hawkeye | 154c3a1d1e1a4213c0dbd5d4d21f983219626f5ed2eb824f3670394e6555c162

Resubmissions

21-05-2024 12:47

240521-p1bncsed5y 10

21-05-2024 05:07

240521-fr5qeaaa87 10

Analysis

max time kernel
127s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6220dbc17e6c4579e23a93c103344d04_JaffaCakes118.exe
Size

1.0MB
MD5

6220dbc17e6c4579e23a93c103344d04
SHA1

78e9640d470745acfb2648d56e35febc30f6e684
SHA256

154c3a1d1e1a4213c0dbd5d4d21f983219626f5ed2eb824f3670394e6555c162
SHA512

5c4fd1ea005b890debb0d5635073a45a5ec2a640a133b53b1dac8c554765b3f96c69fbbae619a6e8c12ee46079895e42b4bf79ec8c4b0f09ee12d377441bc583
SSDEEP

12288:0P+xop6MOkLy2L+J1cvFoTlGlWVp7dBhR82vkLnfOOim:jopEkO2m6vFoTEUi2vk1i

Score

10^/10

hawkeye agilenet collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
myrecords1248

Signatures

HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
keylogger trojan stealer spyware hawkeye

NirSoft MailPassView 5 IoCs

Password recovery tool for various email clients

resource	yara_rule
behavioral2/memory/2272-80-0x0000000000400000-0x0000000000484000-memory.dmp	MailPassView
behavioral2/memory/2312-102-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/2312-104-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/2312-105-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/2312-107-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView

NirSoft WebBrowserPassView 4 IoCs

Password recovery tool for various web browsers

resource	yara_rule
behavioral2/memory/2272-80-0x0000000000400000-0x0000000000484000-memory.dmp	WebBrowserPassView
behavioral2/memory/3216-142-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView
behavioral2/memory/3216-143-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView
behavioral2/memory/3216-156-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView

Nirsoft 8 IoCs

resource	yara_rule
behavioral2/memory/2272-80-0x0000000000400000-0x0000000000484000-memory.dmp	Nirsoft
behavioral2/memory/2312-102-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/2312-104-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/2312-105-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/2312-107-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/3216-142-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft
behavioral2/memory/3216-143-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft
behavioral2/memory/3216-156-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral2/memory/4628-2-0x0000000005320000-0x0000000005348000-memory.dmp	agile_net

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	vbc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\WindowsUpdate.exe"	RegAsm.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
124	yandex.com
125	yandex.com
126	yandex.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
79	whatismyipaddress.com
81	whatismyipaddress.com

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 4628 set thread context of 2272	4628	6220dbc17e6c4579e23a93c103344d04_JaffaCakes118.exe	117
PID 2272 set thread context of 2312	2272	RegAsm.exe	121
PID 2272 set thread context of 3216	2272	RegAsm.exe	127

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607692551168127"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
2272	RegAsm.exe
2272	RegAsm.exe
3216	vbc.exe
3216	vbc.exe
4160	chrome.exe
4160	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4628	6220dbc17e6c4579e23a93c103344d04_JaffaCakes118.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4176	4316	chrome.exe	97
PID 4316 wrote to memory of 4176	4316	chrome.exe	97
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2244	4316	chrome.exe	98
PID 4316 wrote to memory of 2768	4316	chrome.exe	99
PID 4316 wrote to memory of 2768	4316	chrome.exe	99
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100
PID 4316 wrote to memory of 472	4316	chrome.exe	100

C:\Users\Admin\AppData\Local\Temp\6220dbc17e6c4579e23a93c103344d04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6220dbc17e6c4579e23a93c103344d04_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4628
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"
    3⤵
    - Accesses Microsoft Outlook accounts
    PID:2312
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffd92a4ab58,0x7ffd92a4ab68,0x7ffd92a4ab78
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4596 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4880 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3224 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5044 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3884 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2396 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5092 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4296 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4968 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3984 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4484 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4500 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4276 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4348 --field-trial-handle=1892,i,7441528205287546888,2467898206472217433,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
394933f41181fa0cae0f37cf0fc6ff23

SHA1
4a66669d5d3f77f0bc05fde4d979d6b38f282455

SHA256
588e233cab859eda60b55a0a2a71bda40e6b640eb4528d2dc24394d99a1af2c8

SHA512
88ad55c4cec74bbc4e33256790e3a0674eaf29dd0c5896e73c10141547634c07df7c362ecde28b361e4df4c0e30ed698a5dc0654a9fe0bdbda9d5583cdb06b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
85d8a106fbfe3617e97c452981a9fdcb

SHA1
1adddbfcf0b6322fcadac13f67a19a284fa1984a

SHA256
52f949db2d7c5947eff35c9adb8d53bddc3c850c6dcab775f54c67df7b189dc9

SHA512
43c93122dae1a2420a3471845afed9e730f25b67bfe7553af09c8e24459cdf553e0e4e0bd1bc7cedff786b7d3569c32c43f55c16a1d6cb291d6cbbb3dc5903d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
587066fb96ef1e88c98b7beaa476deb5

SHA1
9f6f93f93a581654f4dce8c07a92a82b4328e449

SHA256
8ce2321dd63374a29d8a37e13ccfb106b7dcaf1426c4963d634a9de85a8305ef

SHA512
ec63da8040d69db50980f54f51c5ad639f55fc85b89fd61dada76bc03022e87690277a6f69c6280da59d1a5b549e4530a436139c0144a189ad724d7e14bf6f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
88dc05f4b30c9c550225d65c8d7e0941

SHA1
ba3a266adb52c32b1c1dbdf1d73d19d51a6140bf

SHA256
b9b6321be89cb2ae3014755de1837bfe57331b2214fa65a05adaa5b07d5b0048

SHA512
eab5d4674f2b31343470fc8363392b1d3da747957650093e8a55b0accdcc942eb0fc98f561e78287398810126348593bc0efc2b8e036f816d52928d28c95b42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5e57fb1a4d04054ac8c1ba8d7601ace8

SHA1
9d8d14a53e2138fbd6918a37a5032ad93688b492

SHA256
4e177a6e48fe95934ecb3c880f5fdeab225ab3040bfb1856b61f46f0712e2b9f

SHA512
8b8b87d96408b9c2f2addfdc415a1f560ab1376b85ffb807605d3b8d2298ef13ccbd4eb98439aa44b94e8034bf0c1eba3128bff8bfede4e1a0ffcec023f805bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
62131deda5f57a1a20663a86bd7f432d

SHA1
8460116913fc3f9f8fadb4000237fe3a242188fa

SHA256
6f7dbcd30611ecbcfee8a21a1b68a20265d3ee18e012606701989360083a1852

SHA512
cb66795bfbe5bbd04e0dc8dabb9c69c6736dbdc02305fd5f818d0518529ebcc92e7055e4a7b9a86d8feab1c395e9d899b063c2213d1a5121343b54a43d46c87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb082c0dab5f3477f4bc86c53b65255e

SHA1
67ef0467064346075981cb8f4185f8e725cea07d

SHA256
5efefd3b087587af201bbdae3566fd95bd3b471ba56eaa60c67c6bb7e1694e17

SHA512
18d161bffca4740643967df32df681b8ed543a34d01efe2ac0e04d49e831783a56edc17a054374bd027eb859cf328b871c27a8438eec091c36f482b24d4c0726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8310ef1bc9289073433cef62c8e43120

SHA1
fe4deac6b6fba299dfd741f861c3cda1eb021cce

SHA256
52ac7e578e88ef6c87f7e0a957c06c325af7f3ae2c955a1769e58f76dc1e609c

SHA512
ddcef42c0e1d6a9f29da4ca6c8abb14f07a4a348bbfa52de34b5ad00ad1ac09b9a8576d616bd4a0e179e83065abb497ddcf2a00580b954dff7d7eb458b03eb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3be46972c96003e737325b97981fafc7

SHA1
82c1e9e68460e05f638b3eb34f9cff4c81637e61

SHA256
6df97283907638dd3df88900ed2f063dedb578e9317daf5f8284db986990e8dd

SHA512
bdd8bcaf13b49fbe3be4ab4570b3a801911154766a8d3ab199d47df71ec1131d2fc0f638233fea67b8bd12c6b810aa2052163739f8dc0b5f1ba59fc3b60e527f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f418c148a52e1e88ad327d3fa7689020

SHA1
843c510b7662bc45bc635aa46889a494b67703bc

SHA256
7b78d24fb1b304d35b4e0deabf6469dd71702ea9dccf43ca048b6a0ea90ef079

SHA512
8f84258451bb52034473b03ebfd6ed7b6b5bd4a1d543b35772c6f697276e07a52e16ad175f47dc6133bf3e32220d2ec7c216af170501d987f3acca697d773d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a7bc6e268a64aaa0823b76f5ae8f2d84

SHA1
535c8e71908e121a35dd37bf755ade52f6355cc4

SHA256
b42d249ec2306be3a0ee205d71afbeacfc08206f909db00940fa0fcb112a900c

SHA512
b2c06c907ed7dcbe04762c3d47a4d0973e8d6a94d8791f779b51ba6dadc98ee36e9c71b7258d06a0fd94f3c9864736a603b2283057c0dfa103586b4bb5042205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
90fc46841a55b4ef230c081db0d00926

SHA1
b114dfa21eb6e9282c31302a3f777ab188011ad7

SHA256
09797550968b94c7bc0c2e197bb71cce47c8bae605c20f20ffbaa25a3f31e781

SHA512
934f23061529f128e02cb891ec49d8357c13954413efa6c125d494005bebf2158d2666b14686bf45cc5523e08c484f21adfff2dda26963d6bc11129432ca5935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8371ff9c001a4d11e88f77df05ab7757

SHA1
6a91c1786966b5108fad23fce99a898a72319c40

SHA256
7246c1a354a1b2446be348fd327a888e427d87823d580262994423b0eaaa9368

SHA512
025bb64ff944067a968af4badd46d7d4d1d51719a83967d976a194e7074097ed337b7562a7e4210d8a8951997ec5f77bffcd20c9aecbdffce7e2b26759206dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
f8bc0a9b67a7f6507517f5996954cdd2

SHA1
01c41b54b63d9f3fe44b610b0ed3d9cd543f5ab5

SHA256
ce924cbe419a919cda6b805e5adc88b0ac5276cd883e4c883115419b1b9fbb92

SHA512
650e3c7fc0ab4fbb0873418d0e0a1b036404ea7daf03e17507435f7d1d0445704363a185bf6027ab7005b6d29faa6809cbdb2e72763ad90be4bb216eaaa87df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
0becdd0810de0ddf2c508371f7f350b8

SHA1
bbea4bf2d208fde0b213cfefaa1a60af5ba691ea

SHA256
0674295968a170783cec9c9db7c9d86b0476df4db15281b149f260e70d203901

SHA512
684fb6d83ad093492079754914094908d36ebefba8f3180cdda21875cb2705f8a9499564eb846e1991b7a8a69c0ac22233b6e3dc0b4edb92c6721822b735301c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
ba959678d381d3ad3f1d26a3f060fec4

SHA1
ab89b6d20ee5c6d38f10cf1d5af7b06bdc0542bb

SHA256
74f096455f9f686a61c030285c6f79387689739cdad73c62902fec3dcf12e76e

SHA512
b3def5425d263d958477bb10304b03882950e8a43f6ebab3a94c38473afa81c35cbecf3d7de27160d1d5b8f4baf8ccc6c18c4f9c9084bb9c74b387536ca1a7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a111ec89-c60f-4d28-81ed-b40abb705d42.tmp

Filesize
259KB

MD5
e061d6a6b529c2a8172849acec05ffca

SHA1
4a154977bc1c3ea13af21df0c1594aa402a8ad44

SHA256
52f3487ff486b92ef338a36483cdfa97b97aca154b1418e3c378d09d18708550

SHA512
403d3f4f93b279434d7031e8c3ec33ed6c1c1db3a14fd7cfe616afe8c8f8ab931181446baa8dffebbde7743a9f7e561f287ed55413de519e59847624da56508a

Download Submit
C:\Users\Admin\AppData\Local\Temp\holderwb.txt

Filesize
3KB

MD5
f94dc819ca773f1e3cb27abbc9e7fa27

SHA1
9a7700efadc5ea09ab288544ef1e3cd876255086

SHA256
a3377ade83786c2bdff5db19ff4dbfd796da4312402b5e77c4c63e38cc6eff92

SHA512
72a2c10d7a53a7f9a319dab66d77ed65639e9aa885b551e0055fc7eaf6ef33bbf109205b42ae11555a0f292563914bc6edb63b310c6f9bda9564095f77ab9196

Download Submit
memory/2272-83-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/2272-101-0x0000000009090000-0x0000000009098000-memory.dmp

Filesize
32KB

Download
memory/2272-89-0x00000000087B0000-0x0000000008816000-memory.dmp

Filesize
408KB

Download
memory/2272-86-0x0000000005560000-0x00000000055B6000-memory.dmp

Filesize
344KB

Download
memory/2272-229-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/2272-227-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/2272-85-0x0000000005330000-0x000000000533A000-memory.dmp

Filesize
40KB

Download
memory/2272-84-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/2272-80-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/2312-102-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2312-107-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2312-105-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2312-104-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3216-156-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/3216-143-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/3216-142-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4628-69-0x0000000006440000-0x00000000064DC000-memory.dmp

Filesize
624KB

Download
memory/4628-82-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/4628-0-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/4628-68-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/4628-67-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/4628-5-0x0000000074B90000-0x0000000075340000-memory.dmp

Filesize
7.7MB

Download
memory/4628-4-0x0000000005580000-0x0000000005612000-memory.dmp

Filesize
584KB

Download
memory/4628-3-0x0000000005A90000-0x0000000006034000-memory.dmp

Filesize
5.6MB

Download
memory/4628-2-0x0000000005320000-0x0000000005348000-memory.dmp

Filesize
160KB

Download
memory/4628-1-0x0000000000950000-0x0000000000A56000-memory.dmp

Filesize
1.0MB

Download