648ca4f9c2964bea3e91685a32e0381c803d648cc358b39ae4071fd3be77fed6

Resubmissions

11/09/2024, 17:15

240911-vs3d1aselj 3

11/09/2024, 17:12

240911-vq4t2sshle 3

11/09/2024, 17:09

240911-vphv7ascpp 7

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

toaleta.jar
Size

2.2MB
MD5

8e48fc3bda0bc899ba7c38b5bd2ac165
SHA1

bff45691858d8278b55b46af99ab0b5890564e53
SHA256

648ca4f9c2964bea3e91685a32e0381c803d648cc358b39ae4071fd3be77fed6
SHA512

a807a35eee990b75d85417bdddc3aabbe1275319ccd982c08b7bd929eb175992b96d7728a4615885b1368c9693550968a899b2d308fc8a0c9c3b1420ad7bc5d0
SSDEEP

49152:J1dxsLIha5XhNN9gD3b+V9JqG+XFpJ7JUZRlwxBRR+IMNT58:JZJhhb+Xqd1DJmR6xHlMU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2976	msedge.exe
2976	msedge.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
3700	msedge.exe
3700	msedge.exe
2612	java.exe
2612	java.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe
Token: SeDebugPrivilege	2612	java.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2612	java.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe
5952	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2612	java.exe
2612	java.exe
2612	java.exe
2612	java.exe
5952	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4476	5076	msedge.exe	106
PID 5076 wrote to memory of 4476	5076	msedge.exe	106
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 3680	5076	msedge.exe	107
PID 5076 wrote to memory of 2976	5076	msedge.exe	108
PID 5076 wrote to memory of 2976	5076	msedge.exe	108
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109
PID 5076 wrote to memory of 3264	5076	msedge.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\toaleta.jar
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultde4fde59h63cch4737h80fah0b03316e8e94
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd466046f8,0x7ffd46604708,0x7ffd46604718
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1314694424168464228,13634346516172069890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1314694424168464228,13634346516172069890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1314694424168464228,13634346516172069890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta1d8f36dhd5c4h4fc7h8d82h557cac03bc15
1⤵
PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd466046f8,0x7ffd46604708,0x7ffd46604718
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11144177571278344308,3406642456188161379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11144177571278344308,3406642456188161379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11144177571278344308,3406642456188161379,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
PID:5668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {917b7909-7e21-4d9f-a61e-c3777d4fb09a} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" gpu
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f23f094-ef03-4c9f-9866-3fe6362a06ef} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" socket
    3⤵
    PID:6036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 3048 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a904c1a-1511-4688-8392-47c6e45a9e4f} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" tab
    3⤵
    PID:4796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6d66994-5ed8-4988-9638-913f0ab0248d} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4880 -prefMapHandle 4868 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59024a2d-0af4-483a-8d9a-b5ca7765a122} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" utility
    3⤵
    - Checks processor information in registry
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5328 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc9d269-01a4-4866-9d73-55625bbf5500} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a573b26-9df2-47af-b2bf-8fbf46a53d4c} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" tab
    3⤵
    PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5776 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c81e9cd-edde-4320-96f5-af3784c2ab6b} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" tab
    3⤵
    PID:448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6220 -childID 6 -isForBrowser -prefsHandle 6232 -prefMapHandle 6228 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {752b71da-4203-4814-8d45-8bfc6478cd6e} 5952 "\\.\pipe\gecko-crash-server-pipe.5952" tab
    3⤵
    PID:5580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
16e926592380a84cdaea6c3992205e64

SHA1
f3531baeade4a25c24f5efb9670016c72ff8d96e

SHA256
3ddebfcb7394f77e4db317386c4646b21dcae1979870cbd02669973b33cc015d

SHA512
cae5d0c0a24ebca1b26250668957bdf65600cc2050dc66e73ee3d0959b025684d443b7a40be8b7fefefa7dbe5853af5a943481bd9d2fcb4cc48e5c115628ffb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
dbfba74dc26c1a1ad258ab03ecd29058

SHA1
919a8c5c5a58235737d5530b2ac964b284d0c0bb

SHA256
59964c87d8e130b9b421b53e32d66d9f6b268f72bf8edd1fd47e6ac54ce42ea2

SHA512
dcbabe0116db2066050b880ffdb72e8ef5d601b80b78f76ced42fdc0c35601c2ab5732319d7d1129906a445cb86a93771994702bc13b87682f3090ab6f72546c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e54ba495b4b8bf629f47beb38dd0c556

SHA1
0a76700df5acdf601cbbe3f47e9bb3a984900e9c

SHA256
fd07a8237299be7bdfd84f777c707a3df29db8222837b19599a114c627982fe4

SHA512
8a2e0fdaf1d6991d4f3bdb4cc84efc9d375017c44dc33caf2ff1c92a63d045dec660877fe000da0c5719de098ea79de1f919862a0205c66cb0652c169cc5e287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
043c77f64d21e82b2b5e72a0544b911f

SHA1
d083239b978195b9c5e648141c059e7c6c11dbc6

SHA256
de222e06996bec0785b6579603c92040f8a2bce6f7035fe957ccb52a03842286

SHA512
04ec420bbf418e5d98af24b8c7fd0c7612a7c52d829440bbffb7e776e232b33eb17a6507a9d0830b5b73d31a115adec481b0671b01d77720c2b7f1e4d3f6397e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d1p5dmra.31k.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
7KB

MD5
6d87417d3a853cb64144e2ee4db0c5bf

SHA1
45b9b42bdb4da0c3c5c9a2cfc0d2628b62b412a3

SHA256
6bd619043642d4462e399852094c21c8571867a4f1365400a187f01f8a00a1cc

SHA512
a7ac8c24adc44ea01ed71ed514f624b7f80f362bb031b732166880dbc2603326727e83a2a826a6944c41bede29d687458791066ef86c7354f99a2a59edd27ef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
12KB

MD5
4efc23c6ae5aa697452a54738038e07a

SHA1
8ee115b479b9c39755ef18b81d6aeff086457eb4

SHA256
61de2aeb0c358a1a1c5ea8413a8e460c884a7475f5b41d01877ca628cd3da500

SHA512
6ff4b9d3287f5b74f866e1486a5fae33928ccc138deb004b0e7211943acf71c124b1012543845a1e21588bb49e2bf83fdf569955978b7cf8556ef1048eb29347

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2f711177be858edc09e12ab87e9ea54f

SHA1
6a22444e2a8848a954822476b2b0772cbcb72a99

SHA256
7b5956d54a69b29b35f71f0737d7b3d5a56ccd51f2c3637c8554406ed0953d7f

SHA512
bfdb1ef0526c6dabc3c7ab9609f10e96fe8bcbdcba517753ea17e98525d60bed275818f1016678767157563816208043e8eaf6a4eaee21ab246b343f5dfc0e24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
69e5356f8441540e3c5858c955ae4e40

SHA1
a2366164e4e2602d67da7fdb8db9943aa72a3dfe

SHA256
903ee743039f6675fd43d27dd90be22d41284ee2f0248def479fad11b521232c

SHA512
0c3a070f1103f7d046fe6362ae153b6f1c539aec53ac68f2b28e55d2e9a67173b2ab694279f233634d39cd3a42b124a29c4dafcbc5513d28f86fd5a88d8f7130

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
1d3abd267c1c757a5b46e4d7ab5a81d5

SHA1
c57684671a281272577385aeb94728f4ab337919

SHA256
1a06f7713d50812da88ccfa8397398fd4db0819405b0d8c97791b96239b0012e

SHA512
016cce0495a6ebb7c7bedbc2ef0bf2ca9acf67d7897d689fcf638b44d98ccfe741803a5e7292914ab7d458039be4f9a3e067b1b4e182ad0b67ecef4d7d4622b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\602efb0c-7495-4904-909a-c495fd3fc57b

Filesize
671B

MD5
b794f2de87051f566b6df953fb66109a

SHA1
b0ef2d5da688fd30dc3aab4fd61b58639d2e5548

SHA256
8c0264760c760170da2cbfac4d1ee62f25a09a7d0b7d04b3228885c36c395250

SHA512
85c701718dfa81da8bcc134633c6a33a16ccfbf1e584b1caeac40c1950e29a06bcf55adc861779e6d43d984503716d378adb21b7fd5ba4dab016ed69573ec724

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\a195a4c0-1586-4834-88fa-78da6ca069e8

Filesize
28KB

MD5
9767308add7efbc940eb1810d78999da

SHA1
188bb2e50c54c315f78e8425b2759b8701631e9a

SHA256
0a961d997a56653caedd441f85161a7dd712d085916cff6c189eba207127892f

SHA512
1cf8691c6b8ccce6c7dbec1f9ea31794af61272b211cf7d30add8eafdee5544a263436c2e3e40f9ccc1fee227393c23b3e1e36a64fe894e771151f409f2b0590

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\bffdab7a-2fca-456c-82d4-ebd950a2fd4d

Filesize
982B

MD5
75e213b869d1399e85e7f53998eefd21

SHA1
c4d1f8c1f1ac9b761dba67a9eb1cf5072ea36b36

SHA256
e41a9a230086f0be6856d0e15261802f384a6f606414440bb8fce2dac882ebe8

SHA512
47c49f8f26ddd6a858dd97641d51847604810945ab3e4a2b8c7e4ff8581001b7f7e5db3b580f6c97ec7e94f30decdc95a9213a1d99e29039e8ef20d64d089b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
96b9fc1b8ea2f1bc55bd6533aa10c368

SHA1
e706e1d7af4a24667986610a30402412d50fb503

SHA256
f07ae73e0a2e5e651dec87ccc442013c4e34dcd8f7b28581da76db530a7f7880

SHA512
08fce0274c0e233138cdcf73d61b7c84e5df712de3799bb340f1f976fe97f7e36e57e62f7deb2ea7eb00c1d4abffd4e55ea4f268941ca8e5a63dcce6753b03d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
a92df201a229a61a52f1ca3ca0716cd9

SHA1
c008272804ed9cc94ab7764145be56729ef0530a

SHA256
0e2c12e26d45a4903eb40a2a8ec48f3670968ee03aefa6b723276514c6851560

SHA512
90f91606ffa33bb204c6ee811dccbf297be636d6d03fedab2d0efc2e5f2f278bdc4f82f3b1637d3e1ea2dadb8ba678af188ad69001db78bf54ea716d9e87b8d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
10KB

MD5
5b573e11435f2c85ca0540720a8f7555

SHA1
0446a97ac1c947ef009b7328958684475b84e7ca

SHA256
0b5b07e90e133c9c5356b01183abdb595095b71b606115ade99887722ac87b1e

SHA512
236398a88ca16cef968e40803b25a73f5982e8f95dfd01c30b8d594311d171b2954dc5d3cb8490f869e0182780c008330e8b4386f0e2e795cddc904dd2d9a3c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
30fb5bda6c0194802b57e923b4aa4bf2

SHA1
d592122c1eb5d1f535010dbefb4011f446e21b7f

SHA256
a8054bc3bddd7209e177f731316e7e14fda3f89f29f0be0e8410392596bdd54b

SHA512
a43ff15518cf6a4e69928ec9ceebcd194c710136947c54a7686d7e0aa34005c57dbb6447fc9d01ec945b0ad5794bd1b185ef7b02364d1867d5ab19346ff5ed33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
1347e25b54af7b8ea083ca3f036be5d3

SHA1
c29bb74ea49a3f18cbcd034d8fadd1bbbf7790a2

SHA256
35ff63f3c4a99125e6ba7662942ce55d9d8490ba88d21ef37cb4a08bb38c4d94

SHA512
dc6090cf4cdc3a6af7d766bba61adfdc929ff97d2410b24bc4c1ddb32c00c5649d42cd1d5da08e3c1611808ca152e90fb93a7e246f62adddb87b7e52e8530d69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
4f47876d0c35571516c0b1d97cde515e

SHA1
831db441fa9a0bff60b3c832d766927de52b8bb7

SHA256
3ac7582b38733b1c9ce0993aa7b56bf31c6d54ee8610b7f9d1aa433952837bf3

SHA512
a88171d02cd4b154bee1366d100a72c1de04b2a791ef4e174c5858993f6e59f2389818250ccfeaf33fbcd0318737e82dae16e4423abc0de76383024c0fda2724

Download Submit
memory/2612-141-0x0000022A227A0000-0x0000022A227B0000-memory.dmp

Filesize
64KB

Download
memory/2612-169-0x0000022A22790000-0x0000022A227A0000-memory.dmp

Filesize
64KB

Download
memory/2612-72-0x0000022A22690000-0x0000022A226A0000-memory.dmp

Filesize
64KB

Download
memory/2612-70-0x0000022A225F0000-0x0000022A22600000-memory.dmp

Filesize
64KB

Download
memory/2612-79-0x0000022A226A0000-0x0000022A226B0000-memory.dmp

Filesize
64KB

Download
memory/2612-82-0x0000022A22610000-0x0000022A22620000-memory.dmp

Filesize
64KB

Download
memory/2612-88-0x0000022A226C0000-0x0000022A226D0000-memory.dmp

Filesize
64KB

Download
memory/2612-89-0x0000022A22630000-0x0000022A22640000-memory.dmp

Filesize
64KB

Download
memory/2612-87-0x0000022A226D0000-0x0000022A226E0000-memory.dmp

Filesize
64KB

Download
memory/2612-86-0x0000022A22620000-0x0000022A22630000-memory.dmp

Filesize
64KB

Download
memory/2612-83-0x0000022A226B0000-0x0000022A226C0000-memory.dmp

Filesize
64KB

Download
memory/2612-94-0x0000022A22650000-0x0000022A22660000-memory.dmp

Filesize
64KB

Download
memory/2612-93-0x0000022A226F0000-0x0000022A22700000-memory.dmp

Filesize
64KB

Download
memory/2612-92-0x0000022A226E0000-0x0000022A226F0000-memory.dmp

Filesize
64KB

Download
memory/2612-91-0x0000022A22640000-0x0000022A22650000-memory.dmp

Filesize
64KB

Download
memory/2612-103-0x0000022A22700000-0x0000022A22710000-memory.dmp

Filesize
64KB

Download
memory/2612-102-0x0000022A22660000-0x0000022A22670000-memory.dmp

Filesize
64KB

Download
memory/2612-97-0x0000022A21AF0000-0x0000022A21AF1000-memory.dmp

Filesize
4KB

Download
memory/2612-106-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-107-0x0000022A22670000-0x0000022A22680000-memory.dmp

Filesize
64KB

Download
memory/2612-109-0x0000022A22680000-0x0000022A22690000-memory.dmp

Filesize
64KB

Download
memory/2612-110-0x0000022A22710000-0x0000022A22720000-memory.dmp

Filesize
64KB

Download
memory/2612-111-0x0000022A22690000-0x0000022A226A0000-memory.dmp

Filesize
64KB

Download
memory/2612-113-0x0000022A226A0000-0x0000022A226B0000-memory.dmp

Filesize
64KB

Download
memory/2612-115-0x0000022A226B0000-0x0000022A226C0000-memory.dmp

Filesize
64KB

Download
memory/2612-116-0x0000022A22720000-0x0000022A22730000-memory.dmp

Filesize
64KB

Download
memory/2612-119-0x0000022A226D0000-0x0000022A226E0000-memory.dmp

Filesize
64KB

Download
memory/2612-121-0x0000022A22730000-0x0000022A22740000-memory.dmp

Filesize
64KB

Download
memory/2612-120-0x0000022A226C0000-0x0000022A226D0000-memory.dmp

Filesize
64KB

Download
memory/2612-122-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-124-0x0000022A22740000-0x0000022A22750000-memory.dmp

Filesize
64KB

Download
memory/2612-127-0x0000022A22750000-0x0000022A22760000-memory.dmp

Filesize
64KB

Download
memory/2612-126-0x0000022A226F0000-0x0000022A22700000-memory.dmp

Filesize
64KB

Download
memory/2612-129-0x0000022A22760000-0x0000022A22770000-memory.dmp

Filesize
64KB

Download
memory/2612-131-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-132-0x0000022A22700000-0x0000022A22710000-memory.dmp

Filesize
64KB

Download
memory/2612-133-0x0000022A22770000-0x0000022A22780000-memory.dmp

Filesize
64KB

Download
memory/2612-135-0x0000022A22780000-0x0000022A22790000-memory.dmp

Filesize
64KB

Download
memory/2612-138-0x0000022A22790000-0x0000022A227A0000-memory.dmp

Filesize
64KB

Download
memory/2612-137-0x0000022A22710000-0x0000022A22720000-memory.dmp

Filesize
64KB

Download
memory/2612-66-0x0000022A225E0000-0x0000022A225F0000-memory.dmp

Filesize
64KB

Download
memory/2612-143-0x0000022A227B0000-0x0000022A227C0000-memory.dmp

Filesize
64KB

Download
memory/2612-145-0x0000022A22720000-0x0000022A22730000-memory.dmp

Filesize
64KB

Download
memory/2612-147-0x0000022A22730000-0x0000022A22740000-memory.dmp

Filesize
64KB

Download
memory/2612-148-0x0000022A227C0000-0x0000022A227D0000-memory.dmp

Filesize
64KB

Download
memory/2612-149-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-152-0x0000022A22740000-0x0000022A22750000-memory.dmp

Filesize
64KB

Download
memory/2612-153-0x0000022A227D0000-0x0000022A227E0000-memory.dmp

Filesize
64KB

Download
memory/2612-157-0x0000022A227F0000-0x0000022A22800000-memory.dmp

Filesize
64KB

Download
memory/2612-156-0x0000022A22750000-0x0000022A22760000-memory.dmp

Filesize
64KB

Download
memory/2612-159-0x0000022A227E0000-0x0000022A227F0000-memory.dmp

Filesize
64KB

Download
memory/2612-158-0x0000022A22760000-0x0000022A22770000-memory.dmp

Filesize
64KB

Download
memory/2612-161-0x0000022A22770000-0x0000022A22780000-memory.dmp

Filesize
64KB

Download
memory/2612-162-0x0000022A22800000-0x0000022A22810000-memory.dmp

Filesize
64KB

Download
memory/2612-166-0x0000022A22780000-0x0000022A22790000-memory.dmp

Filesize
64KB

Download
memory/2612-71-0x0000022A22600000-0x0000022A22610000-memory.dmp

Filesize
64KB

Download
memory/2612-172-0x0000022A22830000-0x0000022A22840000-memory.dmp

Filesize
64KB

Download
memory/2612-171-0x0000022A227A0000-0x0000022A227B0000-memory.dmp

Filesize
64KB

Download
memory/2612-168-0x0000022A22820000-0x0000022A22830000-memory.dmp

Filesize
64KB

Download
memory/2612-167-0x0000022A22810000-0x0000022A22820000-memory.dmp

Filesize
64KB

Download
memory/2612-174-0x0000022A227B0000-0x0000022A227C0000-memory.dmp

Filesize
64KB

Download
memory/2612-176-0x0000022A22840000-0x0000022A22850000-memory.dmp

Filesize
64KB

Download
memory/2612-177-0x0000022A22850000-0x0000022A22860000-memory.dmp

Filesize
64KB

Download
memory/2612-180-0x0000022A22860000-0x0000022A22870000-memory.dmp

Filesize
64KB

Download
memory/2612-179-0x0000022A227C0000-0x0000022A227D0000-memory.dmp

Filesize
64KB

Download
memory/2612-184-0x0000022A22870000-0x0000022A22880000-memory.dmp

Filesize
64KB

Download
memory/2612-183-0x0000022A227D0000-0x0000022A227E0000-memory.dmp

Filesize
64KB

Download
memory/2612-186-0x0000022A227F0000-0x0000022A22800000-memory.dmp

Filesize
64KB

Download
memory/2612-187-0x0000022A22880000-0x0000022A22890000-memory.dmp

Filesize
64KB

Download
memory/2612-191-0x0000022A22890000-0x0000022A228A0000-memory.dmp

Filesize
64KB

Download
memory/2612-193-0x0000022A22800000-0x0000022A22810000-memory.dmp

Filesize
64KB

Download
memory/2612-197-0x0000022A22820000-0x0000022A22830000-memory.dmp

Filesize
64KB

Download
memory/2612-196-0x0000022A22810000-0x0000022A22820000-memory.dmp

Filesize
64KB

Download
memory/2612-195-0x0000022A228B0000-0x0000022A228C0000-memory.dmp

Filesize
64KB

Download
memory/2612-194-0x0000022A228A0000-0x0000022A228B0000-memory.dmp

Filesize
64KB

Download
memory/2612-199-0x0000022A228C0000-0x0000022A228D0000-memory.dmp

Filesize
64KB

Download
memory/2612-202-0x0000022A22830000-0x0000022A22840000-memory.dmp

Filesize
64KB

Download
memory/2612-203-0x0000022A22840000-0x0000022A22850000-memory.dmp

Filesize
64KB

Download
memory/2612-228-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-226-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-67-0x0000022A22680000-0x0000022A22690000-memory.dmp

Filesize
64KB

Download
memory/2612-68-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-61-0x0000022A225D0000-0x0000022A225E0000-memory.dmp

Filesize
64KB

Download
memory/2612-62-0x0000022A22670000-0x0000022A22680000-memory.dmp

Filesize
64KB

Download
memory/2612-59-0x0000022A22660000-0x0000022A22670000-memory.dmp

Filesize
64KB

Download
memory/2612-234-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-238-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-233-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-232-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-242-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/2612-2-0x0000022A22320000-0x0000022A22590000-memory.dmp

Filesize
2.4MB

Download
memory/2612-53-0x0000022A225B0000-0x0000022A225C0000-memory.dmp

Filesize
64KB

Download
memory/2612-54-0x0000022A225C0000-0x0000022A225D0000-memory.dmp

Filesize
64KB

Download
memory/2612-55-0x0000022A22650000-0x0000022A22660000-memory.dmp

Filesize
64KB

Download
memory/2612-50-0x0000022A225A0000-0x0000022A225B0000-memory.dmp

Filesize
64KB

Download
memory/2612-51-0x0000022A22640000-0x0000022A22650000-memory.dmp

Filesize
64KB

Download
memory/2612-47-0x0000022A22590000-0x0000022A225A0000-memory.dmp

Filesize
64KB

Download
memory/2612-48-0x0000022A22630000-0x0000022A22640000-memory.dmp

Filesize
64KB

Download
memory/2612-45-0x0000022A22620000-0x0000022A22630000-memory.dmp

Filesize
64KB

Download
memory/2612-40-0x0000022A22320000-0x0000022A22590000-memory.dmp

Filesize
2.4MB

Download
memory/2612-41-0x0000022A22610000-0x0000022A22620000-memory.dmp

Filesize
64KB

Download
memory/2612-36-0x0000022A225F0000-0x0000022A22600000-memory.dmp

Filesize
64KB

Download
memory/2612-37-0x0000022A22600000-0x0000022A22610000-memory.dmp

Filesize
64KB

Download
memory/2612-33-0x0000022A225E0000-0x0000022A225F0000-memory.dmp

Filesize
64KB

Download
memory/2612-31-0x0000022A225D0000-0x0000022A225E0000-memory.dmp

Filesize
64KB

Download
memory/2612-28-0x0000022A225B0000-0x0000022A225C0000-memory.dmp

Filesize
64KB

Download
memory/2612-29-0x0000022A225C0000-0x0000022A225D0000-memory.dmp

Filesize
64KB

Download
memory/2612-25-0x0000022A225A0000-0x0000022A225B0000-memory.dmp

Filesize
64KB

Download
memory/2612-22-0x0000022A22590000-0x0000022A225A0000-memory.dmp

Filesize
64KB

Download
memory/2612-20-0x0000022A21520000-0x0000022A21521000-memory.dmp

Filesize
4KB

Download
memory/5668-437-0x000001B64A360000-0x000001B64AE21000-memory.dmp

Filesize
10.8MB

Download