agenttesla | 0a74602363d411ea6ce0a632acadeb68025595990a3ee9add024ab36cca0bfcc

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Proforma invoice NO 2003949 dated 10042024.exe
Size

742KB
MD5

288e2818b37e52f9e697431692abb36e
SHA1

6868bc69d0d6d0b92e9c0c3078c09420c3dc651f
SHA256

0a74602363d411ea6ce0a632acadeb68025595990a3ee9add024ab36cca0bfcc
SHA512

e7d481cc5281223fc4636c190026f14fef5351e80bec2bd40bb053349cba497998b9700aa1b06736bc30a5a657fc2690ad94adec50b3f2f315287115805b9cee
SSDEEP

12288:Ahx6P6SzMLJ9Cg0ISgrUaoNsFo4uMY2Csm0jQ:gx/yMnCCSgAmo/WV

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.concaribe.com
Port:
21
Username:
[email protected]
Password:
ro}UWgz#!38E

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.concaribe.com
Port:
21
Username:
[email protected]
Password:
ro}UWgz#!38E

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
19	api.ipify.org
20	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1876 set thread context of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Proforma invoice NO 2003949 dated 10042024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Proforma invoice NO 2003949 dated 10042024.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725140553683603"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2629364133-3182087385-364449604-1000\{EA92EC6C-4C42-4E69-8F99-19A90EF68B4B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
632	Proforma invoice NO 2003949 dated 10042024.exe
632	Proforma invoice NO 2003949 dated 10042024.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	632	Proforma invoice NO 2003949 dated 10042024.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1876 wrote to memory of 632	1876	Proforma invoice NO 2003949 dated 10042024.exe	85
PID 1364 wrote to memory of 4016	1364	chrome.exe	98
PID 1364 wrote to memory of 4016	1364	chrome.exe	98
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 972	1364	chrome.exe	99
PID 1364 wrote to memory of 3056	1364	chrome.exe	100
PID 1364 wrote to memory of 3056	1364	chrome.exe	100
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101
PID 1364 wrote to memory of 648	1364	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe
  "C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdfe73cc40,0x7ffdfe73cc4c,0x7ffdfe73cc58
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4996,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4036,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3184,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=240,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5180,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5364,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5356,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3348,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1204 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5496,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5568,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5176,i,8785250744456202944,10682137387823157971,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x518
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f8b504c854421c964418ce0fbb2d2a0d

SHA1
b6145d93c737103d69a5f64cd0b243ef24209a93

SHA256
a5eaa63cf973f9a01d74ec2180fcb4d198ff7fccc12d8de1ff277f0014747fd4

SHA512
b483e0c6c39450523b4b275efcbfd442c8cdb5191aa7a5488a8fd249a558659fb28c7c8078cf5104f6f4d89550a7b51c971c3319f59d6b4eb741fcefe45544c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f6778e5e8e8d59e674ee408fdb351b28

SHA1
3df988973792c582eea2f7c28bb7e5578f85b686

SHA256
9cc8d7a0eff813328caa9dc32f90e9efc0931a82665991df84970bf397854212

SHA512
73ce219220083d3ea0b9d41cda7d191cdb1672b4ec2dd5445b98d382bb4c73c9f0e1f1b46ec1dbe5b80532c11a1e8c8d9c82b1f9616589be5baeff0df46d9b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5f9e94a0a32b54d0e6c3c0acf65c78f9

SHA1
10e0032a1ded9eba2822b520d6e817b78a540210

SHA256
593dae00b2bea35bb2e6b07288156eec00f0e22f371f834531a04d0a00d8a192

SHA512
d502bd16ca50191178c0dc777edafefe68e793ec553ed2b1a9b6a8adef71852431725393fe69517a6290f03f9687ace48282715786f27efe3079fca61112e5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_accounts.binance.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.binance.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d58f3b7cec687a1c937551c56064172d

SHA1
92cefdd3ea1c43213de8fb6f5254083ff70ad462

SHA256
19d6163c8297d800684cfda357edcd0f25bc14353c20a097bb8c776d99e200f8

SHA512
e7ff13c76550dc56855a67ad0841840cb49424afcd267ffd97cc671d60c91771bf32c62fcf78e29424aa93c6627f574f6eb8e8c75e3e6ef615aa5d38f855f8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e03e2f8b6fb7c061ed9320ee325cbef5

SHA1
a980a0a8ad7e34f6160c76009955bbe8e86f7d19

SHA256
34446a6725f46891846293606413a0230d557ef62be04db903792330c4268de5

SHA512
dd468b72b31d9a3e44f3ab7a6d300eb5f5d5954b0c3ad286bbddefaa428d8bc15de6bee74c1276266b9b30f89355f2908d26fa50010466a7ac11677f4c8c180e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5c8561ff4ea6afcc173c847358ea83b6

SHA1
d0c63cf92888985d2a3d2af2e7ae6c6923a4c645

SHA256
1f133dc40f39acb8e2f72e911b03ffb5a9fdbf0de28653b668389954eaafb308

SHA512
5b472c6db0d06ca0d7ecd34584051a528d9bd4aa09c871ee794a91db3080c71bc4295cd7f6b47d62dc17fc48037e099fe7c2a87855d52342c94ac3581fde802c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8cf122d77e17f5e7c8e729c4a9fd2cf6

SHA1
755425e96c0dcd371c63a571119a59509378998c

SHA256
aa9c06bb97e13b70bc8a3641948e33988dd52bbb2128d94bbaa2909ffc3dcf72

SHA512
976240c54ce000f46b4053fac6c894f89790273ac630b4fb3e6f05c06904f50e86dc4793d8643905a5900aad28d230b73abc124a4453ef83eb72e1e92a51576f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7b5f2daec96879d4d494ea3895ffe611

SHA1
80bea20ce56948e15b48cb5cbdaafbb17acef64f

SHA256
36d245ca9b5ab4f11b695e4979ccd70c0496c0a21b2408db3ac3551484041b86

SHA512
57657203b963e80a438a629b7042564bbdb03360c501663e34cf3e68f6f775af9e459b023e729ec7a1cdac20bbd8dceefea82d567c1832da8d2f1fe319baa78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4348ce3663854a057917d204f9582e92

SHA1
d8662ba3a710a4dbe9414e2bacc9c401fe5f58a7

SHA256
f0b52db821b6eb7587a8d7908762b83863277f43f5a2c3202a51c6b8e88575c9

SHA512
ce47b190c6cb608ae008ac4c4e17c2cc11c907e0dc5a13499ecc7484dd5fa9038072620a6274ba7829d5c4267a86ddcd22e95d5f40085e6e8de20b0ff109633e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5e4a5cb4fa1d1c2aa33b973245fab624

SHA1
e8d2f3d21b7a69c527906a39d3d104b7aea5e5b6

SHA256
4bf783de0eb4864c6a43d8d1dfe288b92c681ebb3e0b28673ece52162813ce78

SHA512
52eb9e2a216ba0acccd1d158b9c2d9753942e72ba29a790a2df39740e7c3ab7f07edb7f200fd10dc3455a0d041bc4543e570aff4d4b6c347c63cf7f7090420a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec3abd908f4050ba3e057541b3c1a80e

SHA1
cd371ef2ca61cf9ba495c9aab485f18a6ee8a4e2

SHA256
423b767e1ac0a979b9c1ec261e3a0e9b147fccedcfef98fb25f1b3c73eabde8a

SHA512
55e7ebeba08bc7a87d729ef2b17da6617b9dfae7ce1023837a7e2fa6c0820da1334e8577c7e7a03d3ca963cf785706dbae9183b27fd5edc5c623d3e4e21be95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0c3518433f71787950f9bd2ad234e161

SHA1
7596629594d3df50c91096ca2c92f52a5d591f9c

SHA256
7267695318f739eda009cd37036e6d312d8881683ef9507e50ccf6cfd5409258

SHA512
0e6c5d3bad9dcd3a44f874db990b1a59341c9f75ac64818925815435403c366417a7301844650bf83d569b9adf65d28000cffe93bfef0d03cf781f0f5a041aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd08960f8cde9c24c854aa17397238c1

SHA1
22c93b1bd31d4fd22a43b74a13063769a9b170c5

SHA256
4583a7defeb352080654c1fd8db661229cdfcb74e7eb35b5c98eeea2c365eac1

SHA512
019d8c87175716cef5c08e2ab9008ff65ba198384c2451aaf3cb4a53c06c6e4fe7988454fa8469df209b2781135af1d7393a0d474202710133662ae596929146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bb0dc5630e78d559eafc1e3e24ad0c35

SHA1
707460c6b236268665133d8a28d72ae5fbe403cf

SHA256
0ce50f76c9e4cc7e50e2f54d44082c875bc1da5231335d19c1d599e62813a87b

SHA512
2495c4e03bdb955ebb5633e4e1a5cec92748ed43f7f7dda58b5747fccbc77aec372426838f1e6ebcb19250a99f227fdbff662e057fee5b2b14139bf6900bbc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a3e0c4c657d861ca9cf3678bb2d2fca2

SHA1
195aa606e575ea69d9ba0e22fa9efd01434066e1

SHA256
da4a73963dac7e45ebc6936f0d945e4d802fed032eee63b297ba2f4778852940

SHA512
0f3adc2934db1499179312862309ab17e8ea5ea31d86958c100820bdd5d9ddec5638a20546967572c48dec6b804e415d383f9319f852fbd0a7e03d93e1fc6fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23efaae329bf9cf1c5ab3bd3c919ea6f

SHA1
99a433f5a627109f767eb20c12bf950def8d2f9e

SHA256
d9323def8eaac8cdcce14a7ac57dd33af34a8587f1227274d2f6e9e2ebbcf4d1

SHA512
00ee547b806a97d94aaf50db99a096f29356e7c23136a3d177226986d00d57de7ec30c2f7fc06b49a57987094f10ff5f8c1da5900f3e2aa3f9bf353754504af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
62ce1b43e68faad5faea047dfc50c036

SHA1
310e51f18a8dca07f3c0eb5086262ad2f5d5915c

SHA256
864c2354ceff850fad8f84e924d169f68ffdcb20b946b4f111ff7304d8a2b24e

SHA512
49f4be14b42a258e752c5dbc20d0ca7057067953fada50ba5f08485248835957f7165eeb45502e63e3fc16617ef866c23ae1d1d38a2cdd30e57b507593b4474a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
573a2245873386ab8a103f8e9976d273

SHA1
8c48b4238da7b01b6cb138dfe11170b453f02f2f

SHA256
02ef016f47f38e52e181c3d1b51b38adb977b798f414847e365cbfb96cc8fe29

SHA512
7ea62cdae6931f089d5385317c8e401bae3a42454484cc608d2e01e28ab7ea8095bac5736bd7683326186439a072b07c18aa482a4973a2f73bbb4f88fdae30fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8151d596f9ba29ab27b8749d1a47fbcf

SHA1
fbe86bc8bdf0000a462dead6fbd524460dfeaa87

SHA256
722370867aa7e80e93f9826871d2af67c39359d1df8b3617669ed1a73e159fce

SHA512
b257f2cb1b59c59a7c4577575731d31298614ae4e851c0b306c489b153840d29dacb8d1e0390f42fcd1b7e433fccc7995612b1a631045d367f5ebdb499390f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09d3179ecf19b0f6cefcbfd0803dbf43

SHA1
72ae1461eb27acbe965b6678024c20abfb2bf7b1

SHA256
028ec6a953219590b28425509a54105262a20ada731d372dd92d40fc752d778b

SHA512
20758d1feef1bf5993fc934ca9504fb472ccf887ab9391dfb08c96dba0e53de048f43dff964a01e9bb1fd84bc6a8fed57cba20d4dede765ae99fcf14cb9d6b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
82937473f820830ed8950ee822d1b934

SHA1
eadc7fa47a8abbe7c05e284a35bf3076762a440a

SHA256
4f007ddf8cb861366e7eaf657c218f6dd082d3a7b31bf2917e5cbd94671bc81e

SHA512
f4ccfdbe46597c46b2d26feaa7202176d833fa3f17d2951e96b5fb9be6d152206dae1f86b1136d8873199ab4977d69a2d00e893810fd886ae90007f8e39924cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
2690adb86a1952320f712ebb0ff9152d

SHA1
72c3f205932a91622681754942d4d895c1516e0e

SHA256
605bde6632a2dc7832a085be31f8b207747a7371dca61061cc978caf0ebe28e8

SHA512
1413b876b62460be8a6a7f18ae16e0fb481bb5594f5b537a8f0cdb7fa6b0bb1b5d3e04cc9bcf98a127f1d3213d97c23ad89882ba11d4cf620b64da2c13c3b483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
30ce8d1965b579f6b5b3d5d2c404e583

SHA1
2edb6bf080d83a2f231db3033f15752ce9d36c14

SHA256
8037d8b64041e92c35efef362825c0f62cb6c6dcf954dc9a716454875806bdd5

SHA512
fc0bb8478efe7d7c2afcbf23b7488911f3cabd6d4a5c963e4424feada317b9426c19139353d9e5dc2c368b94170023bf7e86455841c3d47d3b2d27c79ce29680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
5d077f58c81f08a469808cfb35693088

SHA1
32fd48710388a773ae8d16e45affc2fdb91a492b

SHA256
d282d284052eacb7fc465a47ff7e6fe573eb70678d64d179615e9844709fb63a

SHA512
4c8dc554ea389a64e96b68c75fb38b1af537d66cb2ff32893b080208322d5541a558345d8b34894dc44bfdf1c0d63319bd41b3d27f9ed5ed27299d4c6e450c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
69963a3c024e7d3e7b38a62c1a56cf27

SHA1
6c974458a7898a8267ca3eb3871658ca76cf252c

SHA256
ca02c413352ab8737f478247327a08fc6fd6a8c0068353b325cc8c0005ba7752

SHA512
f62beac298ed2a36e3901b51f0013039d9ba5089dd2a016068b55d238711144a32ec5b47ced0feac09b7a5ea23fc220f98f7e694088c9993f51c66547efa7cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
eb3e2cd88061ef080a88d09a5fdacc10

SHA1
99b925c0c4b89f4f6b583c12a7fbfd582a6a9342

SHA256
081abc96114bcb4a8416db6a0e5982dcdb1389420812a037327f4b0d9774b0a4

SHA512
4e842f0c5a55ec6b5b8365d5162a3350f6bd499e5dc5c99c0b336a2705e662fb0cd90aec35d2b994c005774c2f2f2ef864212e4d15de86968a8eae28ce97df77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
351ce0f6e5ee59a2bc0722e300aa4c3b

SHA1
9667b591e4871aeb06153dae62cce83474331e3e

SHA256
c74875405a58aad3cfc8af5c206cd3693dee109ae998f069d2eca56344928bac

SHA512
224c2cb5ce7bb828614390703a7cf8277914aceb500e8342aff3e9029cadc453dc5c83fa2c60177ddc8796ba115ae7ad117bcc9775d7adbbb1c47336b2f2ba7d

Download Submit
memory/632-10-0x0000000005740000-0x00000000057A6000-memory.dmp

Filesize
408KB

Download
memory/632-12-0x0000000006D80000-0x0000000006DD0000-memory.dmp

Filesize
320KB

Download
memory/632-7-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/632-13-0x0000000006E70000-0x0000000006F0C000-memory.dmp

Filesize
624KB

Download
memory/632-14-0x0000000075080000-0x0000000075830000-memory.dmp

Filesize
7.7MB

Download
memory/632-9-0x0000000075080000-0x0000000075830000-memory.dmp

Filesize
7.7MB

Download
memory/632-8-0x0000000075080000-0x0000000075830000-memory.dmp

Filesize
7.7MB

Download
memory/1876-0-0x000000007508E000-0x000000007508F000-memory.dmp

Filesize
4KB

Download
memory/1876-11-0x0000000075080000-0x0000000075830000-memory.dmp

Filesize
7.7MB

Download
memory/1876-6-0x00000000052D0000-0x0000000005318000-memory.dmp

Filesize
288KB

Download
memory/1876-5-0x0000000005130000-0x000000000513A000-memory.dmp

Filesize
40KB

Download
memory/1876-4-0x0000000075080000-0x0000000075830000-memory.dmp

Filesize
7.7MB

Download
memory/1876-3-0x0000000005060000-0x00000000050F2000-memory.dmp

Filesize
584KB

Download
memory/1876-2-0x0000000005520000-0x0000000005AC4000-memory.dmp

Filesize
5.6MB

Download
memory/1876-1-0x0000000000740000-0x0000000000800000-memory.dmp

Filesize
768KB

Download