Analysis
-
max time kernel
168s -
max time network
171s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
-
submitted
08-01-2023 12:52
General
-
Target
https://anonfiles.com/xfVcGbP4yc/Mta_cheat_rar
Score
10/10
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 4 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in Program Files directory 15 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 58 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 39 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://anonfiles.com/xfVcGbP4yc/Mta_cheat_rar1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc81a54f50,0x7ffc81a54f60,0x7ffc81a54f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1664 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1616 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4136 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3364 /prefetch:82⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5832 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5864 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5680 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1372 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5716 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5708 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4332 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6496 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6196 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6336 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6044 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4172 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6040 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7160 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6108 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6368 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5972 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6412 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6644 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6660 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6668 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7180 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7196 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7016 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14731356756202147743,1487376511045913248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7080 /prefetch:82⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mta cheat\" -spe -an -ai#7zMap19805:80:7zEvent38021⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\Mta cheat\Cheat aimbot Mta.exe"C:\Users\Admin\Downloads\Mta cheat\Cheat aimbot Mta.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Mta cheat\Tutorial.txt1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap9755:72:7zEvent21957 -ad -saa -- "C:\Users\Admin\Downloads\Mta cheat"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1752_79324450\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1752_79324450\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={b7496768-0f84-4173-9fe0-1987d0ceba78} --system2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\HistoryFilesize
116KB
MD55a15ac4b69a0804c1c7ea77a4f434632
SHA1f12f029cf43faff41474013cbf3a2a4a5cb15412
SHA256a557c49014b260eaeb8578228dcfd4578979fceeeba019e9597310cbce27b1a7
SHA512950e526dfd17020618805e9b92cc35046c50528498ac90afc784b45a58e23813a696057bd981c14d4355ad9020e9f90d5176cc3ac5f77c77f5c509fead672d06
-
C:\Users\Admin\Downloads\Mta cheat.rarFilesize
1.7MB
MD546b522a7dd620c469729ebb05d84cddd
SHA1b57f4d8bf6676cc08fbb0bdc8039f9a91473f07f
SHA256e04afc44f6f156c0fa79fc2509d179e633c5b580435385b3067ab01bbbe01de8
SHA5129af53145e8ef6aeaffeb53b33b26b54ec59e5bad5b7a08328a9953b0a5b6e316b25a09596f6ae90314236d0507f4f4a1848a000db867cdf3382c2cbe68ffb329
-
C:\Users\Admin\Downloads\Mta cheat.rarFilesize
1.7MB
MD546b522a7dd620c469729ebb05d84cddd
SHA1b57f4d8bf6676cc08fbb0bdc8039f9a91473f07f
SHA256e04afc44f6f156c0fa79fc2509d179e633c5b580435385b3067ab01bbbe01de8
SHA5129af53145e8ef6aeaffeb53b33b26b54ec59e5bad5b7a08328a9953b0a5b6e316b25a09596f6ae90314236d0507f4f4a1848a000db867cdf3382c2cbe68ffb329
-
C:\Users\Admin\Downloads\Mta cheat\API.dllFilesize
164KB
MD5cb32f0166833761b9009c32dc122964e
SHA11235f72d83e8e6638ecabb84d7b55e2cbfde68aa
SHA256f3c37c3d71573368f463f053e6b5a90c5073dce79559c8975e12e010e1fb5836
SHA512eefc1e0455c71672990cf5a5934490816a0cf3c1a272dc7da298bd9ae4dd2bda10669c1ca8b3e06320fadbdd12eeb4c99241dac7b751c220c8d405dfb8bdabac
-
C:\Users\Admin\Downloads\Mta cheat\Cheat aimbot Mta.exeFilesize
1.1MB
MD5d0adc86e597ffb6392026a8e3d08c2b1
SHA1ad00b645ffe1fd611872dc4a516b8d3a37ad9979
SHA256363f2e64161fcd331f2ee221c5287b16f6d208f90834e3e222eaf4f2480d7577
SHA5122d0d41ac5430da262ab7db26d16b6404dabedd3363e57a8fc46d3e643521138752af657fa645f0834808d74ee1862cb0c5245e5f2e330a8aecde144bc05a1772
-
C:\Users\Admin\Downloads\Mta cheat\Cheat aimbot Mta.exeFilesize
1.1MB
MD5d0adc86e597ffb6392026a8e3d08c2b1
SHA1ad00b645ffe1fd611872dc4a516b8d3a37ad9979
SHA256363f2e64161fcd331f2ee221c5287b16f6d208f90834e3e222eaf4f2480d7577
SHA5122d0d41ac5430da262ab7db26d16b6404dabedd3363e57a8fc46d3e643521138752af657fa645f0834808d74ee1862cb0c5245e5f2e330a8aecde144bc05a1772
-
C:\Users\Admin\Downloads\Mta cheat\Cheat aimbot Mta.exeFilesize
1.1MB
MD5d0adc86e597ffb6392026a8e3d08c2b1
SHA1ad00b645ffe1fd611872dc4a516b8d3a37ad9979
SHA256363f2e64161fcd331f2ee221c5287b16f6d208f90834e3e222eaf4f2480d7577
SHA5122d0d41ac5430da262ab7db26d16b6404dabedd3363e57a8fc46d3e643521138752af657fa645f0834808d74ee1862cb0c5245e5f2e330a8aecde144bc05a1772
-
C:\Users\Admin\Downloads\Mta cheat\Json.dllFilesize
659KB
MD54df6c8781e70c3a4912b5be796e6d337
SHA1cbc510520fcd85dbc1c82b02e82040702aca9b79
SHA2563598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
SHA512964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c
-
C:\Users\Admin\Downloads\Mta cheat\Net.Core.dllFilesize
119KB
MD5d00fe9035e5936a65ad44d819ca7b392
SHA12dcb764a59909008617f7cee40ab632e3e44bac8
SHA256f812a1da84b579be1032acb06f13546220e1d26b79d9008659b5b4694353045d
SHA5127cd92ffad5d70a9a7d0750e586d6718b6d631ea7c23437e323b5ffe588f856c43e06088f779b291cfb1d4474c85c03356298c0af54fdd90687936766f707e6f1
-
C:\Users\Admin\Downloads\Mta cheat\Net.Rest.dllFilesize
415KB
MD5360b5cec575080f52030bdcd8d02a5a3
SHA1c7b1dc893b82433e2990a623897baaecab394360
SHA25699265d78c4e55267ed476a9861c226d5471cef29ffce6b00e1bcf5544073670b
SHA51247b0384e05293746c6d1a59d7b26bd2d56a8720aa8b1b93035b763fcae30a91ae43b3198d5140cd983f72a133303b732ebb5e440e568c6a939c60c663a5a50e8
-
C:\Users\Admin\Downloads\Mta cheat\Net.WebSocket.dllFilesize
362KB
MD5b1c42560370899c48a9607c34b84a498
SHA1756f5d8d2f2acb115686e2d7cab882f23b732328
SHA256b2440a1938b9ee0e44499ad2fce68db0d35c0a51bcfc46cc44d9ee102363a9f6
SHA512710a11398684d2716dd524cc2d6db212f466020a7ebaaea554eb5601759e6c3267c1b6847c2e0df70467d8867c1a8c4fb9b0884e1ddfb77e4bb069b6afe705c3
-
C:\Users\Admin\Downloads\Mta cheat\Tutorial.txtFilesize
227B
MD5908b4fea92d0d4dffc34cc7b95e07350
SHA1e11bcf1bb70ac8224cb1e3e735811d23bd36abbd
SHA2563dd3188eae52cc684c5da53bd9594073eafa4838ae10007ffc01832691e954eb
SHA5129cbbfbf7d47f08f66d32835191ed0674676b11bcb5d83346f3e64e0f56741a50ec39365a513505e332d43b91d565462e84b63fd5b7080b646289bd5955688161
-
C:\Users\Admin\Downloads\Mta cheat\Tutorial.txtFilesize
227B
MD5908b4fea92d0d4dffc34cc7b95e07350
SHA1e11bcf1bb70ac8224cb1e3e735811d23bd36abbd
SHA2563dd3188eae52cc684c5da53bd9594073eafa4838ae10007ffc01832691e954eb
SHA5129cbbfbf7d47f08f66d32835191ed0674676b11bcb5d83346f3e64e0f56741a50ec39365a513505e332d43b91d565462e84b63fd5b7080b646289bd5955688161
-
C:\Users\Admin\Downloads\Mta cheat\injection.dllFilesize
295KB
MD5d8203aedaabeac1e606cd0e2af397d01
SHA1eef943e4369166a039dee90f2d81504613d49ca0
SHA2562f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57
SHA512ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6
-
\??\pipe\crashpad_2704_ODNZWQACOPGDUEQEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1260-144-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-152-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-167-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-166-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-165-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-142-0x0000000000000000-mapping.dmp
-
memory/1260-143-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-164-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-145-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-146-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-147-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-148-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-149-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-150-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-151-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-163-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-153-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-154-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-155-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-156-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-157-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-158-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-159-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-160-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-161-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/1260-162-0x00000000773D0000-0x000000007755E000-memory.dmpFilesize
1.6MB
-
memory/2132-129-0x000000001DB60000-0x000000001DB9E000-memory.dmpFilesize
248KB
-
memory/2132-124-0x0000000000090000-0x00000000001AC000-memory.dmpFilesize
1.1MB
-
memory/2132-125-0x00000000006D0000-0x00000000006DA000-memory.dmpFilesize
40KB
-
memory/2132-126-0x00000000022B0000-0x00000000022CA000-memory.dmpFilesize
104KB
-
memory/2132-128-0x0000000002380000-0x0000000002392000-memory.dmpFilesize
72KB