6cf2bcdb1a463fc69eddb125eba8cc12854ee23effcd7c65b968667c668a7f0b

Resubmissions

02/08/2024, 15:39

240802-s3t49svclf 8

02/08/2024, 15:32

240802-syqlaazcmn 6

02/08/2024, 15:28

240802-swdhyavalh 8

02/08/2024, 15:24

240802-ss9rzathna 8

Analysis

max time kernel
149s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AndroidSideloader.exe
Size

4.1MB
MD5

b7fa8a83dd1c92d93679c58d06691369
SHA1

0cff7bb71ff43ee92172f30566d8ee1b043129fc
SHA256

6cf2bcdb1a463fc69eddb125eba8cc12854ee23effcd7c65b968667c668a7f0b
SHA512

d74f8450f1fda260d0176ceba347bde6ad58b24a09eaac3cc921e20236a11707cab2f5eaee3bb10907c387d67efbcb66d823ae052b1317f3e953c4984a2b94b8
SSDEEP

24576:JUjV//Ppn/JcDJ7bdukqjVnlqud+/2P+AXg:S5//Rn/QJ7bYkqXfd+/9AQ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
17	raw.githubusercontent.com
18	raw.githubusercontent.com
33	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
880	620	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AndroidSideloader.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AndroidSideloader.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\SystemCertificates\CA\Certificates\7F95276D4951499FD756DF344AA24FB38CEAF678	AndroidSideloader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\SystemCertificates\CA\Certificates\7F95276D4951499FD756DF344AA24FB38CEAF678\Blob = 0300000001000000140000007f95276d4951499fd756df344aa24fb38ceaf6781400000001000000140000000f6be64bce3947aef67e901e79f0309192c85fa3040000000100000010000000ee39380f325cf0c51f4c6f7be0a4c8990f000000010000003000000011634607adf75b5e2bb0c3f38525f19b8cb00415cf48940a83e1da5b90dbf3d251de3a2659675838654f1705ba8fe7411900000001000000100000007818fd06fa225d60f1172f1ef2efcebf18000000010000001000000076935b5c5a037216daaf8aac76df42c1200000000100000089030000308203853082030ca003020102021023b76de3c1bb2b1a51961e08eab764e8300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3230303133303030303030305a170d3330303132393233353935395a304b310b30090603550406130241543110300e060355040a13075a65726f53534c312a3028060355040313215a65726f53534c2045434320446f6d61696e2053656375726520536974652043413076301006072a8648ce3d020106052b8104002203620004364161172b5325edaaca94e4d6da4857ef50ba846482d7bb051bd61f0624f6a5339d8ce7f10b5568638230105f8d65ecaaa8af97cab586ce30018974dee34e5e016eee267bcc53fa23a4f7441d3e4d1e5f66a6ad85f6f2e3bc8e099880248e20a382017530820171301f0603551d230418301680143ae10986d4cf19c29676744976dce035c663639a301d0603551d0e041604140f6be64bce3947aef67e901e79f0309192c85fa3300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b0601050507030230220603551d20041b3019300d060b2b06010401b2310102024e3008060667810c01020130500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737445434343657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374454343416464547275737443412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300a06082a8648ce3d040303036700306402302470540f01c940ddc854d96d54cac808ca984374d83ff4d7a95f6df261b9700a261b6330a88b319cbf77ec67b07fa588023025adaba4b0ee8d52e0dd0d7c9ddf7d1daee25c649c74f87e63e5c14e601686b0a75e196eec08c691d8fb0314a1a595ab	AndroidSideloader.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\SystemCertificates\CA\Certificates\CA7788C32DA1E4B7863A4FB57D00B55DDACBC7F9	AndroidSideloader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\SystemCertificates\CA\Certificates\CA7788C32DA1E4B7863A4FB57D00B55DDACBC7F9\Blob = 030000000100000014000000ca7788c32da1e4b7863a4fb57d00b55ddacbc7f91400000001000000140000003ae10986d4cf19c29676744976dce035c663639a04000000010000001000000042f8529fe545103fdd848980a8647f290f0000000100000030000000ed080184c5a30d366162d70be6fbb98ed70ace8650c3b7bccc7687cddaffb50f7d12eea1a961cc6f7fd0da9b3422f9fa19000000010000001000000076935b5c5a037216daaf8aac76df42c11800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000d7030000308203d3308202bba003020102021056671d04ea4f994c6f10814759d27594300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c0500038201010019eceb9d892c200b04801d18de429972991632bd0e9c755b2c15e229406deeff72dbdbab901f8c95f28a3d087242895007e239156c0187d9161af5c0752bc5e6561107dfd898bc7c9f1939df8bca006473bc46109b93238dbe16c32e08829c863374763b284c8d034285b3e2b22342d51f7a756a1ad17caa6721c4333a396d53c9a2ed6222a8bbe2556c996c436b9197d10c0b93021dd2bc697749e61b4df7bf147803b0a6ba0bb4e1857f2fdc423bad740148ded66ce11998095e0ab36747fe1ce0d5c128ef4a8b44312604378d8974362eefa5220f83744992c7f710c20c29fbb7bdba7fe35fd59ff2a9f474d5b8e1b3b081e4e1a563a3ccea0478906ebff7	AndroidSideloader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	AndroidSideloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AndroidSideloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AndroidSideloader.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
620	AndroidSideloader.exe
620	AndroidSideloader.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	620	AndroidSideloader.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeDebugPrivilege	2540	firefox.exe
Token: SeDebugPrivilege	2540	firefox.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2540	firefox.exe
2540	firefox.exe
2540	firefox.exe
2540	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2540	firefox.exe
2540	firefox.exe
2540	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2848	2816	chrome.exe	31
PID 2816 wrote to memory of 2848	2816	chrome.exe	31
PID 2816 wrote to memory of 2848	2816	chrome.exe	31
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2584	2816	chrome.exe	33
PID 2816 wrote to memory of 2632	2816	chrome.exe	34
PID 2816 wrote to memory of 2632	2816	chrome.exe	34
PID 2816 wrote to memory of 2632	2816	chrome.exe	34
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35
PID 2816 wrote to memory of 2404	2816	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AndroidSideloader.exe
"C:\Users\Admin\AppData\Local\Temp\AndroidSideloader.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 2096
  2⤵
  - Program crash
  PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68e9758,0x7fef68e9768,0x7fef68e9778
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1392 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3692 --field-trial-handle=1292,i,10647685828997935499,1235228081057548717,131072 /prefetch:1
  2⤵
  PID:2600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.0.839716996\438345605" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13a54fcc-9107-43e2-9460-cb083992cbfe} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 1292 122ed758 gpu
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.1.2005277200\1915217267" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c63225c9-d1c2-494e-8f65-29a5705d557b} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 1496 d72e58 socket
    3⤵
    PID:236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.2.1331833871\528714700" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd9f7c2a-2267-44e7-9809-ce41fc178d30} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 2000 12258d58 tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.3.1553050441\454021133" -childID 2 -isForBrowser -prefsHandle 2516 -prefMapHandle 2508 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20070fa1-828e-4123-8ccd-0fad7a608817} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 2548 1c151858 tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.4.1697683044\1427462356" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c60048b4-8a1a-4c0b-af7a-c50688ed1b85} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 2972 d5b258 tab
    3⤵
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.5.1221678089\1077240548" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {887012a5-0cee-435f-8b45-5c05b8c1df29} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 3856 1e992558 tab
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.6.1322537059\1431266982" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2188794f-0333-4f46-9aa3-73359abbe141} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 3956 1e991658 tab
    3⤵
    PID:2416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.7.699695444\1552440202" -childID 6 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd9293b7-d3f2-4463-ac27-381f9e30d408} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 4136 1e992858 tab
    3⤵
    PID:1600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.8.1875317665\895649042" -childID 7 -isForBrowser -prefsHandle 4340 -prefMapHandle 2308 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04fb69c5-10d4-4077-a013-077dd25f0922} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 4144 d69958 tab
    3⤵
    PID:1240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.9.1890396411\1427137625" -parentBuildID 20221007134813 -prefsHandle 3776 -prefMapHandle 3744 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea80c4bd-3718-4f78-9e4d-48872ce31e41} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 4588 1eb92458 rdd
    3⤵
    PID:1624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.10.1549727370\187286515" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4604 -prefMapHandle 4608 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e57780e9-6d2b-4554-97b7-cc27044947a3} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 4684 20dac358 utility
    3⤵
    PID:3096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.11.469613162\1107999315" -childID 8 -isForBrowser -prefsHandle 5132 -prefMapHandle 1932 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ca81e79-f439-4e0e-aa3e-0282d722bc81} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 5108 1c012c58 tab
    3⤵
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.12.649545591\543357997" -childID 9 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0c1441-a104-4940-9206-ec7cc1edfcd5} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 5076 2222fc58 tab
    3⤵
    PID:3732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.13.1537721260\1220253631" -childID 10 -isForBrowser -prefsHandle 5524 -prefMapHandle 1872 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf7e01ad-1ef5-473e-a80e-5463c3f044ff} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 3956 2208a058 tab
    3⤵
    PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.14.87860325\1674360354" -childID 11 -isForBrowser -prefsHandle 4256 -prefMapHandle 4252 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79fb5106-452b-49c3-9e5d-a57a9ce96109} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 4236 2208a958 tab
    3⤵
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.15.39025730\1366100810" -childID 12 -isForBrowser -prefsHandle 3596 -prefMapHandle 3524 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {669cbf8d-9945-4ba3-ab43-c0542b1fc670} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 5140 182aae58 tab
    3⤵
    PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3e7ebd09-0841-48b1-90e9-00bf2e76fd63.tmp

Filesize
311KB

MD5
0e1adac6b26ee8e819abca26837d5a6f

SHA1
6a31677734faf72455056dd654e6cbc8ed5b297a

SHA256
b5297a66afdf3b511fb4380947cd2f25f4c01cbede118d238d3fb4a666d9ccd9

SHA512
3462219df4931a3ad3f9e8c2b0e35e44d80f0f53d51af11b66451880fc63b4425ccf9a80e525faf98690d030b15b81829965721c5dc0d05fdadf5d604b4a089f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5707c2f9711f4837189a94ec0d24e5a6

SHA1
c69442a35e062fb097697ecbc65f57461b8905e2

SHA256
cbe38dec17b1826ed45b0522259d5359ec858587b08678835f3ff0dd853cfb0b

SHA512
f39f01ee45e70967deb50dd80fb8b6fc4a17cafe98b2559fefbf08013f72e556418126a5be6e87b9e373752d5d1309aec2e0a802b090e1899cc955b5d81789c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ebd6c68843a24c826a7892a6272b01a9

SHA1
7797f1304078b52fbf951d8743cc67203d91d553

SHA256
c2df4c6ac7e1b0ebd607796e640e7223644e4a8e1867f4fc91e877fa5b727d21

SHA512
76d0ce0b3ee2c33476d136e880a471ccde9bb52e4f50708d5d78e91cc3f37fc751e6c64d60388480a0f31445a8bdef81fa1b3381df64729ed545b4d48375e379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
6d383288801b534bd5d8228203d4f4e8

SHA1
e41a3821b707188b2dd0d578c9f5e76a3a4bb29e

SHA256
675cff50be631befd3e61e1bc5aa74f9452babf69ffd775cdfc12fa9a160242d

SHA512
1ca91ed8342ccb6232931ace1d74f778cd42615b1c13389f51fa9c4efab77ef2c3fd95886821c3e5fee6e3b2541aa2a81dd6a1c88a7b3b2673f068b82235572d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
3994ae12c0bf95557ad122f0feeb41b9

SHA1
5ccaa5af767f03b2793a7e9957bfddeb7cbe5286

SHA256
7d8c5ae621854c2690620992b5e21b19792b0835eae50011046c71f12737c094

SHA512
2e82dc67556e4ec86da06772373046bd336532faf3c19148f81619c2f2aa2050c8936735d7b1ed1063f4d3c3d64a2248420129f19941da4ce1c87b3b7ff96ffc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

Filesize
60KB

MD5
89a84daef83d03d94a758db2494b899a

SHA1
adce82adff2960790fe166c0e50ff5f9ba605b13

SHA256
a29ded2fc0b6b567a22488aa3fef927ce742695a2678f3aae97b00671bac1d18

SHA512
b136a91017e7b9dfb3d916644e455c4d863ee980ed8a30b60f7739b731d3a3c99c4b0658003bf61413fe14a6b66cef10b49eb88e9c50049ab6b3ea1c9c490786

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
58658386b8dd291359c16ed517839a4e

SHA1
a4529e8ba615cc2918b26b104f0df1c74ba71ca5

SHA256
699f51e990d80f0c7eb9a092facab3799d4a3cde2be0ca84df78f288dc09aa1e

SHA512
0762fb42c38502a02eb3a39167d890d326c91883f58c2e5268388d1ef1463e19d1ec8056eefda709affec7359479a0f699477ea705d8ac027526118d3fc70c29

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\epun21qz.newcfg

Filesize
2KB

MD5
fc492a1218f58c51a83b8c290d9c77f4

SHA1
80febb266644a6b16aa999d883fd1a9169c24a55

SHA256
465531c28b77b24939ff2385f219c00e1c5fc78e73b295da27d2f1d4711d8f7a

SHA512
bc3f060633cea40306d782aad28d903322955a0503f8c255a67445357f47d1486ed06533c18b8890b8bf530b205f31a1fcc85327a56eb087ed145c6283f9c916

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
838B

MD5
6dc22626c68e39d1f7a92bc247d064fa

SHA1
06d72094b8ccfb2cd09e3b04fa79cd2f4efbb40c

SHA256
5b1cfb327e8e4f605cdb650526ab442cc846ce97cfdc51d1da23dfecb3abdf60

SHA512
09858fce9752da51c915859873510c5f115b8d2b2ffa9b3bfe8bee20b804de1fe3ef8bbe5448b2374d6089af29e9d7914e0098df675e5eef240d4f1649a0db72

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
2KB

MD5
5745030813e6aa0c0215af554ca600be

SHA1
c27afa1e8447e0aa4f517eaf7b8ac5eae80ea1a7

SHA256
f9632dc94e8c2f976781bcb43e53bc5c4e637c61fc159f424207138f92ebb58f

SHA512
0a78d1fcd12bd7a27f790e868b49c4bca0627e30524a45667d42e92d203528740a6939942618b4be155f1783ea8574e6807210de05116d19125e14eb18f6961d

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
2KB

MD5
1a724ef8621357811a2d8ebf272c7e43

SHA1
71b77d5947d9f1550ceeb39e4e8bc65caa840583

SHA256
8b2f074f8a2399ebf5906d1c3c5df685a35732c7a539ceb4a7bc527691537a2b

SHA512
14026b05ce0175457b071ce6478426c6fe5c2dd463503059d0ed271b9aacf92fc5e4a376d0fa62f369b03bf279dab5e7457c2ff9655f41d225c6280b15540bae

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
2KB

MD5
bd485fbdd4a8b1b8b56ecbd4155b2778

SHA1
099d59ec7207769a16568e4ac95dc2a717b9eff6

SHA256
45e1903c9ae5bcd523b95a7ca701d62fd7b1fed24f7e52b6930e8735eb1b4af2

SHA512
64d6a9ad0e4a60b3e6494f28e519369698dc4a37824ed0fcd6b796f5a7ed3a4d218a231cfa066eb1eed48f31ccedc5bac2c02150b375ca6b0aac549ea41f1436

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\ytu5hity.newcfg

Filesize
3KB

MD5
45181b4dece2e7a87f238ac770631d83

SHA1
3725fd4032c64e401e34147cac2c2c3cbdf3255e

SHA256
6762b28f54c045ea45877b2da8f7b498e24b3c69014882e5a29be7e3b1ba8110

SHA512
780c4de5a08df5ed6e9630121649e6ad20d221bd2f20e3b222c87f7a5a16f3a64275f841475dcfc6cdd3c55c6cbdbe2267b55096f04f55a1903e5bae033f0763

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF93.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAFE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e61a055e4e086e7309c1a5c54584e226

SHA1
dcfeb0bd7064ef9031d622f9858ad89904d63acf

SHA256
62bff3e4e3952e441b9625a5f6959bba5bd28b5e31621e137ebf906d35f556ae

SHA512
7f3070134d27ab344923a3b2f7f32daaee27c8a7fa8e1feb38d38cccbfc233fff1f22a9e9a39135f852927fc788b1b5d3a631039344cc55119ec22ffe7eaef2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\5560bcad-944f-4e90-aaa0-3e299dd2ec44

Filesize
745B

MD5
4381082f88fb4cf1fb5b60a17e641dba

SHA1
b8af656ee92bfa46d759f547f0f194a87182ad67

SHA256
e83f9a8f42601d400e7afa135332236c7dfd4ff2afec9d044b5686eeabd1dfab

SHA512
7bf281e90625fdc414b8af11d47494106b9e4f80e59955e31c8394b378e09c327bd1171d308ee51cb47bc70f01220ccb6669cbade9f4daf144319b0902363a16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\97099079-e125-4ca6-8cac-960824107325

Filesize
11KB

MD5
12bdb5c3764a2d1fbb5d11d7200592dd

SHA1
33c40d1539a2d4731ceaf94ac1bd33d5d2d498a4

SHA256
66df75435f2899bc72886bf23a72cae8348cdd0bc57318286b37fc6a3f95ac99

SHA512
e097227d2d6b9def57f8d9ac072b162d02809f104e732b21fcbe5460aa8bfa39b97682e68f891909dae6818778df187e9c4fd0e3a0b30b8ee81eb30ff60e88d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
609886f59fc074aff78080087530e6e3

SHA1
6ed0d3b83e16719961e13792e0245c035b51e1c2

SHA256
1058d30726791ee06f1069c72d0b909799d9f60ed022b8c96842114f1f212f79

SHA512
9636edf3bd6e3703a1a5c37a9b353f4237c2ed10109b54dfecee67e4a955cee7c30747362834d79b282d98ea7fdafadc0e52085f28b5df32e348a56cba52f9da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
929de6696f12f255f119a18059d7a89a

SHA1
c64c7fd4973f833a2d8560ab1d7322300dbcb370

SHA256
93fc37bd94be7da7be188696e0d3149c31c6ff2950e32025d86d99b7bc83c975

SHA512
0d961c4acf01fd2a54be227ffb0106518b249a8c786fca58928e0ffca3a220666255272da4e82ea4fd377731c759dd29145c0fad56520d7cd3107d8cf81cac81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
74837888c203458543768a6210bf5445

SHA1
830c04302ff398aef69aa890aa667aa17bbe648f

SHA256
98396943a4cece16a2190b289fabdc5e28fe47fef80203e960ab640ca5e126a1

SHA512
63e25b03d9652a53bc3e3849fb8d22f66923e308696579f45c7b791add65ab7dcbe1a59c0a7f4c69fcec45f6cc0bf2b07348601477c0730c29716212a8053c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
daab06ab6d95ccbc5e5a9013c452a97e

SHA1
b23f02d681f248b6355c1ba4f4deedd7919d37d7

SHA256
ba0ef32b912124ad2cccf4625caeee493d9fb1afaaf1a5ff8374d9f9a56a663e

SHA512
ec52aac76426122222eb276298bae685d44f7a53399ff3b92cc3f5f85f6faff50a1ff3c0a32fa7305b2a69295651a70f894ec3027d4cbff4ec2d0065993a8693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
708992c4ad981bbe6631b3ffcf11a798

SHA1
831ffa8c3a86d0a8a344bf631c0be384a2a437c2

SHA256
9c23ad084fe938c182ecc9c18c8b681a0666be5ad137b193adfb5d2fa7a11da2

SHA512
dd5a6a9253e913b9ee73362a05df1bb76e2a8bbc6274a39849561ce63e7a55e807a3586868d806e7e64d3a332cac6d53f5e6fe9e7bf90afc36ec77690644eb42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9adf27cb7e175d817e16db5930c96162

SHA1
519290d1940cf65f1497ec7e5e26b9bce5c8320b

SHA256
aaef87a67fe9d50070d093f1ee96968daf1103bb5b521cd9c724907374da5f0a

SHA512
f1434d78487a92277b3f0fcc7742675db49e0b3eaa95820223244de80390c1e0547653ce49469063e7ced02279feb4298dc87f32a7d04b1ec527410bd419721c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
a7b0799d21bc3e7a2bc958ff07065b23

SHA1
66dba7c0d6f46278a233c13797c049572f1e5801

SHA256
5693e47edfb3ef0a610fc5bd0b7f17960feef313b77ed10b4557bb6f1c464657

SHA512
a951eefbee6f9b536f02deadbb4f067e7be374d6bd946a429d521a9624463e4bc08798e1c2baa26429cfdbeb6115f18c6f298f8752aab78a785d44151396be5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
98dbe078686fe849e8548549601d12fb

SHA1
20b9bb9ca5207e59b80a12045c4aeb3a787c33c6

SHA256
10c9c0c2b0b823a0505804b410a0a0e0dbcf0b93de85a20965b674858d8ac105

SHA512
d9e43ae0c0fc63d21b69bfaca5092cbc8da29d99687f7e3516c58bb672190ec2867921fe30b7bf14fadd1bb13719898ada279c6ec66de21c8945cb182699bf09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\default\https+++www.youtube.com\cache\morgue\196\{3e5bf789-4d76-4c88-9425-6c58ac9a83c4}.final

Filesize
4KB

MD5
bd9586cc3284aee8d3d5ba6e4a2496c1

SHA1
68ac83e714575fc9daf26ae71ab9d95b97657545

SHA256
dc65c7cbdb292568421a7c097919a98fc5c4a542e99fdf22dacb8a97290bec63

SHA512
8b16f16c6125def397185b3b97f67bc9b4c9f1ed0ae7469aa875b4321e1dbe0a9e3a7d340ea32f7bfd21c48ffd462987faa63ed708e1964a49203931e9ab0a56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\default\https+++www.youtube.com\cache\morgue\79\{26a56919-989f-4848-aa11-33f371ceae4f}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\default\https+++www.youtube.com\idb\2255128494yCt7-%iCt7-%rdeds1p1o.sqlite

Filesize
48KB

MD5
7992264b55670e01baf67b38de6df278

SHA1
89f5103436a7fa62d076b590b58758b5727bffd4

SHA256
fd3db09dec2588ca785a0b3990574a4eb76e0d5ff51600de507809b51851aebe

SHA512
3335d54032ceee00a6e54843acfd5f7e6b9badd14e1ef50f00998089c4e9dc4fbc6107b8a8539b7d643022d8ca15284d2a3033a43de22d73ef929d8185f18719

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
e716cf893f6920af541d233302920895

SHA1
7c49b9e11b1393bdee2bc1e1dcd37e75d96e1882

SHA256
f8c105f6836de2df4676459f035491c81ace9efef46f616e0a0d5002c989a9a4

SHA512
80cf053fe46a4dc311c41c85287d62f022061e0daf8747892ea8c0419bccf60b50858b7e2c2cefb83c26b26078daf4743fb548cc09975069fafe9533c3fb279d

Download Submit
memory/620-205-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/620-196-0x000000007427E000-0x000000007427F000-memory.dmp

Filesize
4KB

Download
memory/620-537-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/620-0-0x000000007427E000-0x000000007427F000-memory.dmp

Filesize
4KB

Download
memory/620-32-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/620-33-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/620-7-0x00000000044A0000-0x000000000452E000-memory.dmp

Filesize
568KB

Download
memory/620-6-0x0000000002180000-0x000000000218E000-memory.dmp

Filesize
56KB

Download
memory/620-4-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/620-5-0x0000000002130000-0x000000000213C000-memory.dmp

Filesize
48KB

Download
memory/620-1-0x0000000000020000-0x0000000000442000-memory.dmp

Filesize
4.1MB

Download