gh0strat | 2e8a6d8e3f5e6fe16ba30fade1d097383fd8a408bd87220ed386ac61b3b7e79e

Resubmissions

28/02/2025, 07:53

250228-jq9jrawmv9 10

28/02/2025, 07:46

250228-jl5p1awlw9 10

Analysis

max time kernel
417s
max time network
845s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3293e67122b2a0f8bcdfb4bbc6576ac2.dll
Size

107KB
MD5

3293e67122b2a0f8bcdfb4bbc6576ac2
SHA1

bf3b11eca3ef68b591755febec08b189a27cf691
SHA256

2e8a6d8e3f5e6fe16ba30fade1d097383fd8a408bd87220ed386ac61b3b7e79e
SHA512

67d7b102077fe0f20ba502d45da7ec428322b9d0829e278483bd36ddfad925a2903c25c1bcc008954a4cd9b0eda68d7d1987edd2c1e022dbf1c7e813cce56c14
SSDEEP

1536:DbAJjSaBsyZ++i5FyV6pxPpzUsLSpc6P2fcOi1jToKAoSwzkK8:DbAJjS4lUZga5SppPgcOidToKAoSwQK8

Score

10^/10

gh0strat discovery rat

Malware Config

Signatures

Gh0st RAT payload 2 IoCs

resource	yara_rule
behavioral1/memory/2656-2-0x0000000010000000-0x000000001001F000-memory.dmp	family_gh0strat
behavioral1/memory/2656-1-0x0000000010000000-0x000000001001F000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
Gh0strat family
gh0strat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2788	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2788	WINWORD.EXE
2788	WINWORD.EXE
2788	WINWORD.EXE
2788	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 2196 wrote to memory of 2656	2196	rundll32.exe	31
PID 544 wrote to memory of 1772	544	chrome.exe	36
PID 544 wrote to memory of 1772	544	chrome.exe	36
PID 544 wrote to memory of 1772	544	chrome.exe	36
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 2304	544	chrome.exe	38
PID 544 wrote to memory of 3012	544	chrome.exe	39
PID 544 wrote to memory of 3012	544	chrome.exe	39
PID 544 wrote to memory of 3012	544	chrome.exe	39
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40
PID 544 wrote to memory of 2764	544	chrome.exe	40

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3293e67122b2a0f8bcdfb4bbc6576ac2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3293e67122b2a0f8bcdfb4bbc6576ac2.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2656

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef62c9758,0x7fef62c9768,0x7fef62c9778
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:2
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1212 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1308 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3784 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3972 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3740 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3724 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3836 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4604 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4560 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4528 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5044 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4652 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4804 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4868 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5716 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4760 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4676 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1420,i,12644552588208138719,225252426664824613,131072 /prefetch:8
  2⤵
  PID:3608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b902dc8291149c9281eaff38dd68cd49

SHA1
2b1074fa1825c04272e611674c5bf4443c2cd901

SHA256
2c0512811831b7c5ec7ed4e3c9e584b4110a96277d2b26f97c233917fb557831

SHA512
42ff8fce2401da3c06b38e96256ff08ecbeaa7884fc2387055f852f8e6d850c72e0b67eb9c46310d864c4ba2a02fda941c4736ebef9c22b4db66527f0f7545b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
87a2c666e8f430e239c723bbdbb6f7cb

SHA1
a505cbfc323cd23565009987bfc66c0f8ea35175

SHA256
8f33aad8ff6ed754b4754aba7cdfc32ac66a0854c7218c34c22d89729eadc444

SHA512
bf3dfc924ad176aaa16c64f7e20529253cacbdd5a9e6fb83c2d9c7cb552b741b1fd9209c444957652d2604daa32ac1476e6bd224b5ef9464ca123334736fa4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
db2621444292b85a3f869315a9c27f4f

SHA1
62a2759088eb77fdc43cd15088eaef888d9cbf46

SHA256
f050d97c73ffc383d61dc5826bc9f469b8839a09178f3943ddc5d73e864b8f82

SHA512
34215f642a27f8b4bad89d88dba482fed64dd012bb33676a9fbd26e755074acd69fdd7146f1124d1291a1ff5c4a4add0dbb1698e18fb8c59d578d25e2e110690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
370KB

MD5
11f64eed9d6ea6d521ada37290d89d57

SHA1
a9c33493113b1977e762bb3c4452cb56a92af69b

SHA256
05fa534531fe977d21dc1836c2874cf7a6c38a2e2403e970f340b1ff5b700eaa

SHA512
209ad1181adfac3ebb4909d51d2c72f10f0d4647a822816765dd9c70771062d201c002a1e61d479f66402e8e3b7973ddff9f610504934cc2f7223685a3431d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
335KB

MD5
a03782356d7b23d2e980cc0f380bd62e

SHA1
20c5a7bb165fab6e01a96c5cf30b0eab8d33c81c

SHA256
0830cc76d5e103c182789ba94980b468cd4df037e579627402fecf2521a48e40

SHA512
7d6e54049c802eb3340ca9a5edfe5b114deecedba4795607273ac023912a3a2971e96742a181495c7d4e6987f7cf75f4f322c32f4af2da1875324641499d0eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
352KB

MD5
2e59f5a492559b241dfbc6edb1efaaf6

SHA1
10a7aa8ff1890c41ae21d9fe54f3b8c11f743739

SHA256
ee59ddbc45be49bfd02e64a49cac2630bb10c77966c365cc5719d9f5ae131216

SHA512
4a4de29f0b9166882fa7f8c1a978e12e5bb42fec3a5609c4385b04a9380859df30913a00f943d5798774f953ca8e75e896bfeccfd820c1745bdaf36f110cf3a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
352KB

MD5
b5b024427e990ebc214cc64455eab454

SHA1
4e665e52482dfd102bef1fabe06095272c8110aa

SHA256
422ef17957d168011c937899215ea20e40bfdf8988a33c337478348e57819afb

SHA512
70fd71790f7b94b0e9176b08f9be5b1b2d94d4740ab88c487ce34395d8eb11bebce3c6fb079c23870e548b436a32356930fede9959daa070905c55b018aebb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\7cb4c2aa-0c25-45f5-b881-a1cc7951ff75.tmp

Filesize
189KB

MD5
1b24431e01cf8f31340f3d11f90e04e8

SHA1
05c92da5bce3de7550f85bb6ce1547fe0650d16f

SHA256
54d7f153b41091a7d9e3bc5de2cff2674c309598d8b5ef0bb347420e61333476

SHA512
14f5de62e6fb4983583da98f186ee040c42e06aabfd1a1b79aebefcc842f4f805fea065210222bae50cd28c5a3c66b84d4dce49d54c43d704a848300a32adcf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

Filesize
5KB

MD5
69f42e19cff8399a2ace01d9ad3e46fb

SHA1
1a3e9041ea5782eb35f5ca5360a19ed6fff315d9

SHA256
fb5a4f155351e8fc6d03d21bf7cefad19dcebfb397e58eec254968f280fda365

SHA512
e5e24fc81833aa8f7acab1e7230df757f21b293e296b2590508f96123027a99f7a3b6d583521a38cf4cc4810514bea82c7c8ad12d28f5f37e180603e619c40ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

Filesize
5KB

MD5
5449291d319584d310813750f50165dc

SHA1
21883dab288b875c7cc04022c4d837642d55489b

SHA256
5e634ff4164b152d2ffdd59302a27570477ec2ebe76f1b295b475cfac0c4053c

SHA512
115b0e2597c0b402442e43118b78c1cf1bf31e02a4276bedbfafcfa0521849a069dd944d7a48bdaf8793555164dfddd944d7b7bff5755e0abc34b670de2ab947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage__tmp_for_rebuild\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Preferences

Filesize
3KB

MD5
13a2c18d78ae12337a7180d4d64e09d3

SHA1
09cc8c7bd1e2849e9faa49ca0bbea91e97a125c7

SHA256
3c75b16ff64f67737cb161f1973708791f989173d25d3ae4bff6cc4836201460

SHA512
4b5dbfbf95dcb98cce4a370ff47ed6b00b94115e816914b30069d4a1f9c4489603a1b4bc76e08adeb2b44e493d2513a2716a66e1f21bda8631ea5267f6164964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Site Characteristics Database\CURRENT~RFf7bad40.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Sync Data\LevelDB\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cd0e9d08-1872-48fc-99fa-2f58a688cc01.tmp

Filesize
353KB

MD5
9c416532362cfe7896c964a6ed207849

SHA1
26db28db5da307df77ef8d61c0e376917c195a05

SHA256
92b6cd21235f5f870bb8f7679e53aa31948603346837ac8593e0d8d5fa331815

SHA512
edb88babd4437fb9e6e4eb6e78cda5e277ff673d314f925ed79dc71c06f88c3f72ed09c0236ba0c477eafdbb20d9f6006c860f1eb5286416c54e267c59a11537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir544_399512291\1b32a136-f539-41f2-a91e-af2d702253bd.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir544_399512291\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
19KB

MD5
e1358d7a7b7d96d327f83397c723f757

SHA1
e46cdbe2389777a12eb7bd1cd2e4da6ca043d6a4

SHA256
032e27f830927ea05f029aad2770d38620381912e3e8b3322791cc90f8b969ee

SHA512
951cfac2109213ccdb3836b59542a79a2f38b4abd63e083e33d022afc64849a8b86087053b8f26c03907b10020a939a4e5d3ff8d2b7829885e289b20569abe13

Download Submit
C:\Users\Admin\Desktop\Person 1 - Chrome.lnk

Filesize
2KB

MD5
bf3ccd555c30d73cdbfd4561a4e78853

SHA1
e8b80de133783f51adf3c1de61a8b36db686065e

SHA256
af6ff1b50cede9fcf228ccada10ca3db5b78794acdae0ab355e0e7d0733eb868

SHA512
c3a3081da28e9da53603c4d9e8829aafda2ad3dd53ba7f4a4fa45610467645d660d65fcc6b1c448ddc0a8ead3da3623489a435b77d4b4edf576e968fef7a17e2

Download Submit
memory/2656-2-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download
memory/2656-0-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download
memory/2656-1-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download
memory/2788-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2788-3-0x000000002FB71000-0x000000002FB72000-memory.dmp

Filesize
4KB

Download
memory/2788-5-0x0000000071A1D000-0x0000000071A28000-memory.dmp

Filesize
44KB

Download
memory/2788-23-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2788-24-0x0000000071A1D000-0x0000000071A28000-memory.dmp

Filesize
44KB

Download