hawkeye | 61f954a1c4e16eb74c56fb3104bd3d835a298416a133988ad4900f4569aca8d5

Analysis

max time kernel
150s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-04-2024 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe
Size

5.8MB
MD5

e0ad1b070ad9c0430f491d07c2708484
SHA1

f36de48706a23f38d7b3fa070d8948dbc9ac3491
SHA256

647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712
SHA512

d7bea99b6595f75c0a448d93f8a1394d93a23d88933d3d26ba4c141faa69f9d87a18cf0535cb9e0e3016ad9067ade5320fc0171e7bbe84a42989bfd2f6c25ef9
SSDEEP

98304:AuBV+GvjiaLzY5lk+Ar+fbleEfho0b6s0LSvIragO0fMvU/5Lf62LDY:AbGvPE5Ca183

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Malware Config

Signatures

HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
keylogger trojan stealer spyware hawkeye

NirSoft MailPassView 9 IoCs

Password recovery tool for various email clients

resource	yara_rule
behavioral1/memory/2684-9-0x0000000000400000-0x0000000000488000-memory.dmp	MailPassView
behavioral1/memory/2684-11-0x0000000000400000-0x0000000000488000-memory.dmp	MailPassView
behavioral1/memory/2684-14-0x0000000000400000-0x0000000000488000-memory.dmp	MailPassView
behavioral1/memory/2684-17-0x0000000000400000-0x0000000000488000-memory.dmp	MailPassView
behavioral1/memory/2684-19-0x0000000000400000-0x0000000000488000-memory.dmp	MailPassView
behavioral1/memory/2188-36-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral1/memory/2188-38-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral1/memory/2188-40-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral1/memory/2188-42-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView

NirSoft WebBrowserPassView 8 IoCs

Password recovery tool for various web browsers

resource	yara_rule
behavioral1/memory/2684-9-0x0000000000400000-0x0000000000488000-memory.dmp	WebBrowserPassView
behavioral1/memory/2684-11-0x0000000000400000-0x0000000000488000-memory.dmp	WebBrowserPassView
behavioral1/memory/2684-14-0x0000000000400000-0x0000000000488000-memory.dmp	WebBrowserPassView
behavioral1/memory/2684-17-0x0000000000400000-0x0000000000488000-memory.dmp	WebBrowserPassView
behavioral1/memory/2684-19-0x0000000000400000-0x0000000000488000-memory.dmp	WebBrowserPassView
behavioral1/memory/108-45-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView
behavioral1/memory/108-47-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView
behavioral1/memory/108-51-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView

Nirsoft 12 IoCs

resource	yara_rule
behavioral1/memory/2684-9-0x0000000000400000-0x0000000000488000-memory.dmp	Nirsoft
behavioral1/memory/2684-11-0x0000000000400000-0x0000000000488000-memory.dmp	Nirsoft
behavioral1/memory/2684-14-0x0000000000400000-0x0000000000488000-memory.dmp	Nirsoft
behavioral1/memory/2684-17-0x0000000000400000-0x0000000000488000-memory.dmp	Nirsoft
behavioral1/memory/2684-19-0x0000000000400000-0x0000000000488000-memory.dmp	Nirsoft
behavioral1/memory/2188-36-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral1/memory/2188-38-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral1/memory/2188-40-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral1/memory/2188-42-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral1/memory/108-45-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft
behavioral1/memory/108-47-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft
behavioral1/memory/108-51-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft

Executes dropped EXE 5 IoCs

pid	Process
2440	svchost.exe
1040	svchost.exe
1764	svchost.exe
2892	svchost.exe
2668	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe
2440	svchost.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	vbc.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	whatismyipaddress.com
6	whatismyipaddress.com

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 1248 set thread context of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 2684 set thread context of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 set thread context of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2440 set thread context of 1040	2440	svchost.exe	42
PID 1764 set thread context of 2892	1764	svchost.exe	52

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
588	schtasks.exe
1316	schtasks.exe
2304	schtasks.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe

Suspicious behavior: SetClipboardViewer 2 IoCs

pid	Process
1040	svchost.exe
2892	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2684	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	30
PID 1248 wrote to memory of 2440	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	31
PID 1248 wrote to memory of 2440	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	31
PID 1248 wrote to memory of 2440	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	31
PID 1248 wrote to memory of 2440	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	31
PID 1248 wrote to memory of 3008	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	32
PID 1248 wrote to memory of 3008	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	32
PID 1248 wrote to memory of 3008	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	32
PID 1248 wrote to memory of 3008	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	32
PID 1248 wrote to memory of 324	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	34
PID 1248 wrote to memory of 324	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	34
PID 1248 wrote to memory of 324	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	34
PID 1248 wrote to memory of 324	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	34
PID 324 wrote to memory of 588	324	cmd.exe	36
PID 324 wrote to memory of 588	324	cmd.exe	36
PID 324 wrote to memory of 588	324	cmd.exe	36
PID 324 wrote to memory of 588	324	cmd.exe	36
PID 1248 wrote to memory of 884	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	37
PID 1248 wrote to memory of 884	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	37
PID 1248 wrote to memory of 884	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	37
PID 1248 wrote to memory of 884	1248	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	37
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 2188	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	40
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2684 wrote to memory of 108	2684	647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe	41
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 1040	2440	svchost.exe	42
PID 2440 wrote to memory of 2080	2440	svchost.exe	43
PID 2440 wrote to memory of 2080	2440	svchost.exe	43
PID 2440 wrote to memory of 2080	2440	svchost.exe	43
PID 2440 wrote to memory of 2080	2440	svchost.exe	43
PID 2440 wrote to memory of 3000	2440	svchost.exe	45
PID 2440 wrote to memory of 3000	2440	svchost.exe	45

C:\Users\Admin\AppData\Local\Temp\647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe
"C:\Users\Admin\AppData\Local\Temp\647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe
  "C:\Users\Admin\AppData\Local\Temp\647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"
    3⤵
    - Accesses Microsoft Outlook accounts
    PID:2188
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"
    3⤵
    PID:108
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: SetClipboardViewer
    PID:1040
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C mkdir "C:\Users\Admin\AppData\Roaming\svchost"
    3⤵
    PID:2080
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
    3⤵
    PID:3000
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
      4⤵
      Creates scheduled task(s)
      PID:1316
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\svchost.exe" "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
    3⤵
    PID:2060
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C mkdir "C:\Users\Admin\AppData\Roaming\svchost"
  2⤵
  PID:3008
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:324
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
    3⤵
    - Creates scheduled task(s)
    PID:588
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe" "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
  2⤵
  PID:884

C:\Windows\system32\taskeng.exe
taskeng.exe {735ECB7E-D019-45D8-9D82-74131DE249AD} S-1-5-21-3787592910-3720486031-2929222812-1000:HSNHLVYA\Admin:Interactive:[1]
1⤵
PID:820
- C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
  C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1764
- - C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
    "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: SetClipboardViewer
    PID:2892
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C mkdir "C:\Users\Admin\AppData\Roaming\svchost"
    3⤵
    PID:2972
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
    3⤵
    PID:1556
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
      4⤵
      Creates scheduled task(s)
      PID:2304
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C copy "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe" "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
    3⤵
    PID:752
- C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
  C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
  2⤵
  - Executes dropped EXE
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scripting

T1064

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Scripting

T1064

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\holderwb.txt

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\svchost\svchost.exe

Filesize
2.4MB

MD5
13b0e0abeedf03b35d4c3e6cc3232efe

SHA1
5fcd91ca04524c885c8f1a1dc796dab061b9500b

SHA256
5ae59030722d7f1fcf6177f38d7ecee2c8abe7fe98cf6c872931fc08b7ddf6d0

SHA512
5296488219b2072de7c3a8424c1db25e68dd5c0cd16e2cfa4271a30a7291e2a95b0b7b9080480c0c4e4dd2fbe23afd1c1843b4e398298998348a120c40e0f535

Download Submit
C:\Users\Admin\AppData\Roaming\svchost\svchost.exe

Filesize
256KB

MD5
548ab1d9c1de303aa077e440213c0b60

SHA1
c5ee66a716f613860b2f0e96fdf7c58a0888548a

SHA256
dcb354c25af6e255766b8316b0f802667f4510bcde025a2ee82708563173c92a

SHA512
d1497b61588beacbb54ef63e769b12bfb0c2a4f66cbd93e192dd66381f12d9dbf0cde7bfbe3620b79adf9d42dd3146691f0618179c9f96faf2262659e386b8f3

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
3.0MB

MD5
646f6ea76cd0f29d4c2d6b0c8935e39e

SHA1
59962777a41b8ca3dfd0c40147e013a3a6d9bda4

SHA256
0f71486baf108292e78215a8ca9643408664ecf173a6d556185c784297fc2ac5

SHA512
480044c8f611ead3ba8351f4e580fe191f3b7a8dfa2ab513a3caf6a3927d9997d9a3c77ae2e26c7ffa26d1569d8d2ecec235deca23b389b491237a1cca5d9442

Download Submit
memory/108-51-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/108-47-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/108-45-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1040-77-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1040-76-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-58-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-56-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-60-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-62-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-64-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1040-83-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download
memory/1040-82-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1040-68-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-69-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1040-73-0x0000000000080000-0x0000000000098000-memory.dmp

Filesize
96KB

Download
memory/1248-32-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1248-4-0x0000000005860000-0x0000000005BE6000-memory.dmp

Filesize
3.5MB

Download
memory/1248-1-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1248-2-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1248-0-0x0000000000ED0000-0x0000000001496000-memory.dmp

Filesize
5.8MB

Download
memory/1248-3-0x0000000005020000-0x0000000005060000-memory.dmp

Filesize
256KB

Download
memory/1764-87-0x0000000000DD0000-0x00000000010D4000-memory.dmp

Filesize
3.0MB

Download
memory/1764-86-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1764-88-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/1764-106-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2188-38-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-36-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-42-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-40-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2440-52-0x0000000000470000-0x00000000004B0000-memory.dmp

Filesize
256KB

Download
memory/2440-54-0x00000000001F0000-0x0000000000208000-memory.dmp

Filesize
96KB

Download
memory/2440-27-0x00000000010A0000-0x00000000013A4000-memory.dmp

Filesize
3.0MB

Download
memory/2440-81-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2440-44-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2440-28-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2668-110-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2684-29-0x0000000005170000-0x00000000051B0000-memory.dmp

Filesize
256KB

Download
memory/2684-17-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2684-39-0x0000000005170000-0x00000000051B0000-memory.dmp

Filesize
256KB

Download
memory/2684-35-0x0000000000A70000-0x0000000000A78000-memory.dmp

Filesize
32KB

Download
memory/2684-50-0x0000000005170000-0x00000000051B0000-memory.dmp

Filesize
256KB

Download
memory/2684-43-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2684-7-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2684-53-0x0000000005170000-0x00000000051B0000-memory.dmp

Filesize
256KB

Download
memory/2684-9-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2684-20-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2684-19-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2684-11-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2684-5-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2684-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2684-14-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/2892-105-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2892-102-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2892-107-0x0000000074030000-0x000000007471E000-memory.dmp

Filesize
6.9MB

Download
memory/2892-108-0x0000000000650000-0x0000000000690000-memory.dmp

Filesize
256KB

Download
memory/2892-104-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2892-97-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download