5558b04220e017f2a69fd88c575ec9450bde361049e42fd67501a0f89ba21834

Analysis

max time kernel
149s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2025, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CyberSecurePro.msi
Size

9.3MB
MD5

f1eefdb0865e3b5dcf1115cdcf4bd4ba
SHA1

d918c5cc45b9a97898af579c058e509f227f87b6
SHA256

5558b04220e017f2a69fd88c575ec9450bde361049e42fd67501a0f89ba21834
SHA512

879052b5114b4a3f23917b75b713db23d06e454185ac1fb2c72b4fa0b70bf17fe68284f5c0bbf3e29643c76bef2feb5b5052df1a713589d35d692f83cca94975
SSDEEP

196608:3i5QuZL4+qjtvelQP6XTIVqLbS6l4qZf1uozsXG:dua0lQAr14Jo4XG

Score

6^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
41	5556	teUninstall_test.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4932 set thread context of 6028	4932	SplashWin.exe	105

Executes dropped EXE 12 IoCs

pid	Process
3556	ISBEW64.exe
3500	ISBEW64.exe
5288	ISBEW64.exe
892	ISBEW64.exe
4972	ISBEW64.exe
4540	ISBEW64.exe
4772	ISBEW64.exe
4884	ISBEW64.exe
4560	ISBEW64.exe
1632	ISBEW64.exe
6032	SplashWin.exe
4932	SplashWin.exe

Loads dropped DLL 13 IoCs

pid	Process
3180	MsiExec.exe
3180	MsiExec.exe
3180	MsiExec.exe
3180	MsiExec.exe
3180	MsiExec.exe
6032	SplashWin.exe
6032	SplashWin.exe
6032	SplashWin.exe
4932	SplashWin.exe
4932	SplashWin.exe
4932	SplashWin.exe
4932	SplashWin.exe
5556	teUninstall_test.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
5140	msiexec.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SplashWin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SplashWin.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
6032	SplashWin.exe
4932	SplashWin.exe
4932	SplashWin.exe
6028	cmd.exe
6028	cmd.exe
5556	teUninstall_test.exe
5556	teUninstall_test.exe
4212	chrome.exe
4212	chrome.exe
5556	teUninstall_test.exe
5556	teUninstall_test.exe
5556	teUninstall_test.exe
5556	teUninstall_test.exe
5556	teUninstall_test.exe
5556	teUninstall_test.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4932	SplashWin.exe
6028	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5140	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5140	msiexec.exe
Token: SeSecurityPrivilege	2472	msiexec.exe
Token: SeCreateTokenPrivilege	5140	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5140	msiexec.exe
Token: SeLockMemoryPrivilege	5140	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5140	msiexec.exe
Token: SeMachineAccountPrivilege	5140	msiexec.exe
Token: SeTcbPrivilege	5140	msiexec.exe
Token: SeSecurityPrivilege	5140	msiexec.exe
Token: SeTakeOwnershipPrivilege	5140	msiexec.exe
Token: SeLoadDriverPrivilege	5140	msiexec.exe
Token: SeSystemProfilePrivilege	5140	msiexec.exe
Token: SeSystemtimePrivilege	5140	msiexec.exe
Token: SeProfSingleProcessPrivilege	5140	msiexec.exe
Token: SeIncBasePriorityPrivilege	5140	msiexec.exe
Token: SeCreatePagefilePrivilege	5140	msiexec.exe
Token: SeCreatePermanentPrivilege	5140	msiexec.exe
Token: SeBackupPrivilege	5140	msiexec.exe
Token: SeRestorePrivilege	5140	msiexec.exe
Token: SeShutdownPrivilege	5140	msiexec.exe
Token: SeDebugPrivilege	5140	msiexec.exe
Token: SeAuditPrivilege	5140	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5140	msiexec.exe
Token: SeChangeNotifyPrivilege	5140	msiexec.exe
Token: SeRemoteShutdownPrivilege	5140	msiexec.exe
Token: SeUndockPrivilege	5140	msiexec.exe
Token: SeSyncAgentPrivilege	5140	msiexec.exe
Token: SeEnableDelegationPrivilege	5140	msiexec.exe
Token: SeManageVolumePrivilege	5140	msiexec.exe
Token: SeImpersonatePrivilege	5140	msiexec.exe
Token: SeCreateGlobalPrivilege	5140	msiexec.exe
Token: SeCreateTokenPrivilege	5140	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5140	msiexec.exe
Token: SeLockMemoryPrivilege	5140	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5140	msiexec.exe
Token: SeMachineAccountPrivilege	5140	msiexec.exe
Token: SeTcbPrivilege	5140	msiexec.exe
Token: SeSecurityPrivilege	5140	msiexec.exe
Token: SeTakeOwnershipPrivilege	5140	msiexec.exe
Token: SeLoadDriverPrivilege	5140	msiexec.exe
Token: SeSystemProfilePrivilege	5140	msiexec.exe
Token: SeSystemtimePrivilege	5140	msiexec.exe
Token: SeProfSingleProcessPrivilege	5140	msiexec.exe
Token: SeIncBasePriorityPrivilege	5140	msiexec.exe
Token: SeCreatePagefilePrivilege	5140	msiexec.exe
Token: SeCreatePermanentPrivilege	5140	msiexec.exe
Token: SeBackupPrivilege	5140	msiexec.exe
Token: SeRestorePrivilege	5140	msiexec.exe
Token: SeShutdownPrivilege	5140	msiexec.exe
Token: SeDebugPrivilege	5140	msiexec.exe
Token: SeAuditPrivilege	5140	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5140	msiexec.exe
Token: SeChangeNotifyPrivilege	5140	msiexec.exe
Token: SeRemoteShutdownPrivilege	5140	msiexec.exe
Token: SeUndockPrivilege	5140	msiexec.exe
Token: SeSyncAgentPrivilege	5140	msiexec.exe
Token: SeEnableDelegationPrivilege	5140	msiexec.exe
Token: SeManageVolumePrivilege	5140	msiexec.exe
Token: SeImpersonatePrivilege	5140	msiexec.exe
Token: SeCreateGlobalPrivilege	5140	msiexec.exe
Token: SeCreateTokenPrivilege	5140	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5140	msiexec.exe
Token: SeLockMemoryPrivilege	5140	msiexec.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
5140	msiexec.exe
5140	msiexec.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 3180	2472	msiexec.exe	88
PID 2472 wrote to memory of 3180	2472	msiexec.exe	88
PID 2472 wrote to memory of 3180	2472	msiexec.exe	88
PID 3180 wrote to memory of 3556	3180	MsiExec.exe	91
PID 3180 wrote to memory of 3556	3180	MsiExec.exe	91
PID 3180 wrote to memory of 3500	3180	MsiExec.exe	92
PID 3180 wrote to memory of 3500	3180	MsiExec.exe	92
PID 3180 wrote to memory of 5288	3180	MsiExec.exe	93
PID 3180 wrote to memory of 5288	3180	MsiExec.exe	93
PID 3180 wrote to memory of 892	3180	MsiExec.exe	94
PID 3180 wrote to memory of 892	3180	MsiExec.exe	94
PID 3180 wrote to memory of 4972	3180	MsiExec.exe	95
PID 3180 wrote to memory of 4972	3180	MsiExec.exe	95
PID 3180 wrote to memory of 4540	3180	MsiExec.exe	96
PID 3180 wrote to memory of 4540	3180	MsiExec.exe	96
PID 3180 wrote to memory of 4772	3180	MsiExec.exe	97
PID 3180 wrote to memory of 4772	3180	MsiExec.exe	97
PID 3180 wrote to memory of 4884	3180	MsiExec.exe	98
PID 3180 wrote to memory of 4884	3180	MsiExec.exe	98
PID 3180 wrote to memory of 4560	3180	MsiExec.exe	99
PID 3180 wrote to memory of 4560	3180	MsiExec.exe	99
PID 3180 wrote to memory of 1632	3180	MsiExec.exe	100
PID 3180 wrote to memory of 1632	3180	MsiExec.exe	100
PID 3180 wrote to memory of 6032	3180	MsiExec.exe	101
PID 3180 wrote to memory of 6032	3180	MsiExec.exe	101
PID 3180 wrote to memory of 6032	3180	MsiExec.exe	101
PID 6032 wrote to memory of 4932	6032	SplashWin.exe	103
PID 6032 wrote to memory of 4932	6032	SplashWin.exe	103
PID 6032 wrote to memory of 4932	6032	SplashWin.exe	103
PID 4932 wrote to memory of 6028	4932	SplashWin.exe	105
PID 4932 wrote to memory of 6028	4932	SplashWin.exe	105
PID 4932 wrote to memory of 6028	4932	SplashWin.exe	105
PID 4932 wrote to memory of 6028	4932	SplashWin.exe	105
PID 6028 wrote to memory of 5556	6028	cmd.exe	109
PID 6028 wrote to memory of 5556	6028	cmd.exe	109
PID 6028 wrote to memory of 5556	6028	cmd.exe	109
PID 6028 wrote to memory of 5556	6028	cmd.exe	109
PID 5556 wrote to memory of 4212	5556	teUninstall_test.exe	113
PID 5556 wrote to memory of 4212	5556	teUninstall_test.exe	113
PID 4212 wrote to memory of 2724	4212	chrome.exe	114
PID 4212 wrote to memory of 2724	4212	chrome.exe	114
PID 4212 wrote to memory of 4012	4212	chrome.exe	116
PID 4212 wrote to memory of 4012	4212	chrome.exe	116
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115
PID 4212 wrote to memory of 5548	4212	chrome.exe	115

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\CyberSecurePro.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5140

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C46C327D6CEC18447912146B977B9568 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3422FD9C-8F42-40DF-9D87-762DB2FB2A83}
    3⤵
    - Executes dropped EXE
    PID:3556
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F54A49EB-81D3-449A-A40F-5CF8F1915B49}
    3⤵
    - Executes dropped EXE
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D765526-F20B-450F-BB5C-46DA783DC794}
    3⤵
    - Executes dropped EXE
    PID:5288
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{848EDFA3-F0C4-4CFF-A87A-ED3797F1C9C2}
    3⤵
    - Executes dropped EXE
    PID:892
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2B3B75B7-8F2D-44EA-909F-E7DFCBFBCAD0}
    3⤵
    - Executes dropped EXE
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1103E7FC-7F54-4DD6-89D4-EDB52D652C9F}
    3⤵
    - Executes dropped EXE
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F9EFBA72-05DF-49F8-A81F-ED2AB3D86740}
    3⤵
    - Executes dropped EXE
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1BF03898-505B-454A-AB12-DD7433FDF459}
    3⤵
    - Executes dropped EXE
    PID:4884
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{67A4A70D-CEE0-49FD-B1D8-CAA1341868D5}
    3⤵
    - Executes dropped EXE
    PID:4560
- - C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83C3D594-2795-4274-BF7C-B98972A80B64}
    3⤵
    - Executes dropped EXE
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\SplashWin.exe
    C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\SplashWin.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:6032
  - - C:\Users\Admin\AppData\Roaming\HUT_Quick\SplashWin.exe
      C:\Users\Admin\AppData\Roaming\HUT_Quick\SplashWin.exe
      4⤵
      Suspicious use of SetThreadContext
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:4932
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\teUninstall_test.exe
        
        C:\Users\Admin\AppData\Local\Temp\teUninstall_test.exe
        6⤵
        Downloads MZ/PE file
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5556
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        7⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4212
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffb4c26dcf8,0x7ffb4c26dd04,0x7ffb4c26dd10
        8⤵
        
        PID:2724
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1976 /prefetch:2
        8⤵
        
        PID:5548
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1596,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2144 /prefetch:3
        8⤵
        
        PID:4012
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2392,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2484 /prefetch:8
        8⤵
        
        PID:6096
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3036 /prefetch:1
        8⤵
        
        PID:6020
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3080 /prefetch:1
        8⤵
        
        PID:5012
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4304,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4320 /prefetch:2
        8⤵
        
        PID:5700
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4752 /prefetch:1
        8⤵
        
        PID:3360
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5520 /prefetch:8
        8⤵
        
        PID:5780
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5556 /prefetch:8
        8⤵
        
        PID:4628
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5516,i,1606111568707890478,11119513437309343252,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5604 /prefetch:8
        8⤵
        
        PID:4528

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5736

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5efb253200fe03b9d3984a6fa4e11421

SHA1
7ee44f13e07077b7e30e8f0bbb2263d1631c9b6f

SHA256
bb2c643ead3168ef568055fec74638dac20398f33bef7fa9ace60f84c6cadd39

SHA512
70b7b8cec5cf4bc407110adf0e0e11131b117c983f8dd7e643b3b08952662eda77bedfa031362bef01519745727fc7f15b563b87a061bd74e1d440c056035ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a7e7b0c2a28cb20796219447bf84097

SHA1
84a48d4fe8fb8aa042aa3e60751323054af6a576

SHA256
abc4a8653d347461a9d121a33f6b3df6f829076223bec2871604a397bae9a448

SHA512
523397fb967ebacaeb52b8eb4cb731df90d09f56b839d39c150bc33e6a82cda5d32746b272207a1d9ea44671bc514242fc43e63a11661ae87f0c6b764ed2e2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bf419416e81eb9d2821638a7cf4f8e43

SHA1
0b5b736a9bb3f1bc291c797ccef65056f27da326

SHA256
ded5df298b14b5fc8f8aff78fc2f9caaad0802125124f5701cfe83fca868e18e

SHA512
79c496678336bbb39ed4e68d947c9e663dc2338b7c51becf363136581f848eae6d03b16db0e3394e18b64d2c277ef80e66993e14a555cb123e515b82aa81fe46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f56ed2e5f6c0a583af3a1bf2f89e14a6

SHA1
db957ba7010919076c033ca6c3c74eff41e952ba

SHA256
a433501e329de23e12780b3c9bbd9a0ccb2b4efc69cccb321330a1a4ae4b5935

SHA512
8123b01f7a765c495ae1aa25bdab8d8b6ae8e5476b8e405397587a14016267ec6bcdaabdf640cb158e8a2a29d072972a7e495ce4b225bec87cf857a20dd09481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d50e.TMP

Filesize
48B

MD5
10df55c7457f753e78baee090473056a

SHA1
ea4c8828ea058235c1cfe2963c5c3ca432c1b076

SHA256
d2f5850b0fbc45c6c8dd0a3b481ede98240ff9c14e734149f3fd56cd2d05e997

SHA512
0715e221533c73d5cbd26476f95aec33a5ccf6e0e015eef697f7cd180a36f025bd7224a6513c69ce9747e0d8b707ad3c120965cf2c15c6860ed7459ce48d0334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
dbebdc8f53801efd8203f3eb8989cf26

SHA1
e2a84f1dbe631bf30c3a7e1e682cd50457171d82

SHA256
aabcdc6fac4ed1ee141c2dc6b41db295a9d0de2e42740377302b790dfb8ec6c5

SHA512
0b2ed9d04b18f08cb329091acdb8a76969dc10975f4a4412b1298fce25108fc9d7c740195d304baa7509efdc0ff1bf27e2dd9065164b156373ed0ab84d21e92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
8ad2abc4875f1102bc28d2f198b3524c

SHA1
182720ee5e68d9edc25293fb98e0be823e01945a

SHA256
2802eb15f6912414d42ab9bf28124e40dc1e9ef4d17586b6ff6deb7b40cb12ff

SHA512
898fe391264cf844c0f617a9285c572d3fa82a3400c8a05a3346658334085168a07da9afcefe97a7b14016e6f6a7a557d85698533813b072d72cc2e3a96b8abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
4e1220452dcbf991a1680d3a0a08e2fa

SHA1
5c969a3fd7116d3102ed19a0d9bca0df1c57cf3d

SHA256
a1db88ac540253696cd508b68acfc4bd894bbf49010a9222b821f79256dd8efa

SHA512
b01934d984716936844129fd71544375bc435a658a55cef1954ec0077c0f2fa9f50169a2a37f7daa2df4457973c06f96ef78041696444edc9c5feb3ad3e81d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6BE9.tmp

Filesize
171KB

MD5
a0e940a3d3c1523416675125e3b0c07e

SHA1
2e29eeba6da9a4023bc8071158feee3b0277fd1b

SHA256
b8fa7aa425e4084ea3721780a13d11e08b8d53d1c5414b73f22faeca1bfd314f

SHA512
736ea06824388372aeef1938c6b11e66f4595e0b0589d7b4a87ff4abbabe52e82dff64d916293eab47aa869cf372ced2c66755dd8a8471b2ab0d3a37ba91d0b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6E5B.tmp

Filesize
2.5MB

MD5
9dd37625fd77c30e9f4fac7078ad92f6

SHA1
91f29877f9cd7ad69dd021c274381bac82895d19

SHA256
c070976e1bec6527d5117b87be44628c609cd47dca805f9899f827ef1ccaddf1

SHA512
2211cda9e261c0d43a6e3e8953aacbe21b74cb527a7c073fe1671812ba346d398e8ce2e3f8e710635b41016c8ce61e5668ef65c94c2cc3b658d3be514adc83ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\e987d2cd

Filesize
5.4MB

MD5
5a428e47392be7643c98b26807567de5

SHA1
a76539269a0b49c2f195fdb8ba458f0c4748e3c0

SHA256
c17916268c14890c29d1cd99dfbabd5f48e98647bd07e95ea3e5c74e6a51754a

SHA512
75c81a2ee38ae2e9822da07e117d575c75f5aab34b6365316172e526b7f51162f3f2fe2cf6a61faecd2f1958a193ebfb6176d67e5e77207861f1e567ad99ca97

Download Submit
C:\Users\Admin\AppData\Local\Temp\teUninstall_test.exe

Filesize
2.3MB

MD5
967f4470627f823f4d7981e511c9824f

SHA1
416501b096df80ddc49f4144c3832cf2cadb9cb2

SHA256
b22bf1210b5fd173a210ebfa9092390aa0513c41e1914cbe161eb547f049ef91

SHA512
8883ead428c9d4b415046de9f8398aa1f65ae81fe7945a840c822620e18f6f9930cce2e10acff3b5da8b9c817ade3dabc1de576cbd255087267f77341900a41c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISBEW64.exe

Filesize
178KB

MD5
40f3a092744e46f3531a40b917cca81e

SHA1
c73f62a44cb3a75933cecf1be73a48d0d623039b

SHA256
561f14cdece85b38617403e1c525ff0b1b752303797894607a4615d0bd66f97f

SHA512
1589b27db29051c772e5ba56953d9f798efbf74d75e0524fa8569df092d28960972779811a7916198d0707d35b1093d3e0dd7669a8179c412cfa7df7120733b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\ISRT.dll

Filesize
426KB

MD5
8af02bf8e358e11caec4f2e7884b43cc

SHA1
16badc6c610eeb08de121ab268093dd36b56bf27

SHA256
58a724d23c63387a2dda27ccfdbc8ca87fd4db671bea8bb636247667f6a5a11e

SHA512
d0228a8cc93ff6647c2f4ba645fa224dc9d114e2adb5b5d01670b6dafc2258b5b1be11629868748e77b346e291974325e8e8e1192042d7c04a35fc727ad4e3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1EC41519-AB4B-49A3-B6AB-B60AEDBCC35B}\_isres_0x0409.dll

Filesize
1.8MB

MD5
7de024bc275f9cdeaf66a865e6fd8e58

SHA1
5086e4a26f9b80699ea8d9f2a33cead28a1819c0

SHA256
bd32468ee7e8885323f22eabbff9763a0f6ffef3cc151e0bd0481df5888f4152

SHA512
191c57e22ea13d13806dd390c4039029d40c7532918618d185d8a627aabc3969c7af2e532e3c933bde8f652b4723d951bf712e9ba0cc0d172dde693012f5ef1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\DuiLib_u.dll

Filesize
840KB

MD5
677004470e3bb68df7b0cf61c67bb5b8

SHA1
d82697919f929bfac3069d70242c82b41b32f2dd

SHA256
8d11e5e24f3f4454b3bcddc3b6ad8848c4bc7bdb96bb6375188b1f5d44e84a6a

SHA512
676f64dff0d90943f9c42beeb34e8efb5cb88440c2a8b720ef8404f54d6e297b50a247d517eb03c83eb00e0f6355f1233b73c36cc7d35db7bce7ed7573e88c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\MSVCP140.dll

Filesize
437KB

MD5
e9f00dd8746712610706cbeffd8df0bd

SHA1
5004d98c89a40ebf35f51407553e38e5ca16fb98

SHA256
4cb882621a3d1c6283570447f842801b396db1b3dcd2e01c2f7002efd66a0a97

SHA512
4d1ce1fc92cea60859b27ca95ca1d1a7c2bec4e2356f87659a69bab9c1befa7a94a2c64669cef1c9dadf9d38ab77e836fe69acdda0f95fa1b32cba9e8c6bb554

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\SplashWin.exe

Filesize
446KB

MD5
4d20b83562eec3660e45027ad56fb444

SHA1
ff6134c34500a8f8e5881e6a34263e5796f83667

SHA256
c5e650b331fa5292872fdaede3a75c8167a0f1280ce0cd3d58b880d23854bdb1

SHA512
718bd66fcff80b8008a4523d88bd726cdbc95e6e7bdb3f50e337e291294505ed54e6f5995d431968b85415e96f6f7ed37381ca021401ad57fda3b08a1f0c27f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\VCRUNTIME140.dll

Filesize
74KB

MD5
a554e4f1addc0c2c4ebb93d66b790796

SHA1
9fbd1d222da47240db92cd6c50625eb0cf650f61

SHA256
e610cdac0a37147919032d0d723b967276c217ff06ea402f098696ab4112512a

SHA512
5f3253f071da3e0110def888682d255186f2e2a30a8480791c0cad74029420033b5c90f818ae845b5f041ee4005f6de174a687aca8f858371026423f017902cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\horoscope.html

Filesize
45KB

MD5
75c30eb9a53a184a8b05dca487f07de5

SHA1
c3fe8d85a16817c402bd5c5776195f6c337ccda0

SHA256
f709a1b33efaa8ecd4070193803aea5986c4ddacb8846ad8612605679b1096c5

SHA512
855d2532438bf6d6ce2f2c8a51921cf356e14c3083b56963ec8b6d4943807bf94d4dae4ffbb4623117d0e8018f3d771810ef54da6c61ffadbb7b3f8b9d8f8597

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9061CA5B-4CB3-463D-8476-569E5A3F9445}\reremouse.apk

Filesize
4.3MB

MD5
e149647a7062e031613909aef3ba6837

SHA1
ceb8e23622d59c26e641f8d1d89c883f680edf2a

SHA256
0bad86799b73ac2234c268db6e0a1b55292b94b39b46b1ef7c14e8ae0807fefc

SHA512
4997b3d387c7776fc19285bb4a95287fadd66660b526199fb2193b6be9e5588a82343529793789b48eee5253e830f69103dde0deb17be38c1939f7468aafce49

Download Submit
memory/3180-39-0x0000000002BF0000-0x0000000002DB7000-memory.dmp

Filesize
1.8MB

Download
memory/3180-34-0x0000000010000000-0x0000000010114000-memory.dmp

Filesize
1.1MB

Download
memory/4932-92-0x0000000074960000-0x0000000074ADB000-memory.dmp

Filesize
1.5MB

Download
memory/4932-91-0x00007FFB69FD0000-0x00007FFB6A1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4932-90-0x0000000074960000-0x0000000074ADB000-memory.dmp

Filesize
1.5MB

Download
memory/5556-183-0x00007FF689CD0000-0x00007FF689FE8000-memory.dmp

Filesize
3.1MB

Download
memory/5556-114-0x00007FF689CD0000-0x00007FF689FE8000-memory.dmp

Filesize
3.1MB

Download
memory/5556-113-0x00007FF689CD0000-0x00007FF689FE8000-memory.dmp

Filesize
3.1MB

Download
memory/5556-109-0x00007FF689CD0000-0x00007FF689FE8000-memory.dmp

Filesize
3.1MB

Download
memory/5556-106-0x00007FF689CD0000-0x00007FF689FE8000-memory.dmp

Filesize
3.1MB

Download
memory/5556-105-0x00007FF689CD0000-0x00007FF689FE8000-memory.dmp

Filesize
3.1MB

Download
memory/6028-98-0x0000000074960000-0x0000000074ADB000-memory.dmp

Filesize
1.5MB

Download
memory/6028-95-0x00007FFB69FD0000-0x00007FFB6A1C5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-60-0x0000000073480000-0x00000000735FB000-memory.dmp

Filesize
1.5MB

Download
memory/6032-61-0x00007FFB69FD0000-0x00007FFB6A1C5000-memory.dmp

Filesize
2.0MB

Download