eternity | ae62b410c6161ac490d66477318a6630c0fe964d868cf1bea6a572f22f718963

Analysis

max time kernel
140s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Project (5).png
Size

3KB
MD5

c9015f6b768e0bf21903b9e0b699c295
SHA1

e46732d6651737b7e09def93aacbaca0bccc7b0f
SHA256

ae62b410c6161ac490d66477318a6630c0fe964d868cf1bea6a572f22f718963
SHA512

eccce6ecbad36aaa764a2d923716b5caffb657a234326983bc85fc97205552b28c9531ffbd102b7ab359fa951cac26b62d21a00cea50b45b74b41b5147aaa182

Score

10^/10

eternity discovery evasion phishing spyware stealer trojan

Malware Config

Signatures

Contains code to disable Windows Defender 2 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/files/0x000400000000073b-294.dat	disable_win_def
behavioral1/memory/2604-296-0x0000000000FE0000-0x00000000010CA000-memory.dmp	disable_win_def

Detects Eternity stealer 2 IoCs

stealer

resource	yara_rule
behavioral1/files/0x000400000000073b-294.dat	eternity_stealer
behavioral1/memory/2604-296-0x0000000000FE0000-0x00000000010CA000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Eternity family
eternity

Modifies Windows Defender Real-time Protection settings 3 TTPs 7 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	proxy_3.5V.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	proxy_3.5V.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	proxy_3.5V.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	proxy_3.5V.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	proxy_3.5V.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	proxy_3.5V.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	proxy_3.5V.exe

Disables Task Manager via registry modification
evasion
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 4 IoCs

pid	Process
2604	proxy_3.5V.exe
4396	dcd.exe
3708	proxy_3.5V.exe
4400	dcd.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	proxy_3.5V.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	proxy_3.5V.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133789447433191144"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
5092	powershell.exe
5092	powershell.exe
5092	powershell.exe
3024	chrome.exe
3024	chrome.exe
1532	powershell.exe
1532	powershell.exe
1532	powershell.exe
3024	chrome.exe
3024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1924	2284	chrome.exe	94
PID 2284 wrote to memory of 1924	2284	chrome.exe	94
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 624	2284	chrome.exe	95
PID 2284 wrote to memory of 3956	2284	chrome.exe	96
PID 2284 wrote to memory of 3956	2284	chrome.exe	96
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97
PID 2284 wrote to memory of 4056	2284	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New Project (5).png"
1⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffef10fcc40,0x7ffef10fcc4c,0x7ffef10fcc58
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5588,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3172,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3168,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3412,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3428,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5352,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5668,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5288,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3576,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5532,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6076,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5060,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5148,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5924,i,12047712489105549677,7451187455835745367,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1228

C:\Users\Admin\Downloads\proxy_3.5V.exe
"C:\Users\Admin\Downloads\proxy_3.5V.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
PID:2604
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4396
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Users\Admin\Downloads\proxy_3.5V.exe
"C:\Users\Admin\Downloads\proxy_3.5V.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
PID:3708
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
515c5820d05b46da51d6513bd25295a0

SHA1
6d755ffd3579a4cf9c9e56d29bbc3372905c68a2

SHA256
4796050f736f0188ff8d019a3e95bd5c1b8bbb46b1dbf978acae8849af971b41

SHA512
562d2d7aaf89c10aa6e5cd9b71e4b9194e50b354c2952055dce06aa861a320e7d7e683129f659da21e10d97bebb186f2b032ac30d953931343f722fa095d0aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
744B

MD5
761bad6892a330cacc45b6e112396b96

SHA1
e8c9d9f154b7cf400ef9245762d921262e67308c

SHA256
3af1eb221b6a0f29c782cad337e6599ffaeb09ea48bff821130a8950436bea68

SHA512
ee3f779f03dd331dd4d8a80674f87d035f58cf159f0740d1861008bf25f2acb223324bf0c1c5ce4214e15738e09af1ba31d9a84e15e5adb32151862be73e7a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ea97cf734ebe4cb652d6daab4599ece8

SHA1
dd0bc7e209bfa36396bee0ccfc3a463c80228b5f

SHA256
7d7ef3ad1c24b2dcc90f34846314fc75833792f8554133c16b155b5a37127bd6

SHA512
1071bd30198d68edf7a240e5c6e674b13afed697a561b1e1186b0f869fe8ff2471dfc65601a8daf2c9567fb7b017532d51973c26c5048bb2e1afbac8baa3a488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4adf977221365807678d8eec171214fa

SHA1
357e84921e6fb67e79f4b0b6a169cc326b59e3f6

SHA256
9c65724b0658deccb31a52fa52c3cab6ae5a668ae70071bd0261926975ce961f

SHA512
98cb21d88915cde538631cd74f77673f95e382f487d680692223e6cfa45a32c401c10691815bdf4e123227502249bba6b5b4b3932a62d57f819fdd494f34f021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
832c5fc526b1323def6608bd4c436916

SHA1
c7f789f68b03cc7de42244c55e0351c5282b6841

SHA256
3cfb0f668e80b72d73364f2bb82d33110da59e9784e327b9313973033f7f2453

SHA512
3f43fd597a22880400836f71c5dc8b185784b9026af9863e49027975c70d0bd83673242ae2a9aedc014ba39b85c61a709bca60c177a5dd83d86cc97e9b708487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4588160aecbea88a2a51f3de7d89342f

SHA1
164433f3759767322d180daa05df75fabf72a445

SHA256
5a8171514673e292292689c30f15ad5a0428dc93401204a7015bc2a3fde24d76

SHA512
a27ff8998d953fb5fe11b9d8ab2a414c490efc6dd52b3462c3c32bdb5ad36999aa22c6b2465b3e56c3e01f1323754633d4dffc30aa9dc7acf5d8f10d5b088d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
41ec2823e081b13d771435a3c3ef7e2f

SHA1
1ef969aefcc919fcd682de506f6df8247f5032e6

SHA256
7dba7ef1ddce65193c1b07d880882f8305174979a75d97a0bb2c1405ac449dd5

SHA512
6fa1f40f9954849956ffd3e96bd9f362f51934905e1cd4e830280934f9c960ff877919c3a7b873cc858549e70d08a71cef924208ff3fce12741fec42709032ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f791eb82ffe5357cd2e01e5fbf9c94e

SHA1
f420bc901f50807a96d7ce960e0a131836b8cdca

SHA256
883f24e092fc7798810bd95e5e300a47dec359c770b7d2a75f6fe003bee39e31

SHA512
4eed1c38e0d634a63b21a9c0c17af3d40619b411170cece285a2ae9ec893a2817968baf609a90cf8ff2c5bdd8096bd97154aadd66872d96bb021e105ff364aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98a1c91db5d327f30159a3548c31750c

SHA1
6aaec28ef1a10f1f07463091ec7c0db5c49dfb7d

SHA256
e815930d17f39860cfd2d1fb7d33e37cd8dc71f739468789abf9e33471683c5b

SHA512
5badfc9badf4e012e2ff468d3c3381a0eaa9bc39faa86894e464e932ff5f87024807e87ab5a27ce066cbdff177aef8fcb443b5ad06443feb6883592402372b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b91a0b1817dad337406bd61c660ebf5

SHA1
4df6785aebeae828b60c5a194114238daa4baa9c

SHA256
fccc315353dd43b4d37b24581f062221632d02713d5b2e51db5fc65c0c7b8131

SHA512
c5b95b4b26e56038e6296dfce5657f9a107de33b5511fdb4033f913bf5090a229c4b2acefb82cd9d0283d96df847ba8cd19805a7ee6881ae210114c3a0adf042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e77ea982a88be7c4b69061499294c2aa

SHA1
d241bcc9c22a9e12a36f6b8ca4581badb5d8b03d

SHA256
bb05a2b167c2ba171f4f5646a7c44135559f34a923226ce04f539332116bb656

SHA512
2dfc4c9380e33eb0dd08bee89c7dcaa203f22dc9fa6e4676d727670a652867a8661ee30929c2a01549ecd0055f82a65d97da3fa87ce96f1221829ceb17c469d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ffea5a3696f024c9531252b5ab219be

SHA1
298260e7d06448140bbb62372a0c749d93619d7c

SHA256
4a2f3d3a37296904c1806d80c3cb49bd369bd083f39680f70444510da1a9e659

SHA512
6a6e4f414eda0e6a7d54cc7be7c1b8ee537d86b123444a48860da6be9306a7722a1ac6fc3dd5fc212156ddccc97e2534c30d68cb095577c7bb15c908744f0dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b924f7f0b6a7410e52be4853a6c5c4ea

SHA1
ca2a28b6fb11215e2c07d0345a4e7e52b315c09e

SHA256
6fda985785bf6327071971dde4bbe2817f5e66148ba80a94866c76f016f536dc

SHA512
86b1550a6ff4919a8ba0c6d2938241bd3be4720dc9887381cf8dba6d1f3acbf20dcaf0cee435a94353782d5f0ffab4a8843f9dc224b6ec20240785935126d4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e96e9f6f2cf0893af90869ee80907c6

SHA1
d92b287ee0508caef5ac8ad9477c88c5c3719fdd

SHA256
384013e630bd0e1856fd912c72d731e1234b436f54973479c540df7a38190d3d

SHA512
fc25ebd21b88d94f0ff3ff928c33bfeb793363d59e731094f2fa0e9871369c2c7d8f8c5e7d88337d35a8177edb9e74a6151e48000c2e60caeab77714541771b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2e754a292039f8bae35498e9486ec10c

SHA1
dfa9006e3b2c69b17266b693651c626064c925fc

SHA256
edacf9e434afc09de90307493f5eece7163cbbb672a2e2e7446325c3bfa97c10

SHA512
35201dafcd4beaa49f20457a77df6d3d815061c4e46e8a9752cb586005377393a220eaeb10853f31abd1448938dece7b31bb9840d5fbceebdde18cd2a3d9eecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
53bd6a3c39e440f4e3de44d3fddf7a59

SHA1
0c74f03a47d6e4ad5f9c04b7982bd4cf96281804

SHA256
bece18d8018c31b61443988ba541b56d1d8ae7acd0758438c86777be37847375

SHA512
0d016a74b9407d3267b93c0bb8d6c1e0fc3a5c104bd7ac78aba5d6f9d3a31b470d0632988c3c9b6f5a2033d08fcee53de5396adeb54527a1da1941455f4c3f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c15feb783ed6fb3316764844f0c154b5

SHA1
c942ec37dc0d28b1dfa71dee6a03fe84fe2eb0f9

SHA256
fd8ecd50976c9f5c18b4ecc15fc12c940f5a0af595e4830ea0d2795ccf5b0fe9

SHA512
9e4fe2c14c20b884c09e7a4561f6c97a739138cea273832eed9d198199b80813dd2fb060b3fca82561b7500b8f93f2468cb03dfc5b2b71917a4504f612860bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
71d997a64a0030f7a6ad640a3981ebb3

SHA1
6124613ca5efb21e9bc97df90ce82aa8678cfbcf

SHA256
16febe9bc9a6528fa29af98e64bfe82d41223fae2c0b9ae1a5d5aa0b22a36755

SHA512
e846ce37473662dc48b64b96591cf76ccc91f7b854c60fa608c4f0ecf550b408f55941109508c06eb1b83c263c008271a385762c0133eeada2d34aa1f7f3a503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
62623d22bd9e037191765d5083ce16a3

SHA1
4a07da6872672f715a4780513d95ed8ddeefd259

SHA256
95d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010

SHA512
9a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lkk5e2xj.zsm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
adc7da688ae9b0ebce658b488b3e281b

SHA1
904ba3a386928e27a60c695643f9e8cf3d4f681d

SHA256
0f613608f37de61ead9d6e493cf7751cefcbd2bbdd8cd2e43bbfd4ec28e9233f

SHA512
c4604cd855ef4c6c616320bea57b1a3390a2c1b48626c3d4248890a4789f8f2e4bfbec9fd9fc2924f4f7d201bf66a3952f7d17f3278ad6e3127585c7c5427f4f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
426db8c641695951c0dffa5ee9572e8e

SHA1
d2e20b7c64f5e2782b07d4ba1107a6d0c5ba71b1

SHA256
89d0c222bc17a851c8ce7c99647937eee0959fe8b16f72319bc42582b41a4040

SHA512
7727a011391fa4c77bc9be5db4d7a354590b5448f812d0573c2bf19c162f3a6fa03e3a0fd5ebb44fc02112f4da9be06eab937fbdbe3349d15cbcd94b790a4ad4

Download Submit
C:\Users\Admin\Downloads\proxy_3.5V.exe

Filesize
903KB

MD5
b3343a749dd39684ea5b5bf6508e5757

SHA1
480695c0b37d94b47418526a32e3107bd0d74bba

SHA256
cc736e5d0b50bc8e6618e8541e51751ede49259c6302a112239a5872444364b4

SHA512
bd8f5b0da0246f6f529585b1222c2da55fee2aa8acd3078039872bb71a90ac354392a65aeb707b312fe588d7cb6e0094da864b5b71b44e22efd957a6f25e8666

Download Submit
memory/2604-298-0x000000001BB90000-0x000000001BBCE000-memory.dmp

Filesize
248KB

Download
memory/2604-297-0x000000001BBE0000-0x000000001BC30000-memory.dmp

Filesize
320KB

Download
memory/2604-296-0x0000000000FE0000-0x00000000010CA000-memory.dmp

Filesize
936KB

Download
memory/5092-309-0x00000275E4520000-0x00000275E4542000-memory.dmp

Filesize
136KB

Download