6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542

Resubmissions

22-11-2023 01:08

231122-bhe16she43 8

22-11-2023 00:55

22-11-2023 00:52

22-11-2023 00:44

22-11-2023 00:22

Analysis

max time kernel
1757s
max time network
1169s
platform
windows10-2004_x64
resource
win10v2004-20231025-es
resource tags

arch:x64arch:x86image:win10v2004-20231025-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-11-2023 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.1.2.5.exe
Size

1.6MB
MD5

a3eaae6bb7e01e8059f1276ccb7f6c62
SHA1

801b7bb06be83f057fcf7d84c119e0ccb6310386
SHA256

6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542
SHA512

57a21164ca396e36c55d39e553647567399fb9e10b7f08d93c691df714aea1b1959b8c230761445b8e39ce81eb8c65a4d34b968d73f7e649e903d5245320d5f8
SSDEEP

49152:HIBc3nWdsIp8gClzw4Kz/q4BkkKlWThSorx:oB/Eq44TBTKEUor

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2824	SKlauncher-3.1.2.5.exe
5584	SKlauncher-3.1.2.5.exe

Loads dropped DLL 3 IoCs

pid	Process
4396	SKlauncher-3.1.2.5.exe
2824	SKlauncher-3.1.2.5.exe
5584	SKlauncher-3.1.2.5.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2284	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 36 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files\java\jre-1.8\bin\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\jvm.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	SKlauncher-3.1.2.5.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeManageVolumePrivilege	5932	svchost.exe
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeDebugPrivilege	4156	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4396	SKlauncher-3.1.2.5.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
2824	SKlauncher-3.1.2.5.exe
2824	SKlauncher-3.1.2.5.exe
5584	SKlauncher-3.1.2.5.exe
5584	SKlauncher-3.1.2.5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 3348	4396	SKlauncher-3.1.2.5.exe	86
PID 4396 wrote to memory of 3348	4396	SKlauncher-3.1.2.5.exe	86
PID 3348 wrote to memory of 2284	3348	java.exe	88
PID 3348 wrote to memory of 2284	3348	java.exe	88
PID 4396 wrote to memory of 340	4396	SKlauncher-3.1.2.5.exe	90
PID 4396 wrote to memory of 340	4396	SKlauncher-3.1.2.5.exe	90
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 3972 wrote to memory of 4156	3972	firefox.exe	121
PID 4156 wrote to memory of 4320	4156	firefox.exe	122
PID 4156 wrote to memory of 4320	4156	firefox.exe	122
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123
PID 4156 wrote to memory of 5104	4156	firefox.exe	123

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.1.2.5.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.1.2.5.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4396
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3348
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:2284
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.0.407068454\2033820338" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fec38c0-63d8-41b3-86da-262abc34d444} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2004 2998b5d1358 gpu
    3⤵
    PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.1.1192782384\1798863627" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de763549-8726-4a55-8f00-7aa22fb51ed1} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2408 2998b0e6558 socket
    3⤵
    - Checks processor information in registry
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.2.1761314195\1419377719" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3068 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9633952-ea64-49d4-9c78-578b941660ac} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3268 2998f2ac258 tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.3.315537912\1921908093" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63fb8abc-483c-49f3-a5ec-b2e0420b8c4b} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3592 2998dc08858 tab
    3⤵
    PID:5448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.4.1650422047\387623640" -childID 3 -isForBrowser -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4727884d-6226-4774-a3e9-91d843ac9845} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4680 2999116b958 tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.5.1636374778\714990340" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5100 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ec228c0-8b1f-408d-8852-2a4057069524} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5124 2999178bc58 tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.7.58689176\667209658" -childID 6 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d90be8a-88f7-4ec2-9a7a-7e9d80b83713} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5444 2999178b958 tab
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.6.910110502\868695932" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {988b9949-ffec-4775-be8b-d168d910ba82} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5256 2999178bf58 tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.8.711879843\1012688965" -childID 7 -isForBrowser -prefsHandle 4112 -prefMapHandle 4628 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f347a15-c2b7-40cb-8c5c-73acd6b949c5} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4124 29992bfb358 tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.9.1649872058\1562809591" -parentBuildID 20221007134813 -prefsHandle 6060 -prefMapHandle 6124 -prefsLen 27153 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3912f7a-8a69-4def-bec0-cbff5b4384f8} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 6156 29992b41f58 rdd
    3⤵
    PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.10.2006300856\1482288776" -childID 8 -isForBrowser -prefsHandle 6364 -prefMapHandle 6368 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b070e06-0ffd-44af-ae88-4eb11e328352} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5992 29992b40458 tab
    3⤵
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.12.789415506\565387899" -childID 10 -isForBrowser -prefsHandle 6496 -prefMapHandle 5544 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0034afaf-7a78-4385-b044-23aefa28c32a} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5416 299920e3c58 tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.11.81183847\789546669" -childID 9 -isForBrowser -prefsHandle 4124 -prefMapHandle 5248 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de5d382-52bc-4601-b7b6-5a7c1e52e30c} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5664 299920e2158 tab
    3⤵
    PID:764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.13.389692317\1451703832" -childID 11 -isForBrowser -prefsHandle 6332 -prefMapHandle 6536 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af420265-1d79-4335-a8dd-30a9257c52e0} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 6404 2999208f658 tab
    3⤵
    PID:184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.14.1310123586\5338385" -childID 12 -isForBrowser -prefsHandle 10268 -prefMapHandle 10228 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d1074f8-b609-4add-a72a-9873b7134196} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 6456 299920e2458 tab
    3⤵
    PID:4856
- - C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe
    "C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:2824

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5872

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6132

C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe
"C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9a1223872243c3614fe287712768f706

SHA1
b4705539ccc6ab893f9f30abd57c782f02c988c3

SHA256
23336a8cb0cd961a61207de04178e94068ed075c3452502e1f2a3b8d5dd6b128

SHA512
fafc156536ad6bd4b074fb8218d70b074e34a47c5e14b0b7fa01a96fc264f40c0056accd38bb009ebefec1eb722393ba41850fdd8fd835e3ab8a89c6e86e2c22

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
abfc542a8a9c6f1df5ae184366bb048a

SHA1
fa3efa3d6a052945ef9729ba5e2f16f99b19027f

SHA256
7debc002957833c8dcf3892f15ab8741b195aa206899539b5a903902f166e03d

SHA512
622a2017dda055e7bd9478e71fcec13a790723e7a901f0eb2109c42ad05f60857c3a796cba7ebe09a934a1a2d5921cf14d4eadc17eaa9a233d3946f495027d4e

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
2e4f7958e4893322e542bf5c9712265d

SHA1
1f923af3a9f51d45fe0a871fdf1594bb24561d2b

SHA256
7a6599dc20427b2c9de334b30815df6b6667216dff621462d61d2642a8ed172d

SHA512
8c4e7fbc0d61e11adba4064ba00284662b59ab5a07752be10405cff5c38a9c5a83cb31e15ee735e5dc76b4679c68dbce427e6328c5b6f56835d441fb1d242c8f

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
f3276892ed4d1824aee060505e64dc22

SHA1
049473745541ac33352be82087ebe989a14e1d57

SHA256
6cd914658bd1d914dd98625a9ccb8f2775832c9b94ead336d5d228eca6f1b214

SHA512
62c462f41c920ef9f008759bc071abc65aae43b55e3105f8d1f981234e82398b25da4cab420d87427db2ba92154554b2ac37cfaba60b2dc87df4bcf16d91ac0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ppqxj052.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
54260daf29e59aa1e380e55a4e67549d

SHA1
15ca56f92228559d86ff3510f48600e235bb4423

SHA256
81937274488db5f54a082f78e0ee17c6e2ebbdb2f94ee662712f42fd9a55469f

SHA512
622ccbd656ec06d44b265b18dce68e70f85d2943cc1970657479a2a2de983bc1f4dfe22bac603e09fb6f1c2bf71ab0fcf71f98e9a32020e1a6701dd18025d3e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ppqxj052.default-release\cache2\doomed\30885

Filesize
1.6MB

MD5
424949e32ec06ac1bde58de4ac3d3d43

SHA1
5947ba71de9764626e424f67936967fa4a74423d

SHA256
8781148feb000498a39849b3d277435734d71749aab699e548529f5184aa45e4

SHA512
a9733230520490a22e226a487926ad560b9f3ffbd14274dffc4816b17459f4ddd889b3ff585582398c89e3dbdcd07e16679bc788c8ca55f7d845cb8471634d3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j220D.tmp_dir1700614349\exe4jlib.jar

Filesize
62KB

MD5
bd8451491a92b1aa5fe6d44bc9f3e1c6

SHA1
fe210263b4bdaa3719b00994e665839c8987094e

SHA256
8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41

SHA512
3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4jC332.tmp_dir1700614128\SKlauncher-3.1.2.jar

Filesize
1.1MB

MD5
e98a84b4bcc5e9b2b76e985c6688cad5

SHA1
aacd58af2346cd4e0ad1f1a04bd8d925bc4aee7d

SHA256
627b807380dab8455cd04ba07cdb5a70a7c6f5d510c64296456f41588b60201a

SHA512
704290691f301e61e381c3b6a3d5c2d9bdcc638389f225092437c2f88e86fe49eda27d7de3f2d770c036a37f8adf13d492a5ed24b704d75ec2b1b8e8fdb01d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4952832583000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4952832583000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-6916347515000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-6916347515000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-6916347515000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-9164034418000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio263512207090168866.tmp

Filesize
12KB

MD5
8ee50698797304540fc85117d67fe39a

SHA1
2762547e578d3d4ca469b30a94c7535e57c5c72e

SHA256
90f1e2bcc7b6c2e9b5acbf3211ecb0b58f9e36b4f3db56acfc07f2a3577b644a

SHA512
d0497ee7a43d35c06ea7c8052311f0c4c9d25b17329f93ba67344871d7441a77dcc381a2474656f8ef4a0f1b5bdebc906c6ec46713d04dc9ca82aa470c8a4a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5757800847319004108.tmp

Filesize
1KB

MD5
4bc22d05b225a34a3ddb4f17d2469b77

SHA1
11a7a273129b3deb9cd2c77ef1834b5643469d3d

SHA256
face76c9c4fad9476a1d80483d41772c805808a1383012b1c22065e30d32ede6

SHA512
e00b03ba7550af9676c56c1ae39c00ccbae42a06011b37e3faec174ee1eda3dd16a223194824ba3f11e7d8bea78e74991af31b51a9066c3941864e13c91c45df

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\sklauncher.vmoptions

Filesize
82B

MD5
616097195b6350dd5271aa6f30cc167a

SHA1
5e2e2d48a513ff1c4b9612e16c954e060c34831b

SHA256
c0ad6503240446061d7da9181b625f149574430135e0d6ab32fb61f176c831fe

SHA512
de5646740c390dcdaa94b020163f532978c11eb2d6896ff4c06197c0354e50d610926d40ff97d9a56e24b4e122d94f430efc76cf2539a989b9885d527c7654bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-177160434-2093019976-369403398-1000\83aa4cc77f591dfc2374580bbd95f6ba_45753ec7-8c20-4498-b293-a230d6c42ef7

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs-1.js

Filesize
7KB

MD5
3fb84bdd7bb9b1656d9e40cdb69f2e72

SHA1
b876b2b7adbb86ea32f5338c0cc7f0ef5b82c806

SHA256
abb0a51099911b98f502eb9d8996030bc18ef71d3ec59a6d27eb51e1a00535b1

SHA512
4c5411f402c0bd3d501b0f0144ff478e6377328532830198c225209006a20cda6df9cc3925d3852b44d8f3351f3dc016027309cc982cdd63446eb86148140fcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs-1.js

Filesize
6KB

MD5
2f48ddf27b9494ef949ef748a6d50cb6

SHA1
785141a5733dd1cc7acebb1a02226761485c3ec1

SHA256
71da9c60387e3143a09cb31b81ad7a18a8136d101712572299baf34d204990d3

SHA512
e7fa11ba6a18be4a8730d7649985f23b4564559958ac1775a424a245a7df0f7d873e7dc5ad2383098c724b5bc4e47ebc90ffead0490b8838018776856913563c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs-1.js

Filesize
7KB

MD5
39b66a398d570b070288fd412b192a47

SHA1
0ee83ad5dcf2faf11007e37de180452405842ce4

SHA256
cc63759cc673cf4be71c1c300228202f543b099eb3efbf458ca9a61cee6f4022

SHA512
73464740d706c30deea787b032de56b8dfe2668a7474f4f93ceee70198fb6c45d648cae01874cc2131271d85d749e7e2db6e547a3023da02fd39cc15e7a3e25b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
787babee180ef732ce80effa1cc51e6a

SHA1
cae922a3b61734b69a1af8624955a68ce851c257

SHA256
2f838b858bd10554e32874867764dd2d65d0eb6403b0b4313f98f72690b90325

SHA512
8ff6cc01006960656642faee82e1ac29017bd745753e658d4af81ff812b3d94a7f74b5b202224f68305dba83361aa51ae74c13341228e86c2a1df674a47ac8d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b99c5bbdb303909d736f5fac0da6556a

SHA1
1ade3fe126b99f7011c7ca9da3ab410b235b0664

SHA256
7eadd43101f0b0fa5d15d58fec8b0a672e5d6eabc954a64c689beebccfb12fee

SHA512
257992dd3923933442677843b18f563c021df605a9bc5ebb0328dd3207e29170ecf75ef2cb01e08b4f857f19a35f704e28c950e2df2c6be2509a576a01afcf33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
79c7687955ffdac2d72552d41d5b5488

SHA1
5ec43c5972fdd87ae82f26266dbb097f28b464c9

SHA256
f2a0d1a1235787097beaec838d514e01fc62e0e1bb37d64f1fdb87cd14d4438c

SHA512
efa7c4fd38ec3141b80ab49fce59f4c61472b9ebdca47d7c0a718093d61b0e80ab18ac565b1d041b0864a2161452a8b001e81d0834924c9d6e9ba502f811e04e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
71991ed4c1fccd6f57eba22a5eaa321c

SHA1
b1188a746b4f11e63231d9a9a9abe7107aaa21b9

SHA256
6300f30298022fce669666a0d88fb80f253f78f5a5c21855933c8a705071dbf7

SHA512
8fd1d2f70539590a851e01eab28484d50ebc0891f9599c8a07f85ea65d593372f6cb39073eb1360c5da196b3a074e122213152c9552705c883e5d66a6461a05d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8c76408b40f1e629f8307ef11ae22052

SHA1
c21e177d7608c120f7357bedd2199f2287d25f4a

SHA256
af2e6a314247f7c4cafd4d635c595c065cd4f054368a40e3f28c5e78a965c63a

SHA512
503d5f13d4f86d228fa0688bc2f0921be99754a7318bd6a44fe483dd14239db8afe45c7fad0bd9bfbdd2d35040443fc5685d7f9c4b53e7c06aa36bd9b97c0a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
48f2c95f93d3d2ce4109fc43747a1ece

SHA1
e5a4299ecba3100fa9cca3f64a9295273e01828c

SHA256
f43dc173775a51036ea765471cb95a1eec83e04529b1bb98776bd651f2101561

SHA512
91a6b3d01bc76a30051481ac2e9f95602122afb7b9d318c2658ab458b93ec78d2d221a84ed874ddac78fb0c0e5206278aeb68d7618a955de5ad55a72fc7dcc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
10813e6cac8245b38ef46e6953672dcc

SHA1
825f21e32b28da47fb3731b6db8bf606a65139f4

SHA256
f5cb23ae10c396d50e2df1866450b03826f123bee3d0962b6537a1a2e23e9a49

SHA512
315bb7e4d62b6420ad2815bb51979cea2ac012c8a9d2f1bf9c1f6bd1643d53cc44eef9c483cdb0b2decb9268ed09a503f511e1a4f2acb2391b6125c5e5e79080

Download Submit
C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe

Filesize
1.6MB

MD5
a3eaae6bb7e01e8059f1276ccb7f6c62

SHA1
801b7bb06be83f057fcf7d84c119e0ccb6310386

SHA256
6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542

SHA512
57a21164ca396e36c55d39e553647567399fb9e10b7f08d93c691df714aea1b1959b8c230761445b8e39ce81eb8c65a4d34b968d73f7e649e903d5245320d5f8

Download Submit
C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe

Filesize
1.6MB

MD5
a3eaae6bb7e01e8059f1276ccb7f6c62

SHA1
801b7bb06be83f057fcf7d84c119e0ccb6310386

SHA256
6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542

SHA512
57a21164ca396e36c55d39e553647567399fb9e10b7f08d93c691df714aea1b1959b8c230761445b8e39ce81eb8c65a4d34b968d73f7e649e903d5245320d5f8

Download Submit
C:\Users\Admin\Downloads\SKlauncher-3.1.2.5.exe

Filesize
1.6MB

MD5
a3eaae6bb7e01e8059f1276ccb7f6c62

SHA1
801b7bb06be83f057fcf7d84c119e0ccb6310386

SHA256
6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542

SHA512
57a21164ca396e36c55d39e553647567399fb9e10b7f08d93c691df714aea1b1959b8c230761445b8e39ce81eb8c65a4d34b968d73f7e649e903d5245320d5f8

Download Submit
memory/340-21-0x0000016D3BFD0000-0x0000016D3CFD0000-memory.dmp

Filesize
16.0MB

Download
memory/340-28-0x0000016D3A700000-0x0000016D3A701000-memory.dmp

Filesize
4KB

Download
memory/2824-834-0x0000000002FA0000-0x0000000002FB0000-memory.dmp

Filesize
64KB

Download
memory/2824-826-0x0000000002F00000-0x0000000002F10000-memory.dmp

Filesize
64KB

Download
memory/2824-791-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-836-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-835-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-804-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-833-0x0000000002F80000-0x0000000002F90000-memory.dmp

Filesize
64KB

Download
memory/2824-832-0x0000000002F70000-0x0000000002F80000-memory.dmp

Filesize
64KB

Download
memory/2824-831-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-830-0x0000000002F40000-0x0000000002F50000-memory.dmp

Filesize
64KB

Download
memory/2824-829-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/2824-828-0x0000000002F60000-0x0000000002F70000-memory.dmp

Filesize
64KB

Download
memory/2824-827-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-718-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/2824-819-0x0000000002C70000-0x0000000003C70000-memory.dmp

Filesize
16.0MB

Download
memory/3348-7-0x0000021D45FF0000-0x0000021D46FF0000-memory.dmp

Filesize
16.0MB

Download
memory/3348-15-0x0000021D44730000-0x0000021D44731000-memory.dmp

Filesize
4KB

Download
memory/4396-38-0x0000000002840000-0x0000000003840000-memory.dmp

Filesize
16.0MB

Download
memory/4396-81-0x0000000002840000-0x0000000003840000-memory.dmp

Filesize
16.0MB

Download
memory/4396-71-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4396-63-0x0000000002840000-0x0000000003840000-memory.dmp

Filesize
16.0MB

Download
memory/4396-59-0x0000000002840000-0x0000000003840000-memory.dmp

Filesize
16.0MB

Download
memory/4396-47-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4396-43-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4396-78-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/4396-79-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/4396-80-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/5584-969-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-890-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-957-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-966-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-952-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-950-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-912-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-905-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-896-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-960-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-880-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-971-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-972-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-973-0x0000000003720000-0x0000000003730000-memory.dmp

Filesize
64KB

Download
memory/5584-852-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5584-974-0x0000000003740000-0x0000000003750000-memory.dmp

Filesize
64KB

Download
memory/5584-975-0x0000000003250000-0x0000000004250000-memory.dmp

Filesize
16.0MB

Download
memory/5932-163-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download
memory/5932-190-0x00000236E76C0000-0x00000236E76C1000-memory.dmp

Filesize
4KB

Download
memory/5932-191-0x00000236E76C0000-0x00000236E76C1000-memory.dmp

Filesize
4KB

Download
memory/5932-192-0x00000236E77D0000-0x00000236E77D1000-memory.dmp

Filesize
4KB

Download
memory/5932-193-0x00000236E76D0000-0x00000236E76D1000-memory.dmp

Filesize
4KB

Download
memory/5932-194-0x00000236E76D0000-0x00000236E76D1000-memory.dmp

Filesize
4KB

Download
memory/5932-195-0x00000236E76D0000-0x00000236E76D1000-memory.dmp

Filesize
4KB

Download
memory/5932-173-0x00000236E7570000-0x00000236E7571000-memory.dmp

Filesize
4KB

Download
memory/5932-176-0x00000236E74B0000-0x00000236E74B1000-memory.dmp

Filesize
4KB

Download
memory/5932-188-0x00000236E76B0000-0x00000236E76B1000-memory.dmp

Filesize
4KB

Download
memory/5932-170-0x00000236E7580000-0x00000236E7581000-memory.dmp

Filesize
4KB

Download
memory/5932-168-0x00000236E7570000-0x00000236E7571000-memory.dmp

Filesize
4KB

Download
memory/5932-167-0x00000236E7580000-0x00000236E7581000-memory.dmp

Filesize
4KB

Download
memory/5932-166-0x00000236E7950000-0x00000236E7951000-memory.dmp

Filesize
4KB

Download
memory/5932-165-0x00000236E7950000-0x00000236E7951000-memory.dmp

Filesize
4KB

Download
memory/5932-164-0x00000236E7950000-0x00000236E7951000-memory.dmp

Filesize
4KB

Download
memory/5932-161-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download
memory/5932-124-0x00000236DF240000-0x00000236DF250000-memory.dmp

Filesize
64KB

Download
memory/5932-140-0x00000236DF340000-0x00000236DF350000-memory.dmp

Filesize
64KB

Download
memory/5932-162-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download
memory/5932-156-0x00000236E7930000-0x00000236E7931000-memory.dmp

Filesize
4KB

Download
memory/5932-157-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download
memory/5932-158-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download
memory/5932-159-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download
memory/5932-160-0x00000236E7940000-0x00000236E7941000-memory.dmp

Filesize
4KB

Download