redline | hxxps://www[.]mediafire[.]com/file/t262l6cnefx40p6/TokenGrabber[.]zip/file

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
30-07-2024 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/t262l6cnefx40p6/TokenGrabber.zip/file

Score

10^/10

redline sectoprat credential_access discovery evasion infostealer rat spyware stealer themida trojan

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2100-241-0x0000000000400000-0x0000000000D28000-memory.dmp	family_sectoprat
behavioral1/memory/2100-242-0x0000000000400000-0x0000000000D28000-memory.dmp	family_sectoprat
behavioral1/memory/2100-452-0x0000000000400000-0x0000000000D28000-memory.dmp	family_sectoprat

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

GrabberBuilder.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ GrabberBuilder.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	GrabberBuilder.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GrabberBuilder.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	GrabberBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	GrabberBuilder.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/2100-241-0x0000000000400000-0x0000000000D28000-memory.dmp	themida
behavioral1/memory/2100-242-0x0000000000400000-0x0000000000D28000-memory.dmp	themida
behavioral1/memory/2100-452-0x0000000000400000-0x0000000000D28000-memory.dmp	themida

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

GrabberBuilder.exe

pid process

2100 GrabberBuilder.exe
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

GrabberBuilder.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GrabberBuilder.exe

pid	process
2100	GrabberBuilder.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GrabberBuilder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe
Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-243088447-3331090618-2776087093-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\TokenGrabber.zip:Zone.Identifier chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-243088447-3331090618-2776087093-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\TokenGrabber.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

chrome.exeGrabberBuilder.exechrome.exe

pid	process
1980	chrome.exe
1980	chrome.exe
2100	GrabberBuilder.exe
2100	GrabberBuilder.exe
2100	GrabberBuilder.exe
2100	GrabberBuilder.exe
2100	GrabberBuilder.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

Processes:

chrome.exe

pid	process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

chrome.exe

pid	process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1980 wrote to memory of 4052	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 4052	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1744	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1512	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 1512	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe
PID 1980 wrote to memory of 3440	1980	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/t262l6cnefx40p6/TokenGrabber.zip/file
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb3a0cc40,0x7ffeb3a0cc4c,0x7ffeb3a0cc58
2⤵
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1740 /prefetch:2
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2104 /prefetch:3
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2356 /prefetch:8
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3128 /prefetch:1
2⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4592 /prefetch:8
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4732,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4916 /prefetch:1
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4712,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4600,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4764,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5180 /prefetch:1
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5312,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4612,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4708 /prefetch:1
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5540,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5832,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5992 /prefetch:1
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5788,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4708 /prefetch:8
2⤵
- NTFS ADS
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4680,i,16454306003168390888,7810326109089309215,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6136 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3964

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4624

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:756

C:\Users\Admin\Desktop\GrabberBuilder.exe
"C:\Users\Admin\Desktop\GrabberBuilder.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2100

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
ee5ad7ab258d5a776d4a7bc57c635c7f

SHA1
93494c439e160f8399ddffdade4dccbc9b94e5f9

SHA256
0c5f215eea5adc130b5d82b96a859e206ef1d23bb551076a270185a5a0dacb50

SHA512
c6c4c8250faca65eb0febbe21d3e70fbc37f60511ceace4db0ddb2e631542dfc33c94729f8421515a404ac8f2033b8db0ac48f090da221997a7f493cee0299b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3f9401020b36023da0bd993eff05bb82

SHA1
70213c394f24fdc0cb3df42f74a291af2f33adb4

SHA256
ad3bd7ad281c9d0ad2f7df2981ba23295f414d514c143577a833684d1fee90a2

SHA512
0879e101b3cf85c72fa5ba564535b0357a2be38ab1c4e8a2547df60d2d34ea10f36caf47d6514fb21176bf0afecb853a1c4a85217327db2dce7ba416ac68d949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
17KB

MD5
6f5a0a9fb362ec272753b573f402b9b3

SHA1
8b2c63649367574ddee533c3ab7e9cd75c397c83

SHA256
94c02cfed4e3c58457e1fc0152d0a38864111c4dc1d326d016642afca24ef57a

SHA512
81a1ae15a58248db822cd6dc6c43f3c7e9368dd247a351d47db73af36f14a4e5628468144cea0ab76cd59ab72a71ad30a39fdcf8377e3508297ab87c9b294b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
b273df646eb5a8582e644bd4f0b19924

SHA1
734cfd705255e46aa01a8f7109d21583796453df

SHA256
f8966adb60d8f50f262fcc8bcb04b3396ed1e205bbba8b884520395160e4076d

SHA512
fff98f1683a91b25c577393ef050a3e6808956af497ba4059bfa9d9efd6620c7e2ee6e4db661ee1e1148df2590f0cca7607322441d1cc84ec7d075be0f9ee40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ce383dc07cf29d211bb9b1ddc1cf0e52

SHA1
913c57bfd21099e6d18d3a4adbf0f2c8c6c738ef

SHA256
bc3b8d38434cced65e4fccde7cce775609d4dd0520d6263597c4455b037e0b79

SHA512
b622f1d7663132e062f2096f51f2fc712ea67e049b32e748edaaaa8ab0d9fdc61fc84487f3453ee40e03a9d3af4ffa2c59c7513b1e6b3eeed7a9141deb9392c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
03d8c8c4e2ba8c982c4358bed280ee18

SHA1
5c93187e26da06c4ef3d901f1e8853db1cf80daa

SHA256
80deb3eb1b7c7843658de25decb471b21ffadc04a87fcbcffa6e566013652c4d

SHA512
8ea0eee4778327fa49eaaef1e5c801f9a1a089a70a52cd438cbfb7fd090044127c5883f240209adda10a84a7900b70e691202fd14ae31d1fba7fba66868a664c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
7ea38b99c97b536a85aeba311ee1060b

SHA1
0ee18e371e937e3c69ec2a1d2bc9b506796b13f1

SHA256
f0b082f8b1ee42e1c59f0d8f72b86692901dcb1d4c882037a8185033fd10133b

SHA512
ebe89ed353b1311f68eec3123c5953830c2a9f0f7653feb88e394b90905e45a4425d1ff701e701df809cf12d5a45fc760783454e016e8ff67d01e738d610ddb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e1c568bd799897d650a0f446a5b95d51

SHA1
472d820676213d546d9cb32eb775110b50eda39d

SHA256
777c2e5324a209ae6a5e75e05a2e7dc1ed88337cd682610dd7ca81e60d1a7aa2

SHA512
4bdfaa59d774cd7a79a38f6aee85b33a5d7a10ad6431348738297200124bf5b44436c9453f3f5260a4c1421c0e6c3952d6fa47007779a17b99349f71867bfc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
88b352e26e1732791f40876e87577b89

SHA1
c7dcd4e9235f8ad890ee923c37eb573f92d878dd

SHA256
1b8500e8bd0215ccd71040470aceef0bd7ee1e7861ea3a78f27bafcf3723858e

SHA512
0eaa038310d81e9e380a68b65954f9e6d62eee6235fa4a84b6022d5ce9b0125128b811e2088df1fe4148fad4037a5eaa286463f305e2f09b953d8fb86f4d616f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
323a4573d658c6b74a55d3f73bd9fde1

SHA1
a1855584aebb1e205e8b74aa06522170498c12ea

SHA256
30207315fdea13500dcf794afda8174cb5cbfc57907d0123e34c1f482728ee55

SHA512
c3298656e107dbaf331fbfa66297701b594bf81d32e3bd84621b4b07dfd7c262776585e02d3b6b75b5fa7f7e50f2c4bfe0fb98f6aade5ca6c7c1374cd9f82294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
bd88a260faaa9dcfd2d643d89df11803

SHA1
27902965e53fd26950d61f0a837f8db30f120140

SHA256
bf989046eb1830fc871d6d320fd9411b22b8d309c947f805cf7401fee3b8864f

SHA512
e93b4dbdac464750f42580c8acc7f5ec38f1ea8b3b0bd1fa26c9f79da72f63f128b010f9641bb9471a03fe978c88227146bb8e25290976dd21dd7451f266e1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8bb55077f42e54c79a34126388daacaf

SHA1
806a61cc9142d1bc70c6ebd90b663e21cf5aee8b

SHA256
81c60903c0be924a846bd21b89fbdee027862bf409ef19a69406cc95c48f2565

SHA512
5f5b5c5f115c89f08947e24217a7e6c573ebfe35d43a55f912a01739dc109c2777d42beed59e7543af2637f14a8f093a77b5e0958b2b034e05679b1bb33ce532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c028747bd3000d339f8958c521848ebd

SHA1
eefca98596746fb0409c0eefab1c9369ea334a91

SHA256
45e020e8fd897978f62f3cda1aca39cd51e4b66d2db085cac40bf5c0ca0f7097

SHA512
3913da943c4193767c66da50f46327e561f23f96b0baf1d69bf74442eae47fbc8da9678ad41e1bd5631b4b15ace8448d226a0328678c06ef2fd2f1e026a8ee9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
0bb98276bf486e648248c567114b1d02

SHA1
c5d0cfa45b9ba9f7eae299cde29bfd7882d4cd21

SHA256
2242723cfdb5bbe7f7e10cb6fe61255eddbf83002d68e19c286e536cc982b8fb

SHA512
b1fbe62241a4bd83b94549585a66e35b68c0e397fe2359b966e88bcad38aab8161184531caff126ddde128048fadcb2cde051cf56377e6a86d7b052216c63635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c8b6d91cf8cfbcf61c3f5ade9235e884

SHA1
0d529a9e7fc2e60161ac9877f1cc146ea98b0690

SHA256
ee37e74e293184d9ad40003e158ed95e62613fe4e959962b0e15fe3fd7e4af3c

SHA512
0849f245f8c1ab3c6a1f66c236769cb77efe18b9acc64b4356683c6615faefe290713cba84a3be2a4f4a3b492567a097d5a26ec3c4de062cd0de3263f769b2a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
100KB

MD5
825077aa950672fd6d7007a5edd10ea8

SHA1
727caa49cda49f899453c5823c3488e507949a9b

SHA256
dc7701227259eb4f9931cf92077a4a0d64374eef914e9146a9e216ca81026d05

SHA512
b510a3f3c1d031ffb5e9af84ba70d597dae1fede461afffaa9958cf526e4ac23a3cfb3a565e94799a007650f64d8ae28a802386a9be9e38fe14165e70c5c7670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
100KB

MD5
81d3adf179024b7195a467cbe8991aff

SHA1
b93930a8a315998ccb3c944d4912657a4e6b5592

SHA256
5543a00abc7b8b98d1a460d4c0a5b40cae88c9ba142b561002ba425bc876c5eb

SHA512
547ac1a782d6bbea5df745a45a1042fd0382a0c3005f102b1cc5b3e30d11af2921ab56d95a15661124cf1490a33b27ded23b0c1c2565fe877e5fa0cdcf94dff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
100KB

MD5
ef9c8ea3a684774aef9104d3f88eb443

SHA1
b8ef2f41fdfb28ef7c8df0aa192a82b5273ddb12

SHA256
9d4efb38b9fff63a4e80f7ca21debc96d828022f19d0a1ec10915f47740bfa08

SHA512
6de464a05fb3cbae05ef6a810bf900f134c7127043cd5027f574e953ddaaa65c10e5b1eebf975fcabf0ba315275836f84d65eab860471a3cebd31250598e2566

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7904.tmp
Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp791A.tmp
Filesize
114KB

MD5
76ff30de841bab4c5ce179d263a35b59

SHA1
93faa3e02d2974c164ac3fc3908441decfd82c9b

SHA256
bedc31f8fd81f240140700eb633558b9d8bf59d2ef044ad9d371f4e2c9030080

SHA512
6b70f35a8f58647bd626da74d28a5ed21a2cf7908aa80b95334b802dc16d649ff8dab425ce5c640e694a8ee3e506fc6bdd03e7e90faa17516bba8ffdf3ffa4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7945.tmp
Filesize
46KB

MD5
14ccc9293153deacbb9a20ee8f6ff1b7

SHA1
46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3

SHA256
3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511

SHA512
916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp795B.tmp
Filesize
20KB

MD5
22be08f683bcc01d7a9799bbd2c10041

SHA1
2efb6041cf3d6e67970135e592569c76fc4c41de

SHA256
451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457

SHA512
0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7961.tmp
Filesize
112KB

MD5
87210e9e528a4ddb09c6b671937c79c6

SHA1
3c75314714619f5b55e25769e0985d497f0062f2

SHA256
eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1

SHA512
f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp798C.tmp
Filesize
96KB

MD5
40f3eb83cc9d4cdb0ad82bd5ff2fb824

SHA1
d6582ba879235049134fa9a351ca8f0f785d8835

SHA256
cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

SHA512
cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

Download Submit
C:\Users\Admin\Downloads\TokenGrabber.zip
Filesize
4.2MB

MD5
e88d1825e4986a478090a8ad32f37bbd

SHA1
0d46c03a44febdfb6105ae6aab9a03728522912f

SHA256
f4d4a93ecb36d9fab1a2682546bac78f2f9a407ae4a26449e90e5a3dc1051628

SHA512
1624c8ca0e8ac1b51e4bc0d3dfc60a8e9d2193e71b5b3bab28823659582c093840524e98ee016e5e36b38cac1d2e8a081964e1467d90d875ec9f65fd8000113f

Download Submit
C:\Users\Admin\Downloads\TokenGrabber.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_1980_ARQSJXAOHDYPWQSP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2100-249-0x0000000006C00000-0x000000000712C000-memory.dmp

Filesize
5.2MB

Download
memory/2100-253-0x0000000007AF0000-0x0000000007B66000-memory.dmp

Filesize
472KB

Download
memory/2100-254-0x0000000007E90000-0x0000000007EAE000-memory.dmp

Filesize
120KB

Download
memory/2100-252-0x0000000007A30000-0x0000000007AC2000-memory.dmp

Filesize
584KB

Download
memory/2100-251-0x0000000007460000-0x0000000007A06000-memory.dmp

Filesize
5.6MB

Download
memory/2100-250-0x0000000007240000-0x00000000072A6000-memory.dmp

Filesize
408KB

Download
memory/2100-248-0x0000000006A30000-0x0000000006BF2000-memory.dmp

Filesize
1.8MB

Download
memory/2100-247-0x0000000005CD0000-0x0000000005DDA000-memory.dmp

Filesize
1.0MB

Download
memory/2100-246-0x0000000005B40000-0x0000000005B8C000-memory.dmp

Filesize
304KB

Download
memory/2100-245-0x0000000005AE0000-0x0000000005B1C000-memory.dmp

Filesize
240KB

Download
memory/2100-244-0x0000000005AC0000-0x0000000005AD2000-memory.dmp

Filesize
72KB

Download
memory/2100-434-0x0000000000400000-0x0000000000D28000-memory.dmp

Filesize
9.2MB

Download
memory/2100-435-0x0000000075CC6000-0x0000000075CC7000-memory.dmp

Filesize
4KB

Download
memory/2100-436-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-438-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-439-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-243-0x0000000005440000-0x0000000005A58000-memory.dmp

Filesize
6.1MB

Download
memory/2100-452-0x0000000000400000-0x0000000000D28000-memory.dmp

Filesize
9.2MB

Download
memory/2100-453-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-242-0x0000000000400000-0x0000000000D28000-memory.dmp

Filesize
9.2MB

Download
memory/2100-241-0x0000000000400000-0x0000000000D28000-memory.dmp

Filesize
9.2MB

Download
memory/2100-239-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-238-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-237-0x0000000075CB0000-0x0000000075DA0000-memory.dmp

Filesize
960KB

Download
memory/2100-236-0x0000000075CC6000-0x0000000075CC7000-memory.dmp

Filesize
4KB

Download
memory/2100-234-0x0000000000400000-0x0000000000D28000-memory.dmp

Filesize
9.2MB

Download