Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
15-08-2022 16:25
General
-
Target
d4216a074263ea8b5346c98fce937390.exe
-
Size
1.1MB
-
MD5
d4216a074263ea8b5346c98fce937390
-
SHA1
dd53f20dfa19976ec6a0e0ed9519c96e0384f893
-
SHA256
03aa04ba5e33493632300e4eebfa03226d2e1c2154750b373819c2907428892b
-
SHA512
2e8c8ffc9df499f7405d5dbe5eacad37b1eb8e5f68c9f3e15bb0d87a15fbeca691e2708da5ce59eb3e744b70231a7955eb2f8e75c8b09e3d65c628e37a9bc17d
Malware Config
Extracted
redline
nam3
103.89.90.61:34589
-
auth_value
64b900120bbceaa6a9c60e9079492895
Extracted
redline
5
176.113.115.146:9582
-
auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 6 IoCs
-
Executes dropped EXE 6 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4216a074263ea8b5346c98fce937390.exe"C:\Users\Admin\AppData\Local\Temp\d4216a074263ea8b5346c98fce937390.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RyjC42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8d1b846f8,0x7ff8d1b84708,0x7ff8d1b847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2649817102786310020,11829658562774233280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2649817102786310020,11829658562774233280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1A4aK42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8d1b846f8,0x7ff8d1b84708,0x7ff8d1b847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,18216829051193025033,6528194080792347719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18216829051193025033,6528194080792347719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RLtX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ff8d1b846f8,0x7ff8d1b84708,0x7ff8d1b847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11645835204824209314,1556419140039852785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11645835204824209314,1556419140039852785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RCgX42⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8d1b846f8,0x7ff8d1b84708,0x7ff8d1b847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5436 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6248 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x260,0x264,0x268,0x21c,0x26c,0x7ff6ca5d5460,0x7ff6ca5d5470,0x7ff6ca5d54804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7060 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5828 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7132 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2216,2403433118402888550,1240162994265871766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5780 /prefetch:83⤵
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exe"C:\Program Files (x86)\Company\NewProduct\F0geI.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 10443⤵
- Program crash
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Company\NewProduct\real.exe"C:\Program Files (x86)\Company\NewProduct\real.exe"2⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Company\NewProduct\safert44.exe"C:\Program Files (x86)\Company\NewProduct\safert44.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Company\NewProduct\me.exe"C:\Program Files (x86)\Company\NewProduct\me.exe"2⤵
- Executes dropped EXE
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2344 -ip 23441⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exeFilesize
339KB
MD5501e0f6fa90340e3d7ff26f276cd582e
SHA11bce4a6153f71719e786f8f612fbfcd23d3e130a
SHA256f07d918c6571f11abf9ab7268ac6e2ecbcd931c3d9d878895c777d15052aae2b
SHA512dee3aabfca7912f15b628253222cfe8d8e13cd64f0438e8d705b68b0a14b4c9523b7a207583be7b424e444d6b05f237484a0c38bf2e075d347ef937d409a3a69
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exeFilesize
339KB
MD5501e0f6fa90340e3d7ff26f276cd582e
SHA11bce4a6153f71719e786f8f612fbfcd23d3e130a
SHA256f07d918c6571f11abf9ab7268ac6e2ecbcd931c3d9d878895c777d15052aae2b
SHA512dee3aabfca7912f15b628253222cfe8d8e13cd64f0438e8d705b68b0a14b4c9523b7a207583be7b424e444d6b05f237484a0c38bf2e075d347ef937d409a3a69
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exeFilesize
1.4MB
MD5ec59f38fa35c0cf3babd976f5f23c74e
SHA12f7600ac9df0869fae48d99afe9569d83efafc8b
SHA2566d0d294e321014a3129d3533ce143f08b0a3639cc50ddaf236396b82a595925e
SHA512d4d2c4078dd40bc57d421750ac26f5467f082f6b4fae422d574ca406b928b6bb1e4f7cbb80a80b11f3908134028c6b7bb3b67c17e02d1899a6cda6e0312c3574
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exeFilesize
1.4MB
MD5ec59f38fa35c0cf3babd976f5f23c74e
SHA12f7600ac9df0869fae48d99afe9569d83efafc8b
SHA2566d0d294e321014a3129d3533ce143f08b0a3639cc50ddaf236396b82a595925e
SHA512d4d2c4078dd40bc57d421750ac26f5467f082f6b4fae422d574ca406b928b6bb1e4f7cbb80a80b11f3908134028c6b7bb3b67c17e02d1899a6cda6e0312c3574
-
C:\Program Files (x86)\Company\NewProduct\me.exeFilesize
281KB
MD50856c11e41b1bf5e5aafb44fa4eaae4e
SHA13bb9039bbe89b2058c7c7d0537d7ddaa8f5d2826
SHA2560721243b2d897a8734838ac4fbd402dab5a247a973f08fc82703a565c516911f
SHA512f5605d5d0ef514dd6f571c30b79608a6ddbb8fb025c2750448a758295a0f3fc47a1b973aab0e061f8361b696c920ebb54073ef109cfd14cd08cdb98b9a1b7726
-
C:\Program Files (x86)\Company\NewProduct\me.exeFilesize
281KB
MD50856c11e41b1bf5e5aafb44fa4eaae4e
SHA13bb9039bbe89b2058c7c7d0537d7ddaa8f5d2826
SHA2560721243b2d897a8734838ac4fbd402dab5a247a973f08fc82703a565c516911f
SHA512f5605d5d0ef514dd6f571c30b79608a6ddbb8fb025c2750448a758295a0f3fc47a1b973aab0e061f8361b696c920ebb54073ef109cfd14cd08cdb98b9a1b7726
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exeFilesize
107KB
MD5bbd8ea73b7626e0ca5b91d355df39b7f
SHA166e298653beb7f652eb44922010910ced6242879
SHA2561aa3fdc24e789b01a39944b85c99e4ac08864d2eae7530164cea2821acbf184e
SHA512625cc9c108b4660030be1282493700e5f0ccfb973f466f61254ed1e1a96f5f042cdeaa94607825a2f694647468e2f525a6451542fe3aac785ebac1ccfe39864f
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exeFilesize
107KB
MD5bbd8ea73b7626e0ca5b91d355df39b7f
SHA166e298653beb7f652eb44922010910ced6242879
SHA2561aa3fdc24e789b01a39944b85c99e4ac08864d2eae7530164cea2821acbf184e
SHA512625cc9c108b4660030be1282493700e5f0ccfb973f466f61254ed1e1a96f5f042cdeaa94607825a2f694647468e2f525a6451542fe3aac785ebac1ccfe39864f
-
C:\Program Files (x86)\Company\NewProduct\real.exeFilesize
282KB
MD5474861050e6a7b65bc4521096cb05454
SHA14e1aabe27598171a89c219aab860b325a4358b22
SHA256ccd962957659555af7c607deb20a4ec34a1578af037d5310ffd07bd092f0ebc7
SHA51242afff00dd616fc73d1c338184149ddb66376e808cd2da39a94357c8d296a245ab0f1e474aac1789d613efef3c1867e0c3a2e41c07ac21bcc07e00ea08309a79
-
C:\Program Files (x86)\Company\NewProduct\real.exeFilesize
282KB
MD5474861050e6a7b65bc4521096cb05454
SHA14e1aabe27598171a89c219aab860b325a4358b22
SHA256ccd962957659555af7c607deb20a4ec34a1578af037d5310ffd07bd092f0ebc7
SHA51242afff00dd616fc73d1c338184149ddb66376e808cd2da39a94357c8d296a245ab0f1e474aac1789d613efef3c1867e0c3a2e41c07ac21bcc07e00ea08309a79
-
C:\Program Files (x86)\Company\NewProduct\safert44.exeFilesize
246KB
MD5414ffd7094c0f50662ffa508ca43b7d0
SHA16ec67bd53da2ff3d5538a3afcc6797af1e5a53fb
SHA256d3fb9c24b34c113992c5c658f6a11f9620da2e49d12d1acabe871e1bea7846ee
SHA512c6527077b4822c062e32c39be06e285916b501a358991d120a469f5da1e13d282685ca7ca3fa938292d5beef073fbea42ff9ba96fa5c395f057f7c964608a399
-
C:\Program Files (x86)\Company\NewProduct\safert44.exeFilesize
246KB
MD5414ffd7094c0f50662ffa508ca43b7d0
SHA16ec67bd53da2ff3d5538a3afcc6797af1e5a53fb
SHA256d3fb9c24b34c113992c5c658f6a11f9620da2e49d12d1acabe871e1bea7846ee
SHA512c6527077b4822c062e32c39be06e285916b501a358991d120a469f5da1e13d282685ca7ca3fa938292d5beef073fbea42ff9ba96fa5c395f057f7c964608a399
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD549693267e0adbcd119f9f5e02adf3a80
SHA13ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
112KB
MD530e375798049100677ea16b7c578a4ee
SHA1bcab7401a5f34ac0e6f795ece8d3ed12944ae99f
SHA256ea5c90cfc97f429a2f9e0b1e9b16778b5b19bd8e83a896a30002de70af84e1ce
SHA512f8ae930e26ecfe06dc30d4f39858b0eec6b4a81a8139883712505b5c6b58504d463d986ef58c7151a247fe157c6013b570b9d39e1d4a860061e37e0419900582
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD567f482a5d7957af80b167f4bd7176fca
SHA1e70b7df6126500080c22159444d6318c9c10446d
SHA256e1bbf1b114c334793de9282fc418efcdf8987d2d67bce0037acbf6983caa7fcc
SHA512559d4813d96e242f215ad6189f8a8b9c7701423cce545f33edc72cd344489069e7c011c5ac49cf77cef05e6fe6c1760c5bf8247f3bde5a69d6d6609b37411aa0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD548dc2355ea98bbd7a11594daf52106a2
SHA10cb2e14ed0b21dc54dca75255812983b5b487c0f
SHA256a3ff7581e64c3202afbca52c12cd5377179a6dd5f01224668d75c7b9db242452
SHA512260167aea3d38e40ad88a68c984584f7e7e8417a280ee4df6907a0aa38a6c9c824779d6d8a358f3fd800eb408d6c78ad7255761a807ffd40d554b8308fa91a81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD567f482a5d7957af80b167f4bd7176fca
SHA1e70b7df6126500080c22159444d6318c9c10446d
SHA256e1bbf1b114c334793de9282fc418efcdf8987d2d67bce0037acbf6983caa7fcc
SHA512559d4813d96e242f215ad6189f8a8b9c7701423cce545f33edc72cd344489069e7c011c5ac49cf77cef05e6fe6c1760c5bf8247f3bde5a69d6d6609b37411aa0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD548dc2355ea98bbd7a11594daf52106a2
SHA10cb2e14ed0b21dc54dca75255812983b5b487c0f
SHA256a3ff7581e64c3202afbca52c12cd5377179a6dd5f01224668d75c7b9db242452
SHA512260167aea3d38e40ad88a68c984584f7e7e8417a280ee4df6907a0aa38a6c9c824779d6d8a358f3fd800eb408d6c78ad7255761a807ffd40d554b8308fa91a81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5718f727b4b5b6dfd5f0d06dce42fcf5e
SHA10c0914b62a27dea07fb9e55bf3dec0a2efe1b610
SHA256c21e6e3439dabe66e173ce44ab1ee156fa4c97772f170236e5b6fd3e13475e42
SHA51274fba1654266090ab083e0866cd33836500ce365eb933867bf1234aff31eba493bda08ba309c6077458f7ce455a15f38063b80211de5c30def61d7ce8b6c8ec5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5c6470c2699bb764a0b2e040ecd63e7c3
SHA11b938ec9a70453543cdc4dfd90c0058ac169a138
SHA25637bf7f037e45e8cc9ca5000812d8d9ce9499473151d7bf5829de21b4defba610
SHA51246faec325a50ea7814fabb675e38cb94b0ec1c9fe69285444bcc4f2bfbf408d0ad221a67258946ad937a0c8bfbcb2f547f5ccc62817275edd6436abc33709bee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5c6470c2699bb764a0b2e040ecd63e7c3
SHA11b938ec9a70453543cdc4dfd90c0058ac169a138
SHA25637bf7f037e45e8cc9ca5000812d8d9ce9499473151d7bf5829de21b4defba610
SHA51246faec325a50ea7814fabb675e38cb94b0ec1c9fe69285444bcc4f2bfbf408d0ad221a67258946ad937a0c8bfbcb2f547f5ccc62817275edd6436abc33709bee
-
\??\pipe\LOCAL\crashpad_1128_LFDTNNTIXLNDVGVLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_1484_AIUXZSLJQUJAMOGPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4304_CCAJRFHXSZHAYTSHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_5060_RYDORNSYTKMSQLESMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/716-181-0x0000000000000000-mapping.dmp
-
memory/780-188-0x0000000000000000-mapping.dmp
-
memory/788-263-0x0000000000000000-mapping.dmp
-
memory/1128-133-0x0000000000000000-mapping.dmp
-
memory/1304-247-0x00000000077C0000-0x00000000077DE000-memory.dmpFilesize
120KB
-
memory/1304-243-0x0000000008370000-0x00000000083E6000-memory.dmpFilesize
472KB
-
memory/1304-170-0x00000000079B0000-0x00000000079EC000-memory.dmpFilesize
240KB
-
memory/1304-168-0x0000000005DD0000-0x0000000005DE2000-memory.dmpFilesize
72KB
-
memory/1304-169-0x00000000077E0000-0x00000000078EA000-memory.dmpFilesize
1.0MB
-
memory/1304-153-0x0000000000A60000-0x0000000000A80000-memory.dmpFilesize
128KB
-
memory/1304-167-0x0000000005E50000-0x0000000006468000-memory.dmpFilesize
6.1MB
-
memory/1304-244-0x0000000008490000-0x0000000008522000-memory.dmpFilesize
584KB
-
memory/1304-246-0x0000000008AE0000-0x0000000009084000-memory.dmpFilesize
5.6MB
-
memory/1304-149-0x0000000000000000-mapping.dmp
-
memory/1416-223-0x0000000000000000-mapping.dmp
-
memory/1424-209-0x0000000000000000-mapping.dmp
-
memory/1484-140-0x0000000000000000-mapping.dmp
-
memory/1604-141-0x0000000000000000-mapping.dmp
-
memory/2204-134-0x0000000000000000-mapping.dmp
-
memory/2344-175-0x000000000067D000-0x000000000068D000-memory.dmpFilesize
64KB
-
memory/2344-182-0x0000000000400000-0x000000000046E000-memory.dmpFilesize
440KB
-
memory/2344-177-0x00000000005C0000-0x00000000005D0000-memory.dmpFilesize
64KB
-
memory/2344-143-0x0000000000000000-mapping.dmp
-
memory/2548-190-0x0000000000000000-mapping.dmp
-
memory/2984-184-0x0000000000000000-mapping.dmp
-
memory/3112-187-0x0000000000000000-mapping.dmp
-
memory/3228-189-0x0000000000000000-mapping.dmp
-
memory/3896-160-0x0000000000000000-mapping.dmp
-
memory/4028-194-0x0000000000000000-mapping.dmp
-
memory/4032-218-0x0000000000000000-mapping.dmp
-
memory/4200-183-0x0000000000000000-mapping.dmp
-
memory/4284-265-0x0000000000000000-mapping.dmp
-
memory/4304-132-0x0000000000000000-mapping.dmp
-
memory/4360-214-0x0000000000400000-0x000000000056A000-memory.dmpFilesize
1.4MB
-
memory/4360-146-0x0000000000000000-mapping.dmp
-
memory/4360-212-0x0000000002780000-0x0000000002792000-memory.dmpFilesize
72KB
-
memory/4380-152-0x0000000000000000-mapping.dmp
-
memory/4380-186-0x0000000060900000-0x0000000060992000-memory.dmpFilesize
584KB
-
memory/4844-137-0x0000000000000000-mapping.dmp
-
memory/4876-205-0x0000000000000000-mapping.dmp
-
memory/4888-135-0x0000000000000000-mapping.dmp
-
memory/4900-258-0x0000000000000000-mapping.dmp
-
memory/4948-251-0x0000000007E80000-0x00000000083AC000-memory.dmpFilesize
5.2MB
-
memory/4948-163-0x0000000000A80000-0x0000000000AC4000-memory.dmpFilesize
272KB
-
memory/4948-248-0x0000000006A90000-0x0000000006AE0000-memory.dmpFilesize
320KB
-
memory/4948-156-0x0000000000000000-mapping.dmp
-
memory/4948-250-0x0000000007780000-0x0000000007942000-memory.dmpFilesize
1.8MB
-
memory/4948-245-0x00000000057D0000-0x0000000005836000-memory.dmpFilesize
408KB
-
memory/5060-136-0x0000000000000000-mapping.dmp
-
memory/5116-185-0x0000000000000000-mapping.dmp
-
memory/5292-230-0x0000000000000000-mapping.dmp
-
memory/5300-256-0x0000000000000000-mapping.dmp
-
memory/5416-235-0x0000000000000000-mapping.dmp
-
memory/5500-267-0x0000000000000000-mapping.dmp
-
memory/5592-238-0x0000000000000000-mapping.dmp
-
memory/5608-240-0x0000000000000000-mapping.dmp
-
memory/5732-242-0x0000000000000000-mapping.dmp
-
memory/5772-262-0x0000000000000000-mapping.dmp
-
memory/5972-260-0x0000000000000000-mapping.dmp
-
memory/6116-255-0x0000000000000000-mapping.dmp
-
memory/6140-254-0x0000000000000000-mapping.dmp