hxxps://www[.]mediafire[.]com/file/bkv59z08u5assyw/Entropy[.]zip/file

Analysis

max time kernel
348s
max time network
347s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2023 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/bkv59z08u5assyw/Entropy.zip/file

Score

9^/10

evasion themida trojan vmprotect

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

Kangaroo Patcher.exeKangaroo Patcher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Kangaroo Patcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Kangaroo Patcher.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Kangaroo Patcher.exeKangaroo Patcher.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Kangaroo Patcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Kangaroo Patcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Kangaroo Patcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Kangaroo Patcher.exe

Executes dropped EXE 5 IoCs

Processes:

EntropyV3.exeEntropyV3.exeKangaroo Patcher.exeKangaroo Patcher.exeentropy.exe

pid process

5480 EntropyV3.exe
2456 EntropyV3.exe
4180 Kangaroo Patcher.exe
4576 Kangaroo Patcher.exe
3248 entropy.exe
Loads dropped DLL 1 IoCs

Processes:

entropy.exe

pid process

3248 entropy.exe

pid	process
5480	EntropyV3.exe
2456	EntropyV3.exe
4180	Kangaroo Patcher.exe
4576	Kangaroo Patcher.exe
3248	entropy.exe

pid	process
3248	entropy.exe

Themida packer 8 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe	themida
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe	themida
behavioral1/memory/4180-602-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp	themida
behavioral1/memory/4180-603-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp	themida
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe	themida
behavioral1/memory/4576-605-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp	themida
behavioral1/memory/4576-611-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp	themida
behavioral1/memory/4576-612-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp	themida

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe	vmprotect
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe	vmprotect
behavioral1/memory/3248-615-0x00007FF7F1540000-0x00007FF7F24C3000-memory.dmp	vmprotect

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

Kangaroo Patcher.exeKangaroo Patcher.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Kangaroo Patcher.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Kangaroo Patcher.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

EntropyV3.exeEntropyV3.exeKangaroo Patcher.exeKangaroo Patcher.exeentropy.exe

pid process

5480 EntropyV3.exe
2456 EntropyV3.exe
4180 Kangaroo Patcher.exe
4576 Kangaroo Patcher.exe
3248 entropy.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4084 2552 WerFault.exe

pid	process
5480	EntropyV3.exe
2456	EntropyV3.exe
4180	Kangaroo Patcher.exe
4576	Kangaroo Patcher.exe
3248	entropy.exe

pid	pid_target	process	target process
4084	2552	WerFault.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232451193927886"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeEntropyV3.exechrome.exeEntropyV3.exeentropy.exetaskmgr.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
5480	EntropyV3.exe
5480	EntropyV3.exe
5976	chrome.exe
5976	chrome.exe
2456	EntropyV3.exe
2456	EntropyV3.exe
3248	entropy.exe
3248	entropy.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

OpenWith.exeentropy.exetaskmgr.exe

pid process

836 OpenWith.exe
3248 entropy.exe
5280 taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

chrome.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

OpenWith.exeEntropyV3.exeEntropyV3.exeKangaroo Patcher.exeKangaroo Patcher.exeentropy.exe

pid	process
836	OpenWith.exe
836	OpenWith.exe
836	OpenWith.exe
836	OpenWith.exe
836	OpenWith.exe
836	OpenWith.exe
836	OpenWith.exe
5480	EntropyV3.exe
2456	EntropyV3.exe
4180	Kangaroo Patcher.exe
4576	Kangaroo Patcher.exe
3248	entropy.exe
3248	entropy.exe
3248	entropy.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2164 wrote to memory of 1472	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1472	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4388	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3572	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3572	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 644	2164	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/bkv59z08u5assyw/Entropy.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffc716c9758,0x7ffc716c9768,0x7ffc716c9778
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:2
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5228 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5836 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3248 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5468 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4876 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5232 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6224 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6000 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6136 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4908 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6112 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4996 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5428 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6076 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6684 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4672 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=908 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2780 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5028 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6520 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3288 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6964 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7200 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6116 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6484 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6700 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7436 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6976 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:1
2⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7704 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:5228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7720 --field-trial-handle=1904,i,11149494844759114672,14506750260989778047,131072 /prefetch:8
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3000

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 368 -p 2552 -ip 2552
1⤵
PID:2376

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2552 -s 1764
1⤵
- Program crash
PID:4084

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Entropy\" -ad -an -ai#7zMap9713:76:7zEvent29977
1⤵
PID:4140

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Entropy\Entropy again\" -ad -an -ai#7zMap12918:104:7zEvent10869
1⤵
PID:2116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:836

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\" -ad -an -ai#7zMap25359:124:7zEvent12319
1⤵
PID:5096

C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe
"C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5480

C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe
"C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe" "C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\Entropy Patcher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\READ ME.txt
1⤵
PID:5544

C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe
"C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4180

C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe
"C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe" "C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4576

C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe
"C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3248

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
63f76bac4e2f9682174727d5718a2701

SHA1
5b9c7cc9b57aaa67e1a0a6e20a8140f0dc4195b6

SHA256
25be115b2f388e0c419f8e9e4d80b8fd486ebaad81e7725c128266394019698e

SHA512
7bec68af0dd7d76f360e7fb3734aa149688973933187ee862b2102ba9e52c6aef4fc58ff17ecde2a8be93f0c116c94e4352b99e3483c2e9f99f14ecee57d6abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
9705702a2f4d9f28ae563a512888c71e

SHA1
1f4b7bf72e06c998c10e7cea653178c6fac390d6

SHA256
e756cc267d9403e86ef5c6270f5a255b15bc4b34544fd0badda08ab6d10a21e1

SHA512
881dc95bde0e383acbefa689c61b00797abd428ee8e9592389dc982d53e67dc2bf6f59576a56897ba8862c10e982a8ef4b5e989016e715f4c240a165939087d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b299fc01f1c1206e2a8fc38b6be0cdbd

SHA1
80922e2347442f129231b1f0a3273465bf7001db

SHA256
f05f4eb2a340455719caa7c62d0a6394094f28e8378b424f49d1e0eb33842821

SHA512
4f8a130e33da704839b19d83f6ce890d802d9305f5add066c15f7b634dc5d762551121c21457dae398993ef190560c4259ab075fd88773ed7e8245a041269024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
afc33a3715e77756b7818189c034287c

SHA1
05dae909ea9faf00762688c095b1313b7ca33e30

SHA256
db89d5226b2a3235f0bb113c4418f60d89b18990bd414e6b334c35a037ff616d

SHA512
ca83ae445a772d3d5252fc90496c36fdd0f2e7b19bb31d9ed6034da70f2aa08a8191b148d1827d9afb5bd32344575f1d78b931e512549d7c772ee545f1dc7d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
46c30bb5be80406ba066b73335f10123

SHA1
f0ede86f043d0e591a914447fce006c8d5acbf04

SHA256
9334516dad1b6d88cf6d34229c5dc35f1524b4a641e39153adcd3a92143db6d3

SHA512
efc47fbd4c33d7ec6be0fab6b5a7f8ac9d869a5fdd19246ebd1ad863bd9ef94adf64abb88d5f46402ea5b6cd4493e3c9b688c3c85957a7c9b2ece53159a62fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
82cf4b4e1d7a00cbb4c5f2194742a88f

SHA1
be7e88762cae977fc770fbd6c41bff1a6b33ddcb

SHA256
41e4fd95aeb7df99fb0578471c492e15a07e9fbb8ecd7ce131550148d7c9ee59

SHA512
59b0fd23bf82515b597f94eec625532b78040b0633ac6d0074eb1368aa5405cd8175a052804e61de68427c7ef1cd59ad5a4a2e4a5042952f840b2ffc586dedf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
12014eb14b6e3fc92f2e2f2fe8eb1845

SHA1
fa15c246740e91026ad950bc01caba4699525ba0

SHA256
b42bfb60b8530bab29e42b318041dbc09761f088743e52a56fbeecdc171ad3cb

SHA512
da27dbb3161abde5d5d24c87580571ac98f36b9cf91a7cde630afec5175e8aa3c30f8329b558a017b99915f7d7721aff0213b89357704db1ea358db599a2db26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4b6994e94d1f13b7db4c6333d4ca38e9

SHA1
11fa68f2f49f9faef938a1d8515d16def4d9f457

SHA256
2c0834ab4b268cc4b7ab8bee7ae24e3d97392f6e2a4a64fb80ce2de6aabef14d

SHA512
30564a4f56aa05b51d68ad33bd6f8a14d85cc9da97f939beb7a02d257b65615779635accb11c69ce74fad3e1642c4d07bfb718939f7f3f654b7e27ac03e90aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9cc55eb23c4376e30fe47b8051371467

SHA1
55b29bc125482345fe474b6d8a981694c782ad13

SHA256
37019f139c29749691253ae6582f78e90cd398432c343feedd15d3411c588e34

SHA512
aacebffd921aeabe81143e9e3c8510c5104d376827ab21afd2c37632c51a21cca8a3d46748140b8d8a3d2a19e88502e39e26efafbb7b18165297ca739233b36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
cbfe3dadeede781c90fd5f797d1cd94d

SHA1
ffce7fd088974665f27b0450d6be1c242eab95a3

SHA256
dfbd3ab2a6e5c95b637db4c148e5b2e024529a8ce81c7b3843b9ce78db911baa

SHA512
7fc04948f8c86086319dc8d57eb0744eba401d24d6d462fcd0047ac11f0467dfb6eac1126203b8606defa8b3af7e6a247526b53cdf612517f515f08a7be5e4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
8e13c868d422a4ae0d4478b67aeb9f5c

SHA1
c8ff9a35ceb7ba4b6b854fef42282e88e50f57d4

SHA256
56e2e2d619c215d8eee5b2eba70126a1853f2bedd6e02aca6b22dc3c122fedf0

SHA512
583541c5d91dd80ec538910b7a8bb06a697be53173e89fb4d4e3172af96587634789c2cf983995d19227bd819a25b23f235d322165f3a59242eca38c2b24f435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8c6ad47c2934435ed5fe507b269b6ccc

SHA1
8e4544d771c2aa335411b179db8cd4ce926ea13a

SHA256
83c9a2394433e64c043caa9ac240b9f58f5d81cf1ad74bc4c14f004578c3af43

SHA512
2b72f841c29c6797ac1724eca21545caeea78b412ae19ff02eb29028157bde0c31309d80ec298b16c4054019726aef11178a6be35fd6f8f9cd0f23a6d7adf1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4571a85e500a22de95510a376e25153b

SHA1
0c713c0fb3aa7a47b49115460952cd26b4fb56e1

SHA256
166b83791425f77dcfe6a688658a70c23c12718287cd247bd2dfe29cd8789d15

SHA512
0395ddbefa5db345c7925be7acffd4ebb47df6472cf071a5bbefb9a01d4ae92eae24a1d1761f45a5bd4d1799fc754d0668d087ffe9f314e9df38c1a913279dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
c19afeb0f2a8fd7dd926720f698af169

SHA1
2f5b71132a78e8a665d684d188cf984d53a53d56

SHA256
4f52a4db2c97798bf73e58e6d23d17eebd8ea4de581aa3a55e5690f91da167aa

SHA512
fe0482029e56fee68adbe93154477b8f615a4662c6656c4ff4b7b558c6194ecafdc90f7a91b4c5b96cf0cc9b3cb0678402c818a4fecc40a7ab35aaee547e5efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
ca25e1749effe36e41c051578996a394

SHA1
53bd954b0b3b24b353fdda9159310ea2c623a39b

SHA256
f4983a041231bfd6cbf5aeac3a3c792684c246a355b35e6d5ac40f57cf24b06d

SHA512
baaa97c2317312def8c6d85153dcfe44e9d9d33ab5094c018e10595f7665c5e7bb56a132d691710a1edc7bcb469269c00d0e3397f0822eef074ac41785d60426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
9114bbb47d5d7d45eb9645cf2a4b530a

SHA1
02382a32665e200fbb49b17e10f8a340581fc55c

SHA256
0e7b1df40824c54088c318904ffa4ea96f4dadc28a6c410b16aff13daab55685

SHA512
0a29a87ffad8cc2b25b766da4ade842de9b8fea70a6ae88f149922b1b2a6074dd52be043f4e3a6b10577930115383716d31937b6f946d88d6968b136173c1f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Entropy.zip
Filesize
30.1MB

MD5
7f51fcdfc10aadf8d8a3153a5e8ad704

SHA1
db2c0707840da87ba44917c16c3e09acc000c77d

SHA256
12f2e217abd5676ac034ba110f5f03811f9e565f41b40d7b0df2ee3ae3e71e03

SHA512
53c6b63c093d7fe56da0fd291abf2f9b16d561661bfb766e3dfe7a879c30a1c0d39f9d0a8b2dd1d99922effff70cf0b969ea10b2b83680e633a448cd1abe4ba7

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again.rar
Filesize
30.1MB

MD5
aa3f2c6f0f7e60787e634e32936eacfa

SHA1
ef40936c3f976fe6c754ab5f7cb9833ffe3d36d2

SHA256
a7527258a4e5c1274208f3da825376d23b148cd729d318c871cc86ad2e464c74

SHA512
80330ec86e24baaf78cdd20edc8bb257a08ef60bc5fb840311f68d15ea90ded2e7c13cbd1c2f0b24afddce317561a013f989ac3a54504363e11e009b64b9edec

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a.rar
Filesize
30.1MB

MD5
61e65448800b950ad6227685dc6a3223

SHA1
6b686a844a48a6d2c0dbc352e27c2c37629e8d7a

SHA256
ee16484470f2d15706c327e9c229fb6647851960220505fdfebdd835a77b33af

SHA512
36b169af5a26ab5c47f6d804703b2812f5cc91b360d7a1a57314118593b9f155ff5c5d2010623ae328a018e4227bf049fc0d8069fae1c11ff47db2921336974e

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe
Filesize
5.7MB

MD5
3ede242cabdcb2e4c924cbe57bf0c98b

SHA1
5020f590ab691d6112fb9b59edeac682e2f8ccc3

SHA256
bc59a0885c8bb6c546dc0d24fdb11ed5455fda613211a7eefb78efa4cf7142d0

SHA512
0aada6083ebd5c61a7b31016eea34aa6fb22e5e009475e6a816364e0519cb3e0b754d265bb3bd36a81d8ee619a31f4fb9ed3337b915213dadad225abf8da21ae

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe
Filesize
5.7MB

MD5
3ede242cabdcb2e4c924cbe57bf0c98b

SHA1
5020f590ab691d6112fb9b59edeac682e2f8ccc3

SHA256
bc59a0885c8bb6c546dc0d24fdb11ed5455fda613211a7eefb78efa4cf7142d0

SHA512
0aada6083ebd5c61a7b31016eea34aa6fb22e5e009475e6a816364e0519cb3e0b754d265bb3bd36a81d8ee619a31f4fb9ed3337b915213dadad225abf8da21ae

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo Patcher.exe
Filesize
5.7MB

MD5
3ede242cabdcb2e4c924cbe57bf0c98b

SHA1
5020f590ab691d6112fb9b59edeac682e2f8ccc3

SHA256
bc59a0885c8bb6c546dc0d24fdb11ed5455fda613211a7eefb78efa4cf7142d0

SHA512
0aada6083ebd5c61a7b31016eea34aa6fb22e5e009475e6a816364e0519cb3e0b754d265bb3bd36a81d8ee619a31f4fb9ed3337b915213dadad225abf8da21ae

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo.dll
Filesize
25KB

MD5
1cade37d0c3b470e45b262b4b6338b9d

SHA1
3cae3cbdd5553c5ca8155878f1ead847413ea7dc

SHA256
2a1b942d5edc00d800b6adf1ec822dc2198096f9b2a274b279eed5d4de1c89ac

SHA512
e628d15c1075d163e7994b7607b3477685b0381da67c2fe485fd8212b05e6b2837ba3bab098083082f01209daa864501df00e30067062886a5a416bce8941def

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\Kangaroo.dll
Filesize
25KB

MD5
1cade37d0c3b470e45b262b4b6338b9d

SHA1
3cae3cbdd5553c5ca8155878f1ead847413ea7dc

SHA256
2a1b942d5edc00d800b6adf1ec822dc2198096f9b2a274b279eed5d4de1c89ac

SHA512
e628d15c1075d163e7994b7607b3477685b0381da67c2fe485fd8212b05e6b2837ba3bab098083082f01209daa864501df00e30067062886a5a416bce8941def

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe
Filesize
8.2MB

MD5
524f67ffd889c34fa7e16482f8a05ccb

SHA1
0c76c178940c9444e83e774974d24f24119d0258

SHA256
ab33e56d4b89961a4b6907f2502c6348d8113a33acce6fb0dc3ccb8f06331a09

SHA512
9fd437b6d0ac837e84e5b61b3b169e050608b6f9b87df1e71cbee7ef900b6b2a50d9855c46eaf56bfd61201ba1cbdbc75b1dc4b80c138e166accdd556de23573

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy (old)\entropy.exe
Filesize
8.2MB

MD5
524f67ffd889c34fa7e16482f8a05ccb

SHA1
0c76c178940c9444e83e774974d24f24119d0258

SHA256
ab33e56d4b89961a4b6907f2502c6348d8113a33acce6fb0dc3ccb8f06331a09

SHA512
9fd437b6d0ac837e84e5b61b3b169e050608b6f9b87df1e71cbee7ef900b6b2a50d9855c46eaf56bfd61201ba1cbdbc75b1dc4b80c138e166accdd556de23573

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe
Filesize
11.5MB

MD5
b0dc9a1cefbc083bac5a54a02429692d

SHA1
33dc91058557075ef6dc5248b0e88d37f14c0cb5

SHA256
b76402869c68a900178d62543b2f0451ff5f3106ca8df4512d9db27105dbad1d

SHA512
1d479199ba1265fe88fc20073b566879fbaf929580ed6b39c408267b210097b78a6d16c384238b14ed3337a4bfd9b1ca24cc3f795e1ddabe89f947b7a09d205a

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe
Filesize
11.5MB

MD5
b0dc9a1cefbc083bac5a54a02429692d

SHA1
33dc91058557075ef6dc5248b0e88d37f14c0cb5

SHA256
b76402869c68a900178d62543b2f0451ff5f3106ca8df4512d9db27105dbad1d

SHA512
1d479199ba1265fe88fc20073b566879fbaf929580ed6b39c408267b210097b78a6d16c384238b14ed3337a4bfd9b1ca24cc3f795e1ddabe89f947b7a09d205a

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\EntropyV3.exe
Filesize
11.5MB

MD5
b0dc9a1cefbc083bac5a54a02429692d

SHA1
33dc91058557075ef6dc5248b0e88d37f14c0cb5

SHA256
b76402869c68a900178d62543b2f0451ff5f3106ca8df4512d9db27105dbad1d

SHA512
1d479199ba1265fe88fc20073b566879fbaf929580ed6b39c408267b210097b78a6d16c384238b14ed3337a4bfd9b1ca24cc3f795e1ddabe89f947b7a09d205a

Download Submit
C:\Users\Admin\Downloads\Entropy\Entropy again\Entropy a\entropy\READ ME.txt
Filesize
533B

MD5
babdd2019b474c09bb74e08a45be1007

SHA1
b36773263dd498d36090d75ed92a79ed74452b10

SHA256
d029342db9a0d5078fad181b0df85bb44225325959ed87ad7aff0b17027fd9a6

SHA512
bf1517c0c0dce6749f52621358445cf39b2315c931a7551ec781ed02db552ba6dc5d05c0c69abdff4c834294150f83d82b9984ac69938fc1e744a2df20672616

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 836096.crdownload
Filesize
992KB

MD5
64f738db06991cfc73b5fb1205a1d629

SHA1
bae106418be1c07577154842dbc3c1c7617951e0

SHA256
5d98c10076f142ff9c9a6b0145c28deb4f2b7a7f51cb199f25f966f9371e69b6

SHA512
9cc64781d1e20347e64610613aa73287f0ea33919f9c87e04512b24f215c531cd466866be6deb0ed859daa902d82d0334a75db781eafe9378adb2c86b797c521

Download Submit
\??\pipe\crashpad_2164_EEVVYCXYMLCZSTUI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2456-586-0x0000000140000000-0x0000000141003000-memory.dmp

Filesize
16.0MB

Download
memory/3248-613-0x00007FFC8EA30000-0x00007FFC8EA32000-memory.dmp

Filesize
8KB

Download
memory/3248-615-0x00007FF7F1540000-0x00007FF7F24C3000-memory.dmp

Filesize
15.5MB

Download
memory/3248-614-0x00007FFC8EA40000-0x00007FFC8EA42000-memory.dmp

Filesize
8KB

Download
memory/4180-602-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp

Filesize
15.0MB

Download
memory/4180-603-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp

Filesize
15.0MB

Download
memory/4576-605-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp

Filesize
15.0MB

Download
memory/4576-611-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp

Filesize
15.0MB

Download
memory/4576-612-0x00007FF66DC50000-0x00007FF66EB46000-memory.dmp

Filesize
15.0MB

Download
memory/5280-619-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-621-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-620-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-625-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-626-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-627-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-628-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-629-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-630-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5280-631-0x00000218C5F40000-0x00000218C5F41000-memory.dmp

Filesize
4KB

Download
memory/5480-426-0x00007FFC8EA30000-0x00007FFC8EA32000-memory.dmp

Filesize
8KB

Download
memory/5480-427-0x00007FFC8EA40000-0x00007FFC8EA42000-memory.dmp

Filesize
8KB

Download
memory/5480-428-0x0000000140000000-0x0000000141003000-memory.dmp

Filesize
16.0MB

Download