lumma | hxxps://g[.]api[.]mega[.]co[.]nz/cs?id=158324849&v=3&lang=en&domain=meganz

Resubmissions

02-07-2024 17:03

240702-vknkwasejh 10

02-07-2024 17:00

240702-vje74ssdnd 6

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://g.api.mega.co.nz/cs?id=158324849&v=3&lang=en&domain=meganz

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 2 IoCs

Processes:

Setup.exeSetup.exe

pid process

5604 Setup.exe
1424 Setup.exe
Loads dropped DLL 5 IoCs

Processes:

Setup.exeSetup.exeAuth.au3Auth.au3

pid process

5604 Setup.exe
5604 Setup.exe
1424 Setup.exe
6384 Auth.au3
6156 Auth.au3
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

126 discord.com
131 discord.com
124 discord.com
125 discord.com
Suspicious use of SetThreadContext 2 IoCs

Processes:

Setup.exeSetup.exe

description pid process target process

PID 5604 set thread context of 10088 5604 Setup.exe more.com
PID 1424 set thread context of 9944 1424 Setup.exe more.com

pid	process
5604	Setup.exe
1424	Setup.exe

pid	process
5604	Setup.exe
5604	Setup.exe
1424	Setup.exe
6384	Auth.au3
6156	Auth.au3

flow	ioc
126	discord.com
131	discord.com
124	discord.com
125	discord.com

description	pid	process	target process
PID 5604 set thread context of 10088	5604	Setup.exe	more.com
PID 1424 set thread context of 9944	1424	Setup.exe	more.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!.zip:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exeSetup.exemore.comSetup.exemore.commsedge.exe

pid	process
216	msedge.exe
216	msedge.exe
4868	msedge.exe
4868	msedge.exe
3312	identity_helper.exe
3312	identity_helper.exe
5604	Setup.exe
5604	Setup.exe
5604	Setup.exe
10088	more.com
10088	more.com
10088	more.com
10088	more.com
1424	Setup.exe
1424	Setup.exe
1424	Setup.exe
9944	more.com
9944	more.com
9944	more.com
9944	more.com
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

Setup.exeSetup.exemore.commore.com

pid process

5604 Setup.exe
1424 Setup.exe
10088 more.com
9944 more.com
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4868 msedge.exe
4868 msedge.exe
4868 msedge.exe
4868 msedge.exe
4868 msedge.exe
4868 msedge.exe

pid	process
5604	Setup.exe
1424	Setup.exe
10088	more.com
9944	more.com

Suspicious use of AdjustPrivilegeToken 17 IoCs

Processes:

firefox.exeAUDIODG.EXE7zG.exesvchost.exe7zG.exe

description	pid	process
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: 33	7456	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7456	AUDIODG.EXE
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeRestorePrivilege	2032	7zG.exe
Token: 35	2032	7zG.exe
Token: SeSecurityPrivilege	2032	7zG.exe
Token: SeSecurityPrivilege	2032	7zG.exe
Token: SeManageVolumePrivilege	9728	svchost.exe
Token: SeRestorePrivilege	4920	7zG.exe
Token: 35	4920	7zG.exe
Token: SeSecurityPrivilege	4920	7zG.exe
Token: SeSecurityPrivilege	4920	7zG.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

msedge.exefirefox.exe7zG.exe7zG.exe

pid	process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
2032	7zG.exe
4920	7zG.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

5084 firefox.exe
5084 firefox.exe
5084 firefox.exe
5084 firefox.exe

pid	process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4868 wrote to memory of 752	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 752	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3744	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 216	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 216	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe
PID 4868 wrote to memory of 3012	4868	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://g.api.mega.co.nz/cs?id=158324849&v=3&lang=en&domain=meganz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:3012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:6808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:6832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:7756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:7764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13831398445084161961,11784105940675514787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.0.412616907\1166265650" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fe305b2-740a-4e40-8b63-968f055eec20} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1836 19971704158 gpu
3⤵
PID:1168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.1.1706942662\234052495" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a48fbd-d208-4ede-a45b-cffa5ec24471} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2404 19964989958 socket
3⤵
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.2.1616586637\2068820069" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2980 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b0c2fb0-3961-4921-881c-48843982b71c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2944 19973ff4c58 tab
3⤵
PID:2404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.3.628725734\1754783261" -childID 2 -isForBrowser -prefsHandle 3940 -prefMapHandle 3924 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f54ad1e-f120-4cdc-86f8-49016716c3eb} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3980 19976738058 tab
3⤵
PID:5256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.4.1419669948\442099461" -childID 3 -isForBrowser -prefsHandle 5080 -prefMapHandle 4404 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9bd7293-1b45-41b1-a436-fa15b834a3c4} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5092 19978d92058 tab
3⤵
PID:5744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.5.2037674749\1168549782" -childID 4 -isForBrowser -prefsHandle 4824 -prefMapHandle 4896 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fef41354-280c-4641-9f11-aa83402b09e9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5040 19978beed58 tab
3⤵
PID:5768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.6.1628451789\1375179729" -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5508 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72ed49e2-0647-4df6-b444-00fc7cdf4812} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5356 19978befc58 tab
3⤵
PID:5776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.7.7875662\712208905" -childID 6 -isForBrowser -prefsHandle 5816 -prefMapHandle 5796 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7b6e787-21c9-4697-aae1-8dced9df4264} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5824 1997a874658 tab
3⤵
PID:5868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.8.955762510\1006304441" -childID 7 -isForBrowser -prefsHandle 5020 -prefMapHandle 5084 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {237e881e-3387-44b3-ae1d-dce0b2b94bb1} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6064 19976221258 tab
3⤵
PID:3672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.9.259150501\1244257605" -childID 8 -isForBrowser -prefsHandle 6088 -prefMapHandle 6036 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {877b6334-dc51-4c8c-a5a7-fd65e9921c9e} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5840 1997a069358 tab
3⤵
PID:4372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.10.351522115\1397415834" -childID 9 -isForBrowser -prefsHandle 6252 -prefMapHandle 10180 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {612e9f5a-2c0a-495a-845f-840bcee61c21} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 10188 19970a59b58 tab
3⤵
PID:6648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.11.53116452\902067388" -childID 10 -isForBrowser -prefsHandle 8932 -prefMapHandle 8928 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d925965-5076-4995-a7ae-ecf6669d5582} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 8936 19978806b58 tab
3⤵
PID:6656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.12.211153024\794453304" -childID 11 -isForBrowser -prefsHandle 5148 -prefMapHandle 8828 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {219064ec-d763-4c05-95f1-d5c3faa9ab82} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6216 19979e69358 tab
3⤵
PID:6916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.13.6991330\1132344733" -childID 12 -isForBrowser -prefsHandle 9900 -prefMapHandle 9936 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d10ebda-4cca-4dc1-9b35-c4bae48ed303} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5088 1997b3f8b58 tab
3⤵
PID:3256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.14.1351046620\2057040967" -childID 13 -isForBrowser -prefsHandle 5184 -prefMapHandle 9980 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4dc99bc-d23d-4317-85ff-12e2051a1c3a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 8932 1997b3fa658 tab
3⤵
PID:1380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.15.1055023652\677105674" -childID 14 -isForBrowser -prefsHandle 9736 -prefMapHandle 9792 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7106b4fd-61ae-4a64-9390-30b3cba804a2} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9756 199781e5458 tab
3⤵
PID:6284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.16.613223404\1450923915" -childID 15 -isForBrowser -prefsHandle 3588 -prefMapHandle 9668 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c567f3-ae42-4160-b22c-92a725f3d6f9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9552 19977462b58 tab
3⤵
PID:6672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.17.821858172\510214572" -childID 16 -isForBrowser -prefsHandle 8460 -prefMapHandle 8456 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c0e1821-1eda-481c-b44a-6229c7dbc784} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9540 19977463458 tab
3⤵
PID:5328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.18.1624596990\1198724502" -childID 17 -isForBrowser -prefsHandle 8316 -prefMapHandle 9540 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9937aa40-57d3-46ac-87f3-e9c53ca14c7d} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 8396 19977464958 tab
3⤵
PID:6084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.19.2142390094\1384768094" -childID 18 -isForBrowser -prefsHandle 9340 -prefMapHandle 9332 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4ea9cd-d49c-4363-b95d-d05564c7fe59} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 8296 19977465b58 tab
3⤵
PID:5640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.20.665952238\1170655232" -childID 19 -isForBrowser -prefsHandle 9280 -prefMapHandle 9276 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba806f03-30c5-429e-b806-f8a25023ac81} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9272 19979ed6f58 tab
3⤵
PID:6636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.21.1081253502\1720382706" -childID 20 -isForBrowser -prefsHandle 8332 -prefMapHandle 8328 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e8b10ac-3688-4268-9101-b833666c23f6} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9068 19979eda958 tab
3⤵
PID:6980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.22.1715414749\1727487643" -childID 21 -isForBrowser -prefsHandle 7172 -prefMapHandle 8316 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db334a73-871a-49da-b34a-a048442d71c8} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 7184 1997ceb1c58 tab
3⤵
PID:7488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.23.607973551\1708562867" -childID 22 -isForBrowser -prefsHandle 7220 -prefMapHandle 7224 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35845d44-811c-452c-ba1b-fa699e193d33} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 7232 19976dd5b58 tab
3⤵
PID:7496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.24.1499612934\1962033702" -childID 23 -isForBrowser -prefsHandle 7976 -prefMapHandle 7984 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe93a005-5c19-4783-91f4-f400870f153f} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 7960 19976dd3158 tab
3⤵
PID:7504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.25.1699090958\147242281" -childID 24 -isForBrowser -prefsHandle 6912 -prefMapHandle 6908 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74063174-4883-46ef-a1d9-1edaa1f17d0c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6924 1997d603b58 tab
3⤵
PID:7608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.26.170963691\1222846434" -childID 25 -isForBrowser -prefsHandle 7616 -prefMapHandle 7612 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f437ef9-29fc-496b-bd87-f6aed57e5ece} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6936 1997d603858 tab
3⤵
PID:7616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.27.1963807470\2109350719" -childID 26 -isForBrowser -prefsHandle 7440 -prefMapHandle 7432 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af49a2b1-e7ea-4a77-891f-d411c05963c6} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 7760 1997d604158 tab
3⤵
PID:7640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.28.2128309449\379009379" -childID 27 -isForBrowser -prefsHandle 6868 -prefMapHandle 6860 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a347ace-0b54-461a-b78a-7ca74920dacc} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6756 19976d1b658 tab
3⤵
PID:7848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.29.1674151603\342921003" -childID 28 -isForBrowser -prefsHandle 7632 -prefMapHandle 7612 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {617bbcac-a261-4daf-953a-cff803910b0f} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6728 1997d7b0658 tab
3⤵
PID:7792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.30.1415656994\2011496930" -childID 29 -isForBrowser -prefsHandle 6280 -prefMapHandle 6268 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bba0308-8639-4305-b86d-9ff43deeb569} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6484 19964981f58 tab
3⤵
PID:8344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.31.1319174658\1823062933" -childID 30 -isForBrowser -prefsHandle 10128 -prefMapHandle 10060 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc78dde-fcda-4d8b-9407-9c9ac9a460b9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 10140 1997e0fe558 tab
3⤵
PID:8932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.32.1656434761\1673033820" -childID 31 -isForBrowser -prefsHandle 10456 -prefMapHandle 10508 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a599eda-b644-439d-8617-134d59e877e6} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 10496 1997e392c58 tab
3⤵
PID:9172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.33.250662500\1351627240" -childID 32 -isForBrowser -prefsHandle 10060 -prefMapHandle 10704 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd2dea62-3aa6-4ac1-8619-329137091750} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 10456 1997e4ed258 tab
3⤵
PID:8512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.34.1420404620\1478173563" -childID 33 -isForBrowser -prefsHandle 10928 -prefMapHandle 10924 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7b20cc1-5297-41da-9a33-c179ae259711} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 10936 1997e6e9b58 tab
3⤵
PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.35.1227516593\706240304" -childID 34 -isForBrowser -prefsHandle 10836 -prefMapHandle 10840 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e097b46a-ae43-4c52-8b6c-21a762eeaccd} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 10708 1997cf45558 tab
3⤵
PID:8924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7456

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\" -spe -an -ai#7zMap3991:116:7zEvent23691
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2032

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:9728

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:9744

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\" -spe -an -ai#7zMap8111:170:7zEvent32250
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4920

C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\Setup.exe
"C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5604

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:10088

C:\Users\Admin\AppData\Local\Temp\Auth.au3
C:\Users\Admin\AppData\Local\Temp\Auth.au3
3⤵
- Loads dropped DLL
PID:6384

C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\Setup.exe
"C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1424

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:9944

C:\Users\Admin\AppData\Local\Temp\Auth.au3
C:\Users\Admin\AppData\Local\Temp\Auth.au3
3⤵
- Loads dropped DLL
PID:6156

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
Filesize
16KB

MD5
e4e450459ed33985bd95d232684b837a

SHA1
2baf5b879d41df2eda09306cf92b5abc81445009

SHA256
4ed06e66ea7daa89b19f24f43e878fd199e441261d3e8fb594c208dc84a1a661

SHA512
f5e019b73d7196001fa070e634cccf998774fb1ed9bdf6ae649464b03d27e9ae7944c1a3c48359e0512f425d91d028cd35b655a7cf283343563ce4a6112d0814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
558c1161fc980d130430e42605517282

SHA1
6b6d7e8da9d43c901f45528915620a2b35c4675d

SHA256
3e2a85f2e472c358de1d8d034291a3cf5972bffc99daa9499467eca50a33116b

SHA512
5032b0ef8a4ee88dca7a42176fe955f783cf8ad68acf9b06c2c63907ed7089b5da4ece1ee249f3616d06139b72adf3b453e6a0b5d191030e58ba99dc07964811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f86228d3b40e83571da6f3be5aa8e3b2

SHA1
4f9d059ac5985ffa2a99f3829cc58b942ae474fc

SHA256
6b709794b4508c4918a095dc6864006dec226886a5854f24ffb31c2318fd1064

SHA512
e45fad1038c34820b59430874323c7cf9eece7565582dd6e69b917e5c5af0dcd4746a786e44ec7e94f275483b787b632f16a3f9405a8fd94aa198c20edb15af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
103b13c5d910adc9e1ac63a0a531cc62

SHA1
c335bf5d0f795e2748661fcc98e9e78a78b288b8

SHA256
e640001812eac7973bfd059ea83f7160b76ca5bd66011474bfaf94afb63abddd

SHA512
27929c5bcd86210ab5ae39794c0819bffea41c5dd5877bc5c7938eec4508829916ef4237d596cb13195f72d23cd69bb67d7863df96ae647aba99c00c99a3c149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
d2eb2abb04b84f340e002eac4192ab1d

SHA1
b62eead8765f66d4c20bd3512d7ab2b690ebd623

SHA256
b278521d3624b08dbdb5ccf7898eec550cad3b44f8d029d7808abef4e254927a

SHA512
356a00bf0b0ad7c9df28a76e7dd12e3755c68b815c7be3f970a28fe3c06f4a82214eb7aedc72dd0fce4c12fb7b7f7753402943d804391a958f01a78f88bed987

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
e0aad8a931ecc391eb88329ba76faaab

SHA1
159a39851e4e24f7784b71c29a61eb4e36f9aa8e

SHA256
919495c0ad8fdbae690e4744b8997e35ed876965a1be852d383245271b3a0eba

SHA512
5974fd05e34e4035386eff1959ab1e13343bf35d9a129b8723acb841ad71d96ed3212c37acca332a0a56dd4bc5ed278f07568d703dfe5069065dfffec07ae65d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\10685
Filesize
9KB

MD5
977607c1b416de341ce2ef5b68fcb4c5

SHA1
f6f74d900c474151faf4adb5f0e0d4c00b9f4c9c

SHA256
7251b332058b024b0797c695af80d3c27189280a7bb7150f9ee21e8c4167abd2

SHA512
49c4aa7249b7be1502e5a1026b57aad7b7017b838b1ae756b7de1c7aa99bc4e3d04d67080c229d53ca6634568f9e62a58462391476483293c83851e54ff06715

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\13954
Filesize
6KB

MD5
87883a568420d009b49160e5c0d4b969

SHA1
a962c0da77c742fa89dd71a9efd82170b779e800

SHA256
685381a08001635d8b54151b748c7759a998cfffd6f13571e7acc5c84eb737cb

SHA512
88f25b507da3d37deed170ff8e35dfb136e01ed1bc452b7c1e34567577198c7cff6d41e10dce5f427375c6a18d416e0774ff9fe5acb94bdd1d52219452c747be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\6277
Filesize
10KB

MD5
5e1c371a3b4dbff6e0ea1f9db6eb3aad

SHA1
6f980d5a9598144e8c58af05fa42894ed317a577

SHA256
86d573c1d1c1b56052a35816df3c7324c05ab94e42e4b2c4eed8b49cd59dcd8e

SHA512
fb272de2147098f6ccb25337a20c5afaa485a6b9760b9513aaf04f82306cbcfd0839f829416a57741fd2d22471805569617ab5f87268e0f11c04ce1ddd5e6c6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\8877
Filesize
13KB

MD5
6159e9c663dfebedbe3c5830740503f0

SHA1
b66bd8a80facc6445fccef140993de82f54e59be

SHA256
c57995b6472c301999c9977fff16093e0289835fdf868eff62bafa0d99ebcb6e

SHA512
4ee62a8fb8bbd6cba6f4bacb054679c793d4d95c14667b5f3bf2d334c1c370e87a3d75375f1585e0bfb1c88765c8dc435391f000fc931c392728d06b5b35b8a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\45BCB7B740362A010E1BE9F709145A6B5D8795B2
Filesize
51KB

MD5
c2789f7f9db516831478c9ee1ef5aa41

SHA1
f741fc685acd0eb69445433ed09c655340ec5205

SHA256
7a6b3342ffa4e5bbab91cdb8edf439dc6f173a94db2903620127ac16c1589765

SHA512
970baa26b883ae72bab157298fac44fc9a1f7faed4868d2ac9c30d629ecc8ea7d52e17352edbecce6bf37399fa6d8b2aa952b0cf553fe023b009692fb07d4fed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\5ED438B0A36BF37D7ED3284C3EE40A912B44EC57
Filesize
137KB

MD5
0f2b01a568135439d63f0938f3e3d955

SHA1
d01f0ee2b52e0a6a1c2cf919221e5bd6bb6ab3cb

SHA256
30ff64d9d59db53f9d42dc2d61db96301dc1cd50e7977b0e369517a9125b780e

SHA512
a17b238d5021be54e1ff6167b049aabb527a84c970b606f0d57ab87536dd1e09e7252733f21b3406afbf6abfe7442d9b286fe70a03a01b845b6abb7cabca97b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\4178e497
Filesize
1.9MB

MD5
0bb4d1ebab07a8a4188a46291f9733a4

SHA1
4f82580eb7d658b2e235e31b0f432f637a5b5671

SHA256
def11d713b7ca86b24dfb73e7b1f708cab07b3fb97904d3201ea48dfda979a38

SHA512
247b2598720645e16027bd8dc578e78399bfab5517a3be87d5feb510d5c9a2979c29bbb21916e16dfa57cf6c8c99dfea164d659858bb74f3a927985f881b39c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\9dc43688
Filesize
1.9MB

MD5
1dafff544b378c15ffec57c205e6e57f

SHA1
8a0da2ac5d01bc398903be7368ff818a9576913b

SHA256
399668b1a886578f4698cdd5483cedc05408f4124e5752045c3a44cdb788faff

SHA512
d0261607e659d9f1045f43e45a7a866b048020ba476f4ffd9f4ed6946d03be22715bebb952fc26b9d498c44fa24d3f656353d68f66e2c65b833463b94076010e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Auth.au3
Filesize
872KB

MD5
c56b5f0201a3b3de53e561fe76912bfd

SHA1
2a4062e10a5de813f5688221dbeb3f3ff33eb417

SHA256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

SHA512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
Filesize
7KB

MD5
eff45f8e582db374865c50b41294d1c6

SHA1
0a13306b3690217cd6b340cb2ebfa85c43b303e8

SHA256
ed2a825b6a9a14225e0b8525448961a46c894133bacfe7680595b0aaaee40095

SHA512
aa2790102904c4db3cadd62ae8bbd909b6c3eef2cd7a15715f9a2f4c932867360ef8e1d2b5985e070c0a6ce9e39c5d8cf494beb6a2b98cf223ac0336e76a7412

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
Filesize
7KB

MD5
0eaf807a51526f9b640e67e2c4c3e220

SHA1
678391be202d5de04b9c1c5a34de06d1709f2434

SHA256
c442f70200acfcf2766dfc3e56e731bc673b26288338877fa8599a68ae8a95c0

SHA512
3a8cdccd074aebd713c99c6a56343d7ecc73f03904d80a1139f8612f2d8db4c5391298f5e1dc8c549391af43aa3e90982f6fb49c599f9e697b890fbe7d5fed13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
d705c423749aa6d70f9322dfbabb4b45

SHA1
d430d7a545a78fd6556c389d500c00550cb4f4b5

SHA256
f7f3609cc6db1e779fb5ad846a341970e67f0cea83ae5983cc702435f2bb6eae

SHA512
82cd82fc96277e478f8eb6aa177622aad476c9e575b44cf6ef3c6d5f67c59a87e4f4cbc7d6786cc87a65dac2fcf2e234fbc9a78f76ddade7140e04b9594fa8d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
0df86f5588656c6d1d4419f3ef127512

SHA1
e6f9f18c4c21450bfd5a56f87240375312091db5

SHA256
2634d7b5ec62634cb152ff26a15643986e75c0c1d8921bf60fda7956746f60ff

SHA512
9ff3901e7cc46f0085b1664207834c3ad19c04586b14397b2676a69b30d23c58afe37c9444bcbea1161a7e855d20e47780685e2c70d43544eec1ad58a5cb4fcc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
103c5b6d2b21581f43a4711f7a8638e7

SHA1
d8a1cf325741cbd06419c05fa485ce9076ff9717

SHA256
9da873608f89d3a5593a6d7b997e07c384f4d2678d8f796ec75f2df158b1b5ae

SHA512
371a6143498bc71e012d1b2a9ebfa186dca773efeedb541235fe93d996578d4d54f2dd7e22a080af769c2613584a121ece16605c0c115d05f0eabf1f0219ae49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++mega.nz\cache\morgue\235\{f861bfa1-bcc5-4a6a-adf8-91f98817baeb}.final
Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite
Filesize
48KB

MD5
1523315a94b4fbebf16d6c3ccf841171

SHA1
35eb9fa5b491be7d0545057b868f40ec0f59f076

SHA256
d41acedc3d1cf9632f1bb142ba24824a246ed505b9f3f0fbdfd10ca0c17669e3

SHA512
071bba0d4c125980d325558ea948f6578807ea8fb78bfeba3e7b971f43482b6fdd138701b9591e8fc356b020bc3f1c4aa3bdf86fed3bd09ccf1abaca39ca2144

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
b68917da408fab7e3e80a007393234a1

SHA1
31b181215fb025eee1496e818226bdcac7c6542f

SHA256
9ce2683acac89747fa5e21753d1f505d2610d2b40d49bc2d473a6bddbb893d6b

SHA512
a23c166b6835ee99d8c68f53b97d70be835c62f52bfcb7d219bc6a9f1e08cecd54a4aeda428c54c4c2d2360e0e31129abb3e3d1a907c1e7886ce472567676336

Download Submit
C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!.zX7ur-WN.zip.part
Filesize
33.5MB

MD5
ebb1090f5759dfeef724ecfe2b44c9b8

SHA1
da8d2409d682a2e226da6df70e157e6a6411a8c7

SHA256
8e3433650e736152a46453e9c05e9179208525dc9bd331b00ae84c32c0d54c04

SHA512
e7d0eb78fdcb40d7fedd291c490fc0b188eddda656905bc87c094ed21d934544e03fe6377d6a835f773a0925f060b7d00d42867996ec790d30fe50743936d192

Download Submit
C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!.rar
Filesize
33.4MB

MD5
6be28ea65af585a7314cafd75f5995b3

SHA1
06b2781bb23967e6573ebd945ba736fd2cc39750

SHA256
a7a7019e32ca161580f2ad19cffd2f710d0a4ef746f35c2f05d01fa95df38907

SHA512
aab86ff5dd0780bebfe5724c049b2513cdf6708ac9cfc36ff6910abbe57f5789a2e4c5d9892e295358730a3ef2154b392d5d56458b402140ae632e270462784f

Download Submit
C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\Setup.exe
Filesize
12.0MB

MD5
a7118dffeac3772076f1a39a364d608d

SHA1
6b984d9446f23579e154ec47437b9cf820fd6b67

SHA256
f1973746ac0a703b23526f68c639436f0b26b0bc71c4f5adf36dc5f6e8a7f4d0

SHA512
f547c13b78acda9ca0523f0f8cd966c906f70a23a266ac86156dc7e17e6349e5f506366787e7a7823e2b07b0d614c9bd08e34ca5cc4f48799b0fe36ac836e890

Download Submit
C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\shot.ppt
Filesize
60KB

MD5
ee5d117d0bbe7c15670eb949b9e504fd

SHA1
6d8819be91e55f7db8aa879a8032711daa672088

SHA256
1a41370ffc46b1fe77ffe1a41093a07bb2ac476bd95f11842381452b16924a93

SHA512
a3489e04d54026fe8c507500dabbed561f925bb2f4190d8bac2d24fd44162dcb8e521a230936a05d3edf419cad804e4d93eb722fcc19f86a38c88db4441b73bc

Download Submit
C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\silex.zip
Filesize
1.3MB

MD5
8e501dcd5982b0344a1a5d3886cb7648

SHA1
5818208967e84532d2e722d99786b87a3ea312e1

SHA256
cb2e3ad334a77aca231267a7dbe52bd7c386cf1a533877cc8ca36d865a20e5ee

SHA512
e43d6e10cf1ca0ac30aea2daf6542785724f977f87810765e7c1d42318e369db69f3b0aa82a51faa016f3ff59f73dc1c8b14c57229ece5037c59e6976ce399aa

Download Submit
C:\Users\Admin\Downloads\#!!!SetUp_22334_Pas$W0rd$$!\!!#SetUp_22334_Pa$sW0rd$$!\tak_deco_lib.dll
Filesize
315KB

MD5
dc660f2d7d172e78228fec93a033684f

SHA1
9eb25082acbcc45f11c4ed8c679782d960273af8

SHA256
dd9a50e3ada5f7c0a9fad1e380e9a49b1fb50bf7fb55611349c1a86e0797e3c6

SHA512
3ca485763022b437a89902425e09f539878d1cf5d7dec8af5a400bd5f852c1ee7b5cc7d938838317d3a2c2694539d0dfcd015a428b8ad2e0dec54d1d9ab93ef4

Download Submit
\??\pipe\LOCAL\crashpad_4868_VGXJUKRSGIMHOKSZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1424-1266-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1424-1264-0x00007FF999550000-0x00007FF9996C2000-memory.dmp

Filesize
1.4MB

Download
memory/1424-1254-0x00007FF999550000-0x00007FF9996C2000-memory.dmp

Filesize
1.4MB

Download
memory/5604-1241-0x0000000000920000-0x000000000097E000-memory.dmp

Filesize
376KB

Download
memory/5604-1239-0x00007FF9916C0000-0x00007FF991832000-memory.dmp

Filesize
1.4MB

Download
memory/5604-1235-0x00007FF9916C0000-0x00007FF991832000-memory.dmp

Filesize
1.4MB

Download
memory/5604-1232-0x0000000000920000-0x000000000097E000-memory.dmp

Filesize
376KB

Download
memory/9728-1101-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1111-0x00000132B88E0000-0x00000132B88E1000-memory.dmp

Filesize
4KB

Download
memory/9728-1134-0x00000132B8A20000-0x00000132B8A21000-memory.dmp

Filesize
4KB

Download
memory/9728-1135-0x00000132B8A20000-0x00000132B8A21000-memory.dmp

Filesize
4KB

Download
memory/9728-1136-0x00000132B8B30000-0x00000132B8B31000-memory.dmp

Filesize
4KB

Download
memory/9728-1103-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1102-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1105-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1100-0x00000132B8C90000-0x00000132B8C91000-memory.dmp

Filesize
4KB

Download
memory/9728-1104-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1120-0x00000132B8810000-0x00000132B8811000-memory.dmp

Filesize
4KB

Download
memory/9728-1117-0x00000132B88D0000-0x00000132B88D1000-memory.dmp

Filesize
4KB

Download
memory/9728-1114-0x00000132B88E0000-0x00000132B88E1000-memory.dmp

Filesize
4KB

Download
memory/9728-1132-0x00000132B8A10000-0x00000132B8A11000-memory.dmp

Filesize
4KB

Download
memory/9728-1112-0x00000132B88D0000-0x00000132B88D1000-memory.dmp

Filesize
4KB

Download
memory/9728-1110-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1068-0x00000132B05A0000-0x00000132B05B0000-memory.dmp

Filesize
64KB

Download
memory/9728-1106-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1109-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1084-0x00000132B06A0000-0x00000132B06B0000-memory.dmp

Filesize
64KB

Download
memory/9728-1108-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9728-1107-0x00000132B8CC0000-0x00000132B8CC1000-memory.dmp

Filesize
4KB

Download
memory/9944-1269-0x00007FF9B8AD0000-0x00007FF9B8CC5000-memory.dmp

Filesize
2.0MB

Download
memory/10088-1262-0x0000000075020000-0x000000007519B000-memory.dmp

Filesize
1.5MB

Download
memory/10088-1243-0x00007FF9B8AD0000-0x00007FF9B8CC5000-memory.dmp

Filesize
2.0MB

Download