1b9cd51eb1256ac256c2bf6425a4c880ec92cb3ae3bcf4d7e7d07b156116089e

Analysis

max time kernel
105s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zamówienia 24032025DJ ZK.scr
Size

90KB
MD5

ef47c8ffb32fbb6af60521f3854f3d19
SHA1

02b72518f179067604e062ef7550c08dbad056ce
SHA256

a56b8d0dbdca88fea0f47a26d379ee447062138e325d782aa6b2618c8deae166
SHA512

034eb6ad01112ae9535439f1fb68ef0601338e33bffaa50389b32d388685da3bc3c6a6c20072a1dc805541a5c2ca2c3a6dd508f9e861439283b52dc72ee42293
SSDEEP

384:pin46OHULG1fn20klvaO222fXfXfXVjJPDPDPHPHPZqc:piYF1P2/aD

Score

10^/10

collection discovery

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4796 created 3392	4796	zamówienia 24032025DJ ZK.scr	56

Accesses Microsoft Outlook profiles 1 TTPs 42 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook	InstallUtil.exe
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4796 set thread context of 5932	4796	zamówienia 24032025DJ ZK.scr	103

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	zamówienia 24032025DJ ZK.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4796	zamówienia 24032025DJ ZK.scr
5932	InstallUtil.exe
5932	InstallUtil.exe
6660	chrome.exe
6660	chrome.exe
6660	chrome.exe
6660	chrome.exe
5932	InstallUtil.exe
5932	InstallUtil.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4796	zamówienia 24032025DJ ZK.scr
Token: SeDebugPrivilege	4796	zamówienia 24032025DJ ZK.scr
Token: SeDebugPrivilege	5932	InstallUtil.exe
Token: SeShutdownPrivilege	6660	chrome.exe
Token: SeCreatePagefilePrivilege	6660	chrome.exe
Token: SeDebugPrivilege	6660	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
6660	chrome.exe
6660	chrome.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 4796 wrote to memory of 5932	4796	zamówienia 24032025DJ ZK.scr	103
PID 5932 wrote to memory of 6660	5932	InstallUtil.exe	108
PID 5932 wrote to memory of 6660	5932	InstallUtil.exe	108
PID 6660 wrote to memory of 2208	6660	chrome.exe	109
PID 6660 wrote to memory of 2208	6660	chrome.exe	109
PID 6660 wrote to memory of 5084	6660	chrome.exe	110
PID 6660 wrote to memory of 5084	6660	chrome.exe	110
PID 6660 wrote to memory of 3604	6660	chrome.exe	111
PID 6660 wrote to memory of 3604	6660	chrome.exe	111
PID 6660 wrote to memory of 2944	6660	chrome.exe	112
PID 6660 wrote to memory of 2944	6660	chrome.exe	112
PID 6660 wrote to memory of 6272	6660	chrome.exe	113
PID 6660 wrote to memory of 6272	6660	chrome.exe	113
PID 6660 wrote to memory of 1924	6660	chrome.exe	114
PID 6660 wrote to memory of 1924	6660	chrome.exe	114
PID 6660 wrote to memory of 5072	6660	chrome.exe	115
PID 6660 wrote to memory of 5072	6660	chrome.exe	115
PID 6660 wrote to memory of 6356	6660	chrome.exe	116
PID 6660 wrote to memory of 6356	6660	chrome.exe	116
PID 6660 wrote to memory of 912	6660	chrome.exe	117
PID 6660 wrote to memory of 912	6660	chrome.exe	117
PID 6660 wrote to memory of 920	6660	chrome.exe	118
PID 6660 wrote to memory of 920	6660	chrome.exe	118
PID 5932 wrote to memory of 6660	5932	InstallUtil.exe	108
PID 5932 wrote to memory of 6660	5932	InstallUtil.exe	108
PID 6660 wrote to memory of 6236	6660	chrome.exe	119
PID 6660 wrote to memory of 6236	6660	chrome.exe	119
PID 6660 wrote to memory of 4536	6660	chrome.exe	120
PID 6660 wrote to memory of 4536	6660	chrome.exe	120
PID 6660 wrote to memory of 5932	6660	chrome.exe	103

outlook_office_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3392
- C:\Users\Admin\AppData\Local\Temp\zamówienia 24032025DJ ZK.scr
  "C:\Users\Admin\AppData\Local\Temp\zamówienia 24032025DJ ZK.scr" /S
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4796
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - outlook_office_path
  - outlook_win_path
  PID:5932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:6660
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff4579dcf8,0x7fff4579dd04,0x7fff4579dd10
      4⤵
      PID:2208
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2016,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:2
      4⤵
      PID:5084
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --field-trial-handle=1912,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:3
      4⤵
      PID:3604
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --field-trial-handle=2128,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:8
      4⤵
      PID:2944
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2788,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:1
      4⤵
      PID:6272
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2520,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=2864 /prefetch:1
      4⤵
      PID:1924
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:1
      4⤵
      PID:5072
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3092,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:2
      4⤵
      PID:6356
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3124,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1
      4⤵
      PID:912
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3164,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:2
      4⤵
      PID:920
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3828,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:1
      4⤵
      PID:6236
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4" --field-trial-handle=4108,i,7635606622933728074,18268482254161580606,262144 --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:8
      4⤵
      PID:4536

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Crashpad\settings.dat

Filesize
40B

MD5
3911efdcfff5d96bb2f002e0c46705f6

SHA1
4cef487704c4cb6e2092548f37375b32d0120aa7

SHA256
b35ac8f81bd18911dbb7b67294b4bfecc487d92bbf60617fe02de68f3cd141ab

SHA512
974210bb63a4a6aef39b86fafdea4e54ce3acd09550ddfc20b76df38ae03e939c36c2bd2355e702a83f1efd93d993bc0e734ce0a34e5c982325e88516789b264

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
bb5040d430123f8a6e7de14e37074c03

SHA1
85c8e1dff5ce1509cb0f5c95657905e44dba70df

SHA256
f19ac895c9f77ab24000961c7067dcb63f48fda27ee4392ef45b0b6516f24bee

SHA512
521e194a69ea6b347a5ee27ed885bc589fbc12e51ef9189c199c62e79cf3fbb794d6cd71735e45e96367a38887a09a5652334abcce006195577c6ae33ba0ef4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
19fe8d2429b8b8307671cc1596fe34cc

SHA1
eeb55d03bd67a4f19e879887140a8ee9c2d0564a

SHA256
95607fff85a7cbe4545c705d4a23d9001a66bdaa977c5986336833dbf71a7849

SHA512
6278c4b45fc5038a33463c2216f11b4f2d3b2f03c5b29a2f7a92449a590468686acf571a7d800cc0b5db1af53df7d7ee584ef174a41df13ab7437dbf44a63fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ee458c576462501c24c686fa33f18aba

SHA1
cb4a9dc7b3c52f336e88c021af0cac280926dd0a

SHA256
e1c79b14eac2491beece3c695ada02114397e4baadae0836a0c0e98cc8f50241

SHA512
68064cc7726877d3ee65921339b9ae613b90b29b8d3b362a694720e968582a6244a89e6a4b1ec8cc636a50c5cb38c51d6f1205dc355eae4542dedb3fbe4b19cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c95b3a0eb47729ad90e6dcf353003a57

SHA1
81a82958affb30f5d19b8355fbb5a8921502f982

SHA256
f414b496def4f5c25e128530a0b7c6b139cab395ab10ed8a5db6551eb83a2584

SHA512
e564508c34a2becd14eaec9b9c8a401c08704f83c07543ba13e1b92da76553a4f496505c8a1555f832b33ccf0dab904d7712eb23d2e88e9f65ccfccf8021c94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Cache\Cache_Data\f_000001

Filesize
35KB

MD5
59cfc8d228efcc07bd86df7ab69d9351

SHA1
57536f6180f2f627b6b1466483d8ef69148f9dd5

SHA256
11ad32c410b393e01cc0cfcb26e07a2cda13f215a675c76c620c94ebce06a4e4

SHA512
92becaaff0239061f2e7211f2199c323b7e3b324f795ad167791a29ffa5f3de836c223ac0f4927a8372eb8f958bed90d5887e60507651159041440bd953f8efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Cache\Cache_Data\index

Filesize
256KB

MD5
83f44eae597484a4b74656699deb0201

SHA1
f292a91f03277919e9aee0e6638ff5866185400d

SHA256
f0214b0664e0203a61c14879f467a5d8d60c09d369488f2d0ae86a7c37a08707

SHA512
fec4057adbeefc373bb9271ad3a3fee2007a187a8cff85e1a760fba8b5f689a309d826d9ace73c773ceefa81ba052f168ac9d5b43448f19fd4e59308bb5fac42

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Code Cache\js\7018b8cf1c3b00c7_0

Filesize
306B

MD5
b00d93712ed1ac4573adb36b9871e706

SHA1
13d72d6d210ae7e96d241ad196aa9382819be6df

SHA256
7d1dcaf3034720cbc76e201116f103dc72b479bf3e869b2b106c65c8e236be00

SHA512
b72645d86546676db0dc53562e64bc0d49d9780328b7703332822b6379d68238107d8c643bd2bdb5cd98ec44eabd6e936488f75422b4841b2f23f701365cc0f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Code Cache\js\ba678a2fbd8c358c_0

Filesize
298B

MD5
f172da5d3da05ada945d8b1c21410396

SHA1
9a3f836fee95c6106d50d10fa5450bbf8c5994cc

SHA256
b804702bc6c508cf77d9098dfb6b32f7eb57a6a1471d642798c8a255c5f0443a

SHA512
d00b6c0dd30ecc33eedecd9b46ce4dc5f70a84101a1cd971d16287202f8af4f52717c32e32f0fe3837ef388dda47a1e271dfcfa3c3bb0d51bb6403705b62c782

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b8e99c8fca4b8aaa56f727861288c50f

SHA1
b301fccf193c63ed62b6b5bc4cbe97285074ec51

SHA256
0563b33bb03e1ca59468aa471ba46b1386de80dbb6a73c06733283a77c08ece0

SHA512
1208ec71472cfd8ceeb9277affcfb781f2ad83a79d6aa30a40177bc24ade115f29918f3d7661b3b17b3480bb2cfb93d2de6d4f75c44f18fe91f0f4859e93c20c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
a0c208b72ac606e17f609a7dfd92af63

SHA1
95505c0b9a97eb58625c1859971201936bf04586

SHA256
36eb44a34e5f04030be18e4f050098b0c8050159671e6ee1f81467c6ea559ab5

SHA512
4697f14b5713a3691271ac2401ac56d00523cb51fb57063b419a737c508fccb26682b3008e039466feae06a8ee8ea3015bb54f848cb38d1b1ac88cb6eebb7c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
5235e4cc4acdd16dc3bb75725e24688e

SHA1
08da104dfa350b901cae33bc1d7e42f958d79e28

SHA256
f3145ed040c2cfef1d2a4309b8d85bbc5f72c76bf95034be48d1363527fc660d

SHA512
2a19921d24a786b431f25fb0ba57bd87e4ca57dea5e6abc4187099f841a26ffe8b8aded3647cf89700aff05d152f655baee6b6c5093e3b58236e88483a1d76d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\DawnWebGPUCache\index

Filesize
256KB

MD5
f1d4ce919edaa0d6df85f8a46adfde03

SHA1
b4b9aba6a85c67aa79ed38367b87289f4e7c4ab1

SHA256
091a06a4ab50e81536d655231c9960192e6c2bd0c31fba7ba6ca2d009884f628

SHA512
926225628191ea5bfb3ed9bcbf9dc650d568e49ca709498c3f0eb4d17ccc230b05f76ff5d640fb3a8e3554c071978bafaba2c2206552901b5a45d273fed3c8f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\GPUCache\index

Filesize
256KB

MD5
15a8e0681f232e0b70b02a43ed6d4b60

SHA1
348567310396d4b1e347c4c08a1a6213aae4e3aa

SHA256
1351b644e2a52dcb6b62618963762574159a0d243bbf03144404ed92ec4cc5e1

SHA512
9ba397c6be61bf9f6adfe7a7c4a2ac30518ef57bbeff3fb330989c616ea9b7ae914217335ae82f823ad1497f60b332ab41dccb513fddd5b34136b1e709b3950d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Local Storage\leveldb\LOG

Filesize
279B

MD5
4d36a857fedce056e1ea14b3415fa026

SHA1
03c8e5686dbecfce5592e5465e1eb3e1935a30a5

SHA256
1dc3b91113afc84b4f33d75cbadc6b3a5908b017056faec2fc6d49abe379cea0

SHA512
6d8ccc527e5383f3daa2c4c53b04ef351edbb0329dff04ce03a3d418756a0817c3c08544086e6f7b6d1ec11aa922cd8093d7fbf84c50311ca064c14c10d1482b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Network\Reporting and NEL

Filesize
36KB

MD5
fa739570350b78ef09e5d8ca61d0d71f

SHA1
d4e932ca96e76aeb84d3a151d847658df6a5555e

SHA256
951ea521116baf347ce89b628eabc22479fb8e3edfb7597659db2174fbb59804

SHA512
8dc44c2f20c0a051568e7479e4553dbbf8ad4ee6b4d5474d8493c4b957f563f858918d862621ff7ccb190be693877dfb0a1245998925f47f9976d431a007ac86

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Network\Trust Tokens

Filesize
36KB

MD5
4203aba60fd9de5b4232fc624db3f817

SHA1
1f07dfc552d6b509c83c36cb05986007ce29e250

SHA256
19e1e0d60dc0a70455014fec98b5e4b73e93a80651600368745ab0d4a49c9529

SHA512
6240f8ef505e093f0ea99306adfa90969b3de094cde08b61076bd2c737763c0815108f532ec17e766fe15f9b1bcb9d82096f799ef04d50c3ce2305d8247bfeb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\README

Filesize
180B

MD5
883d62acd72005f3ad7a14500d482033

SHA1
e5900fe43fb18083bf6a483b926b9888f29ca018

SHA256
c43668eec4a8d88a5b3a06a84f8846853fe33e54293c2db56899a5a5dfb4d944

SHA512
97bb1bde74057761788436de519765ea4e6ba1ad3a02d082704e8b3efca3ef69d3db6e65b65e5f5f90205e72c164d82779cf754d52ec05d944df49f10d822a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
febe8b30c72b9ed5786ae265ebaf844a

SHA1
010452344e00fcf8609b9df083803311efe683e9

SHA256
72d049174f8bb874a5db67735ce76cab400f25a72391ec557ef2720785b4c4ac

SHA512
01863fd726d2bb344f368673a31df809a58c810940200a8cf02d1be09ce92f1d097419fffabbada9651d2977948111e0916e2012d92974f96ce7c942ef01732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Session Storage\000003.log

Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Session Storage\LOG

Filesize
267B

MD5
dcc7d7264748d71f681b861a24811a4a

SHA1
390ca5006075b6f8f589c519282e145c72a4cb3f

SHA256
ae473fe01ea549848631e8516a13a250fee7951af4514e90d038da35637a3eab

SHA512
afa04c0df8ebcedb863f60a0184d4988ba80df7fd25f02bb5bfc5434f1c1194259c113e00210ad3f7c51d9a297497ca21df67a9ff864c161a8da76b0b27e639a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
40ae8ba6d6d8698bf6c52169f8ba89e9

SHA1
1e17d3534ba2d0006484d310ad347921b2d8158b

SHA256
3b631b993bb442b6131ab748428b600331a1459697b3ea27b7b9b6371e188dad

SHA512
d1e57933668d4894153ddeaeaa72ffcbe8c031ee52af3b0140a96ab2c16dcd7f96bb671fb991a780eae2a9225c8f94af55543a53b320044fcec0f8feb44fc26e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Shared Dictionary\db

Filesize
44KB

MD5
b581f0ff8f8aa3371ae47b48c95329e8

SHA1
4f588efadf3675f3526cbe762c50eb8e79d9f2e5

SHA256
f8e7cd835195e4eff7855d20676484ca75f7e7e4fe5b13164fc926b365e1dea0

SHA512
e0a79452acb39838afea8ce34e05c7e5cde68f2a786fe4423ddf2588fc6047339e8e4c3140d7e0447f938b2266f52b9ddbdcc0f40c495d833b47b3f27d7996de

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuya1q0h.gi4\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
memory/4796-37-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-27-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-13-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-11-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-9-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-43-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-25-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-1342-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-1343-0x0000000006FD0000-0x0000000007080000-memory.dmp

Filesize
704KB

Download
memory/4796-1344-0x00000000077D0000-0x000000000787E000-memory.dmp

Filesize
696KB

Download
memory/4796-1345-0x0000000006F60000-0x0000000006FAC000-memory.dmp

Filesize
304KB

Download
memory/4796-1346-0x0000000074B3E000-0x0000000074B3F000-memory.dmp

Filesize
4KB

Download
memory/4796-1347-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-1348-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-1349-0x0000000005D90000-0x0000000005DE4000-memory.dmp

Filesize
336KB

Download
memory/4796-1353-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-1355-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-1358-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-1-0x0000000000E00000-0x0000000000E1C000-memory.dmp

Filesize
112KB

Download
memory/4796-1365-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-2-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/4796-3-0x0000000006AB0000-0x0000000006C08000-memory.dmp

Filesize
1.3MB

Download
memory/4796-4-0x00000000071C0000-0x0000000007764000-memory.dmp

Filesize
5.6MB

Download
memory/4796-5-0x0000000006D10000-0x0000000006DA2000-memory.dmp

Filesize
584KB

Download
memory/4796-15-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-7-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-6-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-23-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-59-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-69-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-67-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-19-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-21-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-17-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-29-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-31-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-33-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-36-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-65-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-63-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-61-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-0-0x0000000074B3E000-0x0000000074B3F000-memory.dmp

Filesize
4KB

Download
memory/4796-57-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-39-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-41-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-45-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-51-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-47-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-49-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-53-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/4796-55-0x0000000006AB0000-0x0000000006C02000-memory.dmp

Filesize
1.3MB

Download
memory/5932-6454-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-6453-0x0000000005250000-0x00000000052B6000-memory.dmp

Filesize
408KB

Download
memory/5932-6653-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-6576-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-6458-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-6457-0x0000000006430000-0x0000000006480000-memory.dmp

Filesize
320KB

Download
memory/5932-6456-0x00000000063C0000-0x00000000063D2000-memory.dmp

Filesize
72KB

Download
memory/5932-6455-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-6577-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-3428-0x00000000050D0000-0x00000000051B0000-memory.dmp

Filesize
896KB

Download
memory/5932-6597-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-3427-0x0000000004D00000-0x0000000004D2C000-memory.dmp

Filesize
176KB

Download
memory/5932-2037-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-1696-0x0000000074B30000-0x00000000752E0000-memory.dmp

Filesize
7.7MB

Download
memory/5932-1357-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/5932-1359-0x0000000004BC0000-0x0000000004C58000-memory.dmp

Filesize
608KB

Download
memory/6660-6575-0x000002273A1D0000-0x000002273A2B0000-memory.dmp

Filesize
896KB

Download