c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
Size

3.1MB
MD5

8fafe7f30697a37760bd5e7c8af6cc04
SHA1

d2e6ea8811b095f84f837bc819f6138507ad4070
SHA256

c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a
SHA512

2d145a60f3d9959224d94178eb685a13cb00f815ec9ca306f231a7c740b0e73a6b965886da11c65e5c3a6b813e9a3f8da06857f857e753f43160bc0657f2afd8
SSDEEP

49152:V0HsYSFbiGpaf60xTLKouAq2pRLHmWuRR1fQk2kwD0w/W4W:VNlex605vq2PzzMXrrSW4W

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/1692-344-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-361-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-362-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-575-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2270-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2612-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2615-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2620-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2621-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2622-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2623-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2624-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2625-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2631-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe
behavioral2/memory/1692-2632-0x0000000000A30000-0x0000000001515000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4576	firefox.exe
Token: SeDebugPrivilege	4576	firefox.exe
Token: SeDebugPrivilege	4576	firefox.exe
Token: SeDebugPrivilege	4576	firefox.exe
Token: SeDebugPrivilege	4576	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
4576	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2744	1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe	81
PID 1692 wrote to memory of 2744	1692	c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe	81
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 2744 wrote to memory of 4576	2744	firefox.exe	84
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 3748	4576	firefox.exe	85
PID 4576 wrote to memory of 4088	4576	firefox.exe	86
PID 4576 wrote to memory of 4088	4576	firefox.exe	86
PID 4576 wrote to memory of 4088	4576	firefox.exe	86
PID 4576 wrote to memory of 4088	4576	firefox.exe	86
PID 4576 wrote to memory of 4088	4576	firefox.exe	86
PID 4576 wrote to memory of 4088	4576	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe
"C:\Users\Admin\AppData\Local\Temp\c6ac7f49caefba145a20281ddd359bcb645a95a4328e1dedb63548edbcb9227a.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1892 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de3a3bab-5865-4fcf-8d6f-9ffad708212c} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" gpu
      4⤵
      PID:3748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9bb5d83-fae7-4c29-b76d-4767953d1c89} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" socket
      4⤵
      PID:4088
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2900 -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 3228 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac838acd-e8e0-45ac-9b68-45a14abc36d0} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
      4⤵
      PID:3484
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f220779d-0378-4d80-888d-70e0843ef271} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
      4⤵
      PID:2856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {514f6962-6d51-47f4-a9aa-e9290c5e04ec} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" utility
      4⤵
      Checks processor information in registry
      PID:492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 3 -isForBrowser -prefsHandle 5516 -prefMapHandle 5528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {513584e5-696b-45c9-894e-dacc2baa933b} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
      4⤵
      PID:3116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2eeabc1-b38b-44ac-9ee5-ef4d454a336b} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
      4⤵
      PID:4792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5928 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe599512-c5ad-44bb-a04d-b9b5674faee1} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
      4⤵
      PID:2016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 6 -isForBrowser -prefsHandle 5656 -prefMapHandle 5720 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a01da30-b4e6-45e3-908e-581b590e97ba} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
      4⤵
      PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

Filesize
36KB

MD5
fda53d1a130bf515345e1900f2284c92

SHA1
29e9b81568cd72628da275e476ca4bea14267481

SHA256
838378ffa75aba04d74dc2d4d3211949d62989f9bd369f0e92f71738238345fa

SHA512
66ee04848760bece8caba424a54b4524129ca14e24e0c393becf6f76dabaa8a511cef43f9023916c96ab560d62e44431b9173ad7a615635a67ba61f297a7f804

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
0c57d44ffc60ad2d580316d4ee491c23

SHA1
e6657d44f2920136535be4e37f4561b0d69c9bbb

SHA256
d6cbdcc6a94354e647e34cc11ab304d9499d763203a07ad35972eea49e364c62

SHA512
46111d89c117cfaab80290c91c04c97f6bdad73462be1006e515e4f7d885baa81213867035a3f1d53249fd1380cbceb69edd44e725e64f6074b14c74958b7faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
10KB

MD5
371ff4f52625adf3b0797f8f13f1c24f

SHA1
47cb2f63bbe36b2ce06972897b6a1d8fa6f6d6fe

SHA256
0b9053b9e75d73690d2cfc0cde298cbf52cf6f6eced0f5216a6d4e2580582f8e

SHA512
49a2a98eedc110c16a28210343edf2204e08ad5721d53112079be21994048c4f7d5dc9978141842d64716075ba51720405d700fa0e8c9510d36d3c2e96b8af95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9f95d560aab8ea76d7484b7f6303bdab

SHA1
5ed2c10290ebaae18bf233708ee42def6f34cc1f

SHA256
d57e2fb0da06d4566ad1c5781e7979336275f9fe45b41344907006075b916a43

SHA512
cd4aa8c8e1363084365bb807d2f45bb2b551e9f62209f910aaee66e656b89b6b2a51d3acaa1eb8b8702ca613d737139146bb8cfc7f4e08e1b5f027d04bb79f85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ccc0c72823ffca57e55ee05ba50b6f52

SHA1
e5c43e3da3a7dc071f4d23b34d37f8cdc6a923ef

SHA256
6d73d1a0ca3fb0f9e855feb727cb8953bceb9ccea4167ada69f4cc217f2d238b

SHA512
d4ad09ffbf3cbb4a4ac3434b7d7376d9258b4c4080c4fde71f9c418a1a633ed9eb382fae30e2124e3f3de704b93770a954947ecf5ab91b1108e72c440768e90d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d999f92fc92daf5d743bdb89d50c1c81

SHA1
afaf0af21c813b8e9b15368c674fe6c87dd23a9f

SHA256
52485281270555a204dc1b044ac2ba5e889878958da553cedde0b5c41a3fe902

SHA512
a79513d16b867d2d81348e97ca6115019808145742a7555053e7a058476d331cbeb6dcef7af2a5964d4abb378b3be1c133243492997fc213ac0dddb68df485d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
fd9161b48bfa4dfd692d26b7b9f262b1

SHA1
96831157b23c20061afe7528461eddef7deaf50d

SHA256
79dceeb362785e938667ab596da2c27daf248d985d8e3ea2cb56b321ee2e15dd

SHA512
dda9df15b11cdb08b1257e57cc8a3f9db4379240c200929418dac8d96a792ee7d9e125584fb4cbba943991b0a10f910e3d0775431d9f5c4047bdc8aaf738543c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\8fca1ce2-f972-4626-aa24-80bbd437fe5c

Filesize
25KB

MD5
67f890ca658d86770231cda286b7a606

SHA1
023ef48cd7682a199e9ad33dc98f059f2abbd9ee

SHA256
14f1eb5b1423de293b14f6343415b2e8282ab9af124dee6f2b7b17a53883f397

SHA512
c5d081b654eb4dc40061818e78c8179f251c1ab872b88b1717b6048b316e8b0f26d7c15fa03c25ccb8c14f33dc937c8f1c0a42e8022bcb508eb75c489dccef98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\f618864d-8a81-447e-8187-6e14bb60fba0

Filesize
982B

MD5
0d2b867d6937d2c1e6d40c21d3500a45

SHA1
d295683b3a07b1f4b9a98ce11d86f5f778a954f5

SHA256
ee883e4bf15d91fccf833ac59d99847fbf9d18f60b6b896f47f032f71430d879

SHA512
9ae82b3fb79c4af4209cb11fd3134d687d7785cf7814d73a32c07e9ff0c917343282c78c54c96c9e12bf9ac2d9ad56bf48aeab7bd054315ac968f6bd49d37b91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\ffdb2cef-d3f6-4f2d-815e-7f65de33bdce

Filesize
671B

MD5
a931dc2009bb883aabe34f647d0d0f4b

SHA1
ef03ab61038319087d783114e6eb31358b6bd99b

SHA256
405caaa8f7bb1d531af5a4014c2e4ae3b36e08f1c3479c44858e49abdb16792a

SHA512
1dc6c449f805ad6a9765c951b0884d1e5bee505fa7cab7b19112ecbc41868fcdac8fc6ca6d2881ce452ddff5dda67ada651cff8f40e27637f9ad37de87b4ca63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
16KB

MD5
0137097f6f42788164470b23b18eb6d3

SHA1
ba8fc9312fd0ee3a1cd94c4008da9ef971e3cad3

SHA256
44a78eedc7408dfa526a284462ac1c64c3188e7c26818947c5efe42a3940bc38

SHA512
5cae0a9ed0a97b69cad809ea92f7ea192a9d4a7b8713d6455bda94a0f03e4f7627d01e03e99aae5e09cd117faa962c6dc21e4bd67360c03f10037f4b5f2015c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
11KB

MD5
c2134030fffc1fb1f866ceb00f4b4812

SHA1
5bcf9cc5d429c352109f13268aa8650f166ee3ff

SHA256
03207e3ccca255f91eb0a07e63b2079179fac7e6a15aae18c0220a4d4283e67b

SHA512
7cc33e2962af1d80d9c971574ca6e5d20b068c6e1bce56731e5af73ddde464e853bcd32ab18bd0d7abd2815d82100cf00f95da720b1165c65acf926ab06e9fc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
13KB

MD5
0a0ea96e5f377bac5b50cc98ccfce03b

SHA1
37f07292250d09cea9c5142c2055033014947224

SHA256
9c5cac3feb35ed71ea866f3ea1f05f377004dbc58205cf359a48224b8af46913

SHA512
126021ee4fc47b9ace22b0cce74f87a977621213873a1903192247801ec3b5440686e9ec280b85448789e80264396a2509994f188c49cd705d9ff72e55aa300a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
0b54c3c2da87b6c2216356e0c70a38de

SHA1
40eca15e08d572372f33240b11fea6ed802baa1f

SHA256
ea9a0172b47e59ba529856e8af4b8d2b325da9d2bc839f558877d6e776a05555

SHA512
3316fa614634cc20ba8b144539dbcc6b563e668fd203d192f5781f2b165de0cba8e6e9a22ed502803b37786b291c4b5e767e880d220a362e43050f0c977ac1d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
3110e4fdc0325b643f26ba089c8265a1

SHA1
589ddca28a728a9a16a1272ddd8842779811753b

SHA256
2dfdac13f5790918fb415746a81d56cb8bc2149224912758b01e24c802d8317f

SHA512
18ce784f1e85aab60316b27a44fe3f9c82ec59d77800ed822f37dce84f27f2b0a8fc36c3faacd0fcc0bdd1614730fc68985656c3bc088c7c99619fb6ffd651eb

Download Submit
memory/1692-1-0x00000000FF7F0000-0x00000000FFBC1000-memory.dmp

Filesize
3.8MB

Download
memory/1692-2612-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-0-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-575-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-361-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-344-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-362-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-363-0x00000000FF7F0000-0x00000000FFBC1000-memory.dmp

Filesize
3.8MB

Download
memory/1692-2270-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2-0x00000000773B4000-0x00000000773B5000-memory.dmp

Filesize
4KB

Download
memory/1692-2615-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2620-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2621-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2622-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2623-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2624-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2625-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2631-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download
memory/1692-2632-0x0000000000A30000-0x0000000001515000-memory.dmp

Filesize
10.9MB

Download