32697b932e04e300f157daa04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
9ba61c6e2271de39038ebef194dec9a5

SHA1
6e5d0558728f45f72e667aad7603a6920ca2c977

SHA256
65a53c2fe3f14fde8c1cf2f1f06ad5c8d9206468b6fb959764725e3421b5543a

SHA512
59d7fb2b22c2361a4260247f4f646b7fb207c603e99c4296bc13a8f06f1a70c35fe7933101bece2bfee17dccc6517a60d92e0268b680e676ebde82fa8fbc64ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\bookmarkbackups\bookmarks-2024-04-30_11_ixnv0+QiRHC9xCEwzVt9Qw==.jsonlz4

Filesize
1004B

MD5
e541f8693fdef2a1e2305e69b459c686

SHA1
90a9b96bb945957024e9c49d0f06c4d306b74cbb

SHA256
ab882d5c276170f0302c233088ac281083ec3937b345bbd65ff23a6ba1ddaf1b

SHA512
397e258c08304c0be4a16acd504c252c7ac41817ec90e1e0d1589d6d1e44cc61b78c373eb20fbe0b56e8df2eb3113de4cf8ea95d519123804fb38edcdf109bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bb8e7695f01d05a62c6899329f55c047

SHA1
2a921c9f4dea3e36d94dfb12303135ccd4dc562b

SHA256
c622fbb08a73189774288276212d2db8113854bb8e49f7d5a91902ed622cdcdd

SHA512
4d30c6a35addbdba70cd9fdf237582c82699f80a8e3ef17319361bb390e7366ed76f5eba179b78983c6c6e2668c2fd353d250895e38d800c1104e4a05278f136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
e105b3124007ae2de7fdaecfc8d5626c

SHA1
92e50f07669ed48b65d57e8bd8a82bc0197304f7

SHA256
bfe70ce6c60462159e4aab3a07097780eeed1c16d8817a0fb96c6057e931a5b8

SHA512
c7c944e61ac42103b6804e83df6cef9d810e52c0aa3a78c51956f4d74585938bdf31bf1aa5e62eb632930e9f496f6d4b649a73c8a54bc2deb805bf961921daf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
26KB

MD5
da232de2060cbb189098afae0573df2a

SHA1
c056d4f459de20901bf440bc8570bc6bbd3ef59f

SHA256
6f46eba518cc8c77e59398250f4321babf4a921b7761e21a8186af79c43b3232

SHA512
73a3203f27f588ec877b74adf2c4033442204d8d050fd40fefbec916d5aae8f211789fd4a135c4829fb25fc1ff84818d742d3d37ac5658ad9630d3ca92c36c3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\0c0af1f2-dc11-44fb-9804-eda418c213c5

Filesize
671B

MD5
efd3b7b5ba41dee668725a08857bb23e

SHA1
24e244db07982d07edd6b28f84dd019f85f16e4d

SHA256
129fa22a0e866325216e1c11ffe042998dc75e59cfe7b577040fcdbd421609b6

SHA512
ad0410e400e15d82cac0724b8359ea07fb6807383837f80ccf4553be6f2cb78b4b6810fc2ba454a1215fc5c04bc9bb788ea85ec3802164a2cde48c9e730b33f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\71affa76-00f3-41ef-99c1-78b3ea709832

Filesize
24KB

MD5
376abcd71105fb33a0e80ddbd9869e9d

SHA1
d60c30c69a4c7cdc37f08bf1c395445ecbab630b

SHA256
7ac817f38ca69173d9759999cd7d2da5d7822cefda7078d61a4a0e3f30b54249

SHA512
d5e92a4f218b05a9bcd32ff68804251bb9159f271bdeb6f53eca01d373a56d75078ea40220ce7af4fc09d62829b347acdc25f22fbf07679f9b6b5bca919b2293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\86555b18-8a97-40c4-aa00-9a7ab5f926c9

Filesize
982B

MD5
e2a273cb7e17275e5d2975aaf13b4117

SHA1
a3da9ccf057140f92dc82c7a463787d18dd5d31e

SHA256
919b3b8be309120c1a80b73e8258124439232fe4afc56544e79ac125cb80bbcf

SHA512
b90601f6b81f345f2ef59b9ab74f468b438e3aef4b9d673060fc78caf8e1ceb211f843ce83fb5cf075c8638d21056dcf9950d36f9c0ce1a8ce0730c3faa77e32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\prefs-1.js

Filesize
8KB

MD5
36fea23b486d097bbac059157499ba55

SHA1
fd4b97083c73b9eba2e3dc27f5c0a09af1c63b05

SHA256
70b23926089aa4a72066e5286ce52abc1ef87910d7eadef5861629a4a7816524

SHA512
45d97c1847d66d94483271ba4cc7920aea51a47cd7c3da126f8f3c77f5cbe196811a1696256a24a824f5e18a3f15f920b750d0efe1604049e2ea2db550db59b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\prefs-1.js

Filesize
9KB

MD5
fde9dd3c2eb78abe29ce662a0bc40c44

SHA1
d8b23a62ee0c2afb72e1f02c81c817f9cfdfa657

SHA256
507da962beddc21009fd50265f62e26a51513e387a80dfc9dced612a8894178e

SHA512
13423d6e3b08c2258d500371309163a40f85147df488deeade8c470d30a6174e04d5bcb4a71442b88e86f822343a0ce2e3cf7aa52cd22185b874a41140a10e19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
0b3af45e0ce5e75713bcfd8d6f488cd7

SHA1
a97f32965cf3353d35f22ee000e3f57de61a3028

SHA256
95c92d1a1f028b3bb82dfeda4d118aa9bfc2cc928f1a849d091d52ffb0d3f0eb

SHA512
3241ff282f5e9f5d1d542ce8a544fba3e4c426c56101323773c3920eafd10785c40bde8de8f630cb857f56d06b4c592f492b65d3a2b40da7f70d37b13684d2fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
a0d5912e910c49418b07445a21640cf0

SHA1
4d9df0266ceada4f2992e126386c76fb9fbcad3a

SHA256
5196b2c8273d118f6599bb46587c613ffef9df5845062be47bcff03fa13233fe

SHA512
0ed15a4d41352c9a562315daaea4ff918b48affe2d8807d150e362d728f4dcf053a9aafbb93600819f0cd346675e285999bdca29ce323b03282522b963786482

Download Submit
memory/1064-25-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-16-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-7-0x0000000003510000-0x0000000003710000-memory.dmp

Filesize
2.0MB

Download
memory/1064-8-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-14-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-15-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-12-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-11-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-17-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-20-0x0000000003510000-0x0000000003710000-memory.dmp

Filesize
2.0MB

Download
memory/1064-19-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-123-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-27-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-26-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-1-0x0000000003510000-0x0000000003710000-memory.dmp

Filesize
2.0MB

Download
memory/1064-23-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-22-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/1064-21-0x0000000003510000-0x0000000003710000-memory.dmp

Filesize
2.0MB

Download
memory/1064-18-0x0000000000400000-0x00000000012AB000-memory.dmp

Filesize
14.7MB

Download
memory/2724-124-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-126-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-125-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-131-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-130-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-136-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-135-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-134-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-133-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download
memory/2724-132-0x000001668B8F0000-0x000001668B8F1000-memory.dmp

Filesize
4KB

Download