hawkeye | 40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe
Size

610KB
MD5

cbff403de61e81792b6a6985d113f588
SHA1

ca2b0aa201eb717b506df77c180cec5717eb3a9e
SHA256

40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745
SHA512

5c3b4b2a17de18008ca313fd374472bfd00b4818d3f2157ab703261ae89601a4d656d34081d21758eeac8e1438a838ae74db43cc29cb0306ad5bd70d666aa80a
SSDEEP

12288:iDfY2d53bC+BSPRrZ9hh0LTAw1wQSRQqw/b3JuvQxoAPDKCn9AMxg:+fgFrih1wQbH4QxoAPF

Score

10^/10

hawkeye collection discovery keylogger spyware stealer trojan

Malware Config

Signatures

HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
keylogger trojan stealer spyware hawkeye
Hawkeye family
hawkeye

Detected Nirsoft tools 9 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
behavioral2/memory/3768-3-0x0000000000400000-0x0000000000488000-memory.dmp	Nirsoft
behavioral2/memory/3188-17-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/3188-19-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/3188-20-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/3188-22-0x0000000000400000-0x000000000041B000-memory.dmp	Nirsoft
behavioral2/memory/3604-23-0x0000000075330000-0x0000000075AE0000-memory.dmp	Nirsoft
behavioral2/memory/1900-26-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft
behavioral2/memory/1900-27-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft
behavioral2/memory/1900-34-0x0000000000400000-0x0000000000458000-memory.dmp	Nirsoft

NirSoft MailPassView 6 IoCs

Password recovery tool for various email clients

resource	yara_rule
behavioral2/memory/3768-3-0x0000000000400000-0x0000000000488000-memory.dmp	MailPassView
behavioral2/memory/3188-17-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/3188-19-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/3188-20-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/3188-22-0x0000000000400000-0x000000000041B000-memory.dmp	MailPassView
behavioral2/memory/3604-23-0x0000000075330000-0x0000000075AE0000-memory.dmp	MailPassView

NirSoft WebBrowserPassView 5 IoCs

Password recovery tool for various web browsers

resource	yara_rule
behavioral2/memory/3768-3-0x0000000000400000-0x0000000000488000-memory.dmp	WebBrowserPassView
behavioral2/memory/3604-23-0x0000000075330000-0x0000000075AE0000-memory.dmp	WebBrowserPassView
behavioral2/memory/1900-26-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView
behavioral2/memory/1900-27-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView
behavioral2/memory/1900-34-0x0000000000400000-0x0000000000458000-memory.dmp	WebBrowserPassView

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	vbc.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	whatismyipaddress.com

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3604 set thread context of 3768	3604	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe	85
PID 3768 set thread context of 3188	3768	RegAsm.exe	89
PID 3768 set thread context of 1900	3768	RegAsm.exe	91

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133828167420371481"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe
3768	RegAsm.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3604	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3768	RegAsm.exe
Token: SeDebugPrivilege	1912	taskmgr.exe
Token: SeSystemProfilePrivilege	1912	taskmgr.exe
Token: SeCreateGlobalPrivilege	1912	taskmgr.exe
Token: SeDebugPrivilege	4724	taskmgr.exe
Token: SeSystemProfilePrivilege	4724	taskmgr.exe
Token: SeCreateGlobalPrivilege	4724	taskmgr.exe
Token: SeDebugPrivilege	1284	taskmgr.exe
Token: SeSystemProfilePrivilege	1284	taskmgr.exe
Token: SeCreateGlobalPrivilege	1284	taskmgr.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1284	taskmgr.exe
1284	taskmgr.exe
1284	taskmgr.exe
1284	taskmgr.exe
1284	taskmgr.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
1284	taskmgr.exe
1284	taskmgr.exe
1284	taskmgr.exe
1284	taskmgr.exe
1284	taskmgr.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3768	RegAsm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 3768	3604	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe	85
PID 3604 wrote to memory of 3768	3604	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe	85
PID 3604 wrote to memory of 3768	3604	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe	85
PID 3604 wrote to memory of 3768	3604	40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe	85
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 3188	3768	RegAsm.exe	89
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3768 wrote to memory of 1900	3768	RegAsm.exe	91
PID 3644 wrote to memory of 1764	3644	chrome.exe	100
PID 3644 wrote to memory of 1764	3644	chrome.exe	100
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 3924	3644	chrome.exe	101
PID 3644 wrote to memory of 4860	3644	chrome.exe	102
PID 3644 wrote to memory of 4860	3644	chrome.exe	102
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103
PID 3644 wrote to memory of 4912	3644	chrome.exe	103

C:\Users\Admin\AppData\Local\Temp\40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe
"C:\Users\Admin\AppData\Local\Temp\40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"
    3⤵
    - Accesses Microsoft Outlook accounts
    - System Location Discovery: System Language Discovery
    PID:3188
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1900

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4724

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1284

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:4780

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff92bc9cc40,0x7ff92bc9cc4c,0x7ff92bc9cc58
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3708,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4388,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4692,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3372,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3352,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5324,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4660,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5416,i,14400629393371248244,14364451253671005862,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a8737ed058e1cbfd_0

Filesize
289B

MD5
fa0c6bc846122f37b13bfa78fab40c41

SHA1
1760e33dd1d1b6282d80ac145a25e33a8bb0a509

SHA256
64f2917847ba1cc8c38ea0f88db5ead1ca8fcc75e8e4295860cb08ef422e0995

SHA512
9344c1a184fcde9aae6a375b9c987062a4690027493d8efa6249b7c59178bb7fef66442f4e0640f4d1192c4a3e59c31d5ad0fade998d3b118b955008beb235cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4fbdd444acfaa58_0

Filesize
377KB

MD5
abc567a1b9c48b8052282afdf2e51145

SHA1
7035b5ffe74434bf9a6c297573f1045c9c602dba

SHA256
15b9eae09f8370c857a570e42baf59846f228ee867353e1274793eb08d9fb3fe

SHA512
e53b8d5f66dd6ef36241964c1c2c1d328a69c2f42418ff9ee4b8f61f027ee784ac25542bcd444f1194c3456eb10ef3a8b1440e611d0c8b2436dbcd62e5d05de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
aaa1e1309978e797d5c0d90e5dfbd07e

SHA1
bbb6bb2356ea8143d7d532840507e0a7e1e5d820

SHA256
e3b19f0ac8e6ccc7d34898cf6972b336a88bebe0ca365ff7e8e2cd817fb1f964

SHA512
bc56b9f7182b07e8181465c432c3f4312c82e5cc1688dba34b85bbdf84924008450ffa08d7cbfa58cda1e33428ef86f28fbc0db4672db285492f380e26f5dbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
d3c61350080083fb1169027ac0223357

SHA1
72aa538bd926f44f12f87571dd3cc351cc2deaec

SHA256
628c7c465bfe27f8bcc9895370f2f75998e3d63f3659ffb0b97983fc0e5bbac6

SHA512
92c56278f2dec33f36e0d51a12915133b3e11b87bf6874c4be9d8a8282dcf43c901083560f1d5dcb3735b1729e246935b4259910228f8bfdc616e5b9afb1f7cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
736dfedbb91c85ffd21826d65a1207ec

SHA1
3a059bcc311a8cb1e8743b0fbded05e34936bea8

SHA256
94014649aea2eea3eb940975ab99908469d9e33b4a13b1672cba961fed6283ee

SHA512
09f0c876ba643ad3ad78844ccf072bbfb94d66ed400da43af6a00dd45b9116b7d5c6fdd6d8f85bb920d459a686449898fa110c16843cb4f2b646312837bc2df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
23513cade35ad83f9a6e2891dc3a0a63

SHA1
f35e4911f56c3f5a3673513a1a6ad758f6626fe5

SHA256
0b29668316a4642f61e3e02a04fee8940e2346a2c8b73035e5799076b1d494a0

SHA512
ba6e0222a578ae38364032006a10ea0d681b7a636c981249c334d11ddb4aa10a38da263fbfb302db33229be7036fb7516bc043104ff96116f3a690ce39276d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
500de2949667b0fd19d2e929985fb4f1

SHA1
d6f6e8e87a26fcc9f58d1aed6097f781581fb01e

SHA256
b3f4d41ceb9ab75c8e814f0aac0e05e244376469944b2bfd0775e1f9a2216198

SHA512
a25075d624820d4a8a9700c9bf703b74615423eb6d07d1165c1e64857aa9a500f27035709a5c55b68f10df8359d64f4d3f0c4a632f4e37ea49d3cc1d1f8b8172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8cf65a8c89c68353214b1dd6ff74cde8

SHA1
abf6c550310819af73d1c53c3ca28f347010b81b

SHA256
5aad7620e9413b450de4ae98cd9a7fc133ce787df57cb11521ed027c1a87f67e

SHA512
daf142cc105439e3d36c226394ce2e6d2c3c954c98bc3b21d0501d1bb00e99483c08357a7fdd21d6efa94322e0b3c2260b7cf2df37d54fa3fb3370cfbbdc1383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02c9cb6a688c9cbb267ed532531845ad

SHA1
0cc75dc298dec9609ec3e923a138b75e0ffc2e48

SHA256
4fde93022a58cf8cc7205602fcaee8988938d4ad01944ba57a852ca707b14a72

SHA512
7af95c2df83f59c19d24bc2381c6d30159cb1519b28c50c056477a30dfd722d0194f303006ce84f0db962b3142e00bc2919d531040e6a329d8d8684a4b2ac769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03c5ffaee09187e65651a377f048b76f

SHA1
e786259620829867d8a29c7361906b919569486f

SHA256
c5d40d512b879a064bb042270e2e0d5fe53cbdf42bf44f60aaac4cbd34b43f87

SHA512
c484522f6d70bc4e48cb38f8d0dfb1f9748c675c62de155ecfab974b0bcfb2ae43426d82ae5af16b02f4235df85cfa89fe6f7ce86998381c6f0b47d8fce7bae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c29207c9075fe6268c639f4e9d03a664

SHA1
58f52c53516d9d3a91bbf230b75b912bfbc3959f

SHA256
57432bbb7ef5aea0a8801737b112220bffd1e83a54f58a120e3669441382a940

SHA512
b73a6c01247bcd55dc2094ce649f8d2a4f403b2228620b719537e5e9b0fc31ea161fa2e8c8246cf74f52a4af6afeb8d92e13cbf3301166d57d88a956fd42dd4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c6ed55f2f9a3bdfdd49c556ee589dd5

SHA1
d0cb50c4d0bf81cb352e136d85bb0a21640ce669

SHA256
1eeaf9100700b923ff13901d9beef35e34f0aa659b1cb5b183fed8d0205299ea

SHA512
48d25e6dae1186912b9c2e884c8de433e9147d32f13b199b900e0ac3eacade5244d3472079b9de215ec2ccd501eed4b8dbcce0abb0dc6c7888a4ba7beba06a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d87e8c086903515fd6fe68278b010af

SHA1
593121ec0ff95bf45cfe66a26503baec33acad9e

SHA256
d54adab22200c24848aedfee89562d90b48b06c11487594fb30178bd027a8328

SHA512
c3b132fdb6a763c60acd2b1b5ae6d509e1e7ba9fd3ff654d71dfdaa42c05ec1f293d989ccae6528432026f7f7f0a87680221ca2e1bc8665707d4b0f84ae30587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
292c9ecf530fd14cd67857d566a72b47

SHA1
e5181e765d5e599f580cfb1522e0001b0bc1954c

SHA256
a08135674c29f0b8080637b594e8095b72af44405611ad22f75e7887fb7af3c2

SHA512
04faeb45460eb9b5dd97b42d90d974ef78c8669a7ddb4adddd808c7ceb860cfd674fe19b35e741ecd1c509399958cfab5257f95232649f5af2754b136979b64b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
41701dffa2208a02517180c3fe990bf0

SHA1
d54da1ec2e01611a7bf1ec733d54a140f976611b

SHA256
ef3fea8759446b0106e0d151f96737a35504a90e8b949493d35fcc23aba03e3a

SHA512
ccf3ab81ed2f77f8b965feb6809385853aac62c2dc79bec261f1ae14a70870e14ba7d657900eab9da901efa42ab4eac4d516dccc4e4614545c6c3751d0766cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
b84c9a8a461952793a3dd5c30b58438a

SHA1
d0d2050cc5be329789898f075d469455c54e7b18

SHA256
358fa0f027629f456392445fa74c7f1877cc092f78c46d1ea2e8b5b2cefc0751

SHA512
945925193a3b5b50b0ffc4c257aa123701c359edaa8c7f3d2940ef8a584e405cea60171b2cbc6d8bd276145ea0aeefef8f1b4e533123bdf540285c2a5a464fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
f35e70ccee1920f096e5a3eaa31267f7

SHA1
51d24a177f0ee3fbd64a58ba15cc0a39c9f8eb2d

SHA256
906f5bb4f311013f9f6d642aab6ebe8651078f2c455de9cccaf4e86fea6946ef

SHA512
18ff47cb901049f3246b9b82481ada1820e3a9be80fee19ad9a454aa5a076e166960faf58a94aea4d95b2d2626a3261f13829b15712ecfb101945ea1a10f4ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
8b7eaa3e92e11679a566d40b39511de6

SHA1
78b539fabfd6cfd150b99e672dd30f6c163c82ea

SHA256
ab7185c1af7520119ac6a85c3b2c61e4b8f4cabf42389139315c9ebaa0df0881

SHA512
17e31c75e1d29b795c8c7d4f0e4ea0b8b47e91074418ce1c22691f83358e9a504d86c207a5c8c2709a373ad8350f76e8959d0b73de039fac8dabf7e067cf6f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
73ef19a05ba75c2fb34c1965ae4622b1

SHA1
ef8ede653d2e1cd5ac28b86a7b0e84099417d0bc

SHA256
6e8dfb9a0a7a62a649898331569c3a94f7d343429e3ceab88392f7c39d1ac62e

SHA512
20b2384d9e39f74ec0549655de687388bcea571b65f32e14f775d7c5e7fe0a552821620174134512a89bfd3becc0619d54de1105bbf74ffe030ae952353352eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\holderwb.txt

Filesize
3KB

MD5
f94dc819ca773f1e3cb27abbc9e7fa27

SHA1
9a7700efadc5ea09ab288544ef1e3cd876255086

SHA256
a3377ade83786c2bdff5db19ff4dbfd796da4312402b5e77c4c63e38cc6eff92

SHA512
72a2c10d7a53a7f9a319dab66d77ed65639e9aa885b551e0055fc7eaf6ef33bbf109205b42ae11555a0f292563914bc6edb63b310c6f9bda9564095f77ab9196

Download Submit
memory/1900-27-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1900-34-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1900-26-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/3188-21-0x0000000000420000-0x00000000004E9000-memory.dmp

Filesize
804KB

Download
memory/3188-22-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3188-20-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3188-19-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3188-17-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3604-0-0x000000007533E000-0x000000007533F000-memory.dmp

Filesize
4KB

Download
memory/3604-1-0x00000000004B0000-0x0000000000550000-memory.dmp

Filesize
640KB

Download
memory/3604-5-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3604-23-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3604-2-0x0000000004E50000-0x0000000004EE0000-memory.dmp

Filesize
576KB

Download
memory/3768-24-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3768-12-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3768-11-0x0000000005320000-0x0000000005376000-memory.dmp

Filesize
344KB

Download
memory/3768-10-0x00000000050A0000-0x00000000050AA000-memory.dmp

Filesize
40KB

Download
memory/3768-9-0x00000000050E0000-0x0000000005172000-memory.dmp

Filesize
584KB

Download
memory/3768-8-0x00000000055F0000-0x0000000005B94000-memory.dmp

Filesize
5.6MB

Download
memory/3768-7-0x0000000004FA0000-0x000000000503C000-memory.dmp

Filesize
624KB

Download
memory/3768-6-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3768-15-0x0000000007230000-0x0000000007296000-memory.dmp

Filesize
408KB

Download
memory/3768-3-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/3768-16-0x0000000006900000-0x0000000006908000-memory.dmp

Filesize
32KB

Download
memory/3768-25-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download