2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector (4).exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3192 3456 WerFault.exe HorionInjector (4).exe

pid	pid_target	process	target process
3192	3456	WerFault.exe	HorionInjector (4).exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 21 IoCs

Processes:

explorer.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

explorer.exevlc.exe

pid process

3680 explorer.exe
4848 vlc.exe

pid	process
3680	explorer.exe
4848	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

HorionInjector (4).exe

pid	process
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe
3456	HorionInjector (4).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

4848 vlc.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

HorionInjector (4).exefirefox.exe

description pid process

Token: SeDebugPrivilege 3456 HorionInjector (4).exe
Token: SeDebugPrivilege 1760 firefox.exe
Token: SeDebugPrivilege 1760 firefox.exe

description	pid	process
Token: SeDebugPrivilege	3456	HorionInjector (4).exe
Token: SeDebugPrivilege	1760	firefox.exe
Token: SeDebugPrivilege	1760	firefox.exe

Suspicious use of FindShellTrayWindow 15 IoCs

Processes:

HorionInjector (4).exevlc.exefirefox.exe

pid	process
3456	HorionInjector (4).exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

vlc.exefirefox.exe

pid	process
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
4848	vlc.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

explorer.exevlc.exefirefox.exe

pid process

3680 explorer.exe
3680 explorer.exe
4848 vlc.exe
1760 firefox.exe

pid	process
3680	explorer.exe
3680	explorer.exe
4848	vlc.exe
1760	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

HorionInjector (4).exefirefox.exefirefox.exe

description	pid	process	target process
PID 3456 wrote to memory of 5060	3456	HorionInjector (4).exe	explorer.exe
PID 3456 wrote to memory of 5060	3456	HorionInjector (4).exe	explorer.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1492 wrote to memory of 1760	1492	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3952	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3952	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 3648	1760	firefox.exe	firefox.exe
PID 1760 wrote to memory of 452	1760	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HorionInjector (4).exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector (4).exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3456

C:\Windows\explorer.exe
explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
2⤵
PID:5060

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3456 -s 2764
2⤵
- Program crash
PID:3192

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3680

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 360 -p 3456 -ip 3456
1⤵
PID:2480

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UseRestore.ADTS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.0.1904216295\666113332" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0b010f-b3e7-45c5-9756-1a5efec96f72} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 1916 203b401aa58 gpu
3⤵
PID:3952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.1.1678036003\1294799716" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e73126-169d-46ee-abff-a89bb0d6d304} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 2316 203a6072e58 socket
3⤵
PID:3648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.2.1021910183\693207315" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2972 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ddd7f1-16e5-4d9e-b5d9-cb8d55101972} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 2936 203b6d06758 tab
3⤵
PID:452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.3.1471504310\1555314058" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3508 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7da440b9-6b67-4c22-bc02-84673ded9fb2} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 3516 203b4004758 tab
3⤵
PID:4604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.4.1098259970\2058009671" -childID 3 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a2c892-38c5-4126-bb37-54738cb32cf5} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 4004 203a6062258 tab
3⤵
PID:4524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.5.2083145973\1101872596" -childID 4 -isForBrowser -prefsHandle 4844 -prefMapHandle 4804 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31dc8ad1-817b-42f1-bb44-22d67bcc0482} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 4924 203b8e7be58 tab
3⤵
PID:392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.7.58620266\127581288" -childID 6 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e8496c5-218c-4182-ae2d-8dbaad505857} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5216 203b94d0958 tab
3⤵
PID:4824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.6.1959763876\1808414379" -childID 5 -isForBrowser -prefsHandle 4316 -prefMapHandle 5060 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb6f2b08-0f09-4c66-ad98-88c3ab9e5d96} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5100 203b9219958 tab
3⤵
PID:1320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.8.1583672455\1634658603" -childID 7 -isForBrowser -prefsHandle 5800 -prefMapHandle 5804 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07ae245b-0d84-4147-a525-895a6971e75a} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5820 203bb71c658 tab
3⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.9.1285590673\536278320" -childID 8 -isForBrowser -prefsHandle 3580 -prefMapHandle 3572 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06d60f9-6504-4aff-aa03-2cee245c01ec} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 3568 203b6bf0458 tab
3⤵
PID:5584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.10.804282086\500529111" -parentBuildID 20221007134813 -prefsHandle 3592 -prefMapHandle 3612 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9095e90-11c3-43bd-8ccf-55f1e06dae2e} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 6140 203b6bf2558 rdd
3⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.11.64554031\2017611597" -childID 9 -isForBrowser -prefsHandle 4836 -prefMapHandle 5416 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d4f7adf-b906-4e1e-be45-e5653e8227fc} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 6304 203ba4b0858 tab
3⤵
PID:6052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.12.221094773\516921510" -childID 10 -isForBrowser -prefsHandle 5400 -prefMapHandle 5420 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5764c7a-d64f-48e2-a0d7-c3dc34bb31b8} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5404 203ba4af058 tab
3⤵
PID:6060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.13.66350407\2101926058" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2876 -prefMapHandle 2940 -prefsLen 26930 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e52357fc-ee11-4f33-b027-b6ab9475a83f} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 4792 203a606ab58 utility
3⤵
PID:5292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.14.833673550\1161776538" -childID 11 -isForBrowser -prefsHandle 6464 -prefMapHandle 6244 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa7030a-b6f8-424a-83c3-d57736527944} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 3600 203b8e79158 tab
3⤵
PID:3444

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
151KB

MD5
33e6140b7a5fdb5cee76a223462e485c

SHA1
c917f4ceba3772abc81514e8dc1da88894743d0a

SHA256
b24f05996b7d17dbd64c5805c0ec68f20d147383064a241ec634510bec978f11

SHA512
b3727c35db39af46d76788f732eeca10dfb6da7f27826d1350e1d5a839b8b6a72d50a943f118d819713ec17bb10ce4eb328bde618b9e17136bbe5d7430ef84e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10924
Filesize
14KB

MD5
f8dddf853bfedb5a41b71ed2efb6d192

SHA1
2cc48e04d15f8cc674a5caf070e111defb5eb78d

SHA256
d34007da0a9dd003af940f143e9f30a574059be445b49fb35986d3070899d19a

SHA512
2395781290b1c6fbd67283c420db598c5773ef3a8403e7382c83c4f0e88797c6e2b257cd3146e21260e7f6151adf782402d1d24638389943d865c5ba06d26fe5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\3671
Filesize
15KB

MD5
d6ce8d536c27c52238d8c04f43b0a362

SHA1
f8f3769f7718adf2096823f87299545d8aa2695d

SHA256
d88eb260883d941cead5a36f9deb03eebb8ef04e94c004eb477dccf324fa9049

SHA512
9162a0f073f19c9072acca215312ce1774cdd797c311ed1b451d19b7028f185738663a9b4d824c0b3c55ac3c0900ffd9a75afc5867b114f1ee069e62b4857e0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052
Filesize
14KB

MD5
f42fc2641c295531f5302c69bb027944

SHA1
266627dc5b49d284bbfb7180fc6fed4c25ebf8d7

SHA256
799a72d8124c758a121eec3376576c5a519f243e61acb3e5614c86b10e5258f4

SHA512
28e0c5d64493af1c0480963445c53868d6bfd684369b1d810aa7aac8d1af9e912f156022142c925db16699034a7bda5a4e08833bf72004ad6327480476a6017d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
cfb81730a0bc9a7a8b2178d9e355b0e5

SHA1
c511bc7c43bd8280736f62bf0dcbcf5ff319e0cd

SHA256
4ed16e02e60e93fc275d6be6d04f173b1285f9f54f8bcd2072019120e0f859e5

SHA512
72b9d41808219ed6c82ff228fecc85a4410109ab4d8f23be40ff90c2cabcdeb1aa21f2db04bb7fad062d18b2995308ad153720af1ed3d02a1856ab0857aa288b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
e4d34404d475ada66bf0acd669d75591

SHA1
1ad20e1e149c44100c7c735c531cf5522ffd184a

SHA256
d5fdf81cc7ab75315456b51fecae1bc86cac5b3a79cf30b4594b94a71f6840fd

SHA512
4023d3ad3cba3e9c529a92911a314d853bed49c9b956acb76b89987df78b14ad971512972a7a407ffa0e1de626904810d1a4a9a938c4727827793a8afb462c9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
13724d455af31c90599adc67cd064a88

SHA1
6b082ada54079da170a06adc23c5c2075a344218

SHA256
9668611dbb64115dc2010677cef7f88755cae3171a8bbc45b9a5084ea3a1f05a

SHA512
2594e3606079d1fd854a99a2b150c5c584f8fc4c54ab68788baeda52f756b13e41ad9d770cfeedd3b01d48bcb63f0ba2355a602af3dbb94ccb10367dfd514666

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
030cab89549a60c652dcd66a3bed7ceb

SHA1
b1cbb05edcbe1b9388c32b6deec70815abe5f8bd

SHA256
8ed620ced11fc53824d6260c533ab1d949819fa43a68b0aa800d43074f9755af

SHA512
079cc6c4852f22a72c7de689787063734d43d127e1bb99e2616933ff2a4d492bfc2c7e0b603d66be01691c0623e108e3a7d72afce4c24a4ea902332789676c59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
8KB

MD5
b2674d106bb9ddb3fb9331164fd0d709

SHA1
8d7cccba73a92ca4ece1f34611e0d7b67dddcc09

SHA256
b6c873ce1e31ff094e3f1d9182a9bca306601775292b615f6d0fd6410ff0234c

SHA512
eab49413223b103d271a009ed9bad3899d4cff13be774ba16171d15ee100287d3102f443dba332ed91b83f62e43d8b9ebe94d4eee4a9a6a9f3a939dbbf7de8f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
10KB

MD5
39d4d883d846a63498c8603434d268e9

SHA1
75d3bbdb6f7d783e3eacb08b4210c1fe91a1eaf3

SHA256
368f1dd96615d7f752e7337959ad3c145fc0f78fb3457fb80f05658c5d5b9c49

SHA512
900ded50a4f8b2129a8acbc25ff3378ac707981b416dcac9296df52ba689b5c57f34bee98ce53768b742bdd1b10555bbfa74c0a8b384362cad838eeb69ccb40a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
4fb84b707d1a6f3421bfbbdee83539e9

SHA1
d4ed32850b723f100d81e699b1b88fde42cb8e00

SHA256
ed62e916762bba9c5d7e6f31f02d5b6c4b7778fae5579549a256b6eb1ae30c2d

SHA512
09ddfc7ddc11ee2aaf95c4f00b54b859f2046b842245d718178b0ed666992c1f456c2abc40591c1e21f53228faae4696759b30f7d7a9f7a6b76f53e3de7ef099

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
3881c6634cd4febf14a9dfca738be5fd

SHA1
e58b2c75307317479946be5edabfb665a6da0156

SHA256
9b868312022a04ed70939a6b8107d12a73268026882cb2d3d73840f3aa19f53a

SHA512
4d90a18493af8aeecb1cb6af8815381606bd53e56d8c951cf3d0de9a68ccf53087135c35d1c9c142a8b1783f02b75182131a3b1c332d67d547b7b1b8444a2915

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.youtube.com\cache\morgue\157\{60e7eaa4-192f-4810-b523-286f0cbc639d}.final
Filesize
3KB

MD5
989f537e860dfd55c105c3c6d368f349

SHA1
cd7ce9d3a4315a760547ddec7ffc2d5c0bc68a2b

SHA256
6eb4bfede9db18dbbd7e91423543670aad5af3d3c51054936bf02ec7878d41ea

SHA512
959974e6b2b5a6b0cc150ce2345ea796d93f2893c45fa6442c3dafb58cc76c24791196588f8c133fe91ddfafea487cd07c856bd40d09d8181c791cdbe7352742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite
Filesize
48KB

MD5
c56f4809f40209eb2693435e3bfb4645

SHA1
917ab3df2e3a762f03409b4a88046c575c27da76

SHA256
2c8858fb8ed0fb220942a3934f5c1a55b6b456893d57a7075867ffed6d43064e

SHA512
2e11be70b8a373db9d2f747c6c0949cf2e1c18f5827c7bdeaf58ca7dd52ac7f4336802a44fdc20822f915a93caa96b80d7c91cbb589a47c9b762fa12cf11e2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
Filesize
8KB

MD5
fbbb57b5f260a5f05c61fda53c051205

SHA1
7546bad6ab8508f9e4a4313f77d07ac79eb0a14b

SHA256
e53c5c83072f37b9d8459bc50d96fdab9359ea9343beb71c1fc722848a3955bd

SHA512
1797c9ef4746b54fe899066fc0a5bc5946e8f368b9eda9a672a15c393ac29aded8eff976d315a09b4594b8db9a30c4811d5c5730c5f81692edbebbde37a40c27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
1.5MB

MD5
834f3cf8663e7ed7670bf3ff5d2f44cb

SHA1
5d44c8e7f6fbce881dfa8b4afecada52dcd20358

SHA256
a9ace3d3ad1f6778e1ccba5d3ee059c63550dccddcca1444f403891405f6ab4f

SHA512
b2fb5f8060f2703076452d5a5b25f8e3bb78a5cf80a6a1c5875b6446f1c95a6eb56dfac445360a3a36e62d4c2b57374fc6855e5334030c6495a4f29f07df85d8

Download Submit
memory/3456-149-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-137-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-134-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-135-0x00000108725E0000-0x000001087269A000-memory.dmp

Filesize
744KB

Download
memory/3456-133-0x000001086ECF0000-0x000001086ED18000-memory.dmp

Filesize
160KB

Download
memory/3456-136-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-147-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-148-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-146-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-141-0x00000108725D0000-0x00000108725E0000-memory.dmp

Filesize
64KB

Download
memory/3456-140-0x0000010876720000-0x000001087672E000-memory.dmp

Filesize
56KB

Download
memory/3456-139-0x0000010876760000-0x0000010876798000-memory.dmp

Filesize
224KB

Download
memory/3456-138-0x0000010876230000-0x0000010876238000-memory.dmp

Filesize
32KB

Download
memory/4848-169-0x00007FF8C0BE0000-0x00007FF8C0E94000-memory.dmp

Filesize
2.7MB

Download
memory/4848-171-0x00007FF8BE4A0000-0x00007FF8BE5B2000-memory.dmp

Filesize
1.1MB

Download
memory/4848-167-0x00007FF77D3F0000-0x00007FF77D4E8000-memory.dmp

Filesize
992KB

Download
memory/4848-170-0x00007FF8BF0B0000-0x00007FF8C015B000-memory.dmp

Filesize
16.7MB

Download
memory/4848-168-0x00007FF8C1930000-0x00007FF8C1964000-memory.dmp

Filesize
208KB

Download