Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
02-01-2023 20:03
General
-
Target
http://terabox.com
Score
10/10
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Downloads MZ/PE file
-
Executes dropped EXE 15 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 47 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" http://terabox.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc16a24f50,0x7ffc16a24f60,0x7ffc16a24f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1548 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5572 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5448 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5732 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5744 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5836 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6548 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6260 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,2473916317682272751,13300617914022199741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\TeraBox_1.12.5.8.exe"C:\Users\Admin\Downloads\TeraBox_1.12.5.8.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe" -install "createdetectstartup" -install "btassociation" -install "createshortcut" "0" -install "createstartup"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"3⤵
- Loads dropped DLL
-
C:\Windows\system32\regsvr32.exe"/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"4⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe"C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe" --install3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" reg3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exeC:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=1988,14742519877531549590,15274891910638038374,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.12.5.8;PC;PC-Windows;10.0.15063;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2016 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,14742519877531549590,15274891910638038374,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.12.5.8;PC;PC-Windows;10.0.15063;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2604 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=1988,14742519877531549590,15274891910638038374,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.12.5.8;PC;PC-Windows;10.0.15063;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:14⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=1988,14742519877531549590,15274891910638038374,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.12.5.8;PC;PC-Windows;10.0.15063;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:14⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe-PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.1224.0.1851382069\1835238564 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.192" -PcGuid "TBIMXV2-O_A1D8D8F5C5E748F484D29DE27D0E85C8-C_0-D_QM00013-M_CED42B755F53-V_9B68DC08" -Version "1.12.5.8" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 14⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=1988,14742519877531549590,15274891910638038374,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.12.5.8;PC;PC-Windows;10.0.15063;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2240 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.1224.0.1851382069\1835238564 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.192" -PcGuid "TBIMXV2-O_A1D8D8F5C5E748F484D29DE27D0E85C8-C_0-D_QM00013-M_CED42B755F53-V_9B68DC08" -Version "1.12.5.8" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.1224.1.577351823\299007524 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.192" -PcGuid "TBIMXV2-O_A1D8D8F5C5E748F484D29DE27D0E85C8-C_0-D_QM00013-M_CED42B755F53-V_9B68DC08" -Version "1.12.5.8" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe"C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe" -client_info "C:\Users\Admin\AppData\Local\Temp\TeraBox_status" -srvwnd 70048 -unlogin4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exeC:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\dashost.exedashost.exe {f8b5e702-e39f-4a42-8e5e828e0313f1bf}2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\TeraBox\Bull140U.DLLFilesize
2.8MB
MD54a94aeaae0c93775e316811eebbdda59
SHA13e0bbdf75a7a6e7c7265d9be620692c861fca005
SHA256b00a620bf804fb0a473153c2497e7f07a38eba0dc82ebf32c3673f055924cc01
SHA512810b0f216e500c04b501055f2f46d7c01f1447c0ddc06c405757b566193ecea8c6ff52c9a92344d701bbbc2eb65bbe8f6e26b2e073944873ccbe7296d0d012d2
-
C:\Users\Admin\AppData\Roaming\TeraBox\MSVCP140.dllFilesize
429KB
MD51d8c79f293ca86e8857149fb4efe4452
SHA17474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f
SHA256c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4
SHA51283c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exeFilesize
5.6MB
MD5e8fafcb661bb6e6d37864f70a950a601
SHA12a8123dcafddd70140922730f75df3ffe5752ad9
SHA256d968f376f45f2d0b4b5ce6bf018ab36b8fa8eff18c694e4ebfb0f6ed18c3eaec
SHA5120702073727844532efac1c405ea509adc58d8a5115a6f12333f3b8d696d5802c2cb875316abf1ec760449e96a5152ea154283828ee2e0d000fc017c221a364af
-
C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exeFilesize
5.6MB
MD5e8fafcb661bb6e6d37864f70a950a601
SHA12a8123dcafddd70140922730f75df3ffe5752ad9
SHA256d968f376f45f2d0b4b5ce6bf018ab36b8fa8eff18c694e4ebfb0f6ed18c3eaec
SHA5120702073727844532efac1c405ea509adc58d8a5115a6f12333f3b8d696d5802c2cb875316abf1ec760449e96a5152ea154283828ee2e0d000fc017c221a364af
-
C:\Users\Admin\AppData\Roaming\TeraBox\VCRUNTIME140.dllFilesize
83KB
MD5b77eeaeaf5f8493189b89852f3a7a712
SHA1c40cf51c2eadb070a570b969b0525dc3fb684339
SHA256b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e
SHA512a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3
-
C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dllFilesize
966KB
MD5df12f5b83c1d536d90cd823f83abea7b
SHA1e74357326e43891d3361f2dbdd6df1d019011ca5
SHA2563d255b300c164c4440ba16933a784080836b431bd723a5e1f0794bab515a0b23
SHA512d6beaf89e3d78a5a9dc0a1ddb9a9b9f829f72917e5d5a836c0b4b66be515c9d228ecb884cb948a1fc54d99fe6acf81034b3c07149bca7029b31a9b9f170eea91
-
C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exeFilesize
110KB
MD52d189a79c8ddb6034eb84e2887f495e8
SHA15d38c654b5f3836c61946c20af3360c86e8d266b
SHA256e60bec7deb79be14b832ed820c8f8b3e0593bb8885ee1ccdade3fdcc07a03fcb
SHA512be801326b2d857899b52f32dbd09d6d798eb8a6dd703f3e0ce5b68321863c0533b8889c35e532dc1563b0e9d7d3fd7ae53b30756b109f3f8fdcd9dadcabeaef9
-
C:\Users\Admin\AppData\Roaming\TeraBox\appUtil.DLLFilesize
978KB
MD53666544b0402606e70abe7fd71615c79
SHA14033da55136fe5558e63ad3e056a7e8ca3c7e209
SHA256e98f4488686d0e2513d8f386f00edbbc732cd4e996e34514373907010b673756
SHA512952ab35d9bde41cef7bc0b54950189c3213997d8cdd7e7675274f13e71883bc5682e88b67032dc92693eb16d57af4d81408dbd3054d77fda556b7090f06860ef
-
C:\Users\Admin\AppData\Roaming\TeraBox\minosagent.dllFilesize
2.9MB
MD5216a2dd23f95bdd63cd88a50eb7e69bd
SHA19c63635c26e276179f8dba9e02079bb3170b0321
SHA25663da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada
SHA512390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0
-
C:\Users\Admin\AppData\Roaming\TeraBox\uninst.exeFilesize
675KB
MD537de15e71ab3d4badf49dbb3f1c86d96
SHA10cb47de2288b468c8068993cc6359a29b44ea778
SHA25669248af2b4081d590a6cbd1d8f4673b19c3c64a46944f26d1ab8181c94767ff2
SHA51200add89ef350b24ce209d4f29bef28d87f6713b56d10b733cfb47706342b11ef0bf9e9befdd01b1430740d46449d000a5b7c391754b09ed3e27bec4bbc2568df
-
C:\Users\Admin\AppData\Roaming\TeraBox\updateagent.dllFilesize
1.1MB
MD5d2e7c378748436cb40a679fac6a455ca
SHA1e86149b5edd7654f974fee444652452216541a99
SHA256dafa9b2f3c103c94951f41f9b20944ee0ef3936e6830f1d3330a374acbd8b454
SHA512e4cb74adda38487f58e10f7934c99d87e7fac5dbaa3925455b6d576d25ad5dcf1218a13416235014abcb306d93356e8ca84459943d28c7400a77ceebd3d00566
-
C:\Users\Admin\Downloads\TeraBox_1.12.5.8.exeFilesize
79.6MB
MD5307ecfb9554db41fd38711f3896275e9
SHA1562f88a68415dcff6ed771bce542071cf745e6d6
SHA256adfc360f409f6d91f405ee2f523a65ef53f2fab23df62627ef610bc47ca9c4fa
SHA512d5570a69103522bb2e541173a1c8ff43737d353dc76ba9ac896b6f55fc112976a8cbf7797c6924aec161b150e616d2c69df3de472664dd48e426a7d96a9cf20b
-
C:\Users\Admin\Downloads\TeraBox_1.12.5.8.exeFilesize
79.6MB
MD5307ecfb9554db41fd38711f3896275e9
SHA1562f88a68415dcff6ed771bce542071cf745e6d6
SHA256adfc360f409f6d91f405ee2f523a65ef53f2fab23df62627ef610bc47ca9c4fa
SHA512d5570a69103522bb2e541173a1c8ff43737d353dc76ba9ac896b6f55fc112976a8cbf7797c6924aec161b150e616d2c69df3de472664dd48e426a7d96a9cf20b
-
\??\pipe\crashpad_2272_BVOWCHFLCNMXSVLGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\nsp9E65.tmp\NsisInstallUI.dllFilesize
2.0MB
MD58e0dbee28c2982770d3070d1c5af0a8e
SHA166a419649dc0c4a1402a6b4994555f3008e0d0c5
SHA2563832b553afb67bf638235229b67bf0f356d2ef30cf27aeb860b4235b96b35d65
SHA5127c6c67363a54799641b83c22bf68ad155379434762e5ee376dfdfede244e1fa9b2f635d0675b0ff6c39ba34c9fc125b358f0e334c505f57af5c375b1dbb30a7c
-
\Users\Admin\AppData\Local\Temp\nsp9E65.tmp\System.dllFilesize
12KB
MD58cf2ac271d7679b1d68eefc1ae0c5618
SHA17cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA2566950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
\Users\Admin\AppData\Local\Temp\nsp9E65.tmp\nsProcessW.dllFilesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
\Users\Admin\AppData\Roaming\TeraBox\AppUtil.dllFilesize
978KB
MD53666544b0402606e70abe7fd71615c79
SHA14033da55136fe5558e63ad3e056a7e8ca3c7e209
SHA256e98f4488686d0e2513d8f386f00edbbc732cd4e996e34514373907010b673756
SHA512952ab35d9bde41cef7bc0b54950189c3213997d8cdd7e7675274f13e71883bc5682e88b67032dc92693eb16d57af4d81408dbd3054d77fda556b7090f06860ef
-
\Users\Admin\AppData\Roaming\TeraBox\Bull140U.dllFilesize
2.8MB
MD54a94aeaae0c93775e316811eebbdda59
SHA13e0bbdf75a7a6e7c7265d9be620692c861fca005
SHA256b00a620bf804fb0a473153c2497e7f07a38eba0dc82ebf32c3673f055924cc01
SHA512810b0f216e500c04b501055f2f46d7c01f1447c0ddc06c405757b566193ecea8c6ff52c9a92344d701bbbc2eb65bbe8f6e26b2e073944873ccbe7296d0d012d2
-
\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dllFilesize
966KB
MD5df12f5b83c1d536d90cd823f83abea7b
SHA1e74357326e43891d3361f2dbdd6df1d019011ca5
SHA2563d255b300c164c4440ba16933a784080836b431bd723a5e1f0794bab515a0b23
SHA512d6beaf89e3d78a5a9dc0a1ddb9a9b9f829f72917e5d5a836c0b4b66be515c9d228ecb884cb948a1fc54d99fe6acf81034b3c07149bca7029b31a9b9f170eea91
-
\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dllFilesize
966KB
MD5df12f5b83c1d536d90cd823f83abea7b
SHA1e74357326e43891d3361f2dbdd6df1d019011ca5
SHA2563d255b300c164c4440ba16933a784080836b431bd723a5e1f0794bab515a0b23
SHA512d6beaf89e3d78a5a9dc0a1ddb9a9b9f829f72917e5d5a836c0b4b66be515c9d228ecb884cb948a1fc54d99fe6acf81034b3c07149bca7029b31a9b9f170eea91
-
\Users\Admin\AppData\Roaming\TeraBox\minosagent.dllFilesize
2.9MB
MD5216a2dd23f95bdd63cd88a50eb7e69bd
SHA19c63635c26e276179f8dba9e02079bb3170b0321
SHA25663da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada
SHA512390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0
-
\Users\Admin\AppData\Roaming\TeraBox\msvcp140.dllFilesize
429KB
MD51d8c79f293ca86e8857149fb4efe4452
SHA17474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f
SHA256c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4
SHA51283c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1
-
\Users\Admin\AppData\Roaming\TeraBox\updateagent.dllFilesize
1.1MB
MD5d2e7c378748436cb40a679fac6a455ca
SHA1e86149b5edd7654f974fee444652452216541a99
SHA256dafa9b2f3c103c94951f41f9b20944ee0ef3936e6830f1d3330a374acbd8b454
SHA512e4cb74adda38487f58e10f7934c99d87e7fac5dbaa3925455b6d576d25ad5dcf1218a13416235014abcb306d93356e8ca84459943d28c7400a77ceebd3d00566
-
\Users\Admin\AppData\Roaming\TeraBox\vcruntime140.dllFilesize
83KB
MD5b77eeaeaf5f8493189b89852f3a7a712
SHA1c40cf51c2eadb070a570b969b0525dc3fb684339
SHA256b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e
SHA512a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3
-
memory/860-269-0x0000000000000000-mapping.dmp
-
memory/948-312-0x0000000000000000-mapping.dmp
-
memory/1132-608-0x0000000000000000-mapping.dmp
-
memory/1220-314-0x0000000000000000-mapping.dmp
-
memory/1368-188-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/1368-187-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/1368-186-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/1368-184-0x0000000000000000-mapping.dmp
-
memory/1368-189-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/1988-938-0x0000000000000000-mapping.dmp
-
memory/2276-1267-0x0000000000000000-mapping.dmp
-
memory/2476-146-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-151-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-154-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-155-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-156-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-157-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-158-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-159-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-160-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-161-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-163-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-162-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-164-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-165-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-166-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-167-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-168-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-169-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-137-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-171-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-172-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-174-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-173-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-175-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-176-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-177-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-178-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-140-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-180-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-182-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-142-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-117-0x0000000000000000-mapping.dmp
-
memory/2476-145-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-147-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-149-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-153-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-152-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-150-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-148-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-144-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-143-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-141-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-139-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-138-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-136-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-135-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-134-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-133-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-132-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-131-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-130-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-129-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-128-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-127-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-125-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-124-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-123-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-122-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-121-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-119-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2476-120-0x0000000077470000-0x00000000775FE000-memory.dmpFilesize
1.6MB
-
memory/2500-1174-0x0000000000000000-mapping.dmp
-
memory/2648-1027-0x0000000000000000-mapping.dmp
-
memory/2648-1204-0x0000000065FE0000-0x0000000067407000-memory.dmpFilesize
20.2MB
-
memory/2648-1264-0x0000000065FE0000-0x0000000067407000-memory.dmpFilesize
20.2MB
-
memory/2840-630-0x0000000000000000-mapping.dmp
-
memory/3112-596-0x0000000000000000-mapping.dmp
-
memory/3160-351-0x0000000000000000-mapping.dmp
-
memory/3952-833-0x0000000000000000-mapping.dmp
-
memory/4356-183-0x0000000000000000-mapping.dmp
-
memory/4672-634-0x0000000000000000-mapping.dmp