Resubmissions
24-07-2021 10:45
210724-phtf8r61la 1007-09-2020 13:45
200907-tlde9xx29n 706-09-2020 10:57
200906-apz15m223e 706-09-2020 07:55
200906-2zwlc6b7h2 806-09-2020 07:51
200906-h9pa71e62a 7Analysis
-
max time kernel
66s -
max time network
69s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
06-09-2020 07:55
Errors
Reason
Machine shutdown
General
-
Target
TOOL.exe
-
Size
15.3MB
-
MD5
42c3370a6bdc0bd641bf0583cef3cfe2
-
SHA1
33fea4db9b6a1fd9167f4bfa5abad4c0c86f6b58
-
SHA256
8d025c8034092b69331f21684eaeee9ebf1d3b4db491997f857b9b1a233b2ef5
-
SHA512
628eaac733723b2f371182c0fd017e558859d15fc32077a0abf04fc7b82e6e8c1a53e6ed5ba85467bce63bdfeff9b23b7f09c342c0e744ffdd3307ee9037975d
Score
8/10
Malware Config
Signatures
-
Modifies WinLogon to allow AutoLogon 2 TTPs 1 IoCs
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL 39 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops Chrome extension 3 IoCs
-
JavaScript code in executable 8 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 1 IoCs
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Modifies data under HKEY_USERS 20 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 44 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 1598 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TOOL.exe"C:\Users\Admin\AppData\Local\Temp\TOOL.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\TOOL.exe"C:\Users\Admin\AppData\Local\Temp\TOOL.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "chcp 65001 && ipconfig | findstr /i "Default Gateway""3⤵
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
C:\Windows\system32\ipconfig.exeipconfig4⤵
- Gathers network information
-
C:\Windows\system32\findstr.exefindstr /i "Default Gateway"4⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "@chcp 65001 1>nul"3⤵
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic BIOS get BIOSVersion"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic BIOS get BIOSVersion4⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"1⤵
- Drops Chrome extension
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=84.0.4147.89 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0x88,0x7ff9ea33ed20,0x7ff9ea33ed30,0x7ff9ea33ed402⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1408 /prefetch:22⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3544 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3672 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3684 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3872 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3540 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4040 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3576 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3904 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4152 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3640 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4384 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4056 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4400 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4548 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4820 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4928 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=5484 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4824 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=5896 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=6156 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3820 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4512 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2148 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=5840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4036 /prefetch:82⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1396,3094960680910433957,14409990985725650372,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s WinHttpAutoProxySvc1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3ace855 /state1:0x41c64e6d1⤵
- Modifies WinLogon to allow AutoLogon
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_Salsa20.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_aes.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_cbc.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_cfb.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ctr.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ecb.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ocb.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ofb.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_BLAKE2s.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_MD5.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_SHA1.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_SHA256.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_ghash_portable.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Protocol\_scrypt.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Util\_cpuid_c.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Util\_strxor.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\TOOL.exe.manifest
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\VCRUNTIME140.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_bz2.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_ctypes.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_hashlib.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_lzma.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_portaudio.cp38-win_amd64.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_queue.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_socket.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_sqlite3.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\_ssl.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\base_library.zip
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\certifi\cacert.pem
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\libcrypto-1_1.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\libffi-7.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\libssl-1_1.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\python38.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\pythoncom38.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\pywintypes38.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\select.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\sqlite3.dll
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\unicodedata.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\win32api.pyd
-
C:\Users\Admin\AppData\Local\Temp\_MEI4122\win32gui.pyd
-
\??\pipe\crashpad_1816_MOTNBLAHQLTYCSFT
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_Salsa20.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_aes.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_cbc.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_cfb.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ctr.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ecb.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ocb.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Cipher\_raw_ofb.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_BLAKE2s.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_MD5.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_SHA1.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_SHA256.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Hash\_ghash_portable.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Protocol\_scrypt.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Util\_cpuid_c.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\Crypto\Util\_strxor.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\VCRUNTIME140.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\VCRUNTIME140.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_bz2.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_ctypes.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_hashlib.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_lzma.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_portaudio.cp38-win_amd64.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_queue.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_socket.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_sqlite3.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\_ssl.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\libcrypto-1_1.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\libcrypto-1_1.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\libffi-7.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\libssl-1_1.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\python38.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\pythoncom38.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\pywintypes38.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\select.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\sqlite3.dll
-
\Users\Admin\AppData\Local\Temp\_MEI4122\unicodedata.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\win32api.pyd
-
\Users\Admin\AppData\Local\Temp\_MEI4122\win32gui.pyd
-
memory/184-167-0x0000000000000000-mapping.dmp
-
memory/684-94-0x0000000000000000-mapping.dmp
-
memory/684-52-0x0000000000000000-mapping.dmp
-
memory/1000-521-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-502-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-515-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-522-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-516-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-517-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-518-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-519-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-520-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-513-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-512-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-511-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-510-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-509-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-508-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-479-0x0000000000000000-mapping.dmp
-
memory/1000-507-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-506-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-505-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-504-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-503-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-514-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-501-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-500-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-499-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-498-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-497-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-496-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-495-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-494-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-493-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-492-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-491-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-490-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-489-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-488-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-487-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-486-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-485-0x0000023AC2C20000-0x0000023AC2C21000-memory.dmpFilesize
4KB
-
memory/1000-484-0x0000023AC1010000-0x0000023AC10100F8-memory.dmpFilesize
248B
-
memory/1000-483-0x0000419100040000-0x0000419100041000-memory.dmpFilesize
4KB
-
memory/1816-152-0x000001D199300000-0x000001D199301000-memory.dmpFilesize
4KB
-
memory/2096-49-0x0000000000000000-mapping.dmp
-
memory/2196-260-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-263-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-243-0x00000B3F00040000-0x00000B3F00041000-memory.dmpFilesize
4KB
-
memory/2196-282-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-281-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-280-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-279-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-278-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-277-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-276-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-275-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-274-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-273-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-272-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-271-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-270-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-269-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-268-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-267-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-266-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-265-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-159-0x0000000000000000-mapping.dmp
-
memory/2196-264-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-240-0x0000000000000000-mapping.dmp
-
memory/2196-244-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-262-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-261-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-245-0x0000025607E00000-0x0000025607E01000-memory.dmpFilesize
4KB
-
memory/2196-259-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-246-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-258-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-257-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-256-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-255-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-254-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-253-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-252-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-251-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-250-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-249-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-247-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2196-248-0x0000025605C10000-0x0000025605C100F8-memory.dmpFilesize
248B
-
memory/2460-196-0x0000000000000000-mapping.dmp
-
memory/2592-44-0x0000000000000000-mapping.dmp
-
memory/2624-174-0x0000000000000000-mapping.dmp
-
memory/3360-0-0x0000000000000000-mapping.dmp
-
memory/3588-165-0x0000000000000000-mapping.dmp
-
memory/3664-201-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-227-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-206-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-207-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-208-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-209-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-210-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-211-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-212-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-213-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-214-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-215-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-216-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-217-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-218-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-219-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-220-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-221-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-222-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-223-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-224-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-225-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-226-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-183-0x000056ED00040000-0x000056ED00041000-memory.dmpFilesize
4KB
-
memory/3664-228-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-229-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-230-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-231-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-232-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-233-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-234-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-235-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-236-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-163-0x0000000000000000-mapping.dmp
-
memory/3664-204-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-203-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-202-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-205-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-200-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-199-0x000001E491A10000-0x000001E491A11000-memory.dmpFilesize
4KB
-
memory/3664-198-0x000001E48EFA0000-0x000001E48EFA00F8-memory.dmpFilesize
248B
-
memory/3664-50-0x0000000000000000-mapping.dmp
-
memory/3772-161-0x0000000000000000-mapping.dmp
-
memory/3828-35-0x00007FF9F5FB0000-0x00007FF9F5FB1000-memory.dmpFilesize
4KB
-
memory/3828-31-0x0000000000000000-mapping.dmp
-
memory/3876-1-0x0000000000000000-mapping.dmp
-
memory/3956-477-0x0000000000000000-mapping.dmp
-
memory/3972-146-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-129-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-134-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-135-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-45-0x0000000000000000-mapping.dmp
-
memory/3972-108-0x0000153300040000-0x0000153300041000-memory.dmpFilesize
4KB
-
memory/3972-132-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-109-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-110-0x0000026243440000-0x0000026243441000-memory.dmpFilesize
4KB
-
memory/3972-111-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-112-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-113-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-114-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-133-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-115-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-116-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-147-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-117-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-145-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-144-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-143-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-142-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-141-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-140-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-139-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-138-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-137-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-136-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-118-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-119-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-120-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-300-0x00000D1300040000-0x00000D1300041000-memory.dmpFilesize
4KB
-
memory/3972-313-0x00003D1B00040000-0x00003D1B00041000-memory.dmpFilesize
4KB
-
memory/3972-121-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-122-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-123-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-124-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-125-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-126-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-131-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-127-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-130-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3972-128-0x0000026241660000-0x00000262416600F8-memory.dmpFilesize
248B
-
memory/3976-95-0x000001A8E5D60000-0x000001A8E5D61000-memory.dmpFilesize
4KB
-
memory/3976-46-0x0000000000000000-mapping.dmp
-
memory/3976-53-0x000072CB00040000-0x000072CB00041000-memory.dmpFilesize
4KB
-
memory/3980-166-0x0000000000000000-mapping.dmp
-
memory/3992-32-0x0000000000000000-mapping.dmp
-
memory/4312-96-0x0000000000000000-mapping.dmp
-
memory/4344-180-0x0000000000000000-mapping.dmp
-
memory/4348-171-0x0000000000000000-mapping.dmp
-
memory/4376-97-0x0000000000000000-mapping.dmp
-
memory/4392-169-0x0000000000000000-mapping.dmp
-
memory/4400-98-0x0000000000000000-mapping.dmp
-
memory/4412-481-0x0000000000000000-mapping.dmp
-
memory/4456-178-0x0000000000000000-mapping.dmp
-
memory/4464-100-0x0000000000000000-mapping.dmp
-
memory/4480-102-0x0000000000000000-mapping.dmp
-
memory/4480-186-0x0000000000000000-mapping.dmp
-
memory/4496-104-0x0000000000000000-mapping.dmp
-
memory/4520-187-0x0000000000000000-mapping.dmp
-
memory/4556-176-0x0000000000000000-mapping.dmp
-
memory/4576-107-0x0000000000000000-mapping.dmp
-
memory/4640-184-0x0000000000000000-mapping.dmp
-
memory/4668-320-0x0000389D00040000-0x0000389D00041000-memory.dmpFilesize
4KB
-
memory/4668-321-0x0000018953710000-0x0000018953711000-memory.dmpFilesize
4KB
-
memory/4668-286-0x0000000000000000-mapping.dmp
-
memory/4700-194-0x0000000000000000-mapping.dmp
-
memory/4712-294-0x0000000000000000-mapping.dmp
-
memory/4720-192-0x0000000000000000-mapping.dmp
-
memory/4756-190-0x0000000000000000-mapping.dmp
-
memory/4824-284-0x0000000000000000-mapping.dmp
-
memory/4932-149-0x0000000000000000-mapping.dmp
-
memory/4944-150-0x0000000000000000-mapping.dmp
-
memory/5024-153-0x0000000000000000-mapping.dmp
-
memory/5024-476-0x0000000000000000-mapping.dmp
-
memory/5036-472-0x0000000000000000-mapping.dmp
-
memory/5040-473-0x0000000000000000-mapping.dmp
-
memory/5060-155-0x0000000000000000-mapping.dmp
-
memory/5096-157-0x0000000000000000-mapping.dmp
-
memory/5096-238-0x0000000000000000-mapping.dmp