Overview
overview
10Static
static
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
8ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
8ฺฺฺK...ฺฺ
windows10_x64
3ฺฺฺK...ฺฺ
windows10_x64
3ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
8ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
8Resubmissions
22-11-2023 17:02
231122-vkac9adg64 1019-01-2021 19:24
210119-s26yznnqsn 1019-11-2020 13:14
201119-s41ec6lt86 10Analysis
-
max time kernel
1794s -
max time network
429s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
19-11-2020 13:14
Static task
static1
Behavioral task
behavioral1
Sample
08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Resource
win10v20201028
Behavioral task
behavioral2
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
1.bin/1.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
2019-09-02_22-41-10.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba.dll
Resource
win10v20201028
Behavioral task
behavioral6
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win10v20201028
Behavioral task
behavioral7
Sample
31.exe
Resource
win10v20201028
Behavioral task
behavioral8
Sample
3DMark 11 Advanced Edition.exe
Resource
win10v20201028
Behavioral task
behavioral9
Sample
42f972925508a82236e8533567487761.exe
Resource
win10v20201028
Behavioral task
behavioral10
Sample
42f972925508a82236e8533567487761(1).exe
Resource
win10v20201028
Behavioral task
behavioral11
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win10v20201028
Behavioral task
behavioral12
Sample
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Resource
win10v20201028
Behavioral task
behavioral13
Sample
6a9e7107c97762eb1196a64baeadb291.exe
Resource
win10v20201028
Behavioral task
behavioral14
Sample
905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe
Resource
win10v20201028
Behavioral task
behavioral15
Sample
948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe
Resource
win10v20201028
Behavioral task
behavioral16
Sample
95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
Resource
win10v20201028
Behavioral task
behavioral17
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.exe
Resource
win10v20201028
Behavioral task
behavioral18
Sample
CVE-2018-15982_PoC.swf
Resource
win10v20201028
Behavioral task
behavioral19
Sample
CVWSHSetup[1].bin/WSHSetup[1].exe
Resource
win10v20201028
Behavioral task
behavioral20
Sample
DiskInternals_Uneraser_v5_keygen.exe
Resource
win10v20201028
Behavioral task
behavioral21
Sample
ForceOp 2.8.7 - By RaiSence.exe
Resource
win10v20201028
Behavioral task
behavioral22
Sample
HYDRA.exe
Resource
win10v20201028
Behavioral task
behavioral23
Sample
KLwC6vii.exe
Resource
win10v20201028
Behavioral task
behavioral24
Sample
Keygen.exe
Resource
win10v20201028
Behavioral task
behavioral25
Sample
Lonelyscreen.1.2.9.keygen.by.Paradox/Lonelyscreen.1.2.9.keygen.by.Paradox.exe
Resource
win10v20201028
Behavioral task
behavioral26
Sample
LtHv0O2KZDK4M637.exe
Resource
win10v20201028
Behavioral task
behavioral27
Sample
Magic_File_v3_keygen_by_KeygenNinja.exe
Resource
win10v20201028
Behavioral task
behavioral28
Sample
OnlineInstaller.exe
Resource
win10v20201028
Behavioral task
behavioral29
Sample
Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
Resource
win10v20201028
Behavioral task
behavioral30
Sample
SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.17985.exe
Resource
win10v20201028
Behavioral task
behavioral31
Sample
SecuriteInfo.com.Generic.mg.cde56cf0169830ee.29869.dll
Resource
win10v20201028
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
setup.exeTaskMan.exepid process 3796 setup.exe 8 TaskMan.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
TaskMan.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\International\Geo\Nation TaskMan.exe -
Loads dropped DLL 3 IoCs
Processes:
TaskMan.exepid process 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
TaskMan.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA TaskMan.exe -
Drops file in Program Files directory 64 IoCs
Processes:
setup.exedescription ioc process File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_danish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\ordina.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\taskman_fr.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\taskman_de.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\taskman_fr.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\ascode.dll setup.exe File created C:\Program Files (x86)\Security Task Manager\bestell.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_russian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\sqlite3.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\psapi_.dll setup.exe File created C:\Program Files (x86)\Security Task Manager\TaskMan.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_french.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_korean.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\manual_de.pdf setup.exe File created C:\Program Files (x86)\Security Task Manager\order.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\file_id.diz setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\liesmich.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\psapi_.dll setup.exe File created C:\Program Files (x86)\Security Task Manager\readme.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\taskman_ru.chm setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\uninstal.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\file_id.diz setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\Formulaire.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\manual_en.pdf setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\manual_fr.pdf setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_swedish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\manual_en.pdf setup.exe File created C:\Program Files (x86)\Security Task Manager\SpyProDll.dll setup.exe File created C:\Program Files (x86)\Security Task Manager\Formulaire.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_danish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_english.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_polish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\SpyProtector.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_deutsch.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\manual_de.pdf setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\order.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\ascode.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_swedish.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\LisezMoi.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\ordina.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\Setup.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\Setup.exe setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\SpyProDll.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\bestell.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt setup.exe File created C:\Program Files (x86)\Security Task Manager\taskman_en.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\taskman_ru.chm setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_czech.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_polish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_russian.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\sqlite3.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\TaskMan.exe setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
svchost.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Capabilities svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Mfg svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\CompatibleIDs svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\FriendlyName svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Mfg svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
svchost.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections svchost.exe -
Modifies registry class 3 IoCs
Processes:
TaskMan.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key TaskMan.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ TaskMan.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" TaskMan.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
TaskMan.exepid process 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe -
Suspicious use of AdjustPrivilegeToken 17 IoCs
Processes:
TaskMan.exevssvc.exevssvc.exesrtasks.exedescription pid process Token: SeDebugPrivilege 8 TaskMan.exe Token: SeBackupPrivilege 3800 vssvc.exe Token: SeRestorePrivilege 3800 vssvc.exe Token: SeAuditPrivilege 3800 vssvc.exe Token: SeDebugPrivilege 8 TaskMan.exe Token: SeDebugPrivilege 8 TaskMan.exe Token: SeBackupPrivilege 3980 vssvc.exe Token: SeRestorePrivilege 3980 vssvc.exe Token: SeAuditPrivilege 3980 vssvc.exe Token: SeBackupPrivilege 1076 srtasks.exe Token: SeRestorePrivilege 1076 srtasks.exe Token: SeSecurityPrivilege 1076 srtasks.exe Token: SeTakeOwnershipPrivilege 1076 srtasks.exe Token: SeBackupPrivilege 1076 srtasks.exe Token: SeRestorePrivilege 1076 srtasks.exe Token: SeSecurityPrivilege 1076 srtasks.exe Token: SeTakeOwnershipPrivilege 1076 srtasks.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
TaskMan.exepid process 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe 8 TaskMan.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecurityTaskManager_Setup.exesetup.exeexplorer.exedescription pid process target process PID 1052 wrote to memory of 3796 1052 SecurityTaskManager_Setup.exe setup.exe PID 1052 wrote to memory of 3796 1052 SecurityTaskManager_Setup.exe setup.exe PID 1052 wrote to memory of 3796 1052 SecurityTaskManager_Setup.exe setup.exe PID 3796 wrote to memory of 496 3796 setup.exe explorer.exe PID 3796 wrote to memory of 496 3796 setup.exe explorer.exe PID 3796 wrote to memory of 496 3796 setup.exe explorer.exe PID 2596 wrote to memory of 8 2596 explorer.exe TaskMan.exe PID 2596 wrote to memory of 8 2596 explorer.exe TaskMan.exe PID 2596 wrote to memory of 8 2596 explorer.exe TaskMan.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe".\setup.exe"
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" "C:\Program Files (x86)\Security Task Manager\taskman.exe"
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Security Task Manager\TaskMan.exe"C:\Program Files (x86)\Security Task Manager\TaskMan.exe"
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Security Task Manager\TaskMan.exe
-
C:\Program Files (x86)\Security Task Manager\TaskMan.exe
-
C:\Program Files (x86)\Security Task Manager\ascode.dll
-
C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_czech.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_danish.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_deutsch.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_dutch.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_english.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_french.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_korean.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_polish.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt
-
C:\Program Files (x86)\Security Task Manager\lgs_portuguese.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_russian.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_swedish.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt
-
C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt
-
C:\Program Files (x86)\Security Task Manager\sqlite3.dll
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Formulaire.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\LisezMoi.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProDll.dll
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProtector.exe
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ascode.dll
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\bestell.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\file_id.diz
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\leggimi.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_bulgarian.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_czech.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_danish.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_deutsch.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_dutch.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_english.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_finnish.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_french.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_hungarian.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_italiano.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_japanese.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_korean.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_norwegian_bokmaal.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_polish.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese (Brasil).txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_russian.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_spanish.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_swedish.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_turkish.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_ukrainian.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\liesmich.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_de.pdf
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_en.pdf
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_fr.pdf
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\order.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ordina.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\psapi_.dll
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\readme.txt
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\sqlite3.dll
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman.exe
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_de.chm
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_en.chm
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_fr.chm
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_ru.chm
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\uninstal.exe
-
C:\Users\Public\Desktop\Security Task Manager.lnk
-
\Program Files (x86)\Security Task Manager\ascode.dll
-
\Program Files (x86)\Security Task Manager\ascode.dll
-
\Program Files (x86)\Security Task Manager\sqlite3.dll
-
memory/8-204-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-310-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-203-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-552-0x0000000006690000-0x000000000669A000-memory.dmpFilesize
40KB
-
memory/8-205-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-206-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-207-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-208-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-209-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-210-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-212-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-211-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-213-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-214-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-216-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-215-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-217-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-218-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-219-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-221-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-220-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-222-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-223-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-224-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-225-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-226-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-227-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-228-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-229-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-230-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-254-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-300-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-301-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-302-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-303-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-304-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-305-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-306-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-307-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-308-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-309-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-202-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-311-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-312-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-313-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-314-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-315-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-316-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-317-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-318-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-319-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-320-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-321-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-323-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-201-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-200-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-199-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-198-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-197-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-196-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-195-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-194-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-193-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-192-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-191-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-190-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-189-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-188-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-187-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-186-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-185-0x0000000006470000-0x0000000006471000-memory.dmpFilesize
4KB
-
memory/8-121-0x0000000005B70000-0x0000000005B71000-memory.dmpFilesize
4KB
-
memory/8-57-0x00000000046A0000-0x00000000046A1000-memory.dmpFilesize
4KB
-
memory/8-49-0x0000000000000000-mapping.dmp
-
memory/8-485-0x0000000006CA0000-0x0000000006DAA000-memory.dmpFilesize
1MB
-
memory/8-497-0x0000000006CA0000-0x0000000006DAA000-memory.dmpFilesize
1MB
-
memory/8-501-0x0000000006CA0000-0x0000000006DAA000-memory.dmpFilesize
1MB
-
memory/8-505-0x0000000006CA0000-0x0000000006DAA000-memory.dmpFilesize
1MB
-
memory/8-549-0x0000000007A50000-0x0000000007A54000-memory.dmpFilesize
16KB
-
memory/8-541-0x00000000046A0000-0x00000000046A1000-memory.dmpFilesize
4KB
-
memory/8-542-0x00000000046A0000-0x00000000046A1000-memory.dmpFilesize
4KB
-
memory/8-546-0x0000000007A50000-0x0000000007A54000-memory.dmpFilesize
16KB
-
memory/496-47-0x0000000000000000-mapping.dmp
-
memory/3796-0-0x0000000000000000-mapping.dmp