350f2b7af2310de1eec502397eb73b1e5c909b989294a1e988911c07a8ec616c

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
Size

569KB
MD5

ae4e3e0faf92ccf2e75c7f94cb0f47d2
SHA1

40d202a651fc7c6ae8c6773b0cd3fa8b652bce09
SHA256

350f2b7af2310de1eec502397eb73b1e5c909b989294a1e988911c07a8ec616c
SHA512

82b2306e3a067e93c9e303bc9a3bd6fd79083fcf6cbc07417cd16d6db79fbeec7d47718730541cbbd3719be5c69adffab49ba2511f4e74005a79f1683d119372
SSDEEP

12288:CsY7rZ1FRInAnOd10oNg6+h+cnJq0Vc/BntFre+OaNY:Cdz4dB7+hHq0V0FU

Score

7^/10

evasion trojan upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000023481-151.dat	acprotect

Loads dropped DLL 32 IoCs

pid	Process
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3976	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023481-151.dat	upx

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3642458265-1901903390-453309326-1000\{56814B46-F87D-4960-B941-E9D80F6B5353}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
2044	msedge.exe
2044	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
2796	msedge.exe
2796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3068	cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3928	2044	msedge.exe	95
PID 2044 wrote to memory of 3928	2044	msedge.exe	95
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 4424	2044	msedge.exe	96
PID 2044 wrote to memory of 3652	2044	msedge.exe	97
PID 2044 wrote to memory of 3652	2044	msedge.exe	97
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98
PID 2044 wrote to memory of 4952	2044	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
"C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
PID:3976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
"C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf06f46f8,0x7ffaf06f4708,0x7ffaf06f4718
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
06b496d28461d5c01fc81bc2be6a9978

SHA1
36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa

SHA256
e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507

SHA512
6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de1d175f3af722d1feb1c205f4e92d1e

SHA1
019cf8527a9b94bd0b35418bf7be8348be5a1c39

SHA256
1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924

SHA512
f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7736264b1fc3401e57a1470249517154

SHA1
b4a069a0d68ceb4ecc4f94e4869dc1c9cdf1e265

SHA256
973d200f71d0bc417c4a3cb1a4aa4cbe060ff9a2214e02aea70e6ce142783300

SHA512
b5cfe6c8b10b468d3fa62ea179c0c623ea8f09b96d6ce4184ec9a50a3bbd8d095b94ea77fa4cd77f00c4544bb573c9c95b454ecff87d4e412dfb1468c0666743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63a3c68610f951a1c4da140d5c9a8e87

SHA1
c9ca5b8200fb9c2a1c84f01b37ef50a549cd0f06

SHA256
0c961d35983421bd00199fa195459da995474e95988dcec01601015d04df13b3

SHA512
fdaf90980975687e3ef40b4fcebe21d6b63e25238060648e87e625cff8d3d5631f410c304807bd86dee9bb2811df88f97844ec0c4bad262f3439147fa0f5d34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
490db572e4ed32021f17365c5471b6ad

SHA1
cce47441afcd32c7c691efad70608b6a7c8b584f

SHA256
6a54597a23830ca904513b83302022af6615a72d609e2636f0ed58ec031282ff

SHA512
0efbc7d59c456f59dfe94c3b1c25ed80b8dbeab99770763ca7327feacf09a1a425ed9da11faa93b74bd2dd6e5c80d617ce46ce6d769a219287f7c1a1c5bce1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\Downloads.lua

Filesize
9KB

MD5
c1573fe0e36f3cbc82ca19c76f81fac1

SHA1
84904ddd3592eb3eed9c62dedfdde45870716aae

SHA256
68472d9b7aeb69480ef0a85e5e1106132209c09f2f17b964629c92ab52b12b9e

SHA512
09bbeca379715f2b633df14243c8548602d082f2252c1cc6785e832b3fe88a5617ec105374db45f088436fe7481d3c4828de70ecf334f3173ffc1306ef5b4d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\FloatingProgress.dll

Filesize
25KB

MD5
426c1733c63c8b214e79ecc56f1d86f0

SHA1
3a09c6f583f430dd47bf867e988832aeb406a75c

SHA256
4fab581406264ed2b50c326ab00e7a7b7f3da787b3ef562b6c23a3fdcb555818

SHA512
55dd3bda227d93c12e783c57d3809d791bde6159c3b7b0508815f0864a0b490f7904d77431865dea57622d2518b553028e774625d7057093ba8069fa668e3ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaBridge.dll

Filesize
38KB

MD5
663e3fbb8b2950143a0c72e408b8d1fe

SHA1
624cdbc316cbad83ab5ac694ef4031aa554cddac

SHA256
6d7475590ff1188df4808509ae664893b03d0440104cbb9f423df7ebccbce85a

SHA512
1e9bf899fedadb939245bdb3805f77d3f3999de1f21517ed9c2d7cb1ef549c91c58de24c4a38c880ba19d07dd85803a8cc7b868736139a5ce929e2a6e14020a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\ltn12.lua

Filesize
8KB

MD5
e440044afe6c761507a996b5b45ab0f9

SHA1
ef772c758fd5d6098b41375f35ac26f3963cc306

SHA256
b1864aed85c114354b04fbe9b3f41c5ebc4df6d129e08ef65a0c413d0daabd29

SHA512
8a82df90459929de1c91ed29a122a149749d42adbb85faf0c3123d0f0886babc90cb93de85105feb7497b46552a6747ae05b985f5a488d1d8f1a2a7db44077b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\mime.lua

Filesize
2KB

MD5
4bfdaaab9014fe129bc6388fd5687c8f

SHA1
2c6ff28245e1dc7ec9ac1c43c3cda354d07b2c4a

SHA256
e9167e0da842a0b856cbe6a2cf576f2d11bcedb5985e8e4c8c71a73486f6fa5a

SHA512
3a1a4d838bb5cafe71da262ee7bd6dccbd30dd4d7abe0d04f6ecf96bf704d5e111967be812894a47f2eb3374ee110620b7cc47eebac8b72ddcf7f506ba82a607

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\socket.lua

Filesize
4KB

MD5
74dbe1060e91112e1c21ef9870b4a587

SHA1
86afb6aecb0a8387ffa5dead1cc9808332f94310

SHA256
15fd138a169cae80fecf4c797b33a257d587ed446f02ecf3ef913e307a22f96d

SHA512
73218ebb2ad27d3402173054be997089549698d9112acb4b1c9fe044689a40ceda3df00304d336d2034e61c04832f52d971509240414838841d40f53fc0c3723

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\socket\ftp.lua

Filesize
9KB

MD5
7309f4294ae4abb4f6ae657b2a98d488

SHA1
327d143e9f7a1835a58fdaf569a8f7a937fcf2c0

SHA256
9ba5df91091c46f0ffe0a93ace577a4833c92cbec1742113d0a2da9e568f9a10

SHA512
a44d2603af63828e8a0b1fbc7455305c616e5bae4a351b429e7e94a6aa7e4d6425f69d57d6a44ba87ee5d29accfc01c1f3ff288652120ff8f08a66543d357895

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\socket\http.lua

Filesize
12KB

MD5
61a2a779da46e835338f1ad1efad1717

SHA1
091d49262b7c1d1f4a89655673710f6d8a37baf0

SHA256
68fd4bc835da98dd1d5509333f8cc8861133c9439d3de879bf29a96de462940a

SHA512
657594b8ea1a2584c45d85df6c57c5ed43bfae2ece2db534e52ad66a8c7f8c1f85f99bc9329fd8d88a06b6fd2b9121b8e359dbdfd532da0e26d94352a055ec14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\socket\tp.lua

Filesize
3KB

MD5
2cad406e591cade482c7f16f39c21481

SHA1
84a3ab88ff7a9102c2c6d21bdb6eede6862167a4

SHA256
343afa62f69c7c140fbbf02b4ba2f7b2f711b6201bb6671c67a3744394084269

SHA512
ecc98991c25036b54f2bb71b3229e4bc8fb401e55db0e5f9c958c2a7b00b40fc9ae2d7e45002d4f2a03cec85535785c42ab6d20476fe095a76444d143493b145

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\lua\socket\url.lua

Filesize
10KB

MD5
8fb662c362da002b833793ea7794fdaf

SHA1
7afaf1ad22c95690cbb3f55226b617121efc20eb

SHA256
269526c11dbb25b1b4b13eec4e7577e15de33ca18afa70a2be5f373b771bd1ab

SHA512
b0b766ac2b5cff879009ad9f74295f7ab0bf8b0628b8aece5597243e0fa96f4a85361728fd8a08eea7d2629dfc5e5d8b6aebca432075ad74c131ad3161a475c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\mime\core.dll

Filesize
52KB

MD5
4a4845ba1666907f708c9c10a31ec227

SHA1
1ebf626adc84147e5114885ce779f92d6eb68f3a

SHA256
a1ffee9687ab4a23a78b3251888aff09e2896d76f8d16d713367b265f125188d

SHA512
d009f5e2a2ecfbec5e5e788ade142d612846d0c99921774e4a11b060998dfb0680cf1e1a54604535d5560738093f9ae166866cb23eee5c7d9c4e5cc5a33e7464

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaSocket\socket\core.dll

Filesize
80KB

MD5
4bf7db111acfa7c28ad36606107b3322

SHA1
6f20b9f6663ce0c309a2ce60e718d64ffb6c75b3

SHA256
bfe8445c38ee71240e856f85d79e94123d7179bf43688de0e2a14e32e6ef21b0

SHA512
0a5e66a65b80e15d8198f2934c58227ae17680f0fbea9865b2f44af82a29c53d4f95cf9616b4dfd75202420eb73b7d962cf2c84fdad6ce26afe1eb4bb978d0b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\LuaXml_lib.dll

Filesize
11KB

MD5
7292b642bd958aeb7fd7cfd19e45b068

SHA1
19a800620d041634abae5b5d096cb0e87ce4c188

SHA256
90f1bb98e034fcf7bfddb8cb0a85b27a9c9ddb01b926b4e139e1e8fc53d41d09

SHA512
bd758e0833454e0aa2af976ac94fde17c5401102c5991887cefbe8e337974381584c73e2d1e50e49263c55c3788e24dc7f8bd0b9d2a76a6cbe38e48dd9d6c44a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\System.dll

Filesize
10KB

MD5
7e3c808299aa2c405dffa864471ddb7f

SHA1
b5de7804dd35ed7afd0c3b59d866f1a0749495e0

SHA256
91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

SHA512
599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\UACInfo.dll

Filesize
4KB

MD5
d02a497be5f89c44827f142c4662f591

SHA1
38f83ccbac11de069df0e1cd79a6fdf7f006516c

SHA256
6d29dfd24695535b5973d8261d93373603ceaae03ab97662fe1b3dcc47d18226

SHA512
81c87f9d56a8ab7703a4effd3ba7b982b6765ecbdc0dbb1c595f549c4310a5db57dcdc38929eafe56983ea8cefc0b572c3faf82a4b62eb7c564b05550215f1c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\json.lua

Filesize
18KB

MD5
bbefb63464a7667f5ff8c23c1995f05f

SHA1
165c41ca3a5f366f80184d616471a63dc43f87c0

SHA256
470a6bd6f30161af95c48835fd1b31050986ed2130bafc0717bf132414f81012

SHA512
48e74aef474ef5f057881ed1cf77749693cbc9f0c54f177b5b98028f58113975fed34eb2c888764d39466611e101479b2b408589aea33343457f15309d35ddaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\lua51.dll

Filesize
160KB

MD5
13c3a33c1f6e43f38de533fd0b766c98

SHA1
6b92c3d6694ddc40d9b75853baa51cb2f9f8db13

SHA256
4158063b0a868431f6430f54c1192bf20e58a43a6d3d03b740e090951e2f4427

SHA512
d64466c03deec744e7c0bfc23e54ee91a4eff4075fb92ef97c0014bbfb00e0d21731119a3a199fb9cac4a528419e8b8066589eddadb16b445ea298d67b037c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\luacom.dll

Filesize
287KB

MD5
ed7f7857933b38e5d10daf828e79af19

SHA1
7f1445f87f7e2256efc33ef56da20c3b23a1e0f9

SHA256
9dd5218bc2d12f4d07e268bc6ec01d6eefde4b99a07246d0a96d18477d331b5b

SHA512
ceaf9597d4cb725c4ec8b7af8d1090b38df102b52ca7606a24e9a094fc81f450f93ad22770c905db9115e271fa5fa4f5731caa7b1875e204edb10fb691741715

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7793.tmp\version.dll

Filesize
6KB

MD5
ebc5bb904cdac1c67ada3fa733229966

SHA1
3c6abfa0ddef7f3289f38326077a5041389b15d2

SHA256
3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

SHA512
fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\CallbackProxy.lua

Filesize
5KB

MD5
412e9a95b337edd51aa3ab78f55d1c2d

SHA1
abe08ab1394eca8fea5b9b80543aed81b4ae52f9

SHA256
cf8d7d1866b230881f8b70b992c24fdd4dc3f52c7a761be1211e3d5371a48a9e

SHA512
f393433319a86d976f7607d4b2f4d65f6753a9b854b9e1a60d7c327e5911bff8ed2ad7224e29b4e245ab2646141fd528bedeba97a57c7753eb2a53cf46f52454

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\DownloadList.lua

Filesize
11KB

MD5
69bcc89d627ffbd8d41539206d4928c6

SHA1
e4f7ef442a8db26f2996e7e1c680bd4252efb69f

SHA256
99b6abfb3414dd4cad3e9f4e4634eb861334406920348af58b56a4445e3adfd1

SHA512
68f10e8a5c9707059598b8676556d8c6814d121761b2187f285e81104d8f5f473acce2076bef5572a2dca1c2594fe9f4db42fd4357836b76685a32c37b961b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\Env.lua

Filesize
2KB

MD5
ac1975abfad71bac76271f4923af0894

SHA1
59d553a016f3850af52e544f62c4fb567dd0db72

SHA256
93629c8757f07c280324ae4acdd631df5929a0d2a02fc28d9fe4486c91750110

SHA512
bb073bc9dcdbb32065e19f7e286f2e5789a06b66580eaf03c313a5ac7008b3d8d379b4d5ec932e4fbbb1b76340eb609146566da1c53e19371307e171d21fcef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\LuaXml.lua

Filesize
3KB

MD5
a34eed4e795d1a7f8f26af91994b2785

SHA1
d950dbd4147b86e246fc19afbc12592aa0ee55b6

SHA256
6345b8a47f378416cbd31e543410fa5b03c914219ded2a51c2d3c858f281d6cd

SHA512
0d3d92c6b5053469a2edfff0050672ff847135e5d1d08fb7b353df9690f8edcc32f443733bd0d70061f572e3f220769a64a0820918e4b51cf99d8bed30b4f3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\ProcessFreeFile.lua

Filesize
11KB

MD5
33be8e17a9eaa306d7d86b5caccc6b55

SHA1
72127dace2cdf90ab19e032131f22a5dd3f2572e

SHA256
f948109defb8a315640744e6c7941af1d6ee2d158220e273e1273512026fbd22

SHA512
f9fc132521a51a20aec25ab0755bb5abdbf8ad0de8b1f10ae994b0b7e2b26e7a073f5e70f4dc107a00f4e2bab0773c0fb4711d1396590d40ce17db7469578b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\Sandbox.lua

Filesize
7KB

MD5
0b893d34a9d305bb4fe3094f55b87138

SHA1
ad666098a43f0561ed3320bfa36eed0e3219e48d

SHA256
68513e783bf14fea511cfea5b490773593bf4c9bd896129e79210e9aefab105d

SHA512
cc9e0e552258b726d8398289f2144cab5a32dbb96222c4b8c0af61cf08d59d0f9c94be24f5ce75d921ce954c51facb0364ec1e31b1eba7d37019a89e693e0471

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\definitions.lua

Filesize
7KB

MD5
d0018c9732e8cdc4dd87a5bf59c12611

SHA1
1ca71275c48c05c8e041e75eb8a19182afcf7c49

SHA256
d8a2e1786e7e5ce578ca0228c35b1137d37f46f99b440c1d55ea339685f0568e

SHA512
ea4ce9847e26e867e34a57ab70a4af7f22ff26db8ddc6d1c050d84fa6187bd0e86f16114c8b72646a8d7f71b7db48a4b9df01787de8649bac88f454e28eb67f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8C10.tmp\utils.lua

Filesize
40KB

MD5
3ef03d0de98b2f7e69a512d74d9fff86

SHA1
38666244540d3106e1e47824bb061f137b5a49ad

SHA256
08f288987a652cbf124330b5be9f7f11a169076e206cd99136d8ca84c8e6ecbe

SHA512
3db73f7c4304833ac7f02efa8e8a3b15723d17479c92c71b758d56c3051ef5d75e2edd485dda66cce49dea2390f2fbdf97e9944977e53565444fe52d12881ffd

Download Submit
memory/3068-310-0x0000000003420000-0x000000000346E000-memory.dmp

Filesize
312KB

Download
memory/3068-347-0x0000000003470000-0x000000000347C000-memory.dmp

Filesize
48KB

Download
memory/3068-244-0x00000000033A0000-0x00000000033B6000-memory.dmp

Filesize
88KB

Download
memory/3068-190-0x0000000003040000-0x0000000003068000-memory.dmp

Filesize
160KB

Download
memory/3068-259-0x00000000033F0000-0x00000000033FE000-memory.dmp

Filesize
56KB

Download
memory/3068-335-0x0000000003470000-0x000000000347C000-memory.dmp

Filesize
48KB

Download
memory/3068-336-0x0000000003470000-0x000000000347C000-memory.dmp

Filesize
48KB

Download
memory/3068-344-0x0000000003390000-0x0000000003399000-memory.dmp

Filesize
36KB

Download
memory/3068-348-0x0000000003470000-0x000000000347C000-memory.dmp

Filesize
48KB

Download
memory/3976-169-0x0000000003370000-0x000000000337C000-memory.dmp

Filesize
48KB

Download
memory/3976-170-0x0000000003370000-0x000000000337C000-memory.dmp

Filesize
48KB

Download
memory/3976-167-0x0000000003290000-0x0000000003299000-memory.dmp

Filesize
36KB

Download
memory/3976-155-0x0000000003370000-0x000000000337C000-memory.dmp

Filesize
48KB

Download
memory/3976-156-0x0000000003370000-0x000000000337C000-memory.dmp

Filesize
48KB

Download
memory/3976-135-0x0000000003320000-0x000000000336E000-memory.dmp

Filesize
312KB

Download
memory/3976-84-0x00000000032E0000-0x00000000032EE000-memory.dmp

Filesize
56KB

Download
memory/3976-69-0x00000000032A0000-0x00000000032B6000-memory.dmp

Filesize
88KB

Download
memory/3976-15-0x0000000002F40000-0x0000000002F68000-memory.dmp

Filesize
160KB

Download