2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

Analysis

max time kernel
149s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.0.exe
Size

844KB
MD5

7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1

1751d9389adb1e7187afa4938a3559e58739dce6
SHA256

2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512

cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
SSDEEP

12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 32 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6060	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2068	chrome.exe
2068	chrome.exe
6648	msedge.exe
6648	msedge.exe
6780	msedge.exe
6780	msedge.exe
5816	msedge.exe
5816	msedge.exe
3268	msedge.exe
3268	msedge.exe
7448	identity_helper.exe
7448	identity_helper.exe
6596	mspaint.exe
6596	mspaint.exe
6344	mspaint.exe
6344	mspaint.exe
7232	mspaint.exe
7232	mspaint.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe
820	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1796	AutoClicker-3.0.exe
6060	vlc.exe
820	taskmgr.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeDebugPrivilege	1500	firefox.exe
Token: SeDebugPrivilege	1500	firefox.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeManageVolumePrivilege	5928	svchost.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeDebugPrivilege	820	taskmgr.exe
Token: SeSystemProfilePrivilege	820	taskmgr.exe
Token: SeCreateGlobalPrivilege	820	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
1500	firefox.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
1500	firefox.exe
1500	firefox.exe
2068	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
1500	firefox.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1500	firefox.exe
6220	OpenWith.exe
6596	mspaint.exe
5676	OpenWith.exe
6060	vlc.exe
6344	mspaint.exe
7232	mspaint.exe
1572	OpenWith.exe
8164	OpenWith.exe
6456	OpenWith.exe
6676	OpenWith.exe
2084	AcroRd32.exe
2084	AcroRd32.exe
2084	AcroRd32.exe
2084	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 2304 wrote to memory of 1500	2304	firefox.exe	97
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 4264 wrote to memory of 2000	4264	firefox.exe	99
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100
PID 1500 wrote to memory of 4532	1500	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.0.215496826\2064182838" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa1bec73-3248-414e-a637-2818129a4504} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 1840 1bc0ca0a058 gpu
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.1.1739787111\1900987201" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b16c5057-1b46-4ff1-bb2e-50da22c12b6f} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 2436 1bc0ce6fb58 socket
    3⤵
    - Checks processor information in registry
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.2.550221217\617514498" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfc67d7-160a-4b35-9e4c-202f54edda4a} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 3088 1bc10c63c58 tab
    3⤵
    PID:652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.3.1528808150\1307150797" -childID 2 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a53eb1-8660-423d-a3e0-ddf0fdcabd6d} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 4184 1bc10eb4158 tab
    3⤵
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.4.546517981\266384206" -childID 3 -isForBrowser -prefsHandle 5028 -prefMapHandle 5260 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01ac60a6-00e9-4dd3-8ac6-b01446a16aba} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 5264 1bc17ca4f58 tab
    3⤵
    PID:6268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.5.468351241\1923114256" -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfcdba15-00ff-4e51-81f5-752aef2323ee} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 5420 1bc17cba458 tab
    3⤵
    PID:6224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.6.1142820407\745117799" -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19120f4d-309d-4cbb-9c20-c379e6409aed} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 5404 1bc17cba758 tab
    3⤵
    PID:6568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:2000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1680
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef966ab58,0x7ffef966ab68,0x7ffef966ab78
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=2012,i,9939867466981723692,14784923460975270896,131072 /prefetch:2
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=2012,i,9939867466981723692,14784923460975270896,131072 /prefetch:8
  2⤵
  PID:5568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffef966ab58,0x7ffef966ab68,0x7ffef966ab78
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:2
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4204 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:8
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:8
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:8
  2⤵
  PID:6392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=2000,i,10516157051279117079,11058965501871194129,131072 /prefetch:8
  2⤵
  PID:6504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef966ab58,0x7ffef966ab68,0x7ffef966ab78
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1972,i,7231659760666351091,10133659677734098194,131072 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1972,i,7231659760666351091,10133659677734098194,131072 /prefetch:8
  2⤵
  PID:4456

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef6ff46f8,0x7ffef6ff4708,0x7ffef6ff4718
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:6788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,11647618565410992781,8678910450513685679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffef6ff46f8,0x7ffef6ff4708,0x7ffef6ff4718
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11430332037196456141,3924642751447095193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11430332037196456141,3924642751447095193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:6584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef6ff46f8,0x7ffef6ff4708,0x7ffef6ff4718
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15183045840022296640,13036894912253766642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15183045840022296640,13036894912253766642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8104

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:6392

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6220

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\DismountWrite.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6596

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:6944

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5676

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SuspendUnblock.mp4v"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6060

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RestartInitialize.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6344

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RestartInitialize.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:7232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:8164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6676

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DisconnectSubmit.au"
1⤵
PID:6164

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompleteImport.rm"
1⤵
PID:432

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RequestUnpublish.m3u"
1⤵
PID:2444

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2084
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:3568
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9DE01B30AF19390D0CEF49045CDFF00 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E61A607447617C3CE6C1F32576C69422 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E61A607447617C3CE6C1F32576C69422 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:556
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F2EAF2E0D09FDF02FB8936DEBA6260C9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F2EAF2E0D09FDF02FB8936DEBA6260C9 --renderer-client-id=4 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:7708
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2FE6002867C5B1CD7D4885AB56086F7E --mojo-platform-channel-handle=2880 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5684
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=992630A6F82564A17D90D4039F91750F --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6992
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A609C7F8633CD4E06F8B6C141D31128C --mojo-platform-channel-handle=2740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5304

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7f7840d79a9bc4d66d6e6d6a857b91fb

SHA1
cdec1d2c3e3953686b289b3cb72f568a3f2fd851

SHA256
786e2e390110f8d9bba35cc1683be1d388c8f785ffc27cfe1f91848e85cc687a

SHA512
787a7bd0fd34a5ef94f732acee53d1e7df7dc95311d922819e16e69fa159d59c0c55f9283d2f4351cb5027b43b02484630dd078ffad937249239b3e278633c4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
fba06814ab7bbac010e0d638e9b9c079

SHA1
83171d72ef96b8e6343115f846c6d3d3be13a9ae

SHA256
42adf6ea4293bb35518c3d4e644feff26fada187307efaa5632a52015c4050b8

SHA512
037701e7093bee7e9001dbb336040835329a66424fc32cc31faa1b160da7265557e31b01ae669ebdf8794ba062185511aebe0cc6b3755e46dc1aed95a8f70b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\91221126-7eb3-42db-8c02-086893035e32.tmp

Filesize
255KB

MD5
a3a023fcee77d72efbc86d621e822654

SHA1
4c7c30c158f9c3e0f64c4f4ce73657068f3a8983

SHA256
183772258382eaba8b544e571ecf086e38c59557d6cf914c362eb1cb17c9648d

SHA512
df970d151378c13975ffee003bf297ae59dc03fa3c24e73d10303c4ca7b6157e637b25d37e2a5070e582fea61802805bca87d73205b5343a404d592936bbf080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
23e6ef5a90e33c22bae14f76f2684f3a

SHA1
77c72b67f257c2dde499789fd62a0dc0503f3f21

SHA256
62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790

SHA512
23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a41c35a9d342a601c972f1fd9a098f83

SHA1
b67f69eafd55bb61f75c1f3ebb3f79f4b4453db7

SHA256
5adacff038507380a093d336a0d8e937f1720768066c66ee85d8f4e44de560d3

SHA512
989046996c9af805be6a7c16288f8d1f072074c9abd6c37139f1dc7ce6f41eb85cb037f3331d3d1e1a8b15315422bafed494db0b14ba502119bba0bc921dbce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3dfd8daf5afca80dfcf77a3873c22048

SHA1
e92910205ab9edf5908687137736edbc61beb819

SHA256
9597746feb0e2dbbb8f14866e8508321ca7ada3a2b0258d3deb355df3865e5e8

SHA512
9f5d3c869204847338b8d321835adb7598ac7a0592c9a988005bd2698aed9a3a78a549bdf889cfb80dde2e3af7dd46f3cd1c95b8cc93a257eaa7a30045a4f0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d29a2a3870a93a35237a5afdbd319c0a

SHA1
50ce594b0d01bc026a310683fafc901c322e0b2c

SHA256
698fd64b8a9a3c3c61310ceb6ef3a8fee8ae05b3d9bc24ec634009b0c0ef1064

SHA512
8b3110870a0ea7b6006314a4bcce53ed441e9486e773a850f01f1ec94d1d6810cb382623b3383ea2a732e6ce836f5e69d182fd94c4c8782503ea88b61e6bcc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b5ea158b5a275da08c9c0ef50d99fdf9

SHA1
c26f3f17c5d78d2b1903cb9f22165e8b11de6335

SHA256
4661477a437dffd77b22214425d7c9250552c9ec9af23f2ce5ac93e5dd531429

SHA512
b557b52a29b25b1549ce4cf937aa8809fe8c5588bcbc608fb7efe5618a8fbdd07a16b0b6c8a203905063432dc6c7e7b82e9bddc5aad5466127c2411f4506050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
2e66a8d3144fe610facd37d10b91f1a5

SHA1
bcb7f68d5f50754da38413283f5c8ef647924022

SHA256
23b7898c775eae2cb541ae157022bd62f0d012b2d4ef7a1ad19aa2b84cd0932a

SHA512
3590283e315a4c7e64c86a793574ab49da68fcfdc5606c922a6f6fdedbf6596ed86a615640475413a9f53e9bd0c762bbf132fa4570e48c424352e6ccfec2065e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
3a0e1ea9ad184cc9d538b193465bcbdf

SHA1
e80034ae1ec1ef36dd0940f8029ac721b6f003e4

SHA256
d41f003cd418ecd2d52f8025cd3eca47f0a2235520ad6fec45dfca1243fbea01

SHA512
c6782f763901d0c13ca26c92fabf53f4c79e1a8d75eec394d7facabfb08bd1ae3d998f32578e1e9987d6ebcf56941ec86b18f7313122f4fda612de6eb52993e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
6605ad1cc4d2903c77d845a8d371ed40

SHA1
fe48fded6f6e0e2bc5a9b59fe9efb0a1af9ed8cd

SHA256
12477d176ad2a1ebe431e2fa6845623e7fd5db31a485a20a032794a378878f65

SHA512
6c232c8ff869c703e7ff2419a05b01da9ad58e1e15d8f95b50466cc6909b64fb6a96b15db0c9154bfdfae5c04976bf6448c85ae4ffa4a9c7aeb7464b6504c733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
16b7586b9eba5296ea04b791fc3d675e

SHA1
8890767dd7eb4d1beab829324ba8b9599051f0b0

SHA256
474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

SHA512
58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
265db1c9337422f9af69ef2b4e1c7205

SHA1
3e38976bb5cf035c75c9bc185f72a80e70f41c2e

SHA256
7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc

SHA512
3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
8549c255650427d618ef18b14dfd2b56

SHA1
8272585186777b344db3960df62b00f570d247f6

SHA256
40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13

SHA512
e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4640564f-0376-4961-af9a-c8d5a11b0171.tmp

Filesize
6KB

MD5
54cfecc162b5c09960f7df36e16e7dc4

SHA1
00bad9e184e11e46f70f2aa5c2c65ecbb494b866

SHA256
2b7883b4077317ee74307d55cf034f416f6e7f2931934b55afc4baf2d2e21cef

SHA512
e97d8b98f02c75408a75001af828e2b80ab1f5e57588601f1e7703fba71b89bc5ead100c9344c1b0dfe3cd78e7dac77aa027c6dc3c8142794e02e033c2f0f88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a2c5cd0405d343b0e17b4d9d84f6526

SHA1
e1fefae119aa197f81b7ba06d5a11d7f65129d3c

SHA256
edb111dc47efca3fb573a42ed68836bc59e715c4a4f5083bb74a9b6fbeaae59b

SHA512
dbaa346290de82147d88d59555d14ede02447e52ffa120ee87197415e6c7d68b8e96f61658ff875e621f8fba53672fd9a56a7758b7261c6b1f2ae6f9496c29f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c5ebdba17a99d6df9c725c9ec27fb1e

SHA1
07df9c5f789b5244f01b9cd4d9bdf313e39d7c2d

SHA256
c1b9953a8d3647e0d4f1a1df3a1ee7af8918ec92cdd4c360768fa27f82ed6d77

SHA512
da18e1a695384502aac2bba21442fe78be0c5daa516cce361025e7b1d89ebce0ddb52cac697fd4662e7ed64897f8dac7b5b12b8ff4c0861c2b69a6a23a9f23da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7342dcf62e72098b83dc8c046ae47adb

SHA1
c7e8cedab106728d33157ea0332a0614e9a9eb72

SHA256
3a9f3320d4046367b6c94c979edd184b850ac54eb34eee8f9df025a01c735880

SHA512
7ee6e995c17ab580fa86d3e61e35f3a07cf3fb138c57613fedf9516233e9b4a11407f87d6b9723cdb8384ce6c42e026763470f3943997b99fbb509caf54fc234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
837873ba7dd3bcba4bd8c1f2b573c05f

SHA1
aa2ea8c1d3952b71090194ae3ef9f369200d51a7

SHA256
f0ce8e833800c66a9692cf78a48fc29d779a4db8b3f69b471d083c3bc21743a1

SHA512
03c161fc322bd1057d2c8aefab64abf0674249822d143829d125ca285f4fdffaf577efa0444e422c77e628de67b46399cff4071ee205de1a1f1c4f32ce3c93c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a65be862eee80185cbce4435ae5bf8b8

SHA1
1d305fe507ec57f657c14740947707b657829856

SHA256
4efd2ba384698dd02b81354230ca20e037bb4f2fe2b16390af46a4546d74a2b2

SHA512
ea6fa2b0d0b9fe0892f318c87d7249c65aba09cace37c644fab182c8f9c62c7692699d8bc4200a6c28909a5be0409751503768e3bcc8e0184d171919e96b0b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd3d0908f41c237bac59138f83468374

SHA1
5549a77a271086ed8f532a8ea8da65a4516c7c10

SHA256
bc5bc6ba9154b7760601842ef19aeaea8411e6450c5c022b85e959debfe86e02

SHA512
64594b2b407933ad1739b567639f74ac248625cc6585b4a8f73c036402bbb589dc928798df13252b442059440f967453450f123e810213890c5df80cdfaf5b97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
5bbafdc3a6577ecfdc1cd1949bc16ab9

SHA1
19e7236333e7fc00c6ccbe322e6aeef5e6bd176b

SHA256
0998649cf163286ae0ace9b23b117de798c3b02e850bbf3e34c4b870c92279ae

SHA512
3b5dbfe0070fcdccad75c8fea0d7ad8204d94894b74f46aa750bba8c58c15ef0fbfbb73860794e0752fa63edb1d1eaf98c604ead5ecf0a8e4fc5289c15ba6496

Download Submit
C:\Users\Admin\AppData\Local\Temp\acrocef_low\15e789f5-7c26-4e5d-ae72-516cc47a281c.tmp

Filesize
404KB

MD5
474425e62a9f35983a7e8671560d7a25

SHA1
40cacd4a4f7bb1abf08c9794ad53684daaf8ad59

SHA256
ea5b915f20f31f8c2ceccb45518cfdb3319fe499fb4d4bb9c4fa6c29b89df6e1

SHA512
69705ce69bcdcca3a88fc19ca8b6ee563d4cb63439feb4588146d69c9b19b3422ffed7044c96f90cd99cd80d931b7b89f53d5e7c73cc30e7ba39bddacbf076d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js

Filesize
7KB

MD5
9ede51f8ea16f7842de8bcdc488f60d5

SHA1
e7aae1f64fb20d014c56d6ebf1af9f5b72aa67e2

SHA256
32c1b7306fbc25e2932c308042ce41cd1d8894aacee55ffe43d0a58718c7f847

SHA512
e88c8e27686e64b6c346bd77ee0449525cea3a7c1c6d6ccfaf9367702fa7563cd81c6689a5400e3f16dafe8837063bd2e7805183623e1e3c64828d025ad29087

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js

Filesize
6KB

MD5
8b85961e1b65f9688224104199a3c061

SHA1
29b5ff9ec138e6e7dfd20a146e1a13b038ab995a

SHA256
975bb65727956ed2925960945918bfd357d3e5451e676664110ff2bdebbce0e3

SHA512
48006f4178817e6e8b07881681e2facd3e16b490b39068f434e372adab6121a35b9f8a2c96a0191196d28043977ddf5432c235e098bca4b8bbbe1fdb825fd204

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js

Filesize
6KB

MD5
b21c46409696b25fadb44d03ca304da3

SHA1
ffdbe616c4728cbdd023ff0a8ce3a1dc10da2789

SHA256
6f92beec36a78a67ef6b76667b806183b4d2560d2133014207a3f23f84bf2707

SHA512
6db2a5cb8ed28c2d99588acf7f0bd6f1d80f9c0278a2f182a9ae3142749d03e923fcb56efe3e7ae59115c4e3204a8faf703c86299c89c1293fc62c7159298053

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a6292ab0f08865ae8d1691221688ddcf

SHA1
3346cd5bf284e5fc9d2d3c5dfca95bca08fa2318

SHA256
29a35207dc1b08a611a5e77efef8045cf4f679e26fd14fa347e1db7c9b4783ff

SHA512
b482274c3ae47e067bfca4610453e3c902c36afb1f1c505d727867aa1c48b5619109c70030e21b79bfdcc06414ceafbd4425141391c2c995e4605677262aea23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
5e41950dc8434516314f9f523cb73a2f

SHA1
2368cd485af5d9c676e06f3ff6fe472d84f30923

SHA256
463f3f0f0e99b2ec7a4301163f36f2eb34c5f19a7508666db8e72c2e27adfae2

SHA512
cb83eaaa2f9b4805d9c5c54ab4d44d323482a09ff8e378d0754f65e1b0921fc04dfae1fca25cf7a2f935c704c36425c2202d16b7b7ac903eb0bded6c7e1302ac

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
81B

MD5
d0fe3fa900fd5268f73ef7fc8dc442af

SHA1
d425ee37128e236cbef84f63d08048e293728321

SHA256
069115eac8a16b62a14353514b63891be20c6971da30202f7ff7ba9bf7588b47

SHA512
92e6d5077417e4fe955395dbbe24c12b83a7d0cf6ec2888b9c3e9e6341101211daf29dbed5b15f36b22bd7b765dc0d37d6916dd026d1807934386e99d7afeeb0

Download Submit
memory/5928-380-0x0000023112250000-0x0000023112260000-memory.dmp

Filesize
64KB

Download
memory/5928-399-0x000002311A6D0000-0x000002311A6D1000-memory.dmp

Filesize
4KB

Download
memory/5928-398-0x000002311A5C0000-0x000002311A5C1000-memory.dmp

Filesize
4KB

Download
memory/5928-397-0x000002311A5C0000-0x000002311A5C1000-memory.dmp

Filesize
4KB

Download
memory/5928-363-0x0000023112140000-0x0000023112150000-memory.dmp

Filesize
64KB

Download
memory/5928-395-0x000002311A590000-0x000002311A591000-memory.dmp

Filesize
4KB

Download
memory/6060-668-0x00007FFF0A750000-0x00007FFF0A767000-memory.dmp

Filesize
92KB

Download
memory/6060-664-0x00007FFEF8B10000-0x00007FFEF8DC6000-memory.dmp

Filesize
2.7MB

Download
memory/6060-674-0x00007FFEFBAC0000-0x00007FFEFBB01000-memory.dmp

Filesize
260KB

Download
memory/6060-663-0x00007FFF0AD30000-0x00007FFF0AD64000-memory.dmp

Filesize
208KB

Download
memory/6060-662-0x00007FF6F31B0000-0x00007FF6F32A8000-memory.dmp

Filesize
992KB

Download
memory/6060-671-0x00007FFF09E80000-0x00007FFF09E91000-memory.dmp

Filesize
68KB

Download
memory/6060-670-0x00007FFF0A4B0000-0x00007FFF0A4CD000-memory.dmp

Filesize
116KB

Download
memory/6060-669-0x00007FFF0A5F0000-0x00007FFF0A601000-memory.dmp

Filesize
68KB

Download
memory/6060-672-0x00007FFEF8900000-0x00007FFEF8B0B000-memory.dmp

Filesize
2.0MB

Download
memory/6060-675-0x00007FFEFBA90000-0x00007FFEFBAB1000-memory.dmp

Filesize
132KB

Download
memory/6060-667-0x00007FFF0A770000-0x00007FFF0A781000-memory.dmp

Filesize
68KB

Download
memory/6060-666-0x00007FFF0B110000-0x00007FFF0B127000-memory.dmp

Filesize
92KB

Download
memory/6060-665-0x00007FFF0E580000-0x00007FFF0E598000-memory.dmp

Filesize
96KB

Download
memory/6944-659-0x000001E0EA150000-0x000001E0EA151000-memory.dmp

Filesize
4KB

Download
memory/6944-657-0x000001E0EA140000-0x000001E0EA141000-memory.dmp

Filesize
4KB

Download
memory/6944-660-0x000001E0EA150000-0x000001E0EA151000-memory.dmp

Filesize
4KB

Download
memory/6944-658-0x000001E0EA140000-0x000001E0EA141000-memory.dmp

Filesize
4KB

Download
memory/6944-656-0x000001E0EA0B0000-0x000001E0EA0B1000-memory.dmp

Filesize
4KB

Download
memory/6944-654-0x000001E0EA0B0000-0x000001E0EA0B1000-memory.dmp

Filesize
4KB

Download
memory/6944-652-0x000001E0EA030000-0x000001E0EA031000-memory.dmp

Filesize
4KB

Download