Analysis
-
max time kernel
1800s -
max time network
1799s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
14-04-2021 13:34
General
-
Target
https://keygenit.com/d/c2d3ae9fd710s1673qp1.html
-
Sample
210414-4ns1r6e34e
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
a6bfe7e504db71e25642b830fd9b2c4366cf882a
Attributes
-
url4cnc
https://telete.in/j90dadarobin
rc4.plain
rc4.plain
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Executes dropped EXE 24 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 16 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops Chrome extension 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 7 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 14 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Runs ping.exe 1 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 56 IoCs
-
Suspicious behavior: MapViewOfSection 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 15 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Schedule1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s ProfSvc1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s SENS1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s WpnService1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Winmgmt1⤵
- Suspicious use of AdjustPrivilegeToken
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Browser1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s LanmanServer1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s IKEEXT1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://keygenit.com/d/c2d3ae9fd710s1673qp1.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9050d4f50,0x7ff9050d4f60,0x7ff9050d4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1656 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4748 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5196 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5192 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5640 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6056 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings2⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff625c1a890,0x7ff625c1a8a0,0x7ff625c1a8b03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5456 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5628 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5860 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6032 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6004 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5996 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6532 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5556 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6480 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6504 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7748 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8352 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8364 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8340 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7180 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7204 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7192 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7688 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7608 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7416 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7916 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7300 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9384 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8932 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9256 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1936 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,14102543384576609530,14666146083427554563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 /prefetch:82⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s UserManager1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Themes1⤵
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s gpsvc1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s BITS1⤵
- Suspicious use of SetThreadContext
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SystemNetworkService2⤵
- Drops file in System32 directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp2_Tipard.Ts.Converter.7.1.56.keymaker.by.FUTURiTY.zip\Tipard.Ts.Converter.7.1.56.keymaker.by.FUTURiTY.exe"C:\Users\Admin\AppData\Local\Temp\Temp2_Tipard.Ts.Converter.7.1.56.keymaker.by.FUTURiTY.zip\Tipard.Ts.Converter.7.1.56.keymaker.by.FUTURiTY.exe"1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen.bat" "2⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-pr.exekeygen-pr.exe -p83fsase3Ge3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\key.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\key.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\key.exeC:\Users\Admin\AppData\Local\Temp\RarSFX1\key.exe -txt -scanlocal -file:potato.dat5⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-1.exekeygen-step-1.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-2.exekeygen-step-2.exe3⤵
- Executes dropped EXE
- Modifies system certificate store
-
C:\Users\Admin\AppData\Roaming\9A7C.tmp.exe"C:\Users\Admin\AppData\Roaming\9A7C.tmp.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\cmd.execmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Roaming\9A7C.tmp.exe"5⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /T 10 /NOBREAK6⤵
- Delays execution with timeout.exe
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-2.exe" >> NUL4⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.15⤵
- Runs ping.exe
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-3.exekeygen-step-3.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-3.exe"4⤵
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30005⤵
- Runs ping.exe
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-4.exekeygen-step-4.exe3⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\Setup.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Setup.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\OE3U1VIPDU\setups.exe"C:\Users\Admin\AppData\Local\Temp\OE3U1VIPDU\setups.exe" ll5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-PS9M8.tmp\setups.tmp"C:\Users\Admin\AppData\Local\Temp\is-PS9M8.tmp\setups.tmp" /SL5="$8027A,726852,244736,C:\Users\Admin\AppData\Local\Temp\OE3U1VIPDU\setups.exe" ll6⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\Full Version.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Full Version.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\unins0000.vbs"5⤵
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Program Files\unins0000.dll",install6⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\askinstall20.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\askinstall20.exe"4⤵
- Executes dropped EXE
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe5⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\xcopy.exexcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y5⤵
- Enumerates system info in registry
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/5⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ff8f1b54f50,0x7ff8f1b54f60,0x7ff8f1b54f706⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=network --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=1704 /prefetch:86⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:26⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2216 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:16⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=3136 /prefetch:86⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=4892 /prefetch:86⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=788 /prefetch:86⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=3504 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=1512 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5392 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5420 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2736 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=1432 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2788 /prefetch:86⤵
-
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\SwReporter\89.258.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\SwReporter\89.258.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=uO8r9Du2NFsTUOHokVPNEGzgfo8TAvXEskxbt3gU --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
\??\c:\users\admin\appdata\local\temp\cghjgasaaz99\swreporter\89.258.200\software_reporter_tool.exec:\users\admin\appdata\local\temp\cghjgasaaz99\swreporter\89.258.200\software_reporter_tool.exe --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.258.200 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff795f7ac28,0x7ff795f7ac38,0x7ff795f7ac487⤵
- Executes dropped EXE
-
\??\c:\users\admin\appdata\local\temp\cghjgasaaz99\swreporter\89.258.200\software_reporter_tool.exe"c:\users\admin\appdata\local\temp\cghjgasaaz99\swreporter\89.258.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_4012_WFOZHTKQTTNMELRD" --sandboxed-process-id=2 --init-done-notifier=708 --sandbox-mojo-pipe-token=5601564416009634783 --mojo-platform-channel-handle=684 --engine=27⤵
- Executes dropped EXE
- Loads dropped DLL
-
\??\c:\users\admin\appdata\local\temp\cghjgasaaz99\swreporter\89.258.200\software_reporter_tool.exe"c:\users\admin\appdata\local\temp\cghjgasaaz99\swreporter\89.258.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_4012_WFOZHTKQTTNMELRD" --sandboxed-process-id=3 --init-done-notifier=916 --sandbox-mojo-pipe-token=17112790766343863348 --mojo-platform-channel-handle=9127⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5792 /prefetch:86⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5812 /prefetch:26⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5812 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=1500 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5916 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5988 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5944 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=908 /prefetch:86⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,7450676132909445287,16484302437306732574,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2956 /prefetch:86⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\file.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\file.exe"4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\AppData\Local\Temp\RarSFX1\file.exe" >> NUL5⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.16⤵
- Runs ping.exe
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\md2_2efs.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\md2_2efs.exe"4⤵
- Executes dropped EXE
- Checks whether UAC is enabled
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\BTRSetp.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\BTRSetp.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\gcttt.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\gcttt.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datMD5
067379cdad9879c730911577d225d469
SHA1cad1ff71d901996540feb81d99954eaf41c6baea
SHA25667ea9b789df90c31f5c022f3f93e8ca92030079c1aa35b95ddc9a15cb0e90c1e
SHA512cb4bbc4fe6553ac5dbeae0216c70e16b52d1fce334bc126fbf56949678d22d577dbe1ae9c267aa9e4e8dd567daf910859627d2e9804c11b19830107f51af4c08
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen.batMD5
a12e7acce9c54e8f477830c938cd5bb7
SHA1482ac6ae9ea9ab1673e1444269bba2ef7a86794c
SHA256b5433a43058d8b81958e13064f7d5485b787d6812513600c27b913dc5c3b3bd0
SHA5125198b9b7f7ab17a0173a5eed18f3b1906ab3fc64da62cfb765ff43539acdcf3a0eafeefe6184f51f1fbebaacdb0bdf422572b4b3ba70de0b116c779f5e1b7174
-
\??\pipe\crashpad_1892_CWMJKKDQFKULKZYDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_5032_DUQVRXTKYDDWOLRTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/216-209-0x0000000000000000-mapping.dmp
-
memory/700-206-0x0000000000000000-mapping.dmp
-
memory/1008-260-0x00000196C6810000-0x00000196C6877000-memory.dmpFilesize
412KB
-
memory/1084-268-0x0000022C8DEB0000-0x0000022C8DF17000-memory.dmpFilesize
412KB
-
memory/1108-224-0x0000000000000000-mapping.dmp
-
memory/1140-266-0x0000026E3D4F0000-0x0000026E3D557000-memory.dmpFilesize
412KB
-
memory/1176-275-0x00000217A10D0000-0x00000217A1137000-memory.dmpFilesize
412KB
-
memory/1368-203-0x0000000000000000-mapping.dmp
-
memory/1412-278-0x00000211C2270000-0x00000211C22D7000-memory.dmpFilesize
412KB
-
memory/1420-270-0x000002BC1B0A0000-0x000002BC1B107000-memory.dmpFilesize
412KB
-
memory/1632-122-0x0000000000000000-mapping.dmp
-
memory/1808-149-0x0000000000000000-mapping.dmp
-
memory/1820-123-0x00007FF90CC60000-0x00007FF90CC61000-memory.dmpFilesize
4KB
-
memory/1820-121-0x0000000000000000-mapping.dmp
-
memory/1948-273-0x00000288EC7D0000-0x00000288EC837000-memory.dmpFilesize
412KB
-
memory/2232-144-0x0000000000000000-mapping.dmp
-
memory/2528-262-0x0000019512270000-0x00000195122D7000-memory.dmpFilesize
412KB
-
memory/2536-264-0x0000020465E90000-0x0000020465EF7000-memory.dmpFilesize
412KB
-
memory/2696-256-0x000001617A770000-0x000001617A7D7000-memory.dmpFilesize
412KB
-
memory/2744-126-0x0000000000000000-mapping.dmp
-
memory/2780-280-0x000002B7E0240000-0x000002B7E02A7000-memory.dmpFilesize
412KB
-
memory/2800-281-0x0000024037E00000-0x0000024037E67000-memory.dmpFilesize
412KB
-
memory/2800-251-0x0000024037550000-0x0000024037594000-memory.dmpFilesize
272KB
-
memory/2824-155-0x0000000000000000-mapping.dmp
-
memory/2888-254-0x00000135C0450000-0x00000135C04B7000-memory.dmpFilesize
412KB
-
memory/3124-133-0x0000000000000000-mapping.dmp
-
memory/3276-139-0x0000000000000000-mapping.dmp
-
memory/3508-207-0x0000000000000000-mapping.dmp
-
memory/3952-222-0x0000000000000000-mapping.dmp
-
memory/3972-205-0x0000000000000000-mapping.dmp
-
memory/4012-230-0x0000000000000000-mapping.dmp
-
memory/4064-116-0x0000000000000000-mapping.dmp
-
memory/4100-219-0x0000000000000000-mapping.dmp
-
memory/4104-163-0x0000000000000000-mapping.dmp
-
memory/4112-204-0x0000000000000000-mapping.dmp
-
memory/4136-271-0x0000000005A70000-0x0000000005B01000-memory.dmpFilesize
580KB
-
memory/4136-276-0x0000000000400000-0x0000000003DE8000-memory.dmpFilesize
57.9MB
-
memory/4144-208-0x0000000000000000-mapping.dmp
-
memory/4212-252-0x0000000004920000-0x0000000004976000-memory.dmpFilesize
344KB
-
memory/4212-250-0x00000000047C0000-0x00000000047FA000-memory.dmpFilesize
232KB
-
memory/4240-229-0x0000000000000000-mapping.dmp
-
memory/4280-173-0x0000000000000000-mapping.dmp
-
memory/4288-221-0x0000000000000000-mapping.dmp
-
memory/4456-220-0x0000000000000000-mapping.dmp
-
memory/4492-258-0x0000018A425D0000-0x0000018A42637000-memory.dmpFilesize
412KB
-
memory/4492-282-0x0000018A44B00000-0x0000018A44C05000-memory.dmpFilesize
1.0MB
-
memory/4560-249-0x00000000001E0000-0x00000000001E1000-memory.dmpFilesize
4KB
-
memory/4608-225-0x0000000000000000-mapping.dmp
-
memory/4612-210-0x0000000000000000-mapping.dmp
-
memory/4692-211-0x0000000000000000-mapping.dmp
-
memory/4696-246-0x0000000002250000-0x0000000002252000-memory.dmpFilesize
8KB
-
memory/4700-184-0x0000000000000000-mapping.dmp
-
memory/4732-212-0x0000000000000000-mapping.dmp
-
memory/4740-226-0x0000000000000000-mapping.dmp
-
memory/4752-216-0x0000000000000000-mapping.dmp
-
memory/4752-189-0x0000000000000000-mapping.dmp
-
memory/4768-192-0x0000000000000000-mapping.dmp
-
memory/4840-194-0x0000000000000000-mapping.dmp
-
memory/4852-195-0x0000000000000000-mapping.dmp
-
memory/4872-227-0x0000000000000000-mapping.dmp
-
memory/4896-247-0x00000000030D0000-0x000000000326C000-memory.dmpFilesize
1.6MB
-
memory/4900-213-0x0000000000000000-mapping.dmp
-
memory/4912-196-0x0000000000000000-mapping.dmp
-
memory/4916-215-0x0000000000000000-mapping.dmp
-
memory/4920-214-0x0000000000000000-mapping.dmp
-
memory/4936-223-0x0000000000000000-mapping.dmp
-
memory/4940-228-0x0000000000000000-mapping.dmp
-
memory/4948-197-0x0000000000000000-mapping.dmp
-
memory/4968-218-0x0000000000000000-mapping.dmp
-
memory/4980-198-0x0000000000000000-mapping.dmp
-
memory/4996-199-0x0000000000000000-mapping.dmp
-
memory/5032-200-0x0000000000000000-mapping.dmp
-
memory/5044-217-0x0000000000000000-mapping.dmp
-
memory/5076-201-0x0000000000000000-mapping.dmp
-
memory/5140-231-0x0000000000000000-mapping.dmp
-
memory/5172-232-0x0000000000000000-mapping.dmp
-
memory/5220-248-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB
-
memory/5300-233-0x0000000000000000-mapping.dmp
-
memory/5316-234-0x0000000000000000-mapping.dmp
-
memory/5324-283-0x0000000001520000-0x0000000001522000-memory.dmpFilesize
8KB
-
memory/5344-297-0x000001BBAE5E0000-0x000001BBAE620000-memory.dmpFilesize
256KB
-
memory/5344-290-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-305-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-306-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-302-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-304-0x000001BBAEA30000-0x000001BBAEA70000-memory.dmpFilesize
256KB
-
memory/5344-303-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-300-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-301-0x000001BBAE620000-0x000001BBAE660000-memory.dmpFilesize
256KB
-
memory/5344-299-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-285-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-284-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-287-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-286-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-288-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-289-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-291-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-292-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-293-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-294-0x000001BBACDC0000-0x000001BBACDC1000-memory.dmpFilesize
4KB
-
memory/5344-295-0x000001BBACDC0000-0x000001BBACE00000-memory.dmpFilesize
256KB
-
memory/5344-296-0x000001BBAEC00000-0x000001BBAEC40000-memory.dmpFilesize
256KB
-
memory/5344-298-0x000001BBAE730000-0x000001BBAE770000-memory.dmpFilesize
256KB
-
memory/5412-235-0x0000000000000000-mapping.dmp
-
memory/5504-236-0x0000000000000000-mapping.dmp
-
memory/5680-237-0x0000000000000000-mapping.dmp
-
memory/5724-238-0x0000000000000000-mapping.dmp
-
memory/5768-239-0x0000000000000000-mapping.dmp
-
memory/5824-240-0x0000000000000000-mapping.dmp
-
memory/5860-241-0x0000000000000000-mapping.dmp
-
memory/5908-242-0x0000000000000000-mapping.dmp
-
memory/6084-243-0x0000000000000000-mapping.dmp
-
memory/6136-245-0x0000000000000000-mapping.dmp