Analysis
-
max time kernel
757s -
max time network
759s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
05-10-2021 20:03
General
-
Target
https://officesupply.com
-
Sample
211005-ystnmsafbp
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
Bazar/Team9 Loader payload 7 IoCs
-
Executes dropped EXE 24 IoCs
-
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Loads dropped DLL 7 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Drops file in Windows directory 6 IoCs
-
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://officesupply.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff956754f50,0x7ff956754f60,0x7ff956754f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1640 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4152 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5352 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6192 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6864 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6716 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6900 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7004 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6996 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6176 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6180 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=772 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1460 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4400 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4228 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4260 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7160 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6804 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5628 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\code.exe"C:\Users\Admin\Downloads\code.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-MF21N.tmp\code.tmp"C:\Users\Admin\AppData\Local\Temp\is-MF21N.tmp\code.tmp" /SL5="$C0048,1549918,785408,C:\Users\Admin\Downloads\code.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exe"C:\Program Files (x86)\cnBbOPfhTduj\1.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exe"C:\Program Files (x86)\cnBbOPfhTduj\1.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4608 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4660 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6744 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4380 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6088 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5496 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1360 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6928 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,16105802508085216699,1284644030841180805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3132 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=HXJ4GCz8EnSBh1+UPadhpHgHOKQbhU9VTJaDWz5c --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=93.269.200 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff6bf929300,0x7ff6bf929310,0x7ff6bf9293203⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2504_KMZUPNYYVPVJHZRJ" --sandboxed-process-id=2 --init-done-notifier=716 --sandbox-mojo-pipe-token=5457086080725403288 --mojo-platform-channel-handle=692 --engine=23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2504_KMZUPNYYVPVJHZRJ" --sandboxed-process-id=3 --init-done-notifier=916 --sandbox-mojo-pipe-token=11569141006492952566 --mojo-platform-channel-handle=9123⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\code.exe"C:\Users\Admin\Downloads\code.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-53SC6.tmp\code.tmp"C:\Users\Admin\AppData\Local\Temp\is-53SC6.tmp\code.tmp" /SL5="$1029E,1549918,785408,C:\Users\Admin\Downloads\code.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\code.exe"C:\Users\Admin\Downloads\code.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-8TU5H.tmp\code.tmp"C:\Users\Admin\AppData\Local\Temp\is-8TU5H.tmp\code.tmp" /SL5="$40298,1549918,785408,C:\Users\Admin\Downloads\code.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\code.exe"C:\Users\Admin\Downloads\code.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-6C20S.tmp\code.tmp"C:\Users\Admin\AppData\Local\Temp\is-6C20S.tmp\code.tmp" /SL5="$902B8,1549918,785408,C:\Users\Admin\Downloads\code.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exe"C:\Program Files (x86)\cnBbOPfhTduj\1.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exe"C:\Program Files (x86)\cnBbOPfhTduj\1.exe"4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"C:\cnBbOPfhTdujcnBbOPfhTduj\2.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\code.exe"C:\Users\Admin\Downloads\code.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-G1ME6.tmp\code.tmp"C:\Users\Admin\AppData\Local\Temp\is-G1ME6.tmp\code.tmp" /SL5="$A03DA,1549918,785408,C:\Users\Admin\Downloads\code.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.0.1837586744\965720098" -parentBuildID 20200403170909 -prefsHandle 1532 -prefMapHandle 1524 -prefsLen 1 -prefMapSize 219808 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 1624 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exeMD5
6fc026c1356ff3c526eec72f7e84124f
SHA16ac6d745c29fb1c4710453c069ad64ec57f82d24
SHA2566ed974d5d6b95bfd930bfba9ebaeede749d51b706f34374f1b4a96a2520ba295
SHA512364fe93d5ec9af2836123a0ce81e267d77d9df12f48da367a95a3a0de3f48ab94db9a404077bf8f8dcf68934901bb1e881c8375e585b7daa18f72faddd961069
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exeMD5
6fc026c1356ff3c526eec72f7e84124f
SHA16ac6d745c29fb1c4710453c069ad64ec57f82d24
SHA2566ed974d5d6b95bfd930bfba9ebaeede749d51b706f34374f1b4a96a2520ba295
SHA512364fe93d5ec9af2836123a0ce81e267d77d9df12f48da367a95a3a0de3f48ab94db9a404077bf8f8dcf68934901bb1e881c8375e585b7daa18f72faddd961069
-
C:\Program Files (x86)\cnBbOPfhTduj\1.exeMD5
6fc026c1356ff3c526eec72f7e84124f
SHA16ac6d745c29fb1c4710453c069ad64ec57f82d24
SHA2566ed974d5d6b95bfd930bfba9ebaeede749d51b706f34374f1b4a96a2520ba295
SHA512364fe93d5ec9af2836123a0ce81e267d77d9df12f48da367a95a3a0de3f48ab94db9a404077bf8f8dcf68934901bb1e881c8375e585b7daa18f72faddd961069
-
C:\Users\Admin\AppData\Local\Temp\is-53SC6.tmp\code.tmpMD5
98f486d5fdcee9a04aafc19421ae3b4c
SHA147c4b49fd158121d9f9277ae0bd2cb352b7774c6
SHA256e416869df4dac82b629639782ec7db7383e1f9776cdb7e0b91233675ec6ac360
SHA51278a72ba3d4ce60723999b4f4e09359e03b1f371fac709ee0511c899b20df5c9f015871aade3316c4ca49c529cdd949df86c34145f8060bb46b6d5cb1a0795dfe
-
C:\Users\Admin\AppData\Local\Temp\is-8TU5H.tmp\code.tmpMD5
98f486d5fdcee9a04aafc19421ae3b4c
SHA147c4b49fd158121d9f9277ae0bd2cb352b7774c6
SHA256e416869df4dac82b629639782ec7db7383e1f9776cdb7e0b91233675ec6ac360
SHA51278a72ba3d4ce60723999b4f4e09359e03b1f371fac709ee0511c899b20df5c9f015871aade3316c4ca49c529cdd949df86c34145f8060bb46b6d5cb1a0795dfe
-
C:\Users\Admin\AppData\Local\Temp\is-MF21N.tmp\code.tmpMD5
98f486d5fdcee9a04aafc19421ae3b4c
SHA147c4b49fd158121d9f9277ae0bd2cb352b7774c6
SHA256e416869df4dac82b629639782ec7db7383e1f9776cdb7e0b91233675ec6ac360
SHA51278a72ba3d4ce60723999b4f4e09359e03b1f371fac709ee0511c899b20df5c9f015871aade3316c4ca49c529cdd949df86c34145f8060bb46b6d5cb1a0795dfe
-
C:\Users\Admin\Downloads\code.exeMD5
2a24adb241c593439bdf0287e1e97214
SHA1764983c865f8a3ac59a605e0c1291b97a55636cc
SHA256005f2b402427f551cad68e7d159b7bcf588b6c4f773fbd8e367bd9ad404e66cc
SHA512f586d2c3be0bc2e0aa29bbbefdae2c90e25f4ef293e62df05de35c8184e10a8eb1431254e1d8b9f570e243f737da36852e38a1b81074ed73fcf1a805edfabb90
-
C:\Users\Admin\Downloads\code.exeMD5
2a24adb241c593439bdf0287e1e97214
SHA1764983c865f8a3ac59a605e0c1291b97a55636cc
SHA256005f2b402427f551cad68e7d159b7bcf588b6c4f773fbd8e367bd9ad404e66cc
SHA512f586d2c3be0bc2e0aa29bbbefdae2c90e25f4ef293e62df05de35c8184e10a8eb1431254e1d8b9f570e243f737da36852e38a1b81074ed73fcf1a805edfabb90
-
C:\Users\Admin\Downloads\code.exeMD5
2a24adb241c593439bdf0287e1e97214
SHA1764983c865f8a3ac59a605e0c1291b97a55636cc
SHA256005f2b402427f551cad68e7d159b7bcf588b6c4f773fbd8e367bd9ad404e66cc
SHA512f586d2c3be0bc2e0aa29bbbefdae2c90e25f4ef293e62df05de35c8184e10a8eb1431254e1d8b9f570e243f737da36852e38a1b81074ed73fcf1a805edfabb90
-
C:\Users\Admin\Downloads\code.exeMD5
2a24adb241c593439bdf0287e1e97214
SHA1764983c865f8a3ac59a605e0c1291b97a55636cc
SHA256005f2b402427f551cad68e7d159b7bcf588b6c4f773fbd8e367bd9ad404e66cc
SHA512f586d2c3be0bc2e0aa29bbbefdae2c90e25f4ef293e62df05de35c8184e10a8eb1431254e1d8b9f570e243f737da36852e38a1b81074ed73fcf1a805edfabb90
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exeMD5
df79570fb49b88fb30fa76d368b9c8de
SHA1c60c42087678616ab6d0f37974acee1cc34f135d
SHA256b34ec38d3da5de76b79ad604063cea454c2d366baa6b36938323f7d88f7c8b16
SHA512fe18074212315fbe17d44645a727579b9b94c9e7508ba3c69abf1fa44d3f1f3698d4c4dd10de72322f85d651344031cc5068f94ad32f370b1ba699a3cae0b976
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exeMD5
df79570fb49b88fb30fa76d368b9c8de
SHA1c60c42087678616ab6d0f37974acee1cc34f135d
SHA256b34ec38d3da5de76b79ad604063cea454c2d366baa6b36938323f7d88f7c8b16
SHA512fe18074212315fbe17d44645a727579b9b94c9e7508ba3c69abf1fa44d3f1f3698d4c4dd10de72322f85d651344031cc5068f94ad32f370b1ba699a3cae0b976
-
C:\cnBbOPfhTdujcnBbOPfhTduj\2.exeMD5
df79570fb49b88fb30fa76d368b9c8de
SHA1c60c42087678616ab6d0f37974acee1cc34f135d
SHA256b34ec38d3da5de76b79ad604063cea454c2d366baa6b36938323f7d88f7c8b16
SHA512fe18074212315fbe17d44645a727579b9b94c9e7508ba3c69abf1fa44d3f1f3698d4c4dd10de72322f85d651344031cc5068f94ad32f370b1ba699a3cae0b976
-
\??\pipe\crashpad_1776_DLGZBTRZDNRSEPXUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/376-459-0x0000000000000000-mapping.dmp
-
memory/380-343-0x0000000000000000-mapping.dmp
-
memory/428-334-0x0000000000000000-mapping.dmp
-
memory/508-160-0x0000000000000000-mapping.dmp
-
memory/656-165-0x0000000000000000-mapping.dmp
-
memory/1012-133-0x0000000000000000-mapping.dmp
-
memory/1360-388-0x0000000003050000-0x000000000307F000-memory.dmpFilesize
188KB
-
memory/1360-381-0x0000000000000000-mapping.dmp
-
memory/1372-471-0x0000000000880000-0x0000000000881000-memory.dmpFilesize
4KB
-
memory/1544-181-0x0000000000000000-mapping.dmp
-
memory/1560-151-0x0000000000000000-mapping.dmp
-
memory/1560-384-0x0000000000000000-mapping.dmp
-
memory/1560-387-0x0000000002440000-0x000000000246F000-memory.dmpFilesize
188KB
-
memory/1560-394-0x0000000002410000-0x0000000002437000-memory.dmpFilesize
156KB
-
memory/1604-129-0x0000000000000000-mapping.dmp
-
memory/1880-514-0x0000000000960000-0x0000000000961000-memory.dmpFilesize
4KB
-
memory/1884-346-0x0000000000000000-mapping.dmp
-
memory/1972-140-0x0000000000000000-mapping.dmp
-
memory/2004-470-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2112-440-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2276-117-0x0000000000000000-mapping.dmp
-
memory/2560-441-0x00000000007D0000-0x00000000007D1000-memory.dmpFilesize
4KB
-
memory/2560-438-0x0000000000000000-mapping.dmp
-
memory/2640-169-0x0000000000000000-mapping.dmp
-
memory/2904-513-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/3428-122-0x0000000000000000-mapping.dmp
-
memory/3480-357-0x0000000000000000-mapping.dmp
-
memory/3508-121-0x0000000000000000-mapping.dmp
-
memory/3508-123-0x00007FF9618C0000-0x00007FF9618C1000-memory.dmpFilesize
4KB
-
memory/4108-184-0x0000000000000000-mapping.dmp
-
memory/4108-427-0x0000000000000000-mapping.dmp
-
memory/4136-330-0x0000000000000000-mapping.dmp
-
memory/4196-191-0x0000000000000000-mapping.dmp
-
memory/4216-422-0x0000000000000000-mapping.dmp
-
memory/4256-468-0x000002DAE85B0000-0x000002DAE88C2000-memory.dmpFilesize
3.1MB
-
memory/4284-198-0x0000000000000000-mapping.dmp
-
memory/4340-277-0x0000000000000000-mapping.dmp
-
memory/4368-205-0x0000000000000000-mapping.dmp
-
memory/4384-401-0x0000000000000000-mapping.dmp
-
memory/4384-404-0x0000000002FA0000-0x0000000002FCF000-memory.dmpFilesize
188KB
-
memory/4412-320-0x0000000000000000-mapping.dmp
-
memory/4452-212-0x0000000000000000-mapping.dmp
-
memory/4468-339-0x0000000000000000-mapping.dmp
-
memory/4488-528-0x000001BF37BC0000-0x000001BF37ED2000-memory.dmpFilesize
3.1MB
-
memory/4488-433-0x0000000000000000-mapping.dmp
-
memory/4512-217-0x0000000000000000-mapping.dmp
-
memory/4520-283-0x0000000000000000-mapping.dmp
-
memory/4608-224-0x0000000000000000-mapping.dmp
-
memory/4628-286-0x0000000000000000-mapping.dmp
-
memory/4640-290-0x0000000000000000-mapping.dmp
-
memory/4660-229-0x0000000000000000-mapping.dmp
-
memory/4668-353-0x0000000000000000-mapping.dmp
-
memory/4712-233-0x0000000000000000-mapping.dmp
-
memory/4720-364-0x0000000000000000-mapping.dmp
-
memory/4724-237-0x0000000000000000-mapping.dmp
-
memory/4732-295-0x0000000000000000-mapping.dmp
-
memory/4768-325-0x0000000000000000-mapping.dmp
-
memory/4788-299-0x0000000000000000-mapping.dmp
-
memory/4796-417-0x0000000000000000-mapping.dmp
-
memory/4812-242-0x0000000000000000-mapping.dmp
-
memory/4816-303-0x0000000000000000-mapping.dmp
-
memory/4828-361-0x0000000000000000-mapping.dmp
-
memory/4864-247-0x0000000000000000-mapping.dmp
-
memory/4876-446-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/4912-400-0x0000000000000000-mapping.dmp
-
memory/4912-405-0x0000000002890000-0x00000000028BF000-memory.dmpFilesize
188KB
-
memory/4916-252-0x0000000000000000-mapping.dmp
-
memory/4924-444-0x0000000000000000-mapping.dmp
-
memory/4924-447-0x00000000006F0000-0x000000000079E000-memory.dmpFilesize
696KB
-
memory/4928-370-0x0000000000000000-mapping.dmp
-
memory/4932-449-0x0000000000000000-mapping.dmp
-
memory/4968-257-0x0000000000000000-mapping.dmp
-
memory/4984-373-0x0000000000000000-mapping.dmp
-
memory/4984-379-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/5020-262-0x0000000000000000-mapping.dmp
-
memory/5024-308-0x0000000000000000-mapping.dmp
-
memory/5064-454-0x0000000000000000-mapping.dmp
-
memory/5072-267-0x0000000000000000-mapping.dmp
-
memory/5092-377-0x0000000000000000-mapping.dmp
-
memory/5092-380-0x0000000000CB0000-0x0000000000CB1000-memory.dmpFilesize
4KB
-
memory/5100-271-0x0000000000000000-mapping.dmp
-
memory/5112-313-0x0000000000000000-mapping.dmp