asyncrat | 8a79a9309b9b15e89e79700eb0d183cbb4d6cac07e2d80d6d2156ce8c92e777c

Analysis

max time kernel
64s
max time network
186s
platform
windows7_x64
resource
win7-20240419-es
resource tags

arch:x64arch:x86image:win7-20240419-eslocale:es-esos:windows7-x64systemwindows
submitted
27-05-2024 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81011-DEMANDA JUDICIAL- 02(1).svg
Size

268KB
MD5

88e9c96f75cd49362beff34e63b03e46
SHA1

ba6876dffab45995f1b5640464dd5b5521c884b2
SHA256

8a79a9309b9b15e89e79700eb0d183cbb4d6cac07e2d80d6d2156ce8c92e777c
SHA512

45b5f2d1e9937870dd9a8962e519baaa60723a06af82fc7b1e8162ca28e925bc9f36c615c40605df6c92dd6a3ac92fadb7b2a4fa66d836a89dd9d105a319da86
SSDEEP

3072://ba4VRSosuWVuiuWIuDujuquBzuzubKuPuXuGPwBbuKuFzuVuETruFu9yu9utu9://ba4+

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

Dios123.kozow.com:1234

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

23 raw.githubusercontent.com
24 raw.githubusercontent.com
25 raw.githubusercontent.com
19 raw.githubusercontent.com
20 raw.githubusercontent.com
Suspicious use of SetThreadContext 1 IoCs

Processes:

01 PROCESO JUDICIAL.exe

description pid process target process

PID 3016 set thread context of 2744 3016 01 PROCESO JUDICIAL.exe cmd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
23	raw.githubusercontent.com
24	raw.githubusercontent.com
25	raw.githubusercontent.com
19	raw.githubusercontent.com
20	raw.githubusercontent.com

description	pid	process	target process
PID 3016 set thread context of 2744	3016	01 PROCESO JUDICIAL.exe	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

chrome.exe01 PROCESO JUDICIAL.execmd.exe

pid process

1648 chrome.exe
1648 chrome.exe
3016 01 PROCESO JUDICIAL.exe
3016 01 PROCESO JUDICIAL.exe
1648 chrome.exe
2744 cmd.exe
2744 cmd.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

01 PROCESO JUDICIAL.exe

pid process

3016 01 PROCESO JUDICIAL.exe

pid	process
3016	01 PROCESO JUDICIAL.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

chrome.exe

pid	process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1648 wrote to memory of 2512	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2512	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2512	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2592	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2708	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2708	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2708	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe
PID 1648 wrote to memory of 2432	1648	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\81011-DEMANDA JUDICIAL- 02(1).svg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7759758,0x7fef7759768,0x7fef7759778
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1280 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3040 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3732 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3964 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2416 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1232,i,2760965494454296369,5952189348533726702,131072 /prefetch:8
  2⤵
  PID:2640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:752

C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe
"C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3016
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    PID:1460

C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe
"C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe"
1⤵
PID:3036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  PID:2736
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    PID:976

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\onestep.rar
1⤵
PID:2928

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\onestep\" -ad -an -ai#7zMap32293:216:7zEvent24762
1⤵
PID:2332

C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe
"C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe"
1⤵
PID:1160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  PID:2300
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    PID:3004

C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe
"C:\Users\Admin\Downloads\01 PROCESO JUDICIAL EN SU CONTRA (1)\01 PROCESO JUDICIAL EN SU CONTRA\01 PROCESO JUDICIAL.exe"
1⤵
PID:1260
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  PID:1272
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bca56f2b4a46f1da3cea7da4bf5242b

SHA1
062cb4e86f989ea0db96f5abd573f9053da646a1

SHA256
51cba75aba1df2aa69c5b35203a31abf100b0c01ec2f352daabe2ea47a8178b2

SHA512
89e5e262ceab3dd2507c9ca94bd52e29f0437ca67931378dfad44c3130fda57a379e75167eee9b74cef204566ea9a433fb538382c8423a61beb4b279157f01c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
104fe90140ca8b5efb5c48b0639cae31

SHA1
8dda9022d2c12eeb4a39e59f00d7f57ba45bea05

SHA256
e007426b32b516528d883d719618ae211bd0814867358af0720c36104085fb85

SHA512
e8dc7c0539ca053db7e4be784df65e72d4164e1237641c81c638ea37638eac9a2f25fd42ba00a7181fe63fd36b76381d21b8855c01540c195f8f27f789a9e877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
930B

MD5
d551718a80b7ff5e709780d06c09a460

SHA1
fd172ef0d63b263dc5b20e8d2a48d14b79b63ed0

SHA256
c87c4ff7ab0de7c2bd4a4337684d35818402b6a8a5f697ab361ba30adfc726b7

SHA512
5d5a8086ac5a535b4ec81b5bc5c680493e207aa2b4883609afaa28aa2ff142b873810f88a73aa6c970e214a33d7258e95b4ffb2a61ebb2780d3f315c25d7d90a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
da9b53b4d0a04c8034c9a1013f010af4

SHA1
070ceb988b2ff551a884655ef79425ab042f160b

SHA256
dd09599692be6ac1a2ce4f97561e6c60448f186d3f5bcfd6927e097ad0a8c7a2

SHA512
c16b2cd3471d72d5ff1c3952d04d1da9d26664a5d7a6efa66d7d72e799c18a68897ca94d0d5b582d67dbb4d3bf65574f0b255f3ae7fc01f4b53c052e7086c926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9244cf99663f6fc1076c348d0d071688

SHA1
e0d050d3c8192d0f3639723a78443120dda14845

SHA256
b91686de91b54f2cc2fe81562eedd23ebcb7674555461a1bf9999b52e56920b3

SHA512
a8b03b6b3929d8dde82ee1d56203cfcd6ef699a9fc595b4f5815276a34fe4c709f04e77d979b8d61d596922f153bdb3196140b21948e6dc00e77d5f7b48ec142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ac0ac6cfff3042035114ee7b87f2e74

SHA1
611c235cd7a419a18102ce719504c9f07327d5f7

SHA256
a1dab94d6ae77e712499f30c80ab5f667142cee2b2a9e7a0cea8bcd2d46176ac

SHA512
668be39d704e0f7f6c3b1710ad5d1cddf813b5b97df2216c7f1eb027b81ef14fd53cc410d1e9cbea72b0454beb4edd81d82ec76695f95d264e7eb535eab9e2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
445036844a73bce8967cef518fbf0e61

SHA1
d060f57cedb6e47fd665cd6b6809058246a616ac

SHA256
a0ee8097c447e81af1e368c9c136b40a5ec37c2150e0965d068df1d81079a96b

SHA512
cf9aa0cad4ae6181d081fe1e957410dbf2fa8920d0a664a1eb985b70b4f3163dddc0be068b0a1001e117b43111c31b52b7361b517493eb57c9e5012480c64de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
bae072c2644ae5c230f3153afd79a67e

SHA1
3e4846395a47f7c2f6510a95d66c57230513afad

SHA256
d4886e63d55e24cfb35d940b22e7b291d3a6797f9714aefb2d7a4d2aa6053132

SHA512
6258e55734816b37181b086c63596b1c4c8150984302f3955447cc749cd309eccbbaf7aa7c742d38027d9d59bccd72aaeb9d8263e811afe275a8a4a3f7b193f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a184de21-cfc7-4de1-b067-0827b8651104.tmp

Filesize
142KB

MD5
80a6e239b97e069552571b5679168db3

SHA1
7c7c63152e7329f2da18b88b39d94b98c235f68a

SHA256
332ce78061afca1da41e55e1cc94ba0a42945d3ae64f393d0ad440a57f311810

SHA512
bc2f0decf9e2cdbfebd7db7846918df80e4bd2fa5a212cb4402eaf25baf21d0958e1594a7bcc2bf8a3295347c0699653a7cdcaf1830a11249f4ab987f13b0957

Download Submit
C:\Users\Admin\AppData\Local\Temp\16575940

Filesize
777KB

MD5
2bbc92ce17939aa85b90c979527f2f22

SHA1
6da24da7586002829e4d59582ae06465a19a7f5d

SHA256
5d190f896721f0b765396322443167bf33194124e8476a79413a04475d6fc013

SHA512
d8a817759bb14d1c1f25a4eb834433e8879ac5919a6e17ae46c10d2dd96fa985c2d4aabc228326003301e0c97bedc8737c290283ae3c82b6bab968dac6d220c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\37dae138

Filesize
777KB

MD5
360bce3b392edddd6348a1b7802bb130

SHA1
ccbd3805aed5c8b583ed4a34aba203128e8f383a

SHA256
6d194b4578664719276729ae8d06cc506f6661d302cec1238e844aff80915a44

SHA512
daaafb0d9d3c108ea9e46322b16bc72878607f6d019a59f1d9fd3fa7ff0020bdcf9c4ed3e2a7e6f9eb6b1facff6842e2b65dbd5a42f38caca8744e8473f08e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\4304ad8b

Filesize
777KB

MD5
f63c5fa3a18f7895af9c2b4043d9e9b6

SHA1
d43e496f51705e7841a3f1cdcecf61f6d40df372

SHA256
fec040a888cae36b9b25eb09229c97c790a90cf8de10018d4e461f80fb9d17d9

SHA512
75ef20d5838d9f16ca5757c71f405d634f72d2f97dc9b357a2531760f8544473b0d88ef2c6cfe3fa25898688ee44f7bd2eea655b45c7e5219c4d70094636cbdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5082.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5095.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57190f4

Filesize
777KB

MD5
bd6ee18f617fac6bf9ca92f40710e9d5

SHA1
409acbe83468bf9d12860c4c0ebc7615899dd586

SHA256
8f8263ce4f8160b4a0965b890d9a618cb610b0c4b3d99fdb4e56eeb184fcf388

SHA512
7d3800c33860ca4cee960c83f8e1711a1ff45e75a4d493c980d2b126d242afa5068496ac07ccea9723aac3de6115a8853d5bff5040799b47da4c88bb694fcca3

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\madbasic_.bpl

Filesize
210KB

MD5
e03a0056e75d3a5707ba199bc2ea701f

SHA1
bf40ab316e65eb17a58e70a3f0ca8426f44f5bef

SHA256
7826395127e791a883359ea81308174700da0af8052cc9853b19fd29c2e4badb

SHA512
b0a3cfb6b34832f048fe0fc70c6fa76ae16a2cacda930f6529a83a967d6e8de1c69b93e0de3dc2126c5385d85e814687e695a0a4131399a69633141cad98da2a

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\maddisAsm_.bpl

Filesize
63KB

MD5
ef3b47b2ea3884914c13c778ff29eb5b

SHA1
dc2b1fa7c7547d8f1ad3f20f9060f7bc686118e0

SHA256
475f7cdffd8ed4d6f52bd98ae2bb684f1c923a1be2a692757a9af788a39b1d87

SHA512
9648d951d8d3640436c8029fd0f06786f7ff8f52191cd6959569c87868bb6c40ac8c7e495c09377a8a5c85e8d3942551c37eb84e916b5c16327d8d43a167820e

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\madexcept_.bpl

Filesize
436KB

MD5
98e59596edd9b888d906c5409e515803

SHA1
b79d73967a2df21d00740bc77ccebda061b44ab6

SHA256
a6ca13af74a64e4ab5ebb2d12b757cecf1a683cb9cd0ae7906db1b4b2c8a90c0

SHA512
ba617227849d2eb3285395e2d1babfe01902be143144be895011f0389f1860d0d7f08c6bbc4d461384eba270f866cce3351f52af1dc9ef9719c677619de79e42

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\onestep.rar

Filesize
650KB

MD5
153e9f1bb6853a0a4a5aef3b25468ed5

SHA1
8f990634b7f007feeaf16cfbfa0b20e8ef1ffd8a

SHA256
115906eb380f7b65b0514e4b9aee9535cf3a42bf0907158a5a5a1c2f5a42ca3a

SHA512
40d981bcddcdc3f7e97301c5a4ff2d8c35be38bfead8cd0e7ced87b074cb409dbc225328c1e2e4d736cdea2d0e3a6eaaf6668e2f00bcb035d4bab7c89d0b8b27

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\rtl120.bpl

Filesize
1.1MB

MD5
4fbe03f99d402e4131fa17ee7fbc594c

SHA1
696ae10cfb94cc44bb86b341a5ba33e46e4fb9ed

SHA256
6028d64b53880676fcd62b445fd71952f9141b8ac0e60329b15cf9e04e437cea

SHA512
c7ed994374a4e2491e120d92f3347b0d80c812e27ba6c9e186142ff7648eb7f9f1e924380649d09c98760b748eeb5d232ae6e899193e776672e9b2237dd9c026

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\urticaria.yml

Filesize
77KB

MD5
06e9db95890d8424c2584a15f155eb1d

SHA1
71f980a18d2321ac084284c87116446bc6cf7dbf

SHA256
32ebc34d97ad56a39847090cfb633b34b7eb069f810a1f0bb67459d3abcf3a14

SHA512
b77ee91f525da4262a70b51b7ea892565282f3f7464cf8065c9a96ba6056e5472f7c9309476580d8949cb0be22fc0600002a1b943356cb7bc9cea485a4a39274

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\vcl120.bpl

Filesize
1.9MB

MD5
13a2734bb2249010514386ebc856b8da

SHA1
8f6e3b30f30a5bba9bc6baaf8f440e085a6a568a

SHA256
713c21d009000d504d9bcf3ce95d50e74d3933083783de144db0a16e2425ebcc

SHA512
2f108436fc1a03591802ff6b8c6ac1de1c0388b2a2a6f8839c10b5f0ec06b66775f261da4ace05fa367eb46b5be533949c092e113fe1270adedb9cb8c34ba2dd

Download Submit
C:\Users\Admin\AppData\Roaming\Altpatchddp\vclx120.bpl

Filesize
222KB

MD5
3cb8f7606940c9b51c45ebaeb84af728

SHA1
7f33a8b5f8f7210bd93b330c5e27a1e70b22f57b

SHA256
2feec33d1e3f3d69c717f4528b8f7f5c030caae6fb37c2100cb0b5341367d053

SHA512
7559cdf6c8dbea052242f3b8129979f7d2d283f84040f1d68ae10438548072715a56a5af88b8562aeea7143194e7c5bddac3fdb01ded411a0b1cac9f0c6eef3f

Download Submit
C:\Windows\Tasks\BMObeaconv1.job

Filesize
392B

MD5
4b6877060e1453085b08219e3580efac

SHA1
7b4081cd285f8fed0651c3a96b9f4aff2b38eac5

SHA256
437d948cafcdfc5dc0942f745f7936964fc574bcc18222413e08b5fb8d89a7b1

SHA512
b5c9c06f32218afedbbbfbec5d3d40c4ea05a0a65f672b37ec5e47307c1f5dfa46dd874f9f1b37f4841a90c6e5a666ec1fe4bb2cb91e3adb94824500a573b00b

Download Submit
\??\pipe\crashpad_1648_AHDSWQRRTTCZMQMV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1080-511-0x0000000000080000-0x0000000000096000-memory.dmp

Filesize
88KB

Download
memory/1160-450-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1160-430-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/1160-453-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/1160-455-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/1160-447-0x000000006E7C0000-0x000000006E934000-memory.dmp

Filesize
1.5MB

Download
memory/1160-451-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/1160-452-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/1160-449-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/1160-429-0x000000006E7C0000-0x000000006E934000-memory.dmp

Filesize
1.5MB

Download
memory/1260-483-0x000000006E7C0000-0x000000006E934000-memory.dmp

Filesize
1.5MB

Download
memory/1260-489-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/1260-458-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/1260-457-0x000000006E7C0000-0x000000006E934000-memory.dmp

Filesize
1.5MB

Download
memory/1260-488-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/1260-490-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/1260-492-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/1260-486-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/1260-487-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1272-493-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/1460-396-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1460-405-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1460-394-0x0000000072CE0000-0x0000000073D42000-memory.dmp

Filesize
16.4MB

Download
memory/1460-397-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2300-476-0x000000006E7C0000-0x000000006E934000-memory.dmp

Filesize
1.5MB

Download
memory/2300-501-0x000000006E7C0000-0x000000006E934000-memory.dmp

Filesize
1.5MB

Download
memory/2300-475-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/2736-378-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/2744-392-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/2744-387-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/2744-291-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/2744-302-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/2744-327-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/2744-334-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/3016-287-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3016-281-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/3016-269-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/3016-270-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/3016-279-0x0000000074C02000-0x0000000074C04000-memory.dmp

Filesize
8KB

Download
memory/3016-280-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/3016-283-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/3016-288-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/3016-289-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/3016-286-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/3016-284-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3016-285-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/3036-336-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/3036-337-0x0000000077760000-0x0000000077909000-memory.dmp

Filesize
1.7MB

Download
memory/3036-368-0x0000000074BF0000-0x0000000074D64000-memory.dmp

Filesize
1.5MB

Download
memory/3036-373-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/3036-370-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/3036-376-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/3036-374-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3036-372-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/3036-371-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download