Analysis
-
max time kernel
376s -
max time network
376s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
18-12-2021 17:29
Static task
static1
URLScan task
urlscan1
Sample
https://gofile.io/d/5d0BIY
Behavioral task
behavioral1
Sample
https://gofile.io/d/5d0BIY
Resource
win10-en-20211208
General
-
Target
https://gofile.io/d/5d0BIY
Malware Config
Extracted
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\BFGMiner v5.5.0\NEWS.txt
guido.ascioti@gmail.com
https://github.com/luke-jr/bitforce-fpga-firmware-flash
httpsrv
http-port
httpsrv/libevent
http
http://www.khronos.org/registry/cl/api/1.2/
https://github.com/pshep/cgminer.git"
http://
httpget
http://deepbit.net/longpolling.php
Extracted
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\BFGMiner v5.5.0\README.GPU.txt
http://pool:port
http://pool1:port
http://pool2:port
http://developer.amd.com/tools/heterogeneous-computing/amd-accelerated-parallel-processing-app-sdk/downloads/
Extracted
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\Brutus AET 2\words.txt
Extracted
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\Cain - Password Recovery Utility\Wordlists\Wordlist.txt
Signatures
-
Detect Neshta Payload 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1.zip family_neshta -
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1.zip asyncrat -
Nirsoft 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1.zip Nirsoft -
Executes dropped EXE 6 IoCs
Processes:
000webhost.com Accounts Checker By X-SLAYER.exeUserOOBE.exeapi32.binwmsrv.exe000webhost.com Accounts Checker By X-SLAYER.exeapi32.binpid process 2444 000webhost.com Accounts Checker By X-SLAYER.exe 3804 UserOOBE.exe 432 api32.bin 1396 wmsrv.exe 2388 000webhost.com Accounts Checker By X-SLAYER.exe 3068 api32.bin -
Drops startup file 2 IoCs
Processes:
api32.binapi32.bindescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk api32.bin File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk api32.bin -
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
Processes:
resource yara_rule C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1.zip pdf_with_link_action -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NSIS installer 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1.zip nsis_installer_2 -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 22 IoCs
Processes:
chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exepid process 1876 chrome.exe 1876 chrome.exe 3648 chrome.exe 3648 chrome.exe 4360 chrome.exe 4360 chrome.exe 3388 chrome.exe 3388 chrome.exe 436 chrome.exe 436 chrome.exe 4180 chrome.exe 4180 chrome.exe 5048 chrome.exe 5048 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 1836 chrome.exe 1836 chrome.exe 1856 chrome.exe 1856 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
Processes:
chrome.exepid process 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zG.exedescription pid process Token: SeRestorePrivilege 4536 7zG.exe Token: 35 4536 7zG.exe Token: SeSecurityPrivilege 4536 7zG.exe Token: SeSecurityPrivilege 4536 7zG.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exepid process 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe 3648 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3648 wrote to memory of 3352 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 3352 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 2020 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1876 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1876 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe PID 3648 wrote to memory of 1780 3648 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://gofile.io/d/5d0BIY1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffbf2374f50,0x7ffbf2374f60,0x7ffbf2374f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1540 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2316 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6768 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9588 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9036 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8636 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8936 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8912 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6368 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8952 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7276 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1048 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6700 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4536 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4160 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1532,1183105444050390040,895983876906646636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=164 /prefetch:82⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\" -spe -an -ai#7zMap28518:142:7zEvent231⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\000webhost.com Accounts Checker By X-SLAYER.exe"C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\000webhost.com Accounts Checker By X-SLAYER.exe"1⤵
- Executes dropped EXE
-
C:\ProgramData\Microsoft\UserOOBE\UserOOBE.exeC:\ProgramData\\Microsoft\\UserOOBE\\UserOOBE.exe ,.2⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\api32.binapi32.bin2⤵
- Executes dropped EXE
- Drops startup file
-
C:\ProgramData\Microsoft\wmsrv\wmsrv.exeC:\ProgramData\\Microsoft\\wmsrv\\wmsrv.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\000webhost.com Accounts Checker By X-SLAYER.exe"C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\000webhost.com Accounts Checker By X-SLAYER.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\api32.binapi32.bin2⤵
- Executes dropped EXE
- Drops startup file
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\UserOOBE\UserOOBE.exeMD5
b86510253c3b4ab593249fc99c761160
SHA1759b63b4d79b59f7b05974368eac73d88469041e
SHA256b1d44de0d5cdeeb538ca5a27ea0c52a372ca2583fe334c01d36620a3c626286b
SHA5120dd9ae5014d4ceca97de673b440ddc36c28072c77ed9b8663053afba4404884daee58a56b9a92d9e1d2b8987c28316e214f64289ccf2450a65d41f3f6009536b
-
C:\ProgramData\Microsoft\UserOOBE\UserOOBE.exeMD5
b86510253c3b4ab593249fc99c761160
SHA1759b63b4d79b59f7b05974368eac73d88469041e
SHA256b1d44de0d5cdeeb538ca5a27ea0c52a372ca2583fe334c01d36620a3c626286b
SHA5120dd9ae5014d4ceca97de673b440ddc36c28072c77ed9b8663053afba4404884daee58a56b9a92d9e1d2b8987c28316e214f64289ccf2450a65d41f3f6009536b
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1.zipMD5
c43c81eaae374112fb9d26b6a80066fe
SHA136e8356a85e70df21550d379c2067c22c1cff327
SHA2562b33c327b7cae603973287e046bcded3f5ad3f8744695b4a591dcdde0c21c19a
SHA5120e32d5fc1e4f861c8c38f48d0c380b7d7e57b1098e2a838a3ae1ceeb057ac9168b708d4f869bc815d89a12efd0f7342c371ee8d0f671cffe75ae8c69916bbf7a
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\000webhost.com Accounts Checker By X-SLAYER.exeMD5
a34c1ccda7f2a5093bff9d52b86f8e2c
SHA11d43b54fb5c03c5e6d54effa7e93d1c0084535f5
SHA256bcd78ba9477e2b993550447389cc05e76a971170065f1300697da2940c0b18aa
SHA512c634d9132cb6f3eacee9ead008ad44ddbfb53658fb27e8428feae2bc4fc63b0973ede377249ff9c9693f8afbe3bbcb2cd94b643067b0016e841382f0be968444
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\000webhost.com Accounts Checker By X-SLAYER.exeMD5
a34c1ccda7f2a5093bff9d52b86f8e2c
SHA11d43b54fb5c03c5e6d54effa7e93d1c0084535f5
SHA256bcd78ba9477e2b993550447389cc05e76a971170065f1300697da2940c0b18aa
SHA512c634d9132cb6f3eacee9ead008ad44ddbfb53658fb27e8428feae2bc4fc63b0973ede377249ff9c9693f8afbe3bbcb2cd94b643067b0016e841382f0be968444
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\api32.binMD5
b60be521e6fb30efb32c667aedb899ec
SHA1e2ddfb57498ea88e065efb5aaf733ac552a3e4fe
SHA256b0b2aa2a01e89c3ce491066342a1bb1811545f0ff128189fbd28bc8765fdaac4
SHA51292c11817420513ac0a7b7f4fe51af782ddd6714d2c4e0240561ab56ed775693672e666ba5f444a9b01dc1ca10b3770525100233534dccabbda1c16ba7914d229
-
C:\Users\Admin\Downloads\Ultimate-Cracking-And-Hacking-Pack-Vol-1\000webhost.com Accounts Checker By X-SLAYER\bin32.dllMD5
b86510253c3b4ab593249fc99c761160
SHA1759b63b4d79b59f7b05974368eac73d88469041e
SHA256b1d44de0d5cdeeb538ca5a27ea0c52a372ca2583fe334c01d36620a3c626286b
SHA5120dd9ae5014d4ceca97de673b440ddc36c28072c77ed9b8663053afba4404884daee58a56b9a92d9e1d2b8987c28316e214f64289ccf2450a65d41f3f6009536b
-
\??\pipe\crashpad_3648_RZKKIBOWBKJWJCWNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/432-122-0x0000000000000000-mapping.dmp
-
memory/432-133-0x0000000004DE0000-0x00000000052DE000-memory.dmpFilesize
5.0MB
-
memory/432-132-0x00000000075B0000-0x00000000075B1000-memory.dmpFilesize
4KB
-
memory/432-126-0x0000000000430000-0x0000000000431000-memory.dmpFilesize
4KB
-
memory/432-128-0x00000000052E0000-0x00000000052E1000-memory.dmpFilesize
4KB
-
memory/432-129-0x0000000004CC0000-0x0000000004CC1000-memory.dmpFilesize
4KB
-
memory/432-130-0x0000000004C80000-0x0000000004C81000-memory.dmpFilesize
4KB
-
memory/432-131-0x0000000007070000-0x0000000007071000-memory.dmpFilesize
4KB
-
memory/1396-125-0x0000000000000000-mapping.dmp
-
memory/3068-134-0x0000000000000000-mapping.dmp
-
memory/3068-142-0x00000000055C0000-0x0000000005ABE000-memory.dmpFilesize
5.0MB
-
memory/3804-120-0x0000000000000000-mapping.dmp