umbral | hxxps://oxy[.]st/d/uwIh

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/uwIh

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000600000002327e-274.dat	family_umbral
behavioral1/memory/4356-296-0x00000200B9850000-0x00000200B9890000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
4356	Eletron.exe
1552	Eletron.exe
2364	Eletron.exe
6008	Eletron.exe
5364	Eletron.exe
5480	Eletron.exe
740	Eletron.exe
4164	Eletron.exe
2904	Eletron.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
628	chrome.exe
628	chrome.exe
628	chrome.exe
2932	msedge.exe
2932	msedge.exe
5712	chrome.exe
5712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 3376	628	chrome.exe	27
PID 628 wrote to memory of 3376	628	chrome.exe	27
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 1600	628	chrome.exe	91
PID 628 wrote to memory of 4528	628	chrome.exe	89
PID 628 wrote to memory of 4528	628	chrome.exe	89
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90
PID 628 wrote to memory of 5056	628	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.st/d/uwIh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbda59758,0x7ffbbda59768,0x7ffbbda59778
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5256 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5208 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5256 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3176 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5404 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Users\Admin\Downloads\Eletron.exe
  "C:\Users\Admin\Downloads\Eletron.exe"
  2⤵
  - Executes dropped EXE
  PID:4356
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:312
- C:\Users\Admin\Downloads\Eletron.exe
  "C:\Users\Admin\Downloads\Eletron.exe"
  2⤵
  - Executes dropped EXE
  PID:1552
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:3000
- C:\Users\Admin\Downloads\Eletron.exe
  "C:\Users\Admin\Downloads\Eletron.exe"
  2⤵
  - Executes dropped EXE
  PID:2364
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3204 --field-trial-handle=1876,i,10507463717324790700,10695721182674801318,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault993396aah244eh4351h91e7hb50d69b574ee
1⤵
PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbaa6146f8,0x7ffbaa614708,0x7ffbaa614718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10231661249280350705,4830838727661074493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10231661249280350705,4830838727661074493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10231661249280350705,4830838727661074493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5908

C:\Users\Admin\Downloads\Eletron.exe
"C:\Users\Admin\Downloads\Eletron.exe"
1⤵
- Executes dropped EXE
PID:6008
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:6136

C:\Users\Admin\Downloads\Eletron.exe
"C:\Users\Admin\Downloads\Eletron.exe"
1⤵
- Executes dropped EXE
PID:5364
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:2628

C:\Users\Admin\Downloads\Eletron.exe
"C:\Users\Admin\Downloads\Eletron.exe"
1⤵
- Executes dropped EXE
PID:5480
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5188

C:\Users\Admin\Downloads\Eletron.exe
"C:\Users\Admin\Downloads\Eletron.exe"
1⤵
- Executes dropped EXE
PID:740
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5552

C:\Users\Admin\Downloads\Eletron.exe
"C:\Users\Admin\Downloads\Eletron.exe"
1⤵
- Executes dropped EXE
PID:4164
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3468

C:\Users\Admin\Downloads\Eletron.exe
"C:\Users\Admin\Downloads\Eletron.exe"
1⤵
- Executes dropped EXE
PID:2904
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8d842acbe234bdb70cfea282428a80b7

SHA1
22431f0836d1a708d0ba671b0f6fdb276a29e646

SHA256
8c8a140e3ef1b243c042c1a0a56218c70f6edfecd8dc7d070a0950491c66808f

SHA512
0c24fe5c82cf144ab4a0c4216a818fa2917aac3e3ded86b9c7fa035ddddcc52e67b383e03466415ac87839572bb8e98ff51ebd284bb8edfc82d0b8bb2e487392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
05ee1069a01a99461863e194a27cb35d

SHA1
79140a8f2f648e0727307a1f05f56740b01a0d76

SHA256
39344a4c19593240c4f330b28b8c3e25d2e0e2187ce731185c543e79e9c0df40

SHA512
dd4c373844d9c9e3d93fd07589b3cb05ee2ddb1a607dcefa3e1d96d85dfb481a004c52354f9b7b4669c2b03be24ff62f5153e78b2badfa550e876f8273b90569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
39095727b73ed843c3f5684792409027

SHA1
b978a9338d032defd271d4267c1a863b7fd6a567

SHA256
ff3a10164e447331834c524bb2e1d0119918d5643ec72351246ea8b5b4e33745

SHA512
3abbf7099e8e49b007f2b7e18047d5e83ec5e674af361500e7f3aae62ce6ffa669e6d156af66c287a3d7233fb2a3a0c89cbf2027e00e4aea6fc0537d3f418112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9177b9b05b88778c145958b4cd954472

SHA1
26588258d574204ae634deee2ae7077d759b66ec

SHA256
b8ae358578841ecfb6548085849ca77d50caf944511b36e5a6773f314cbb1935

SHA512
e681ad744dc5dbb7ce1d64bb8b9d7c1c760357d76ac03978c1cd2db03d9ec1f7039f9f9b83be66f19ac56f7010e8c7ab929c3fb83be739a79319a356cbf6b278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cf1c3421cd04431380cc6d0b5782cda8

SHA1
a63ae55b105f268b5f5e1c4efc8fef9d36aaaf4e

SHA256
cb967867905b35c4a74c8aa043c797ee76be0d06dda542fcff323fb90bce37e2

SHA512
9e42951e76fba20d43caae3308fe2ef617eecf1350d6fa6268504c11f1243f529ba396ed0cd2707c07d6a90a2844fa416fd464276bfed717524a0b33bfdd6384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
83075e13bb726421601e1b866393bda6

SHA1
119edd4fa507d57691c3e2bd63e858c7d08289f9

SHA256
bc446178853512b2eada588412d4ab9773134a06fb4c3e78e186f160f67a839a

SHA512
97f538ae5408a86de479b822dab59dd05764769d10ecfd9824e022d07ca80e13221a388ed8da6e4e0aa53edcc573e881314276f2dd90253c67d11eb6cd6bc782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a48d774b7b206d20899b869128f7fc48

SHA1
e80ca2bc46d99db4fd72dbf16fb12d04dc3d84bf

SHA256
676b177ba14184b4719c4ae70fa59366f2ee2da96bb003fceb9582c31627436c

SHA512
d94f50b345bfa5c38ef1d59795c073f89ac77de352ff5c74c4fba32f04c2e7423e5657c712d37f5ded6032c8d8316104cd39c926aefb6490008a16d0cb2755d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bdacdeafd1e8ffc2087733c27629bb57

SHA1
af961d615cd3b6ebee326c8c3620c9680e50ada9

SHA256
2cdb26ab038a3c1f8fddbd1ceef860be5538b177f276e58e7e6e3bbb8ffbe12a

SHA512
3e0f7d511457ac317e93424de82d7aab8b1837f01387155bc0aed3447feb49a4b314471b0e809e6bdaee43c7465560dc46a3dce6d67ee175fce94c581f978c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
42c8626f4910e4e6a41b93e73fb3fc2e

SHA1
162a8cea93a06fa78874dcd5213a1e0e86a108ef

SHA256
49568c1e3333c8cc29e83fc06c711ba62546589d7a8fddc0e1e7b28493f6057d

SHA512
30afa517e814c8fe252ea8a809cab743bfd005aa620ec4dd90050643cb42c5569486811cc26f1fd493a8c94c1d7de06dc0a01d0e65021603f0920ff49e6bca37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a48c0053ac864d0c78eaec7f5166cab4

SHA1
12542ba7bc3460b23a92093f5574b49483137940

SHA256
e3043bb6c43e5e505f2132735ddcbb774987e250844b2b1b7ff2774e4f30c03e

SHA512
5d19a71ab62fd92b9411c409e5866febe18aca67fda7f7e217e41118f0f66f35d38c8eddba89cee36aa4d2dccedb5804014e2941286d955eae8e7432c5a267a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fa1ed4e961ad27e987a2ea8faf54e05b

SHA1
43b27be7bfe75fe2b3faa712e379238b3f6ae491

SHA256
efed9f3d72b2b1cb5b08284214de38413977dec36c311e62a681f042fae14f55

SHA512
003dc2334373fb69dcbb1160de589b738570ccdf04fea9de7192cff92063d531e410d00efac1b5d59f363559cee3fa4e3d148e5a6f797a712c66ba70e26f9a21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d031.TMP

Filesize
48B

MD5
82d04d01c597461df813a6bcd7b0e536

SHA1
31c2768db9f9cb51cce647b4d4e2567b4fbcdca1

SHA256
43cca8fb5bc844c2fc40732c0c336f80fbf8bd72c140b3eb98107e949d3c7a81

SHA512
cd124c2b00d19077e2726fc234eba210bd33925c295b98380dd40c8aed98134e2064a8922b7728ea929ec685ced83e20ea87615d2c9906049fbace0e3a99b777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
298ba61857562fed3e48bbf9c4c66367

SHA1
1074100d7a45d046f0133e046bd588df048ecb9e

SHA256
3108f7052f0d3b170f2508e3ce77e4e966ffb66a7f7aafe98b3e87705ff82887

SHA512
179d8d9e66d481de0486bfd886135b020f754e2166313e8dd017e0eef4236cd4081ffd9f42eea105f97b71f217de4467a69db6ac87499859389d7f35a71bf938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
8e954d173937dceb5bdfb11e7a1e0caf

SHA1
bf5e4ff22e4b4a7f9d3ee79424b8ff14c7fa1820

SHA256
0f1a9e528a30e9365ba944624771ae25ed2701ff4b15c0caab0c14a0987507f3

SHA512
ecd1708e08c73a92b26788d7ddffa283f5cfb0825e90cbc84cab1423f0f21da4f5d3da5a7282363297c8d06c0ff11a8371cb142edf1921a5b1c58944bd2ac51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e222.TMP

Filesize
101KB

MD5
cd0d385a5aaa6b674c978548219ca254

SHA1
6de0f6bb72faf3dec32014b3e2e3147122feba8a

SHA256
e02bce41910c1473a709ddd70a771154d78de422baaf51e8b494372ae0f6c9d5

SHA512
21d77e8f61a5e443feb43ce5ebb0f4d9be0acd09361a8daa1849632f719569b5792689c5cdcc0b1951aec57cd9353a251b8334829f1488f2a192e03d8624fd60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Eletron.exe.log

Filesize
1KB

MD5
8094b248fe3231e48995c2be32aeb08c

SHA1
2fe06e000ebec919bf982d033c5d1219c1f916b6

SHA256
136c30d964f4abbb5279bdc86d0e00578333782f15f05f0d2d050730dcb7a9bc

SHA512
bf27a3822008796370e2c506c910a40992b9240606ea1bc19f683b2fee86b81897660ac0cf8e746ca093dae9e408949e2e9002ded75678a69f020d3b0452801f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f45f050f16ca66ab4ff0745684a92ae

SHA1
d22104c85040816d294cf83c96670d86dedbcbbf

SHA256
ac3d13a882d3c95288647ab2c30b6c176b2c223ce84fb3537ece449df182a261

SHA512
ddfe640fe9fb3f9f8ef94f1b233cd13a30fd9e9e631cfc3bca1c851f77b53a780d7bc052a3602b77869090c8bc8f0c93637ee89c8b5f4fe554033ac0ca71eab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e8aec2658bd1ae1ab5e33bda533ffb52

SHA1
a4f979402ab9306ab940b90b70f8554cbaba771e

SHA256
d9aa8c1498565e434b0717966424a0c99cf7f95d66ec9d9acd282ede1d5f0b8c

SHA512
1e480d289adb055f3c1a3b10bf779d988aa6960fc70179ab09685c7f0b98a0e79955834bdf7f7fc10286e6beba6bdc8f46e38607395e7a15029f95ac9129a467

Download Submit
C:\Users\Admin\Downloads\Eletron.exe

Filesize
229KB

MD5
bf77e23690fbd8a6a317f411ffb30e8c

SHA1
74fdc8ae5f285bbc384a7c1b3968139964ff9c9f

SHA256
5f92d2b23ae2df64a29281d7354cd8b1d512b854f52338c446553f0c5b140e5f

SHA512
ed3e9268f9a987d87af45fda8920e602c6b5cab8902c29f320e7c0d27687ab22c36b773f5ccf806c2edf169751d07ec1a15e550b18283b43bd220fa7a9265147

Download Submit
memory/740-456-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/740-454-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/740-455-0x000001CFE2AF0000-0x000001CFE2B00000-memory.dmp

Filesize
64KB

Download
memory/1552-329-0x000001E3168B0000-0x000001E3168C0000-memory.dmp

Filesize
64KB

Download
memory/1552-328-0x00007FFBAB6F0000-0x00007FFBAC1B1000-memory.dmp

Filesize
10.8MB

Download
memory/1552-330-0x00007FFBAB6F0000-0x00007FFBAC1B1000-memory.dmp

Filesize
10.8MB

Download
memory/2364-341-0x00007FFBAB6F0000-0x00007FFBAC1B1000-memory.dmp

Filesize
10.8MB

Download
memory/2364-342-0x000002026DEC0000-0x000002026DED0000-memory.dmp

Filesize
64KB

Download
memory/2364-343-0x00007FFBAB6F0000-0x00007FFBAC1B1000-memory.dmp

Filesize
10.8MB

Download
memory/2904-467-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/2904-466-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/4164-458-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/4164-459-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/4356-296-0x00000200B9850000-0x00000200B9890000-memory.dmp

Filesize
256KB

Download
memory/4356-300-0x00007FFBAB6F0000-0x00007FFBAC1B1000-memory.dmp

Filesize
10.8MB

Download
memory/4356-298-0x00000200D3E60000-0x00000200D3E70000-memory.dmp

Filesize
64KB

Download
memory/4356-297-0x00007FFBAB6F0000-0x00007FFBAC1B1000-memory.dmp

Filesize
10.8MB

Download
memory/5364-439-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/5364-438-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/5480-441-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/5480-442-0x0000022902CA0000-0x0000022902CB0000-memory.dmp

Filesize
64KB

Download
memory/5480-443-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/6008-433-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download
memory/6008-432-0x0000018CF56E0000-0x0000018CF56F0000-memory.dmp

Filesize
64KB

Download
memory/6008-431-0x00007FFBA9A10000-0x00007FFBAA4D1000-memory.dmp

Filesize
10.8MB

Download