guloader | 5361b9b36e63b571fe6440982140dbe25d395cfb645ec404a8d3fd8f31489b2d

Analysis

max time kernel
105s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EO-230807.exe
Size

531KB
MD5

96e7620d6a6a59cefb5cb21e60c4bdee
SHA1

194dc5c849336d95080eeb7498ade2d055319561
SHA256

5361b9b36e63b571fe6440982140dbe25d395cfb645ec404a8d3fd8f31489b2d
SHA512

0277ad5640edf227210d84f6eacaa72f64064e4ca1a37761020269590c28e145bf224ac222fc5bd838e3d58abe415ae40c28f162e70b553dc98a212dcf4bee54
SSDEEP

12288:nDGfx3iNgomHnrVHOvRpZHG3fm9rbzGEC:83R9HMN0onC

Score

10^/10

guloader collection discovery downloader spyware stealer

Malware Config

Signatures

Guloader family
guloader
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Loads dropped DLL 2 IoCs

pid	Process
2392	EO-230807.exe
2392	EO-230807.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 42 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key opened	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\linievist\unilateralerne.ini	EO-230807.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
940	EO-230807.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2392	EO-230807.exe
940	EO-230807.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EO-230807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EO-230807.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
940	EO-230807.exe
940	EO-230807.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
940	EO-230807.exe
940	EO-230807.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2392	EO-230807.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	940	EO-230807.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeDebugPrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 940	2392	EO-230807.exe	94
PID 2392 wrote to memory of 940	2392	EO-230807.exe	94
PID 2392 wrote to memory of 940	2392	EO-230807.exe	94
PID 2392 wrote to memory of 940	2392	EO-230807.exe	94
PID 940 wrote to memory of 4868	940	EO-230807.exe	101
PID 940 wrote to memory of 4868	940	EO-230807.exe	101
PID 4868 wrote to memory of 5868	4868	chrome.exe	102
PID 4868 wrote to memory of 5868	4868	chrome.exe	102
PID 940 wrote to memory of 4868	940	EO-230807.exe	101
PID 940 wrote to memory of 4868	940	EO-230807.exe	101
PID 4868 wrote to memory of 2124	4868	chrome.exe	103
PID 4868 wrote to memory of 2124	4868	chrome.exe	103
PID 4868 wrote to memory of 1404	4868	chrome.exe	104
PID 4868 wrote to memory of 1404	4868	chrome.exe	104
PID 4868 wrote to memory of 4464	4868	chrome.exe	105
PID 4868 wrote to memory of 4464	4868	chrome.exe	105
PID 4868 wrote to memory of 5984	4868	chrome.exe	106
PID 4868 wrote to memory of 5984	4868	chrome.exe	106
PID 4868 wrote to memory of 752	4868	chrome.exe	107
PID 4868 wrote to memory of 752	4868	chrome.exe	107
PID 4868 wrote to memory of 6084	4868	chrome.exe	108
PID 4868 wrote to memory of 6084	4868	chrome.exe	108
PID 4868 wrote to memory of 5948	4868	chrome.exe	109
PID 4868 wrote to memory of 5948	4868	chrome.exe	109
PID 4868 wrote to memory of 6036	4868	chrome.exe	110
PID 4868 wrote to memory of 6036	4868	chrome.exe	110
PID 4868 wrote to memory of 2820	4868	chrome.exe	111
PID 4868 wrote to memory of 2820	4868	chrome.exe	111
PID 4868 wrote to memory of 1136	4868	chrome.exe	112
PID 4868 wrote to memory of 1136	4868	chrome.exe	112
PID 4868 wrote to memory of 940	4868	chrome.exe	94

outlook_office_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	EO-230807.exe

C:\Users\Admin\AppData\Local\Temp\EO-230807.exe
"C:\Users\Admin\AppData\Local\Temp\EO-230807.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\EO-230807.exe
  "C:\Users\Admin\AppData\Local\Temp\EO-230807.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - outlook_office_path
  - outlook_win_path
  PID:940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d9c6dcf8,0x7ff9d9c6dd04,0x7ff9d9c6dd10
      4⤵
      PID:5868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1904,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=1900 /prefetch:2
      4⤵
      PID:2124
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --field-trial-handle=1948,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:3
      4⤵
      PID:1404
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --field-trial-handle=2160,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:8
      4⤵
      PID:4464
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3148 /prefetch:1
      4⤵
      PID:5984
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3168 /prefetch:1
      4⤵
      PID:752
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3436,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:1
      4⤵
      PID:6084
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3476,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:2
      4⤵
      PID:5948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3500,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:1
      4⤵
      PID:6036
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3528,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:2
      4⤵
      PID:2820
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4368,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:1
      4⤵
      PID:1136
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw" --field-trial-handle=2052,i,4821600365687481593,8431250789577442615,262144 --variations-seed-version --mojo-platform-channel-handle=4452 /prefetch:8
      4⤵
      PID:5464

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Crashpad\settings.dat

Filesize
40B

MD5
ec09a6777171012b8e422b622e511f8d

SHA1
c1af68df2b9db835869cdfda798d47f0d6699d56

SHA256
5da65296ae40660f13728e0457a3d582f4b0e349df838eef24d8546ea78c23ae

SHA512
c79c60a393741371faf2408237ff36419b355cca6711a16808eb2f66c96c6a6016967755979f863fa0edd8b63cdd7892a29882d6f8d2e0fbaa2de552aecd8372

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c6f7aa0b42fdda23f896ff1e69e28152

SHA1
1d41d3f07da9d4bcfe1d1328b696e72f2aa1d05b

SHA256
a2bffa826ea0300d2f81cbfe3496a0ce94e9ad0e694d3a98bb116298098170d5

SHA512
895d60e468e760d4c29d5c363a0019bb9cc8082011e786e46182c46bb263878e6bcc50c36c57f403d804fbf748ab763964805f29fa3bed737461828c7f02c25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
51d0049f20b4c9fe54a3ed8dee56d957

SHA1
ab71296fa883d134687442bf594ea4160f1b3107

SHA256
d4e22bb7483093487facd4f4c7991fd1ce4dfa603e4cfc852d453e446f45ad5d

SHA512
c7571aaafc1d91f2b0d797805b630a7e803229714a1b96627add16fc4e4866d2baaf3bb422c7dc10f28c963571cb699db22a54047148c3de5f5af4dde43b50b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Cache\Cache_Data\index

Filesize
256KB

MD5
ce785203ffb78d52a86ca70bdaaa6b2c

SHA1
24bc4a7bcc5280e5f3b9a390c18f27c23bd3e9f7

SHA256
678ec01f8323b3c8c9988f7b152306f11e54f88bdb333f287a57d8971f73bd6d

SHA512
bc4ae10228632934e300456e3c822cc7fd0c942cfe3afd3cebf4089bd3d8f40e14c48551d9a0b791a68aec11bcce9ac84203b713c1c277b4a16bdae896a46802

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Code Cache\js\7018b8cf1c3b00c7_0

Filesize
306B

MD5
1cff1c0bbb53e5dddc36dfe91fefcee3

SHA1
b91e1d81c51147d6171d3fae0c3a0e86c6e002c5

SHA256
b0a63765b0a2e1bc0e449d68ae23ea8798b4385a4cbd96827dad234c6ae9b5a3

SHA512
732bce204c01c6ab4e2129003b65ce5a4d63707231e8129ba61d03532d320a574c00ae36ce49e140ad796ab52d07abde39fe5a061a398ed8143f4b193c8046dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Code Cache\js\ba678a2fbd8c358c_0

Filesize
298B

MD5
70da08299a743dd0be5c9bbb903d8265

SHA1
7c7082b7bbdb4656bc2ed3483a411dcfdf2efff3

SHA256
fdf86b4361be90052845eeb3ab81db78bac43205497951aed096faadd2dc7992

SHA512
370fc22c8d220f68401e0d402c6d404d1a4bd02d9efd0133aa21f682b9199acb3f1182a30b895b24daa0e64925090d6cd7e32497f2d935376f48cf2d77ab1e02

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9f492b6f844e714e17019d0e56999331

SHA1
3312830b8233b7dc609e616950b153f09edc725e

SHA256
b67a5990657b443f6cb9a417d96e22dfd849203239c2475634409ef465c6a77a

SHA512
d59c44d037830302f3f8169c45c7d8fd231eb3093644251e87a6d2d567f8a63b8ea10409abae90bd2633f9ef83cdfc59d5d369f4783edebde42b6e66c6e7c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
a28f0aa038d2e169af4d24462705a968

SHA1
bd9edce2fd3535f356cfb649b44a93d212a9b8b1

SHA256
347a83d397cb2df4fecd5fa4e64ef9dc46a2d4cf2582ee3e192f0b042ca6dc4e

SHA512
0b013643469c45f14d9420ae6ce7af87911ac69f0365b067dc003f481618051d15bcaf177e7379fa246c8f6523b16fb1665749911a270849717c81bcbb5dfe04

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
f6d3f53bdddb78f2043fe82393418fdd

SHA1
9ef03ff0be5a90266cf88115f6cc711b6f8cb65b

SHA256
725d9eb6989c91f9e31b570a0be1a25b1898fd535bfc8873d0fd89abb0cfc819

SHA512
9b62ac1708c762380734979da195c1a73154a4ad3a54d2707fe6ea559bc93956555b30b2da5892649a6630e9b235381f7b25f8d361b4bb2f1032ba12c00cffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\GPUCache\index

Filesize
256KB

MD5
4f5e738c3f4404ca807ee19fe9a52eb1

SHA1
9be7828a87a28476afca74dfe34b45629f298837

SHA256
d2d1f4bf95cd6da21d6d6873f62e82e3b95e1fda56243a361150c210dd2c3260

SHA512
ce0ca0aaaddcfcd6cd83801451c98664ee7ee29acba0c358606c89e6bb52dd39f8eab9c6c72511ab7174844ae169347910d4afe328dc96f3cd5c11e557c1301c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\README

Filesize
180B

MD5
883d62acd72005f3ad7a14500d482033

SHA1
e5900fe43fb18083bf6a483b926b9888f29ca018

SHA256
c43668eec4a8d88a5b3a06a84f8846853fe33e54293c2db56899a5a5dfb4d944

SHA512
97bb1bde74057761788436de519765ea4e6ba1ad3a02d082704e8b3efca3ef69d3db6e65b65e5f5f90205e72c164d82779cf754d52ec05d944df49f10d822a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
1ac1276b280fb52ce8dfb0b3bb8f4bde

SHA1
485c2962d8e80cf61082ee50f2722e621dc83803

SHA256
20a09aa8830b5bd42ddc826c50c90fc207cd278eef21e1d8aa23f6aa3f6c0982

SHA512
4259dd8e4b8ede5d2b94e9b58fcc91704310ed0db07f53514bd132a557a279870329ddbc8fb910704a3cd9329b6025ee2d68411055150c62747abdf95f4560ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\GrShaderCache\index

Filesize
256KB

MD5
d4cdb0748ca9cc9e5fb8685bca06b55c

SHA1
5e3c17a7bc85c359032ec23663c1c1d31e0dfa51

SHA256
870bc4d7b274e0bcfab8087e05c167ad4189f199d4b4a0468afd1f55c41a4244

SHA512
b2ad600b66675222d2ce970482411cc0dc740b417c047d01a2f62777ea2e75eec7ce76424a3250f446159353e88d4e90bf914fda2d494673e3b9865815cf6bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\GraphiteDawnCache\index

Filesize
256KB

MD5
850c7a1a7b169f5ac475798d4a5a0395

SHA1
5a80b7a683c41338d6ee116c39117c2d77c3fd37

SHA256
8db156f30bc37cb760f8321de305c35735871400b890fdf0bd0f664b45d1b96a

SHA512
91b2f845beba061e514381dac58b17bbe2a988ba57566e933115deb0c9478399cae61b6d93e9f933a6cd6876584f3a6d18b43cd653190652f1166e4558ae986a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\bswv4ibz.2jw\Local State

Filesize
1KB

MD5
dfe9411e53726f355908893d4ae55aa8

SHA1
cf6fb2a0ad5c193c68faa1940f9cf59321070e09

SHA256
ca0b1de08049fe1a95192bdc1f1387d9ec3c25650d695e857b95f31e5a7d745f

SHA512
0b370cb6e284d2445a010b6e3c9eb6fd5e0d7b918b6e38ea91667ebb1e465390eea4af4bfa244a28ad6e25e3f08331f9f46f9398ba1045b28813c4eccf712656

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxB2D7.tmp\System.dll

Filesize
11KB

MD5
ee260c45e97b62a5e42f17460d406068

SHA1
df35f6300a03c4d3d3bd69752574426296b78695

SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27

SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3

Download Submit
memory/940-68-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-50-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-46-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-42-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-40-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-38-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-37-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-34-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-32-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-30-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-28-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-44-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-26-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-25-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-2090-0x0000000036910000-0x000000003693C000-memory.dmp

Filesize
176KB

Download
memory/940-2091-0x0000000036940000-0x000000003698C000-memory.dmp

Filesize
304KB

Download
memory/940-2092-0x0000000036BE0000-0x0000000036CC0000-memory.dmp

Filesize
896KB

Download
memory/940-5117-0x0000000036D60000-0x0000000036DC6000-memory.dmp

Filesize
408KB

Download
memory/940-5118-0x00000000370B0000-0x0000000037654000-memory.dmp

Filesize
5.6MB

Download
memory/940-5119-0x0000000036E10000-0x0000000036EA2000-memory.dmp

Filesize
584KB

Download
memory/940-5121-0x00000000377E0000-0x00000000377F2000-memory.dmp

Filesize
72KB

Download
memory/940-5122-0x0000000037A40000-0x0000000037A90000-memory.dmp

Filesize
320KB

Download
memory/940-21-0x0000000000470000-0x00000000016C4000-memory.dmp

Filesize
18.3MB

Download
memory/940-48-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-52-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-54-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-56-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-58-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-61-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-62-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-66-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-70-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-72-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-74-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-76-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-78-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-80-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-82-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-84-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-64-0x0000000036650000-0x00000000366E1000-memory.dmp

Filesize
580KB

Download
memory/940-24-0x0000000036650000-0x00000000366E6000-memory.dmp

Filesize
600KB

Download
memory/940-23-0x0000000000470000-0x00000000004D0000-memory.dmp

Filesize
384KB

Download
memory/940-22-0x00000000016D0000-0x0000000003C7B000-memory.dmp

Filesize
37.7MB

Download
memory/2392-20-0x00000000051F0000-0x000000000779B000-memory.dmp

Filesize
37.7MB

Download
memory/2392-18-0x0000000010004000-0x0000000010005000-memory.dmp

Filesize
4KB

Download
memory/2392-17-0x0000000076F31000-0x0000000077051000-memory.dmp

Filesize
1.1MB

Download
memory/2392-16-0x00000000051F0000-0x000000000779B000-memory.dmp

Filesize
37.7MB

Download
memory/4868-5140-0x00000242BAE40000-0x00000242BAF20000-memory.dmp

Filesize
896KB

Download