hxxps://drive[.]google[.]com/file/d/1mwD-Sp26ovvjA-DZNHflTBV__NAC2JbX/view

Analysis

max time kernel
99s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1mwD-Sp26ovvjA-DZNHflTBV__NAC2JbX/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
2276	msedge.exe
2276	msedge.exe
3240	identity_helper.exe
3240	identity_helper.exe
5016	msedge.exe
5016	msedge.exe
4928	mspaint.exe
4928	mspaint.exe
1332	mspaint.exe
1332	mspaint.exe
3540	mspaint.exe
3540	mspaint.exe
824	mspaint.exe
824	mspaint.exe
1040	mspaint.exe
1040	mspaint.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4668	OpenWith.exe
4928	mspaint.exe
1332	mspaint.exe
3540	mspaint.exe
824	mspaint.exe
1040	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1636	2276	msedge.exe	83
PID 2276 wrote to memory of 1636	2276	msedge.exe	83
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1784	2276	msedge.exe	84
PID 2276 wrote to memory of 1652	2276	msedge.exe	85
PID 2276 wrote to memory of 1652	2276	msedge.exe	85
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86
PID 2276 wrote to memory of 1460	2276	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1mwD-Sp26ovvjA-DZNHflTBV__NAC2JbX/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf3f646f8,0x7ffdf3f64708,0x7ffdf3f64718
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,2137405188675255133,5861990303182353933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4668

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Corner_4.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4928

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\cubic_borders.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Desing_Core.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3540

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\esphera.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:824

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\esphera_blur.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Heart.png" /ForceBootstrapPaint3D
1⤵
PID:4940

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Heart2.png" /ForceBootstrapPaint3D
1⤵
PID:2036

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Particles_Movement.png" /ForceBootstrapPaint3D
1⤵
PID:3532

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Particles_Poof.png" /ForceBootstrapPaint3D
1⤵
PID:1084

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\R6_ICON.png" /ForceBootstrapPaint3D
1⤵
PID:544

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\square.png" /ForceBootstrapPaint3D
1⤵
PID:1432

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Star.png" /ForceBootstrapPaint3D
1⤵
PID:1536

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\teststealtherface.png" /ForceBootstrapPaint3D
1⤵
PID:3436

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\trail_0002.png" /ForceBootstrapPaint3D
1⤵
PID:3964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
PID:1488

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\trail_0003.png" /ForceBootstrapPaint3D
1⤵
PID:3800

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Triangle.png" /ForceBootstrapPaint3D
1⤵
PID:1668

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\triangles_background5.png" /ForceBootstrapPaint3D
1⤵
PID:4324

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\triangles_background6.png" /ForceBootstrapPaint3D
1⤵
PID:2028

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI__Button.png" /ForceBootstrapPaint3D
1⤵
PID:640

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_AdminButton.png" /ForceBootstrapPaint3D
1⤵
PID:112

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Black_UI.png" /ForceBootstrapPaint3D
1⤵
PID:5224

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_CleanIcon.png" /ForceBootstrapPaint3D
1⤵
PID:5292

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_CONFIRMED.png" /ForceBootstrapPaint3D
1⤵
PID:5336

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_CONFIRMED2.png" /ForceBootstrapPaint3D
1⤵
PID:5388

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_ExitButton.png" /ForceBootstrapPaint3D
1⤵
PID:5468

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_firstperson_icon.png" /ForceBootstrapPaint3D
1⤵
PID:5540

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_focus_icon.png" /ForceBootstrapPaint3D
1⤵
PID:5580

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Icon_Coin.png" /ForceBootstrapPaint3D
1⤵
PID:5620

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Lock_Icon.png" /ForceBootstrapPaint3D
1⤵
PID:5664

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_LoopIcon.png" /ForceBootstrapPaint3D
1⤵
PID:5740

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_paper-clip-1.png" /ForceBootstrapPaint3D
1⤵
PID:5792

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Pause_Icon.png" /ForceBootstrapPaint3D
1⤵
PID:5848

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Peace_Button.png" /ForceBootstrapPaint3D
1⤵
PID:5928

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Pistol_Button.png" /ForceBootstrapPaint3D
1⤵
PID:5984

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Player_Display_Borders.png" /ForceBootstrapPaint3D
1⤵
PID:6032

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Player_Display_Borders_.png" /ForceBootstrapPaint3D
1⤵
PID:6056

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_PlayIcon.png" /ForceBootstrapPaint3D
1⤵
PID:6124

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_SettingsButton4.png" /ForceBootstrapPaint3D
1⤵
PID:5204

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Shop.png" /ForceBootstrapPaint3D
1⤵
PID:2508

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_Sword_Button.png" /ForceBootstrapPaint3D
1⤵
PID:6168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6192

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Ui_Sword_Wave.png" /ForceBootstrapPaint3D
1⤵
PID:6272

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_unCONFIRMED.png" /ForceBootstrapPaint3D
1⤵
PID:6308

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\UI_UnLoopIcon.png" /ForceBootstrapPaint3D
1⤵
PID:6348

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Werewolf_TXT_CyberCritter_Acc.png" /ForceBootstrapPaint3D
1⤵
PID:6480

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\ChainTexture1.png" /ForceBootstrapPaint3D
1⤵
PID:6536

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\circles_background.jpg" /ForceBootstrapPaint3D
1⤵
PID:6632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6648

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\colour.png" /ForceBootstrapPaint3D
1⤵
PID:6680

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Corner_1.png" /ForceBootstrapPaint3D
1⤵
PID:6768

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Corner_2.png" /ForceBootstrapPaint3D
1⤵
PID:6840

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Wide Vegeta Christmas Special.zip\______ROBLOX______GAME______ASSETS\Textures\Corner_3.png" /ForceBootstrapPaint3D
1⤵
PID:6904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7364

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7720

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7868

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4260

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5148

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7b5a5433fe76697fec05973806a648c

SHA1
786027abe836d4d8ff674c463e5bb02c4a957b70

SHA256
c8d623536ebdf5ffbefb84013d1c8ff5f853b59f1b09c80364c32b8ed5e4a735

SHA512
27be4c82e26468bbb9ce698ef305320f6cac46c953f88c714a0372fa524d098b9af2a87a88b14a134ff0f5f4b3d671902908622d2c7ec48e2c7bc458d7f5cc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ea156392347ae1e43bf6f4c7b7bc6ec

SHA1
7e1230dd6103043d1c5d9984384f93dab02500a6

SHA256
40b28bf59b3e2026ad3ebe2fecf464a03d7094fd9b26292477ad264d4efc1c75

SHA512
2479b86a9a31aa2f260ff6a1c963691994242ced728a27ffa2ee4e224945446a191bdb49ce399ec5a7d5d362499716133072e97d4253b5b4f09582d58b25144f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
248cf2af68d2636711aa2be97d256811

SHA1
942e28233eb6e013e75e8bc60bb5c33870f66d80

SHA256
566a1a4dee96660469a561fee83060072e003428bd3e3f88bf3e757cb84cc71a

SHA512
21a6afc5b2b24d0f718be98d455aeb502cf9146ff301d6834ab2e5de2b3a731c282d532bbdae56f6dc95475a30505bfd1acd421826547fc412d811db7036aa8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5c3f9e13b891405e59d75ead3d9a4b80

SHA1
07922f788f2d77df2dcce7a973d257467a3bf74f

SHA256
5b6007f2a6643286fb6deafe885238da0a16f8b3efd388ed64a8fcfd5716299f

SHA512
a74a517d0194907c042e62ae8880b0254f7b7bf375e67fcf337ace7d3f116f66eb2462e08688054870e5ab76a3e7823def2ef665f1bd4d5443a8a01c6c532f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cca2eb5af900dba368c5cbd470c7d64f

SHA1
d4d3847c0cdcee5e606eb6f9d66f50b3a2bc00cc

SHA256
36620e2ff5bfe512c70543d105dd6c79e304665381e48d8119e663f7341f4355

SHA512
12792d7081833cb5381a8e1e0fcf7d051cefff755fe85bf7b970a5dc49f5984204fe7b25a3b1f9c40dc58ded462543597317e6dcd00e74a7ccfccca8377319a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7660f377203dcb29325c1ebc73489ba6

SHA1
582c3b5eadbc7ec029f4d8d4eeada399ce9f47bd

SHA256
efd43fa8c0453ce4452c50f51c4debc7ee7ee7a3961dd53ba740dd44ee1a96a7

SHA512
290a5602cd14352b2f7e4e8dbf334de4096425f1f497a44eca7436c8f7947b70ae1cd4d8d2cf70a7eb489f5940274b8e240026c5c9650057d50673b16559c004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4b1e4c0656dd977b44ae121255d9c4b

SHA1
a1a66fd47cf27a007c90c4343c853972fb2ece39

SHA256
1b5d9051d1841bb185e1b5a3efc51b610fbab17c11726b12a471e517c0a77bdd

SHA512
865d6821a6a1b4da7e4b810abebbda89b30fc60d190cad5f39e90d7de07daea44888d7099177089f080f00b61561b67a8e506785a7aaade1fe4ca5be34aa860c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
02950dafc9323c99deee792c529fb201

SHA1
3510da3601d67238a36c0e44de66139f68f16361

SHA256
da86d9aed67e024c9dae9c9129f239b0052271257ab2b6182afe137325ba072e

SHA512
ec79dadc0d9f777a705356bd8947aa127b67b11198fc6056953ef928c30e1bb7ac82ec43fcfa2fddc415789611101a31f9be9d86610f1f32dcc2c3b34ee0c6e9

Download Submit
memory/1488-192-0x000001FEE5D20000-0x000001FEE5D30000-memory.dmp

Filesize
64KB

Download
memory/1488-188-0x000001FEE5190000-0x000001FEE51A0000-memory.dmp

Filesize
64KB

Download
memory/1488-199-0x000001FEEDE20000-0x000001FEEDE21000-memory.dmp

Filesize
4KB

Download
memory/1488-204-0x000001FEEDF30000-0x000001FEEDF31000-memory.dmp

Filesize
4KB

Download
memory/1488-205-0x000001FEEDF30000-0x000001FEEDF31000-memory.dmp

Filesize
4KB

Download
memory/1488-207-0x000001FEEDF40000-0x000001FEEDF41000-memory.dmp

Filesize
4KB

Download
memory/1488-203-0x000001FEEDEA0000-0x000001FEEDEA1000-memory.dmp

Filesize
4KB

Download
memory/1488-201-0x000001FEEDEA0000-0x000001FEEDEA1000-memory.dmp

Filesize
4KB

Download
memory/1488-206-0x000001FEEDF40000-0x000001FEEDF41000-memory.dmp

Filesize
4KB

Download
memory/1488-209-0x000001FEEDFB0000-0x000001FEEDFB1000-memory.dmp

Filesize
4KB

Download
memory/1488-211-0x000001FEEDFB0000-0x000001FEEDFB1000-memory.dmp

Filesize
4KB

Download