Analysis
-
max time kernel
1798s -
max time network
1803s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
02-09-2022 17:35
General
-
Target
https://www.misp-project.org/feeds/
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\1368_1965000842\us_tv_and_film.txt
Ransom Note
you
i
to
that
it
me
what
this
know
i'm
no
have
my
don't
just
not
do
be
your
we
it's
so
but
all
well
oh
about
right
you're
get
here
out
going
like
yeah
if
can
up
want
think
that's
now
go
him
how
got
did
why
see
come
good
really
look
will
okay
back
can't
mean
tell
i'll
hey
he's
could
didn't
yes
something
because
say
take
way
little
make
need
gonna
never
we're
too
she's
i've
sure
our
sorry
what's
let
thing
maybe
down
man
very
there's
should
anything
said
much
any
even
off
please
doing
thank
give
thought
help
talk
god
still
wait
find
nothing
again
things
let's
doesn't
call
told
great
better
ever
night
away
believe
feel
everything
you've
fine
last
keep
does
put
around
stop
they're
i'd
guy
isn't
always
listen
wanted
guys
huh
those
big
lot
happened
thanks
won't
trying
kind
wrong
talking
guess
care
bad
mom
remember
getting
we'll
together
dad
leave
understand
wouldn't
actually
hear
baby
nice
father
else
stay
done
wasn't
course
might
mind
every
enough
try
hell
came
someone
you'll
whole
yourself
idea
ask
must
coming
looking
woman
room
knew
tonight
real
son
hope
went
hmm
happy
pretty
saw
girl
sir
friend
already
saying
next
job
problem
minute
thinking
haven't
heard
honey
matter
myself
couldn't
exactly
having
probably
happen
we've
hurt
boy
dead
gotta
alone
excuse
start
kill
hard
you'd
today
car
ready
without
wants
hold
wanna
yet
seen
deal
once
gone
morning
supposed
friends
head
stuff
worry
live
truth
face
forget
true
cause
soon
knows
telling
wife
who's
chance
run
move
anyone
person
bye
somebody
heart
miss
making
meet
anyway
phone
reason
damn
lost
looks
bring
case
turn
wish
tomorrow
kids
trust
check
change
anymore
least
aren't
working
makes
taking
means
brother
hate
ago
says
beautiful
gave
fact
crazy
sit
afraid
important
rest
fun
kid
word
watch
glad
everyone
sister
minutes
everybody
bit
couple
whoa
either
mrs
feeling
daughter
wow
gets
asked
break
promise
door
close
hand
easy
question
tried
far
walk
needs
mine
killed
hospital
anybody
alright
wedding
shut
able
die
perfect
stand
comes
hit
waiting
dinner
funny
husband
almost
pay
answer
cool
eyes
news
child
shouldn't
yours
moment
sleep
read
where's
sounds
sonny
pick
sometimes
bed
date
plan
hours
lose
hands
serious
shit
behind
inside
ahead
week
wonderful
fight
past
cut
quite
he'll
sick
it'll
eat
nobody
goes
save
seems
finally
lives
worried
upset
carly
met
brought
seem
sort
safe
weren't
leaving
front
shot
loved
asking
running
clear
figure
hot
felt
parents
drink
absolutely
how's
daddy
sweet
alive
sense
meant
happens
bet
blood
ain't
kidding
lie
meeting
dear
seeing
sound
fault
ten
buy
hour
speak
lady
jen
thinks
christmas
outside
hang
possible
worse
mistake
ooh
handle
spend
totally
giving
here's
marriage
realize
unless
sex
send
needed
scared
picture
talked
ass
hundred
changed
completely
explain
certainly
sign
boys
relationship
loves
hair
lying
choice
anywhere
future
weird
luck
she'll
turned
touch
kiss
crane
questions
obviously
wonder
pain
calling
somewhere
throw
straight
cold
fast
words
food
none
drive
feelings
they'll
marry
drop
cannot
dream
protect
twenty
surprise
sweetheart
poor
looked
mad
except
gun
y'know
dance
takes
appreciate
especially
situation
besides
pull
hasn't
worth
sheridan
amazing
expect
swear
piece
busy
happening
movie
we'd
catch
perhaps
step
fall
watching
kept
darling
dog
honor
moving
till
admit
problems
murder
he'd
evil
definitely
feels
honest
eye
broke
missed
longer
dollars
tired
evening
starting
entire
trip
niles
suppose
calm
imagine
fair
caught
blame
sitting
favor
apartment
terrible
clean
learn
frasier
relax
accident
wake
prove
smart
message
missing
forgot
interested
table
nbsp
mouth
pregnant
ring
careful
shall
dude
ride
figured
wear
shoot
stick
follow
angry
write
stopped
ran
standing
forgive
jail
wearing
ladies
kinda
lunch
cristian
greenlee
gotten
hoping
phoebe
thousand
ridge
paper
tough
tape
count
boyfriend
proud
agree
birthday
they've
share
offer
hurry
feet
wondering
decision
ones
finish
voice
herself
would've
mess
deserve
evidence
cute
dress
interesting
hotel
enjoy
quiet
concerned
staying
beat
sweetie
mention
clothes
fell
neither
mmm
fix
respect
prison
attention
holding
calls
surprised
bar
keeping
gift
hadn't
putting
dark
owe
ice
helping
normal
aunt
lawyer
apart
plans
jax
girlfriend
floor
whether
everything's
box
judge
upstairs
sake
mommy
possibly
worst
acting
accept
blow
strange
saved
conversation
plane
mama
yesterday
lied
quick
lately
stuck
difference
store
she'd
bought
doubt
listening
walking
cops
deep
dangerous
buffy
sleeping
chloe
rafe
join
card
crime
gentlemen
willing
window
walked
guilty
likes
fighting
difficult
soul
joke
favorite
uncle
promised
bother
seriously
cell
knowing
broken
advice
somehow
paid
losing
push
helped
killing
boss
liked
innocent
rules
learned
thirty
risk
letting
speaking
ridiculous
afternoon
apologize
nervous
charge
patient
boat
how'd
hide
detective
planning
huge
breakfast
horrible
awful
pleasure
driving
hanging
picked
sell
quit
apparently
dying
notice
congratulations
visit
could've
c'mon
letter
decide
forward
fool
showed
smell
seemed
spell
memory
pictures
slow
seconds
hungry
hearing
kitchen
ma'am
should've
realized
kick
grab
discuss
fifty
reading
idiot
suddenly
agent
destroy
bucks
shoes
peace
arms
demon
livvie
consider
papers
incredible
witch
drunk
attorney
tells
knock
ways
gives
nose
skye
turns
keeps
jealous
drug
sooner
cares
plenty
extra
outta
weekend
matters
gosh
opportunity
impossible
waste
pretend
jump
eating
proof
slept
arrest
breathe
perfectly
warm
pulled
twice
easier
goin
dating
suit
romantic
drugs
comfortable
finds
checked
divorce
begin
ourselves
closer
ruin
smile
laugh
treat
fear
what'd
otherwise
excited
mail
hiding
stole
pacey
noticed
fired
excellent
bringing
bottom
note
sudden
bathroom
honestly
sing
foot
remind
charges
witness
finding
tree
dare
hardly
that'll
steal
silly
contact
teach
shop
plus
colonel
fresh
trial
invited
roll
reach
dirty
choose
emergency
dropped
butt
credit
obvious
locked
loving
nuts
agreed
prue
goodbye
condition
guard
fuckin
grow
cake
mood
crap
crying
belong
partner
trick
pressure
dressed
taste
neck
nurse
raise
lots
carry
whoever
drinking
they'd
breaking
file
lock
wine
spot
paying
assume
asleep
turning
viki
bedroom
shower
nikolas
camera
fill
reasons
forty
bigger
nope
breath
doctors
pants
freak
movies
folks
cream
wild
truly
desk
convince
client
threw
hurts
spending
answers
shirt
chair
rough
doin
sees
ought
empty
wind
aware
dealing
pack
tight
hurting
guest
arrested
salem
confused
surgery
expecting
deacon
unfortunately
goddamn
bottle
beyond
whenever
pool
opinion
starts
jerk
secrets
falling
necessary
barely
dancing
tests
copy
cousin
ahem
twelve
tess
skin
fifteen
speech
orders
complicated
nowhere
escape
biggest
restaurant
grateful
usual
burn
address
someplace
screw
everywhere
regret
goodness
mistakes
details
responsibility
suspect
corner
hero
dumb
terrific
whoo
hole
memories
o'clock
teeth
ruined
bite
stenbeck
liar
showing
cards
desperate
search
pathetic
spoke
scare
marah
afford
settle
stayed
checking
hired
heads
concern
blew
alcazar
champagne
connection
tickets
happiness
saving
kissing
hated
personally
suggest
prepared
onto
downstairs
ticket
it'd
loose
holy
duty
convinced
throwing
kissed
legs
loud
saturday
babies
where'd
warning
miracle
carrying
blind
ugly
shopping
hates
sight
bride
coat
clearly
celebrate
brilliant
wanting
forrester
lips
custody
screwed
buying
toast
thoughts
reality
lexie
attitude
advantage
grandfather
sami
grandma
someday
roof
marrying
powerful
grown
grandmother
fake
must've
ideas
exciting
familiar
bomb
bout
harmony
schedule
capable
practically
correct
clue
forgotten
appointment
deserves
threat
bloody
lonely
shame
jacket
hook
scary
investigation
invite
shooting
lesson
criminal
victim
funeral
considering
burning
strength
harder
sisters
pushed
shock
pushing
heat
chocolate
miserable
corinthos
nightmare
brings
zander
crash
chances
sending
recognize
healthy
boring
feed
engaged
headed
treated
knife
drag
badly
hire
paint
pardon
behavior
closet
warn
gorgeous
milk
survive
ends
dump
rent
remembered
thanksgiving
rain
revenge
prefer
spare
pray
disappeared
aside
statement
sometime
meat
fantastic
breathing
laughing
stood
affair
ours
depends
protecting
jury
brave
fingers
murdered
explanation
picking
blah
stronger
handsome
unbelievable
anytime
shake
oakdale
wherever
pulling
facts
waited
lousy
circumstances
disappointed
weak
trusted
license
nothin
trash
understanding
slip
sounded
awake
friendship
stomach
weapon
threatened
mystery
vegas
understood
basically
switch
frankly
cheap
lifetime
deny
clock
garbage
why'd
tear
ears
indeed
changing
singing
tiny
decent
avoid
messed
filled
touched
disappear
exact
pills
kicked
harm
fortune
pretending
insurance
fancy
drove
cared
belongs
nights
lorelai
lift
timing
guarantee
chest
woke
burned
watched
heading
selfish
drinks
doll
committed
elevator
freeze
noise
wasting
ceremony
uncomfortable
staring
files
bike
stress
permission
thrown
possibility
borrow
fabulous
doors
screaming
bone
xander
what're
meal
apology
anger
honeymoon
bail
parking
fixed
wash
stolen
sensitive
stealing
photo
chose
lets
comfort
worrying
pocket
mateo
bleeding
shoulder
ignore
talent
tied
garage
dies
demons
dumped
witches
rude
crack
bothering
radar
soft
meantime
gimme
kinds
fate
concentrate
throat
prom
messages
intend
ashamed
somethin
manage
guilt
interrupt
guts
tongue
shoe
basement
sentence
purse
glasses
cabin
universe
repeat
mirror
wound
travers
tall
engagement
therapy
emotional
jeez
decisions
soup
thrilled
stake
chef
moves
extremely
moments
expensive
counting
shots
kidnapped
cleaning
shift
plate
impressed
smells
trapped
aidan
knocked
charming
attractive
argue
puts
whip
embarrassed
package
hitting
bust
stairs
alarm
pure
nail
nerve
incredibly
walks
dirt
stamp
terribly
friendly
damned
jobs
suffering
disgusting
stopping
deliver
riding
helps
disaster
bars
crossed
trap
talks
eggs
chick
threatening
spoken
introduce
confession
embarrassing
bags
impression
gate
reputation
presents
chat
suffer
argument
talkin
crowd
homework
coincidence
cancel
pride
solve
hopefully
pounds
pine
mate
illegal
generous
outfit
maid
bath
punch
freaked
begging
recall
enjoying
prepare
wheel
defend
signs
painful
yourselves
maris
that'd
suspicious
cooking
button
warned
sixty
pity
yelling
awhile
confidence
offering
pleased
panic
hers
gettin
refuse
grandpa
testify
choices
cruel
mental
gentleman
coma
cutting
proteus
guests
expert
benefit
faces
jumped
toilet
sneak
halloween
privacy
smoking
reminds
twins
swing
solid
options
commitment
crush
ambulance
wallet
gang
eleven
option
laundry
assure
stays
skip
fail
discussion
clinic
betrayed
sticking
bored
mansion
soda
sheriff
suite
handled
busted
load
happier
studying
romance
procedure
commit
assignment
suicide
minds
swim
yell
llanview
chasing
proper
believes
humor
hopes
lawyers
giant
latest
escaped
parent
tricks
insist
dropping
cheer
medication
flesh
routine
sandwich
handed
false
beating
warrant
awfully
odds
treating
thin
suggesting
fever
sweat
silent
clever
sweater
mall
sharing
assuming
judgment
goodnight
divorced
surely
steps
confess
math
listened
comin
answered
vulnerable
bless
dreaming
chip
zero
pissed
nate
kills
tears
knees
chill
brains
unusual
packed
dreamed
cure
lookin
grave
cheating
breaks
locker
gifts
awkward
thursday
joking
reasonable
dozen
curse
quartermaine
millions
dessert
rolling
detail
alien
delicious
closing
vampires
wore
tail
secure
salad
murderer
spit
offense
dust
conscience
bread
answering
lame
invitation
grief
smiling
pregnancy
prisoner
delivery
guards
virus
shrink
freezing
wreck
massimo
wire
technically
blown
anxious
cave
holidays
cleared
wishes
caring
candles
bound
charm
pulse
jumping
jokes
boom
occasion
silence
nonsense
frightened
slipped
dimera
blowing
relationships
kidnapping
spin
tool
roxy
packing
blaming
wrap
obsessed
fruit
torture
personality
there'll
fairy
necessarily
seventy
print
motel
underwear
grams
exhausted
believing
freaking
carefully
trace
touching
messing
recovery
intention
consequences
belt
sacrifice
courage
enjoyed
attracted
remove
testimony
intense
heal
defending
unfair
relieved
loyal
slowly
buzz
alcohol
surprises
psychiatrist
plain
attic
who'd
uniform
terrified
cleaned
zach
threaten
fella
enemies
satisfied
imagination
hooked
headache
forgetting
counselor
andie
acted
badge
naturally
frozen
sakes
appropriate
trunk
dunno
costume
sixteen
impressive
kicking
junk
grabbed
understands
describe
clients
owns
affect
witnesses
starving
instincts
happily
discussing
deserved
strangers
surveillance
admire
questioning
dragged
barn
deeply
wrapped
wasted
tense
hoped
fellas
roommate
mortal
fascinating
stops
arrangements
agenda
literally
propose
honesty
underneath
sauce
promises
lecture
eighty
torn
shocked
backup
differently
ninety
deck
biological
pheebs
ease
creep
waitress
telephone
ripped
raising
scratch
rings
prints
thee
arguing
ephram
asks
oops
diner
annoying
taggert
sergeant
blast
towel
clown
habit
creature
bermuda
snap
react
paranoid
handling
eaten
therapist
comment
sink
reporter
nurses
beats
priority
interrupting
warehouse
loyalty
inspector
pleasant
excuses
threats
guessing
tend
praying
motive
unconscious
mysterious
unhappy
tone
switched
rappaport
sookie
neighbor
loaded
swore
piss
balance
toss
misery
thief
squeeze
lobby
goa'uld
geez
exercise
forth
booked
sandburg
poker
eighteen
d'you
bury
everyday
digging
creepy
wondered
liver
hmmm
magical
fits
discussed
moral
helpful
searching
flew
depressed
aisle
cris
amen
vows
neighbors
darn
cents
arrange
annulment
useless
adventure
resist
fourteen
celebrating
inch
debt
violent
sand
teal'c
celebration
reminded
phones
paperwork
emotions
stubborn
pound
tension
stroke
steady
overnight
chips
beef
suits
boxes
cassadine
collect
tragedy
spoil
realm
wipe
surgeon
stretch
stepped
nephew
neat
limo
confident
perspective
climb
punishment
finest
springfield
hint
furniture
blanket
twist
proceed
fries
worries
niece
gloves
soap
signature
disappoint
crawl
convicted
flip
counsel
doubts
crimes
accusing
shaking
remembering
hallway
halfway
bothered
madam
gather
cameras
blackmail
symptoms
rope
ordinary
imagined
cigarette
supportive
explosion
trauma
ouch
furious
cheat
avoiding
whew
thick
oooh
boarding
approve
urgent
shhh
misunderstanding
drawer
phony
interfere
catching
bargain
tragic
respond
punish
penthouse
thou
rach
ohhh
insult
bugs
beside
begged
absolute
strictly
socks
senses
sneaking
reward
polite
checks
tale
physically
instructions
fooled
blows
tabby
bitter
adorable
y'all
tested
suggestion
jewelry
alike
jacks
distracted
shelter
lessons
constable
circus
audition
tune
shoulders
mask
helpless
feeding
explains
sucked
robbery
objection
behave
valuable
shadows
courtroom
confusing
talented
smarter
mistaken
customer
bizarre
scaring
motherfucker
alert
vecchio
reverend
foolish
compliment
bastards
worker
wheelchair
protective
gentle
reverse
picnic
knee
cage
wives
wednesday
voices
toes
stink
scares
pour
cheated
slide
ruining
filling
exit
cottage
upside
proves
parked
diary
complaining
confessed
pipe
merely
massage
chop
spill
prayer
betray
waiter
scam
rats
fraud
brush
tables
sympathy
pill
filthy
seventeen
employee
bracelet
pays
fairly
deeper
arrive
tracking
spite
shed
recommend
oughta
nanny
menu
diet
corn
roses
patch
dime
devastated
subtle
bullets
beans
pile
confirm
strings
parade
borrowed
toys
straighten
steak
premonition
planted
honored
exam
convenient
traveling
laying
insisted
dish
aitoro
kindly
grandson
donor
temper
teenager
proven
mothers
denial
backwards
tent
swell
noon
happiest
drives
thinkin
spirits
potion
holes
fence
whatsoever
rehearsal
overheard
lemme
hostage
bench
tryin
taxi
shove
moron
impress
needle
intelligent
instant
disagree
stinks
rianna
recover
groom
gesture
constantly
bartender
suspects
sealed
legally
hears
dresses
sheet
psychic
teenage
knocking
judging
accidentally
waking
rumor
manners
homeless
hollow
desperately
tapes
referring
item
genoa
gear
majesty
cried
tons
spells
instinct
quote
motorcycle
convincing
fashioned
aids
accomplished
grip
bump
upsetting
needing
invisible
forgiveness
feds
compare
bothers
tooth
inviting
earn
compromise
cocktail
tramp
jabot
intimate
dignity
dealt
souls
informed
gods
dressing
cigarettes
alistair
leak
fond
corky
seduce
liquor
fingerprints
enchantment
butters
stuffed
stavros
emotionally
transplant
tips
oxygen
nicely
lunatic
drill
complain
announcement
unfortunate
slap
prayers
plug
opens
oath
o'neill
mutual
yacht
remembers
fried
extraordinary
bait
warton
sworn
stare
safely
reunion
burst
might've
dive
aboard
expose
buddies
trusting
booze
sweep
sore
scudder
properly
parole
ditch
cancele
Signatures
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 7 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 7 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 38 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 53 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.misp-project.org/feeds/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffcb3e4f50,0x7fffcb3e4f60,0x7fffcb3e4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1660 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5268 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4612 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4676 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1208 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4504 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5296 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5348 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1016 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=996 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4408 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=2RXfJF3ZGSg71ig0aE8sBwOjpYdkZpsDg/1kLN54 --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=104.288.200 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff6d5ca2d20,0x7ff6d5ca2d30,0x7ff6d5ca2d403⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2316_MHKNRSXLVXWGENZA" --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=4779248118028104780 --mojo-platform-channel-handle=728 --engine=23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2316_MHKNRSXLVXWGENZA" --sandboxed-process-id=3 --init-done-notifier=996 --sandbox-mojo-pipe-token=11718683526250073595 --mojo-platform-channel-handle=9923⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4752 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,15554137181318921959,16140255766387401437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4504 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4344_1093493313\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4344_1093493313\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={a0e34f60-e53b-4594-81ae-3f46e7fc8a1b} --system2⤵
- Executes dropped EXE
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\RestartTest.xltm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffcb3e4f50,0x7fffcb3e4f60,0x7fffcb3e4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2168 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3768 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3768 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1556 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,15119097955875738524,14070228848430206249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4344_1093493313\ChromeRecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3Filesize
141KB
MD5ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA110958b0f690ae8f5240e1528b1ccffff28a33272
SHA2567c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA5126c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\edls_64.dllFilesize
449KB
MD579d7f318441c21d17739e43990697d1d
SHA19683265bf401d11313b768dfc4b3aeb10015d18c
SHA2560ce49dc9f71360bf9dd21b8e3af4641834f85eed7d80a7de0940508437e68970
SHA51267c7a7d3bbadeff21951809d2f843311328771ed46bc1ca14edba486263f56f86922668dd89d11b05a16130380b7543f7c9556d79503c505807407763e9d3595
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\em000_64.dllFilesize
37KB
MD5f8b7cac6e9587baabf4045c34890c7ce
SHA161814262c6ee5ceaab2c0263c913cae52e203af7
SHA2568b0613b91229c98dfa5398568a4fa40dde2a2d40028654f74923bc929d6b5b30
SHA5124f80021fa2a6e6bd3cdd8248d6139d105dca984a914184d5b1e251e97daa77e36c4e059ed3a617ad12dd998eb603accd34ef3951261ad997a081d8ac934b6211
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\em001_64.dllFilesize
378KB
MD57adcb76ec34d774d1435b477e8625c47
SHA1ec4ba0ad028c45489608c6822f3cabb683a07064
SHA256a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d
SHA512c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\em002_64.dllFilesize
2.2MB
MD51b573c20bf9df046d134fe127f0fa306
SHA1a7400ea404c8f66f36b1bc8ed7f5a376e4966bac
SHA25638874996fb8568205fbec9254cf63b504bdb93422a6966dcb4e5d47e977601a7
SHA5125a7149558932987c24ac768cb6805cc8136ffa0660dcc09e50986dd43ae2809eee77376f2e205e84f346b4ea0e841d441f64bc8616980968791ff6b0c6e2b01d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\em003_64.dllFilesize
1.3MB
MD5afa6a767b0745cb03c1e7f5189b258df
SHA1fb834620cb82c9354c103820ed53d67ae1550dcc
SHA2564539600b2b1c78aaae0f1a6766125afd07e24d3b4da5f3c875adf34e9ff8956c
SHA512a4f629a0ebac36b6f4c0f6c91b9a72a87fc716fc90c2e2786d8063b09372f045bb0ec4a0cb266e3ea89474939fc0bb6cf8589abd20e0142d4b37987dfdd0ece4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\em004_64.dllFilesize
6.1MB
MD5ee46beaa6c9244880e8a510d080b4416
SHA1a83c3946a2f53f064e91d8b60d5f6c697a560062
SHA256d4f17bd032ead2a73340e6c14e24a3fa901d0fbae78f49fe4d368a01b788b49c
SHA5124e69dddd1215b1675bac788996019ef3cb22418fbba75c0c7935dafb2b1742bad79cc9ea6814b5f8d1663657a7987499a155cdf57733d1afae42b0e25d475c25
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\em005_64.dllFilesize
576KB
MD5169a2ef320119891cf3189aa3fd23b0e
SHA1de51c936101ef79bbc0f1d3c800cf832d221eef8
SHA2561072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780
SHA5127fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exeFilesize
14.0MB
MD5e6d6ddba378f802fff618da5fc2f6b8a
SHA1b6a2ea50a699349ae045012819e19edc689fbcc4
SHA256df958e7e33838f0edc01897959f05a80a69413bc9e498015161c6a77d1bf5c6a
SHA5122699f306fb2ad3ae75456a4fa844a26c0006048dbe96a0281c80ffd4a625b479a32786da83fa86561d401a5dc0b3d6ea6a1b6f90d9b8354c2654b0a91739e202
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exeFilesize
14.0MB
MD5e6d6ddba378f802fff618da5fc2f6b8a
SHA1b6a2ea50a699349ae045012819e19edc689fbcc4
SHA256df958e7e33838f0edc01897959f05a80a69413bc9e498015161c6a77d1bf5c6a
SHA5122699f306fb2ad3ae75456a4fa844a26c0006048dbe96a0281c80ffd4a625b479a32786da83fa86561d401a5dc0b3d6ea6a1b6f90d9b8354c2654b0a91739e202
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exeFilesize
14.0MB
MD5e6d6ddba378f802fff618da5fc2f6b8a
SHA1b6a2ea50a699349ae045012819e19edc689fbcc4
SHA256df958e7e33838f0edc01897959f05a80a69413bc9e498015161c6a77d1bf5c6a
SHA5122699f306fb2ad3ae75456a4fa844a26c0006048dbe96a0281c80ffd4a625b479a32786da83fa86561d401a5dc0b3d6ea6a1b6f90d9b8354c2654b0a91739e202
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exeFilesize
14.0MB
MD5e6d6ddba378f802fff618da5fc2f6b8a
SHA1b6a2ea50a699349ae045012819e19edc689fbcc4
SHA256df958e7e33838f0edc01897959f05a80a69413bc9e498015161c6a77d1bf5c6a
SHA5122699f306fb2ad3ae75456a4fa844a26c0006048dbe96a0281c80ffd4a625b479a32786da83fa86561d401a5dc0b3d6ea6a1b6f90d9b8354c2654b0a91739e202
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.288.200\software_reporter_tool.exeFilesize
14.0MB
MD5e6d6ddba378f802fff618da5fc2f6b8a
SHA1b6a2ea50a699349ae045012819e19edc689fbcc4
SHA256df958e7e33838f0edc01897959f05a80a69413bc9e498015161c6a77d1bf5c6a
SHA5122699f306fb2ad3ae75456a4fa844a26c0006048dbe96a0281c80ffd4a625b479a32786da83fa86561d401a5dc0b3d6ea6a1b6f90d9b8354c2654b0a91739e202
-
C:\Users\Admin\AppData\Local\Google\Software Reporter Tool\software_reporter_tool-sandbox.logFilesize
4KB
MD55a8ba54fe97ecba6f47897fd930fe2c4
SHA1eb1f9f06628b08a72927e3c6d0cd3c31eab57cc1
SHA256cae33dfd020e5b736f47619ba5a32fc34dee1e9ed78c5bf86cf757706ed98f10
SHA51221912f5d4643fec21dd928249ab6955852b8b32eea73f713a7ec7f5f79c4a1c56d2c90e04d47c90a401e6f71ea4d2c5cae55aa33f3965c6f3fef3668977791b2
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\c:\program files\google\chrome\chromerecovery\scoped_dir4344_1093493313\_metadata\verified_contents.jsonFilesize
1KB
MD535c7e305a06f30d3f0a97693c3504265
SHA1b30c965f53a93676cc9d87d29f5e6ac5b605dd84
SHA2563b6fb2683b4dfd83fdd0c6ee096f378aa85c6b1acc73ec66288802a71c9381f7
SHA512a6ac0ddc3c99d59a2c667410fe94bb8f267d1cf422c337febcfbae23d5c965b0e965ff0b77fc88fa9e7b06ee6ce6d532b6ecb0d87a53fb282260ef812379eb7c
-
\??\c:\program files\google\chrome\chromerecovery\scoped_dir4344_1093493313\chromerecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
\??\c:\program files\google\chrome\chromerecovery\scoped_dir4344_1093493313\manifest.jsonFilesize
195B
MD57a8e3a0b6417948df4d49f3915428d7a
SHA14fc084aabdb13483567d5c417c7ed8fd16726a80
SHA256d1ac274cf1018020f2d9635a518ed1a1f21cc2cbe9e2a4392ec792d54b5b52fe
SHA512064d84a57b28c19ad10742859da493d0826b47adc632f6c623dfb4de36d72a9d29be98518061a9ffd42d99fcf01f27de39ce74782b3a5acbbe11dfddeeab59a1
-
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.datFilesize
40B
MD5625239c3a65adb1f08f58edd046613c7
SHA1dc08ebe2c6901aebf6ecc5c039ac0418550b3580
SHA2561da96a8523f6bfe45008346ef0080faf3ef54f94b8af35e1fc0efd844c8ddab5
SHA51213198147d819d997e71931015d9fbbd2f5f13164d841c7bbbd804e7317d4a9746771928a99a356b52a6e3a37698c60d5db82b9d3eee957e1287a408ae982d096
-
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.datFilesize
40B
MD5625239c3a65adb1f08f58edd046613c7
SHA1dc08ebe2c6901aebf6ecc5c039ac0418550b3580
SHA2561da96a8523f6bfe45008346ef0080faf3ef54f94b8af35e1fc0efd844c8ddab5
SHA51213198147d819d997e71931015d9fbbd2f5f13164d841c7bbbd804e7317d4a9746771928a99a356b52a6e3a37698c60d5db82b9d3eee957e1287a408ae982d096
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\edls_64.dllFilesize
449KB
MD579d7f318441c21d17739e43990697d1d
SHA19683265bf401d11313b768dfc4b3aeb10015d18c
SHA2560ce49dc9f71360bf9dd21b8e3af4641834f85eed7d80a7de0940508437e68970
SHA51267c7a7d3bbadeff21951809d2f843311328771ed46bc1ca14edba486263f56f86922668dd89d11b05a16130380b7543f7c9556d79503c505807407763e9d3595
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\em000_64.dllFilesize
37KB
MD5f8b7cac6e9587baabf4045c34890c7ce
SHA161814262c6ee5ceaab2c0263c913cae52e203af7
SHA2568b0613b91229c98dfa5398568a4fa40dde2a2d40028654f74923bc929d6b5b30
SHA5124f80021fa2a6e6bd3cdd8248d6139d105dca984a914184d5b1e251e97daa77e36c4e059ed3a617ad12dd998eb603accd34ef3951261ad997a081d8ac934b6211
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\em001_64.dllFilesize
378KB
MD57adcb76ec34d774d1435b477e8625c47
SHA1ec4ba0ad028c45489608c6822f3cabb683a07064
SHA256a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d
SHA512c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\em002_64.dllFilesize
2.2MB
MD51b573c20bf9df046d134fe127f0fa306
SHA1a7400ea404c8f66f36b1bc8ed7f5a376e4966bac
SHA25638874996fb8568205fbec9254cf63b504bdb93422a6966dcb4e5d47e977601a7
SHA5125a7149558932987c24ac768cb6805cc8136ffa0660dcc09e50986dd43ae2809eee77376f2e205e84f346b4ea0e841d441f64bc8616980968791ff6b0c6e2b01d
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\em003_64.dllFilesize
1.3MB
MD5afa6a767b0745cb03c1e7f5189b258df
SHA1fb834620cb82c9354c103820ed53d67ae1550dcc
SHA2564539600b2b1c78aaae0f1a6766125afd07e24d3b4da5f3c875adf34e9ff8956c
SHA512a4f629a0ebac36b6f4c0f6c91b9a72a87fc716fc90c2e2786d8063b09372f045bb0ec4a0cb266e3ea89474939fc0bb6cf8589abd20e0142d4b37987dfdd0ece4
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\em004_64.dllFilesize
6.1MB
MD5ee46beaa6c9244880e8a510d080b4416
SHA1a83c3946a2f53f064e91d8b60d5f6c697a560062
SHA256d4f17bd032ead2a73340e6c14e24a3fa901d0fbae78f49fe4d368a01b788b49c
SHA5124e69dddd1215b1675bac788996019ef3cb22418fbba75c0c7935dafb2b1742bad79cc9ea6814b5f8d1663657a7987499a155cdf57733d1afae42b0e25d475c25
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.288.200\em005_64.dllFilesize
576KB
MD5169a2ef320119891cf3189aa3fd23b0e
SHA1de51c936101ef79bbc0f1d3c800cf832d221eef8
SHA2561072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780
SHA5127fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca
-
\??\pipe\crashpad_2316_MHKNRSXLVXWGENZAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_4272_PRJPOUMMCFHIBRRYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/428-195-0x00007FFFA5560000-0x00007FFFA5570000-memory.dmpFilesize
64KB
-
memory/428-201-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-200-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-199-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-198-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-196-0x00007FFFA5560000-0x00007FFFA5570000-memory.dmpFilesize
64KB
-
memory/428-190-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-194-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-193-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-192-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/428-191-0x00007FFFA7C90000-0x00007FFFA7CA0000-memory.dmpFilesize
64KB
-
memory/872-159-0x0000000000000000-mapping.dmp
-
memory/928-139-0x0000000000000000-mapping.dmp
-
memory/976-167-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-180-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-181-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-182-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-183-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-184-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-185-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-186-0x000001F2B6E30000-0x000001F2B6E70000-memory.dmpFilesize
256KB
-
memory/976-187-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-188-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-189-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-179-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-178-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-177-0x000001F2B6E30000-0x000001F2B6E70000-memory.dmpFilesize
256KB
-
memory/976-176-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-175-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-174-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-173-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-172-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-171-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/976-142-0x0000000000000000-mapping.dmp
-
memory/976-166-0x000001F2B6B30000-0x000001F2B6B70000-memory.dmpFilesize
256KB
-
memory/2316-137-0x0000000000000000-mapping.dmp
-
memory/3904-135-0x0000000000000000-mapping.dmp