hxxps://drive[.]google[.]com/file/d/19PMkUlRBLdqlHQtEvUrR_dOwPUr0O_ei/view

Analysis

max time kernel
75s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/19PMkUlRBLdqlHQtEvUrR_dOwPUr0O_ei/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
2	drive.google.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	kiseki.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	kiseki.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	kiseki.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	kiseki.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651599873589851"	kiseki.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1148	msedge.exe
1148	msedge.exe
3732	identity_helper.exe
3732	identity_helper.exe
2496	msedge.exe
2496	msedge.exe
5432	kiseki.exe
5432	kiseki.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1584	svchost.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: 33	5752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5752	AUDIODG.EXE
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe
Token: SeShutdownPrivilege	5432	kiseki.exe
Token: SeCreatePagefilePrivilege	5432	kiseki.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
5432	kiseki.exe
5432	kiseki.exe
5432	kiseki.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 3484	1148	msedge.exe	83
PID 1148 wrote to memory of 3484	1148	msedge.exe	83
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 3004	1148	msedge.exe	84
PID 1148 wrote to memory of 1964	1148	msedge.exe	85
PID 1148 wrote to memory of 1964	1148	msedge.exe	85
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86
PID 1148 wrote to memory of 3824	1148	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/19PMkUlRBLdqlHQtEvUrR_dOwPUr0O_ei/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffb32c246f8,0x7ffb32c24708,0x7ffb32c24718
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11886593102255336037,16405949136840665903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:928

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:4420

C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
"C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5432
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\kiseki\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\kiseki\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\kiseki\User Data" --annotation=plat=Win32 --annotation=prod=kiseki --annotation=ver=1.0.0 --initial-client-data=0x244,0x248,0x24c,0x224,0x250,0x75115150,0x75115160,0x7511516c
  2⤵
  PID:5508
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:2
  2⤵
  PID:5668
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --mojo-platform-channel-handle=1960 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:8
  2⤵
  PID:5684
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --mojo-platform-channel-handle=2056 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:8
  2⤵
  PID:5716
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --nwjs --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\Downloads\Kiseki\kiseki\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --nwjs --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\Downloads\Kiseki\kiseki\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --nwjs --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\Downloads\Kiseki\kiseki\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3296 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --audio-process-high-priority --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --mojo-platform-channel-handle=3680 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --mojo-platform-channel-handle=4032 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe
  "C:\Users\Admin\Downloads\Kiseki\kiseki\kiseki.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\kiseki\User Data" --nwapp-path="C:\Users\Admin\Downloads\Kiseki\kiseki" --mojo-platform-channel-handle=4120 --field-trial-handle=1856,i,2624584554056247547,535726199137335961,131072 /prefetch:8
  2⤵
  PID:5308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x490
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c4fdadbabfb8fe17c5d25bac7eb8f67a

SHA1
ba5cd99bee539a7a4d8340d275b54b1d23669e21

SHA256
317cdb0bcd042eb64a72d5f4076f3b4ea6c59eeae7934e976b1ae823fc6c51da

SHA512
2a12a55214653b63a01cd65696c734fce7862fcd33d35fc80fb05ffd251fdc2de0e3e3bfe224437ffba72c01b886901f9fb79e964a8eb308804eeabb7df05ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b2a870777bcfde09ec57d82b96411203

SHA1
2d05801ac6d86d343c9e78ed5a43e9c2d92bbb5a

SHA256
c46f2895793aadcaa66bbfef719714561952594af1dccedd2d8788502832312a

SHA512
91db9fb7ec62c8d4590eac7bc5e41d3af65e9c00d555f6962dba16ee5add1a773a2fdd7b939f8d76b9580a7c4308252a6c21c41443fc1d6c2e51e872a806ec97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73ade58d79026aabf68f1c0f3ea70235

SHA1
8631a79b4c66583ff0c10be3da35b4b1d657df69

SHA256
a37b0e1cdd967b01c01912e23dca27bd806ff2c42de67942bdd4cb3ed5b0a7a2

SHA512
ab3ca2d3e20ba3738abe4ae74ad6a1d9d5d8051c84bd62276098e8d4e36dbf0b28c7c1bcea3213e871b23963433cf8e064ada17baf80686e2fc72d0b9611943a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
198dc3bc33ba594b60b5c4af5578b08a

SHA1
91a008a1527fbd6c2da31c6d68a9b0de7418ea4b

SHA256
e9902686e726306a1d4f9c7d611bedf218cf37b9e8eca76a08e0a9da92204c8c

SHA512
f3e7e3cd5e9c1b07c85bb9ed90faf3dae677b25da7dc664c56a143fd2046923430020b050a39c5d80a860102008401215896058fe972328575d083e2ceb067a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92b3717de69370d724d43fee905cd271

SHA1
9f00a932f24d8466ef088eb7e131499e4f6bc925

SHA256
1820f05102fd4710e335ef82feb939eed13fe2ed7fb6b69833f87e02819ec245

SHA512
6c9e366741369e6f50d654269dd7cd66750f149f8add0c944a4455ad7966bed46b2e2d44d8e05b7b2007bd8672ba8c9f4b9112273938ebc730b5fdfb7d837cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06203de69e080e0e43e857f5257a5ca0

SHA1
fb655bc3f2a38f214148e54ff9869036aa236bac

SHA256
c596d842811a1c2ad37901636cf9c0871045e03a7dd4e3a241c3fc4ba9394b9d

SHA512
b55868de42403fc78e93ce7bb7a49ee19e4e415933aa59c33fba4405aa6ffe076b6f95f48323823a9bdf519baf2c875e8e26801af5a958cc74091ba4bc26be11

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\967e0ed2-e4b1-4287-b1a5-b8771c0323b5.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Network\Network Persistent State

Filesize
529B

MD5
ef06e3a753b4a06c77409ce6c3b8c894

SHA1
ac20154338fbe2acfa059f6c85b44591ffa6dfd8

SHA256
226590cc4cd04977cc610afe17b03170800121ff179c21b273a294a9dcef6f42

SHA512
7445ddb678ee37e1b813ff9f2742db78de3bf0ddf51b1a5d5b3c1e5a2a053b628b44b324507ef5d94c1c733ad993981a648c2299a652343671339b7a521f061e

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Preferences

Filesize
3KB

MD5
5fd9dfb4ec757de19162e3f6fbd09001

SHA1
18b2e180a666fef599238ae7523eb3d77673fd6f

SHA256
de4277f1c16a1399c21c4823f1ae54cb312c52566da75d7953760a378d3bac0e

SHA512
ffac28e8d4794f92e6fcb62d67ef0539c19e255f6c8d157cb1808bff1bf208924101153e1b98b944f76c44b2043168ee60da53db912fae2ab2a37d3ab9363881

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Preferences~RFe588047.TMP

Filesize
3KB

MD5
3d4679eb8f50556b6796bd3d8ee4379c

SHA1
4687732ff2e61062a2483d6e1b278059189fb750

SHA256
d5ab03fb9443767fe394fd82d20aaa2eeaf7ee1abb50815575da58eb8f02b8f1

SHA512
41218026c5e0a5b96c15caa74896aa3854ceb67deff8626cf7bca080251dab5f6a0f00c1c1a357e5440a906ff3bf4de4e75bc6723db31fe7ac70ac928618ac0d

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Sync Data\LevelDB\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Local State

Filesize
3KB

MD5
c77c76e0bdc960d5eef9ac2a9dda8edf

SHA1
0188c69fb450cb327273cd2f01581365886aad1c

SHA256
c120d469119fed2edfd41d9c4d7ac51d0eb826646bb189708d617594c1da21d0

SHA512
5a1fd5823da67677e534b764a1e9dc95e0170e76677cdeabec348b53418edc2e3530073a343047e211d65ec6d8da06d77b71508dac3e8c8e86b6046e38259823

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Local State

Filesize
3KB

MD5
8017533427a081ee8a0cbbbd4aa6e72d

SHA1
1e1dab0f8c78b0aae377e6029c9767464cb7b3bc

SHA256
95eac5ed14dba0d738f43e2a0a2c7f228af8c1e65b9e1aded95b77ce405ae886

SHA512
2dad403aba133348eeb259b0147d5c567a4494f2b22692fb3a12dff95f2ef8385882007208ef7b857d95e0fc9fd43e1ba8f71d49929de1a5ceac1ba8b4143d77

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Local State

Filesize
3KB

MD5
334bcade76c3e866ad5fe3f6a3858916

SHA1
3abaf0e61d159b63374cc2f16e75baeb28ac8082

SHA256
41786368d9f8a2bd3f53abaecafd1420debe2c9623ff1c14c48b58144611fd87

SHA512
a881516040f71f70a8206ccf5ad6f68df2c6381b836cdc68da4e2041f759ff8cdcb09a0fadfbfb067723f476db4ac3d8435ea92ba30c30259bd63aa3f00a0aa5

Download Submit
C:\Users\Admin\AppData\Local\kiseki\User Data\Local State~RFe585a8f.TMP

Filesize
914B

MD5
112f2a2e2fb208f1151c16d21184d143

SHA1
d3de326999d2b2e3c5f5eabf676845415faa27bd

SHA256
e678777a920584613d631074d0bc3feed9f46c7810426d10f895e51d4f32fe81

SHA512
75c02d46d127b143f6529c05a83acbb33c7c15fe6dd750b835d89f89d3914d34bf98d03af19b54f45e323b44e8089397a3b84a5ecd237210e79d4e8411a3ca10

Download Submit
memory/1584-171-0x00000295E3DE0000-0x00000295E3DE1000-memory.dmp

Filesize
4KB

Download
memory/1584-191-0x00000295E3960000-0x00000295E3961000-memory.dmp

Filesize
4KB

Download
memory/1584-203-0x00000295E3B60000-0x00000295E3B61000-memory.dmp

Filesize
4KB

Download
memory/1584-205-0x00000295E3B70000-0x00000295E3B71000-memory.dmp

Filesize
4KB

Download
memory/1584-207-0x00000295E3C80000-0x00000295E3C81000-memory.dmp

Filesize
4KB

Download
memory/1584-206-0x00000295E3B70000-0x00000295E3B71000-memory.dmp

Filesize
4KB

Download
memory/1584-188-0x00000295E3A20000-0x00000295E3A21000-memory.dmp

Filesize
4KB

Download
memory/1584-185-0x00000295E3A30000-0x00000295E3A31000-memory.dmp

Filesize
4KB

Download
memory/1584-183-0x00000295E3A20000-0x00000295E3A21000-memory.dmp

Filesize
4KB

Download
memory/1584-182-0x00000295E3A30000-0x00000295E3A31000-memory.dmp

Filesize
4KB

Download
memory/1584-181-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-180-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-179-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-178-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-177-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-176-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-175-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-174-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-173-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-172-0x00000295E3E10000-0x00000295E3E11000-memory.dmp

Filesize
4KB

Download
memory/1584-139-0x00000295DB740000-0x00000295DB750000-memory.dmp

Filesize
64KB

Download
memory/1584-155-0x00000295DB840000-0x00000295DB850000-memory.dmp

Filesize
64KB

Download