Analysis
-
max time kernel
202s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-es -
resource tags
-
submitted
31-01-2023 17:45
General
-
Target
https://we.tl/t-5Ausz7WwmF
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
4e27b39e9aaa6403f36702b4d66f5024
C2
http://94.142.138.10/
http://94.142.138.9/
rc4.plain
Signatures
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE 6 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 35 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 31 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://we.tl/t-5Ausz7WwmF1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3948 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 464 -p 624 -ip 6241⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 624 -s 22481⤵
- Program crash
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb9784f50,0x7ffbb9784f60,0x7ffbb9784f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4440 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4768 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5088 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5160 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3204 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6372 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6388 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6632 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6436 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6476 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6440 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6728 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6740 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6896 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3236 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3016 /prefetch:82⤵
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,13138314046290014858,16008910246664238160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4900_1218556027\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4900_1218556027\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={24871658-d8e1-4df4-92e2-c81a2311d3a5} --system2⤵
- Executes dropped EXE
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\pcwrun.exeC:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\Setup.exe" ContextMenu1⤵
-
C:\Windows\System32\msdt.exeC:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW1E7B.xml /skip TRUE2⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\Setup.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"4⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\sdiagnhost.exeC:\Windows\System32\sdiagnhost.exe -Embedding1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vtjio4p5\vtjio4p5.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES284E.tmp" "c:\Users\Admin\AppData\Local\Temp\vtjio4p5\CSC450DEF72440240059BE9488DA7141877.TMP"3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ihdyqn2a\ihdyqn2a.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2948.tmp" "c:\Users\Admin\AppData\Local\Temp\ihdyqn2a\CSCF329AE908BB44D0296563DAB866F7B8B.TMP"3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kwfxmed0\kwfxmed0.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2CC3.tmp" "c:\Users\Admin\AppData\Local\Temp\kwfxmed0\CSCC88EE8FD953F4B07A764167EE1B49EFC.TMP"3⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751Filesize
717B
MD5ec8ff3b1ded0246437b1472c69dd1811
SHA1d813e874c2524e3a7da6c466c67854ad16800326
SHA256e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab
SHA512e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD57236f80e1762e416a0901fbf4e1d1956
SHA133e0139b628c2ed6d1bc2879c8df28174324b9fe
SHA256c33f51e3ff5ac1b01c8127bec24b74c69150a0075b1312e5dd8a409c24eec549
SHA51279b13f52f8e2e545ac575ae4bf31fd3ff696517d98b7a70b08af510f2039605e46f4888c8287ea80bf1d6b8b0cff682a244cf4882da72d548052a223da5edbb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27Filesize
1KB
MD5ecc14948a799c449f8e4b01e27667754
SHA11193f7d656b05d8142c472ab37b74953452aef6f
SHA2565e7691e16f5325daafb3ab17b276b74681b7f9d44cd6b7e473c6b769078d1841
SHA512ad4d8ebe622f73f03e0453a155977ca6439e7f6ab15c136b0deabe2b723c3207e6d3e6bbcbd547d1e193cec9f683a1bfd190160d90597d8959d05e4fb2b05960
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5415f2185a9c64b830e7558bce25207be
SHA15b9087daa5a7c1b42fa0d84b25de64ecc9ab335b
SHA2569845be82fb85d04acc616713931ce35e21b76fb6bd0c76945417c9377200607b
SHA512a6385a6c7a0c8eb7f4dc5dbaba72d34e921ece1bda233687a38520b10fdb1a1451339ff6a4e63e6ce3840dfeadaf01e2d95cc01554830f88811989a814ccfbac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4FFilesize
1KB
MD539a5c6c8de1709a8702fec31961dc62e
SHA11a4e641c008a027b1e34d9cd727c22476b16a3ea
SHA256ea83c965f02da4f4095a581dcbbf1b1f810c73cdbacda1f373aa88017cd7bd6b
SHA5129893e3ba64084fb1afeb77eac83b30bb7aa70b4f5ac559c1d4fcb57040faffa7e5fe7cd1f9cd9b56355bb887250d260a48bc8f7bc192ecbcc580d0d57e93d824
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D6243C18F0F8F9AEC6638DD210F1984_FD4F3AB5065583C0DC5D6551E486247BFilesize
471B
MD5263360ef7a3a36fae53488e62c2f1095
SHA12777c121853ea26d2ea7861a670ac96e8b6e016c
SHA25603e79b457d5b257114c54b6dba3f3da98c7ef457af621ea4968e21de134bd627
SHA5127cf3a9b8d746dadc86aa6e19445f20dc46457795f00715f3c282ef49e162106bae76c7e6a9300e3cf7d21f4045f25a4bbdc099ba0008f6480ab9fe1da7f62ec6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_EC830A980969D746780C4373E1195F3BFilesize
472B
MD5c004ef398fc2138876eac9e202e6e7c9
SHA19b695108fe043113ee8dc3369be58234f1a73323
SHA256ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7
SHA512b0109f2dd7643f672b8a42a3325c41a1deb7afdc14865452e4743ce5b3339f27f386faa713009b60ca75d748ad4d413b8bd6faaca1e7f75ab0bab05eb8b033e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62Filesize
1KB
MD54d7be39f9a4b6edef8a86472a3a20583
SHA1f15db395221f68d0702f8e1e299d8e76f682666c
SHA25607f4124fd86d835e4c27db89c1f931e0fb4d21a585babe2d10546ce710e52a02
SHA51206801da4879ca1d9995173fa80bf0ab312bb51387bb69bdf38cbeacd6856e078ff1d6bd23adef3fc737cded7dab780472b47e9a013839d9e59eb7e67582f2e94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894Filesize
1KB
MD5e6b4c21ebc7f713361fb50ac9d658c90
SHA18645f8372ca6eabdca5bc51fd3415c3ff42fc0b0
SHA256cf1c874016da16f33080979d6e26ead798a170f610dbce4323e8de3cfc250a33
SHA512e16adc60adfd7d394eb9832201d31c9d80d5b8a98a475f94ce7afff3ab522b58cb468f348140226c05618fcfe62b10d755bed8e3d6ae0b080ec986537867b4be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F1A152A1619E90E2A46F4BEB447DF3ACFilesize
503B
MD594db728e8f46087f54b9148d8c8b4534
SHA1ce61013504cbc518f3708e26c94eb1292df481e4
SHA256269c1f0bbf73c811135d3ff1d9fbeef3150fd1d6d1be0aa1120aa38d2337cedc
SHA512c20638071fec76c61e93d0fa911f596e81cf7cfff99c43e2313daac9ca17f64055fc1fd9758989b14458fea08eadf55a74b7af342a38f87db9b908a3219ce936
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751Filesize
192B
MD53f777c156b924404d654464fa7c5df9b
SHA18aa7cadb7aed091780c65dbfb2515295b9e52912
SHA2568f015c8391c8c90e4509a05338eb3fccc6547dcd9f28aa3af263042af768b143
SHA512847d3e2db660418ae3da0daf97d2039e2353197ac742aed339f011038c1c013b7bcb8caa638bf429a635f7d589cb1f3984fd76773146bbb2827630c7c6385696
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD58bdc37dc9840ca2a84b35ca502653bfe
SHA189e59de7d5e65d747bd215a9238f6e4aa22b3b95
SHA256ee14062147ef67adb354ad1960fb77276a34db1c13bd7dc6547efe49440ad908
SHA512be83002bc5c55f6f0e314190262ff23e744f9fad0278577a850eea76ac059f48c691da7f4ee60635ebc3629585fdbb3cd80b2f07dd002219eb3f6e808bc956e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27Filesize
408B
MD5dd7db2ff9dc7857371703de9bff79407
SHA10d6bb2c3ed28114b9c7f02f8eef05b3ba2e67b21
SHA256511fd97a98dd4513507ffe4da54d927ca807a432625d3116c63890722cdf08fb
SHA512b1f3c70174330e47e96783ba4bc425826b64736ac6a7803c7b39d248cc3a753617c46db4f7e88ecd01fa38f0b4d451b3dd850556fab351a54a7dccbbd0dc7303
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
434B
MD5c711e66d5bcad8368cbd4aed4e53ee34
SHA1c337ab01e2a2f1d8c18a5788a434be0fa99de18c
SHA2569c67bed9223fef9059b13bf4c18557e94bd089141a40a68da041352837a6fbf2
SHA512114840eae26b8255ff3af59dc0105df56f38174dbfa34e84a4a0147d046b1f7bb9d5837af4454edf9d34c98df094d928e9532f4687cd3a1023938fdbefd9c574
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4FFilesize
442B
MD5e71d5e865be73debf871d054f6bac6e4
SHA1eb2cd5807ae48efe7e21f6a188fbad910d38eba3
SHA2564b0115340ddd6b90e6854905c210e47e4856b934dcdd92cfbe7c8b0eae3821e1
SHA51292ed16434f86c7dab3a4f032fbf8d741bc65b60196b9d31d9b5be51d2c673f88f53904d2bcbc6621c933357b1d48ca43e7a0cef5e35efab084ebaf9866dfbf80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D6243C18F0F8F9AEC6638DD210F1984_FD4F3AB5065583C0DC5D6551E486247BFilesize
444B
MD5add6a092ca367ec61afa09eb639180f1
SHA1149c75ac43d011af20b1c126cd353d1d9df55124
SHA2563f26729464e3bed035a4535390032be8fe6be440115faff3df8b84407aa474b0
SHA512d3034628978016affd9cd8d2729993e56b038e25be1cd3fefd55f173656bb3e6358f31e0d1133d9205efba43f930d1579c04adcdedb21f98dc13ebaed7d025c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_EC830A980969D746780C4373E1195F3BFilesize
402B
MD5f89504b473dfdeaf548f3253c9df4186
SHA14ef3393f85b87ea38d4460738fd29b9b297f1e08
SHA256152cdb618dfcf4cece7b4d5be78fd4f4c575f224baaf2cfa6cba235a54baa7d4
SHA5125fc35c41282eec8588d45592e33fa9974968b2fce78bb8bf4a8e1903e4ee0b0f488266363e3bd0db81f4082ecc81095e449b4d6c9ea69802ccc46d820a10dbad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62Filesize
458B
MD577a7a6a01f93bff2453b8ec04253c361
SHA108ce751426bc19e4d8059b5d15ca3aeada2a0ace
SHA256d1c84a49da1c23ae3482f865d782200be227bcfb0c884f87b797f9c80240fc0d
SHA5126b35fe509a836d777af6883e57291db3e161dae97b85f571404960656a3441ed96e1be372028b5790a4e404c425e4195a84d0cabe14e693c37ee6b1c2c34bc33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894Filesize
432B
MD5d25b553488aecd64a4ec7ab60c0d3dae
SHA1c0617b1e384134338a58b990545da63cbe546705
SHA2569a16662ad9dad9bf5d37cdf644a70b655e5fb7575b50615f82f9aff1017e39c0
SHA512b2117569934afad457b20358b1c6f6a2736ff396f74305cf5d31551fa867497596aea37b35bbe7c86d19732c97ecece2b8718dbec61ea293915ffcc89a337337
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD5a0d6b7a06134394ad9e536ac162a7c5f
SHA19c035961c7a952ba4a1d23d58ee4ab90a4dbc617
SHA2567c4524d72f33f5bd1297bc5df7b7a6642656cd999e2f0a5eee767d4cb14ef91d
SHA512b65d1a41d10d374bdf040c72f8bc0e85a99cb347070f5eb0688cbe7a4364c8c86fa5aecb85239e79cac03ee3b49aded7048d73812d42bd251b1526b89c397a3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F1A152A1619E90E2A46F4BEB447DF3ACFilesize
548B
MD5d5a96ad0f5991b84e0cd294ad382e8df
SHA10a2d076ff6ad9eac03d97d683851c6c67a7d6b59
SHA2568d3c4c96ba14ae3eb0744e5e04d013b29efd48537aab72ac9974b2edb4543964
SHA5123f4aec480dfd518d42a226137f5b67823e88f47b2631762d046ca5d5af9e1a927a87d9af2b889a1ec1bca494c0d6cf6385ddd3230f471e654f9c5c0e6bb17b01
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zpu22o1\imagestore.datFilesize
41KB
MD526b143f43a1b50d6f585c6cffe2c5379
SHA1c5126e7ef64fba8797763641f24d5b4d411f3c37
SHA25689ec528436cd8858084845c14f7db238b0575bc32704f3eb2d52c03601545feb
SHA512c416903f579af2768e6a44fa33d5b4c93e19f5c84e40d53e79916143bc26f4ace9322308e5f0581987f3a61aa4738a5d12628564693d8105f0aa6d70a9b2c269
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_3636_FYDSBFSDRYZAQGTMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/8-188-0x0000000000000000-mapping.dmp
-
memory/868-175-0x0000000000000000-mapping.dmp
-
memory/948-165-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/948-163-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/948-166-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/948-167-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/1344-187-0x0000000000000000-mapping.dmp
-
memory/1456-171-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/1456-174-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/1456-173-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/1880-161-0x0000000000000000-mapping.dmp
-
memory/2172-185-0x0000000000000000-mapping.dmp
-
memory/2356-182-0x0000000000000000-mapping.dmp
-
memory/3596-183-0x0000000000000000-mapping.dmp
-
memory/4028-170-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/4028-168-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/4400-184-0x0000000000000000-mapping.dmp
-
memory/4408-180-0x000001D7E3AA0000-0x000001D7E3AAA000-memory.dmpFilesize
40KB
-
memory/4408-179-0x000001D7E3A90000-0x000001D7E3A9A000-memory.dmpFilesize
40KB
-
memory/4408-178-0x000001D7E3AC0000-0x000001D7E3AE2000-memory.dmpFilesize
136KB
-
memory/4408-181-0x00007FFBB57F0000-0x00007FFBB62B1000-memory.dmpFilesize
10.8MB
-
memory/4408-177-0x000001D7E4950000-0x000001D7E4A52000-memory.dmpFilesize
1.0MB
-
memory/4408-176-0x000001D7E46B0000-0x000001D7E4732000-memory.dmpFilesize
520KB
-
memory/4408-196-0x00007FFBB57F0000-0x00007FFBB62B1000-memory.dmpFilesize
10.8MB
-
memory/4408-193-0x00007FFBB57F0000-0x00007FFBB62B1000-memory.dmpFilesize
10.8MB
-
memory/4408-186-0x000001D7E4880000-0x000001D7E4894000-memory.dmpFilesize
80KB
-
memory/4788-191-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/4788-190-0x0000000000000000-mapping.dmp
-
memory/4788-194-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/4788-195-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/4932-189-0x0000000000000000-mapping.dmp
-
memory/5016-157-0x0000000000000000-mapping.dmp
-
memory/5016-162-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/5016-160-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB
-
memory/5016-158-0x0000000000400000-0x0000000000EAD000-memory.dmpFilesize
10.7MB