hxxps://drive[.]google[.]com/file/d/1cam_kkPi2AJxKSsKpPn_qHYMDLh3braF/view?usp=sharing

Analysis

max time kernel
286s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-01-2025 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1cam_kkPi2AJxKSsKpPn_qHYMDLh3braF/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Pyxenity's Map Pack.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
2160	msedge.exe
2160	msedge.exe
2224	msedge.exe
2224	msedge.exe
4216	identity_helper.exe
4216	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2768	taskmgr.exe
Token: SeSystemProfilePrivilege	2768	taskmgr.exe
Token: SeCreateGlobalPrivilege	2768	taskmgr.exe
Token: 33	2768	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2768	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe
2768	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2036	2160	msedge.exe	77
PID 2160 wrote to memory of 2036	2160	msedge.exe	77
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3468	2160	msedge.exe	78
PID 2160 wrote to memory of 3816	2160	msedge.exe	79
PID 2160 wrote to memory of 3816	2160	msedge.exe	79
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80
PID 2160 wrote to memory of 4928	2160	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1cam_kkPi2AJxKSsKpPn_qHYMDLh3braF/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff67a93cb8,0x7fff67a93cc8,0x7fff67a93cd8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,8215737350026103757,6667145124608674741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
  2⤵
  PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:964

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4680

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
79c665374ec8925ac56c1481de5e1e9b

SHA1
a033b27deaea04cc2a4083f187a48262916a34cb

SHA256
929419227939bce1890e801c09d89014b50a41d641b1aa3282ac95e42722ae64

SHA512
37f7a0dfb094c6e01573dffe941f34b12ea560986ba1cd9b3cfac47d04ea3953a5fdfc5ec2e6018989702ecad2a3f5608afb0d8850f2db24b3d02644cf67d274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
18ad28888b1f0076c509052c202dcaf3

SHA1
093cba59495e07f00629b323c42374e9b3f91205

SHA256
291fa1506b5cbb79328f07e9af46b97a21ed86a22e9c7c4169d149aba894a3fc

SHA512
7630c30c32718b9c85b3cb3ac99b119e2ef6ea97c7db325625975131f825769f70d359853d50c3e6d48bed2f3987d41b11c2ba04e354c525fbc719d2e6906945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1ec8e9ef44a4b7e8b9a0dcc16cbe40f

SHA1
88c49f57b4aea24c9468db88d42f2973c2e2057d

SHA256
0d78aef10036dbcb8339c38db671dd988915dace263880a23aa8cf675c30a28f

SHA512
9f13996134a34cbff8d90d4bbac671d0dae96ee644d8b95bdbf59d83568db0d82504e48c7b729561db59a42930d10ca4b95edfe11d850e39f64824ebe552b4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c288b7138bb6cf163bf4edb1f84d4513

SHA1
d8b52bbf7c3a058f71b804af1cc405ccb4209831

SHA256
2a25898ab882da28f730e7ad98dd38ca8959d6a0cb2353ffc607e20db10165e8

SHA512
e018eca1da16218b0deaca530820de7f91f6f68691988c1513f29b0d1ea169ee4259d170e75be7ed492989b3e115b2f8de48612be6afee6806c4a7615555ff21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5d7a7984c65e2539a3d192658f05d6a

SHA1
4c4ef705fd4da81f4b3fcbf0a69fb2d957c3a64c

SHA256
650465a38dcdf9eddc6c2713b830579675809ddb47c54eb87381972db09eda74

SHA512
90f6566584d707f7e9c144cef7eaa8dc2d5209f3147aa408b978aa3f36caf759ec336acbdb252256016a5d56d262ccbd5aba2a7aa94e2fb13a53d7faef91050a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
639eb4a9c5b5bf9d0b07d0d9e1a7afc6

SHA1
e9d7104cae2f684ec9ed2733fcaa53c266a656de

SHA256
7d95de6df91511d61e82e3df95f888dad1abcdda56357a615ce476a1235c0a3c

SHA512
93be65cb4abf5db6315945d4eb5d0724dc4d9341278cd1c26194be9645d0f4379021f1c12aab7f7a384b65b341e29d559a543c0361785074017871d4971c163e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55ea4973c227d8730dd15051fc5975b6

SHA1
d8992a166fec3c22028346e479858a61e004044d

SHA256
ef481033be7ec52dd66a671bee6331a672c5a22f0b9aeff491ee156390d5e83b

SHA512
c95a51a77c6481f051ae9162b7d77442381032b813c32135ac9428b3ec57bebbf40e497d4c6c54b58def5df890fccf9d666717cd3314f6d9912af292f1debfb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b14be3cdbe5a51a34b1f382fa5c910b8

SHA1
ae5b64b385486f1aadfb9b429530b262596300a9

SHA256
ffded656f48818c47d2958330ad7c5ef9a903fb005f9ebc08a8c4b59ec3ca603

SHA512
b42d095151fe7475545da5917252c9bf0401f20e2af0c4bd738298ad281e373ca623950180fcea3b392d130fd2bd419a2996d39005068b57217816f14b603e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1ee9ec9e0f29ee73d88e26b9c1466299

SHA1
3198400b4fe21a942838b2f17862375f8c016818

SHA256
ad0bb8c804014c8c21537a2dc4144750a41c9d62709f0029da99b0d0ef47b3f0

SHA512
12ef40e87b9e8910a8f92d1a2a2022fea534550c49cadd3e22d21d645c634134355cd8ca99a9448e7268ea2e4d2000e3525878c69c4055f528d5c5e68f194fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f1a9086196924c03f412ba7f8e14c18e

SHA1
ced7f0129ecbd75deac87b877e1b704e333071f5

SHA256
c9fe21687dabbe7733e9f5e3383904e0226d9edc0968e89dff962bf6b494116a

SHA512
b884414d4112abfe23ee17c3d9af9b58f1b43cde426335f1a98573c7b2974ec9b9a9014740acbef26d525f155617372e3a4aba2c39d03950c392546043982751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
78146c0585cfc67c0f1fa363245eaa2f

SHA1
9649551119807b471b959d7d0f09dcc7b8cf564e

SHA256
ebb89344011a86620ca5c19ce0967b2387dfdd5a858f2c9230a0ffb0f4882fb3

SHA512
d97e1e352d046e9b02abd65e64e10c6ea104600bbb9768f8fe81c93124d94b4bba22b9c36a90989534f0b090fd31e40b64d6be176dd04e190a28640d0d6de3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
29ba16981e4987cce3102ac6344a89f6

SHA1
d7f18f7756b5905378854c6b47c3379555936d64

SHA256
e39c19685a1d8ed61d8a4dc64006709b7a4e62fad9b056d6a92eb279ef5d7770

SHA512
937d746547f30a9baaf363d68b7669bb6c02a2612b7267e2b6c132677fa4dc65c81cc0d9a1434009ac321c5159385d13f6645561e8152b20cfd39ef4adf5a251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b8c7d.TMP

Filesize
1KB

MD5
70be2613bd115576866ffb5f66cf7fc3

SHA1
529ce0b57a1732d251e5e4c8547e2cac4dd61010

SHA256
679679d5c81d5a53feef2120b9003b34320d4ac5de257f81847416f31abcce73

SHA512
aab0f5baadc24caedbd711bdc94a72c6630e7260f564c6a5151f8933f51aa1731253279961847e5c90254c8080b5d6c4e2c1fc26f3c566884793b7a3d37e1d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8ed0adba3e235e05953b82c14de5c29

SHA1
d1d4bf88c0b2c1048312b428b0ae33f63c94988b

SHA256
ee3c9911c7b44f650d7966b8b77079c19e5bd8adc57a6f91d3724028cfbc166d

SHA512
f002a4a136b8cc0bb46107746b053c307ac7677d74348dab3ef2c68800623713e2c9a623d0a3987738cb6c0581431018739709baa3699beb40455780d3637407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e45444177b960c0cd5282730d424994a

SHA1
b15f68576525a22f19a06934d455fd109710da9d

SHA256
c5b17b442975f8fe29ae7a3c1e1c503d54b3ab81c13e8d7f45a5856fb9b5ccc7

SHA512
fcc3c1084e3f37b22d6bcc12f305bb4dfa5ee87869e85c1ec2fda2207083903ce52ea7e6dcdd5bf30c0f724695d5275e180c3e3fa700a2b7ea8a4a9c400790d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
324b04a5df9ebaefd3628ff032304318

SHA1
7696dc77d2f0da44881aa21d22240a65f8252eb9

SHA256
c38562e3ae15d3a92f4901c4ff77dfb82d58185086f4ef4c14e5df16b68be582

SHA512
7d3631afbc892baca2408a1196119601f1c8cda982b582f775e3e7bcfe80846f05febf21d17a61c8d7166f7a4810250e0c673485b9199b4efbeace66b0480608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63d0eff3ddf411d6eee3ccc70a1c2447

SHA1
6202374e083b9d37525ef06a788d5f0b9dc4b3f8

SHA256
2e1fa4df05f6eb23ab8115ee6e89a56b88faffba6783f07eaeaeb2a40b256601

SHA512
1590c04ef2a2fc7b39c3d96fc7433fcf14f75657c4ad401822403a4e41c8d7d93a4ffbe3eb534939e2940cfbdd1173a1c456149069f87f52962b13a676c40430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25c047431f35b5bed7d870d88bb3798a

SHA1
77a3b5845714a86f1fcd65267b5a10f5d1ae98b2

SHA256
429f18383df0bddec7267bd1b6b10c278c00782c82944f5079142550bec31b11

SHA512
cbe50212ac29e681e7c12c0f2e7df643ac6353f5a4c87bf276e00b4b9cc82b754bec064ac6f311d297903aabaa8d462b9ebedb74a5a058028d71f269bfbccee2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\eedced23-9ca4-4a11-8bab-fd659242ba0e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\Pyxenity's Map Pack.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2768-252-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-258-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-261-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-262-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-263-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-264-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-259-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-260-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-254-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download
memory/2768-253-0x000001E15AF40000-0x000001E15AF41000-memory.dmp

Filesize
4KB

Download