asyncrat | hxxps://drive[.]google[.]com/uc?id=1_WBSRfZlNu3lXa8n4JlMue0JeaaI4I54&export=download&authuser=0

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
18-10-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1_WBSRfZlNu3lXa8n4JlMue0JeaaI4I54&export=download&authuser=0

Score

10^/10

asyncrat maximo9 discovery rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

MAXIMO9

delonuevomision.con-ip.com:2625

Mutex

tempcookiee

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of NtCreateUserProcessOtherParentProcess 4 IoCs

Processes:

ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

description	pid	process	target process
PID 1864 created 3452	1864	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	Explorer.EXE
PID 3548 created 3452	3548	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	Explorer.EXE
PID 5612 created 3452	5612	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	Explorer.EXE
PID 5420 created 3452	5420	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	Explorer.EXE

Drops startup file 1 IoCs

Processes:

ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Value.vbs	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

Executes dropped EXE 4 IoCs

Processes:

pid	process
1864	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
3548	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
5612	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
5420	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

6 drive.google.com
17 drive.google.com
18 drive.google.com

flow	ioc
6	drive.google.com
17	drive.google.com
18	drive.google.com

Suspicious use of SetThreadContext 4 IoCs

Processes:

description	pid	process	target process
PID 1864 set thread context of 5436	1864	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	InstallUtil.exe
PID 3548 set thread context of 4712	3548	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	InstallUtil.exe
PID 5612 set thread context of 5452	5612	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	InstallUtil.exe
PID 5420 set thread context of 4228	5420	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe	InstallUtil.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\INF\display.PNF chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeInstallUtil.exeInstallUtil.exeInstallUtil.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeInstallUtil.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133737508579579685"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

chrome.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe7zFM.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exeACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exechrome.exe

pid	process
632	chrome.exe
632	chrome.exe
1864	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
1864	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
1376	7zFM.exe
1376	7zFM.exe
3548	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
3548	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
1376	7zFM.exe
1376	7zFM.exe
5612	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
5612	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
1376	7zFM.exe
1376	7zFM.exe
5420	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
5420	ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
1376	7zFM.exe
1376	7zFM.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

1376 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

632 chrome.exe
632 chrome.exe
632 chrome.exe

pid	process
1376	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7zFM.exe

description	pid	process
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeRestorePrivilege	1376	7zFM.exe
Token: 35	1376	7zFM.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

chrome.exe7zFM.exe

pid	process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
1376	7zFM.exe
1376	7zFM.exe
1376	7zFM.exe
1376	7zFM.exe
1376	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3036 OpenWith.exe

pid	process
3036	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 632 wrote to memory of 4916	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4916	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1108	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1088	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1088	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3704	632	chrome.exe	chrome.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?id=1_WBSRfZlNu3lXa8n4JlMue0JeaaI4I54&export=download&authuser=0
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0x84,0x104,0x7ffc4fbacc40,0x7ffc4fbacc4c,0x7ffc4fbacc58
3⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
3⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
3⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2440,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
3⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
3⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
3⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
3⤵
PID:3648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
3⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5172,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
3⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5476,i,11870353663620482695,17146290558841154276,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
3⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:220

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.rar"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1376

C:\Users\Admin\AppData\Local\Temp\7zO065D7708\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\7zO065D7708\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe"
3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1864

C:\Users\Admin\AppData\Local\Temp\7zO0654E758\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0654E758\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe"
3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3548

C:\Users\Admin\AppData\Local\Temp\7zO065A53B8\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\7zO065A53B8\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe"
3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5612

C:\Users\Admin\AppData\Local\Temp\7zO06550CA8\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\7zO06550CA8\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe"
3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5420

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2⤵
- System Location Discovery: System Language Discovery
PID:5436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2⤵
- System Location Discovery: System Language Discovery
PID:4712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2⤵
- System Location Discovery: System Language Discovery
PID:5452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2⤵
- System Location Discovery: System Language Discovery
PID:4228

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c3aff040e868eb82ae1d5479f15b9816

SHA1
079963eea24a231937c20801295392ce9850c569

SHA256
68dfdda91a159b132e7d29659e4633c8e4b20e84e48448680b2dfb3ae819b02f

SHA512
ea5733ca7a2a3ded1144be82832d8681a7603bca4904e18a6b0ec2352fceae6f25bd244e6e080eba4b26d0ba0b59b7b17d9867a3485730e689c46f05b8bbe97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4a7e342be085a61a14d301ee7eecd31a

SHA1
89c173e6a2cf8ed6c52a7098cbe14b402ccaa28a

SHA256
219058e330ef74bb22516d8f0330c9af14f9b6f939689b5e84211eaf7c2ab37c

SHA512
4e5894cb0a0f28abeb3cff4b218c3b45d519cf8a520157fab1ac5e2f54de4cb15f574b906d3857e980d836da45480f8cc2bdb31d922c5efd8bcbbfdaa108e4c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
d8da180e1ab36cf286f410011dc3368f

SHA1
1f0623290cbf7c4b41374e1f5fb7fa3fd6fa13e5

SHA256
dc5bda8cfac6bf0d6873260b9bbba8fecacdd0e99ad44ce90dd81223cc6bc088

SHA512
8236fdd6a8c3ca8d36088ed1260f08a819b33b17cd620895d8817de8284760cb0a3befea4995ac0d48ef8940b3d5db29fa0178af6cb75d5c039995931fe61fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b784009d975a16e9348e8413771f607

SHA1
e58addb4543983e692e6465643153fcb6ca25e63

SHA256
d2b5de336a05c64295fda57951b1e1badd66c5b297370c01b0269cad2c341e8b

SHA512
ca26c690e9ef6e59a2d9836bd2cb745437fd492d8c462128185212c647122aa67934fbed8c707748c5c068d5c26e4d3c73a348277a1c3cf1160af57eab6e1187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
658ba659e94717207a4b9d21fb7c296f

SHA1
4e312f5e76709d51a0b17fe15f83a10a758e0f2a

SHA256
3dd8e55e8e880826549c30f413181dd7029eedbfcb931b273fcd2482b524153b

SHA512
f858fc70e33795e8601043652dd400e1666872c220ee18a0426e7f30667909c88ec79176e32afb097bf84bcc2439f4bfde3d4160325c050da78872836c25b1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5d6c20c85a730be2f7ed558227a0292

SHA1
671d5bf47dc08634cf6aa83b33f0f90abdb6f508

SHA256
3b60af472d95561e59c2044d4d9a6eb73eeaaf65660b7f73c29342d89385cc09

SHA512
082cbceaab550ce6443af43f7decc55eb1541eb80ebfa8ac3f9fd81a2688f85f33cc3ed8b362a4d5cae181c3ae3e0faa05849a1a5dfb7fbce9163b600b3e00f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a01a51b8f63dfbcaadd2dadaebeae7f

SHA1
700751b051b8d48acf771918bd212761fddaa127

SHA256
9875cf0aece3d6460b2c8ca4a30b8b471799e3b3a509075ff0d0015941a968d5

SHA512
134935c467304914322d86b93ba8a0c14a90376279d833b61fdc3e77fcf0c9651fbb99de14ba1cc3e934eb1f1109d4d9a7ce5b1400bc7ac6dc5a1e1bb6674e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d3122343889f16f6bb22fd17632ad31

SHA1
8697bef06c44650d5df474dc66727ab8b2190cda

SHA256
9e9679d054066dbd71656d30454afd92e0ba3d7a55321fe15affa1c944372776

SHA512
731bee3227a3b875ff1c22ac88358503adf3f8616d34a3b867997ecb0682dcf703ab8429d4ea90018cc1e6bc3b64a686803df9056c7cad1408e7eba7bfabd276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e39411d0073da71dcbc2a2ca61dd6137

SHA1
a1fd9ec938c5fab7c4b477eb6f35fc7783209742

SHA256
08fd7de9e558768396fb8b33ec38e14d74c62347a9aca8e87081f68108f5f741

SHA512
3eb00cf7e54443b089584a2ffd8c22ab2a81d0bbce6c66ac3c8912a024a3a8c938adce8ed5586839806f0b42255682335568c1fe920545b983c7abb38f33c706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f83aaafd2c86ea12e9a2a4e5754171d3

SHA1
e57f241052a541c02708673e5ef8805cdc5a111b

SHA256
4af31d325b15fd76ba1472422f71018742c98ba12ae8a205b48a161b56ba6004

SHA512
409007cf32836de8c5034d40c42179154b4d630dec5111eb1afa14ac7827c6a4e9a4c58644787bae379a613255e13f67f4bb50467e93840225272beca461d4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c93e32e9a7fb27778bfdef171ea804c

SHA1
ab78581715220e7b7c783cfe5fd60cc969868c6f

SHA256
c594aecda6d354ca2765ae09c1b2cd0bb6320ee8a268fd2df04828eb1ca4304b

SHA512
4a7bc588793a896dd550face67ae4cc6fd2afe31520a6b47b84a3749c630ca4da77590c5b2638b991b6871f091f1a712a08d1fb141d125d9e89d04d2f701647b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e050b0990b6c094623a10d9c137c5481

SHA1
11a446105e311d6cdb55b33c8758b61a4cce9d33

SHA256
b6c5b20389d86a2831c279215f0556e80804f467b7cfc5a6ab0c987fb1c3d1f2

SHA512
79bd97e99bb6aeb229bbc12efae098ecb7b1c94cdc2d5abfb3d689efc50cf0ded15d08aa6a9eb20deaef091e287d7539ed58f63708ac44322444a413db8eae49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0ef4c2e134f55ca9c33e5db061034250

SHA1
ea0f9628bb6bba42706a4430b706a363b41cb7fc

SHA256
9f934a067d6cf3aac4584092f088e9742924d672c8aabdf8ba5799f09e7ed14c

SHA512
18e1feb4ed750fb374b5d2d1672bed8bbb57f297f847c260bf12ca5ab1cc79991928508479f0bf8f62898847604eb47763df7eebb02e8ba914521e7c4c8c0ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0ea353894d0b1049e46141b727e2ae4a

SHA1
c86824a79d942401c5f373ae444ee68476bdd472

SHA256
6ba11533a23fbe6e6c8e5832641df713fd0ab8a7a25c34471f65f6b61e20cfea

SHA512
34fbd0eef0a57501b529c8f64ac17670ba6aa50c08a896288cc2d6c2e7d4a8bc6bcf912db64313207cb9db59371f48463383c7bbfd19af7fcf2c0dfad181606c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Filesize
425B

MD5
4eaca4566b22b01cd3bc115b9b0b2196

SHA1
e743e0792c19f71740416e7b3c061d9f1336bf94

SHA256
34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

SHA512
bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO065D7708\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.exe

Filesize
971KB

MD5
a6aca7334109f9557e4e36bcb0636db9

SHA1
0d48af64ab4ec6d5df3c3a3fd2e5d44ab63f1ad4

SHA256
8adc74379b29818e3185b0e289a1bf15c23c5974b99bbeb73b2155e17fcb1c35

SHA512
4247c3b5b782c7dd46bbfec37e805a35a3e982254754b6d7fe0d7c7abdc573f06dcef4dae6516b14278df7e8f0cc989e29d4b5907071cc7f8e8e019aff5f2e6d

Download Submit
C:\Users\Admin\Downloads\ACTO ADMINISTRATIVO No. 0216_SANCIÓN POR RESOLUCIÓN.pdf.rar.crdownload

Filesize
943KB

MD5
94a6db989c7b1e1ef9e3331171eb4c2c

SHA1
7ef28db7f05d338055fea44ffb8ed15503c9ee35

SHA256
6456825e433ad5aee331a9f3b45c29d0dd4404b67ab2264cf51755d040a1d372

SHA512
6ac9ce8249c4cdca0f3b2c90f80ae8c1fda8bfcc7a637a6650930476030dfb5be9e01feaf6184237b87ca37cacab5915bbacc9615c932fd58e58305b9ff77898

Download Submit
\??\pipe\crashpad_632_COQQYZHOGLIVMTTC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1864-148-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-122-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-170-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-168-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-166-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-164-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-162-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-160-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-158-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-156-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-154-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-152-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-150-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-146-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-144-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-140-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-138-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-136-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-134-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-132-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-130-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-128-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-126-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-172-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-120-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-142-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-114-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-112-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-110-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-109-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-116-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-1183-0x00000000060D0000-0x000000000612C000-memory.dmp

Filesize
368KB

Download
memory/1864-1184-0x0000000006160000-0x00000000061AC000-memory.dmp

Filesize
304KB

Download
memory/1864-124-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-2284-0x0000000006210000-0x0000000006264000-memory.dmp

Filesize
336KB

Download
memory/1864-2285-0x0000000006F30000-0x0000000007032000-memory.dmp

Filesize
1.0MB

Download
memory/1864-104-0x0000000000DB0000-0x0000000000EA4000-memory.dmp

Filesize
976KB

Download
memory/1864-105-0x00000000057A0000-0x0000000005832000-memory.dmp

Filesize
584KB

Download
memory/1864-106-0x0000000005DE0000-0x0000000005EC8000-memory.dmp

Filesize
928KB

Download
memory/1864-118-0x0000000005FD0000-0x00000000060B4000-memory.dmp

Filesize
912KB

Download
memory/1864-108-0x0000000006670000-0x0000000006C14000-memory.dmp

Filesize
5.6MB

Download
memory/1864-107-0x0000000005FD0000-0x00000000060BA000-memory.dmp

Filesize
936KB

Download
memory/5436-2294-0x0000000005430000-0x0000000005496000-memory.dmp

Filesize
408KB

Download
memory/5436-2293-0x0000000005320000-0x00000000053BC000-memory.dmp

Filesize
624KB

Download
memory/5436-2289-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download