Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
29-06-2024 18:15
Static task
static1
Behavioral task
behavioral1
Sample
H2.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
H2.exe
Resource
win10v2004-20240611-en
General
-
Target
H2.exe
-
Size
22KB
-
MD5
669902e0baf0307086c9d347c66152a8
-
SHA1
96a5cc7d488c2273ae58a3ef22bc468d61684132
-
SHA256
900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea
-
SHA512
06f6538048379ce7c861671592b6d04989c4b3400b4875cc50b889404a731e3602aa64a78be654a1b151ae3e39419d21f6877b8eb6c6dfc214a653ef276d227f
-
SSDEEP
384:Ql5PmFkkRZNVbwpumK3pms4eZXsKjX5msMU80UVIx2bOKJSyol+wTMUufNpJDlVX:QlekkLmKPXsK06UbTQVM/nlQ9
Malware Config
Signatures
-
Processes:
H2.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" H2.exe -
Disables RegEdit via registry modification 1 IoCs
Processes:
H2.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" H2.exe -
Possible privilege escalation attempt 30 IoCs
Processes:
takeown.exetakeown.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exetakeown.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exetakeown.exetakeown.exetakeown.exetakeown.exeicacls.exepid process 2428 takeown.exe 316 takeown.exe 7928 icacls.exe 2720 icacls.exe 3056 icacls.exe 3008 takeown.exe 2740 icacls.exe 7756 takeown.exe 2168 icacls.exe 1696 takeown.exe 2568 icacls.exe 4628 takeown.exe 2504 icacls.exe 2784 takeown.exe 2296 takeown.exe 5444 icacls.exe 2672 icacls.exe 5624 takeown.exe 848 icacls.exe 2748 takeown.exe 3312 takeown.exe 828 icacls.exe 1644 icacls.exe 1604 icacls.exe 1696 icacls.exe 2668 takeown.exe 2560 takeown.exe 756 takeown.exe 2324 takeown.exe 3524 icacls.exe -
Executes dropped EXE 1 IoCs
Processes:
H2.exepid process 1968 H2.exe -
Modifies file permissions 1 TTPs 30 IoCs
Processes:
icacls.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exetakeown.exetakeown.exetakeown.exeicacls.exetakeown.exetakeown.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exetakeown.exetakeown.exetakeown.exeicacls.exetakeown.exetakeown.exepid process 7928 icacls.exe 3056 icacls.exe 828 icacls.exe 2568 icacls.exe 4628 takeown.exe 2740 icacls.exe 2784 takeown.exe 1644 icacls.exe 2668 takeown.exe 1604 icacls.exe 2168 icacls.exe 1696 icacls.exe 2672 icacls.exe 2748 takeown.exe 7756 takeown.exe 5624 takeown.exe 2504 icacls.exe 2428 takeown.exe 756 takeown.exe 2296 takeown.exe 3524 icacls.exe 5444 icacls.exe 2560 takeown.exe 848 icacls.exe 3008 takeown.exe 1696 takeown.exe 3312 takeown.exe 2720 icacls.exe 2324 takeown.exe 316 takeown.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
H2.exeH2.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\H2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\H2.exe" H2.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\H2 = "C:\\H2.exe" H2.exe -
Processes:
H2.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA H2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" H2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 10 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exepid pid_target process target process 1596 2636 WerFault.exe X78Z42S0S27U2SV0K82.exe 2760 2504 WerFault.exe icacls.exe 1644 1988 WerFault.exe 1912 2864 WerFault.exe 816 2272 WerFault.exe L68F35J6S61Q5VN0L83.exe 1920 2216 WerFault.exe 2412 2952 WerFault.exe R58N47J1B10R3VW5K64.exe 3056 1308 WerFault.exe 408 3264 WerFault.exe T05P43C3K85X0GV4G36.exe 8168 3636 WerFault.exe D58A18B4M70N2PY0D33.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
H2.exeH2.exetakeown.exedescription pid process Token: SeDebugPrivilege 2020 H2.exe Token: SeDebugPrivilege 1968 H2.exe Token: SeDebugPrivilege 1968 H2.exe Token: SeTakeOwnershipPrivilege 2668 takeown.exe -
Suspicious use of WriteProcessMemory 16 IoCs
Processes:
H2.exeH2.execmd.exedescription pid process target process PID 2020 wrote to memory of 1968 2020 H2.exe H2.exe PID 2020 wrote to memory of 1968 2020 H2.exe H2.exe PID 2020 wrote to memory of 1968 2020 H2.exe H2.exe PID 2020 wrote to memory of 1968 2020 H2.exe H2.exe PID 1968 wrote to memory of 2384 1968 H2.exe cmd.exe PID 1968 wrote to memory of 2384 1968 H2.exe cmd.exe PID 1968 wrote to memory of 2384 1968 H2.exe cmd.exe PID 1968 wrote to memory of 2384 1968 H2.exe cmd.exe PID 2384 wrote to memory of 2668 2384 cmd.exe takeown.exe PID 2384 wrote to memory of 2668 2384 cmd.exe takeown.exe PID 2384 wrote to memory of 2668 2384 cmd.exe takeown.exe PID 2384 wrote to memory of 2668 2384 cmd.exe takeown.exe PID 2384 wrote to memory of 2720 2384 cmd.exe icacls.exe PID 2384 wrote to memory of 2720 2384 cmd.exe icacls.exe PID 2384 wrote to memory of 2720 2384 cmd.exe icacls.exe PID 2384 wrote to memory of 2720 2384 cmd.exe icacls.exe -
System policy modification 1 TTPs 3 IoCs
Processes:
H2.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" H2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" H2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" H2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\H2.exe"C:\Users\Admin\AppData\Local\Temp\H2.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\H2.exe"C:\H2.exe"2⤵
- UAC bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System324⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\X78Z42S0S27U2SV0K82.exe"C:\$Recycle.Bin\X78Z42S0S27U2SV0K82.exe"3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 5604⤵
- Program crash
-
C:\Documents and Settings\U20L83Y6N42Y5MY3W88.exe"C:\Documents and Settings\U20L83Y6N42Y5MY3W88.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\L68F35J6S61Q5VN0L83.exe"C:\$Recycle.Bin\L68F35J6S61Q5VN0L83.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 5606⤵
- Program crash
-
C:\Documents and Settings\D17S66Y0L67F5KU6F28.exe"C:\Documents and Settings\D17S66Y0L67F5KU6F28.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"7⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System328⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\J28W26P7N78B6EN5Y06.exe"C:\$Recycle.Bin\J28W26P7N78B6EN5Y06.exe"7⤵
-
C:\Documents and Settings\P47H16E5R32E2SF7N03.exe"C:\Documents and Settings\P47H16E5R32E2SF7N03.exe"7⤵
-
C:\H2.exe"C:\H2.exe"8⤵
-
C:\MSOCache\K33F64X1R73J3RU4I57.exe"C:\MSOCache\K33F64X1R73J3RU4I57.exe"7⤵
-
C:\PerfLogs\D80C04I0D25J7DN7B77.exe"C:\PerfLogs\D80C04I0D25J7DN7B77.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20to%20get%20free%20money%20no%20virus7⤵
-
C:\Program Files\S27A41B2R81Y0TV3U64.exe"C:\Program Files\S27A41B2R81Y0TV3U64.exe"7⤵
-
C:\H2.exe"C:\H2.exe"8⤵
-
C:\Program Files (x86)\L48E82X8U50G0ZR1R47.exe"C:\Program Files (x86)\L48E82X8U50G0ZR1R47.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=mcafee%20vs%20norton%202024%20free7⤵
-
C:\ProgramData\B05Z70K4A20X2NL2X54.exe"C:\ProgramData\B05Z70K4A20X2NL2X54.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%202%20remove%20virus7⤵
-
C:\Recovery\Y01S08R8F63G0OV0W52.exe"C:\Recovery\Y01S08R8F63G0OV0W52.exe"7⤵
-
C:\Users\L41B31V7K70D1ME3T86.exe"C:\Users\L41B31V7K70D1ME3T86.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20remove%20virus%202024%20free%20method7⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit7⤵
-
C:\Windows\F08Q60Z5P23Y7IN0X30.exe"C:\Windows\F08Q60Z5P23Y7IN0X30.exe"7⤵
-
C:\MSOCache\M78D86C0L55S5TZ6Y23.exe"C:\MSOCache\M78D86C0L55S5TZ6Y23.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"7⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System328⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\D58A18B4M70N2PY0D33.exe"C:\$Recycle.Bin\D58A18B4M70N2PY0D33.exe"7⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 5608⤵
- Program crash
-
C:\Documents and Settings\X38F44K6B30X6HS4Y50.exe"C:\Documents and Settings\X38F44K6B30X6HS4Y50.exe"7⤵
-
C:\H2.exe"C:\H2.exe"8⤵
-
C:\MSOCache\D37Q78P5X05X1IP7V83.exe"C:\MSOCache\D37Q78P5X05X1IP7V83.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=minecraft%20hax%20download%202024%20free%20no%20virus%20undetected7⤵
-
C:\PerfLogs\S08A41M2L01X3GX1H03.exe"C:\PerfLogs\S08A41M2L01X3GX1H03.exe"7⤵
-
C:\Program Files\N40G56H3I02P8GP8G48.exe"C:\Program Files\N40G56H3I02P8GP8G48.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=skrillex%20scary%20monster%20and%20nice%20sprites7⤵
-
C:\Program Files (x86)\S78Y13X7X62T0MS4M02.exe"C:\Program Files (x86)\S78Y13X7X62T0MS4M02.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%202%20buy%20large%20amounts%20of%20highly%20illegal%20substances%20undetected%202039%20method7⤵
-
C:\ProgramData\L01I27E1I85H5QL0M80.exe"C:\ProgramData\L01I27E1I85H5QL0M80.exe"7⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=skrillex%20scary%20monster%20and%20nice%20sprites7⤵
-
C:\Recovery\M56G11I1V12G2RY6F70.exe"C:\Recovery\M56G11I1V12G2RY6F70.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%205%20mobile%20apk%20no%20virus%20free%20download7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=club%20penguin5⤵
-
C:\PerfLogs\Z40K74P2L27J7KJ2V22.exe"C:\PerfLogs\Z40K74P2L27J7KJ2V22.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=skrillex%20scary%20monster%20and%20nice%20sprites5⤵
-
C:\Program Files\F78I72L3K74Y1TC5Y57.exe"C:\Program Files\F78I72L3K74Y1TC5Y57.exe"5⤵
-
C:\Program Files (x86)\B33K76X6P71P8EV2M72.exe"C:\Program Files (x86)\B33K76X6P71P8EV2M72.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20to%20tell%20if%20i%20pregunate5⤵
-
C:\MSOCache\C83C35Y3Z53O4NK4K43.exe"C:\MSOCache\C83C35Y3Z53O4NK4K43.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\U43U38C7X66H4UM7M66.exe"C:\$Recycle.Bin\U43U38C7X66H4UM7M66.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 5606⤵
- Program crash
-
C:\Documents and Settings\R13F45R6M45H0HO3Y57.exe"C:\Documents and Settings\R13F45R6M45H0HO3Y57.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%206%20premium%20free%20download%20no%20virus%20undetected%203am%20challenge5⤵
-
C:\MSOCache\J06V66L6T36Y2IL5W22.exe"C:\MSOCache\J06V66L6T36Y2IL5W22.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"7⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System328⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\PerfLogs\E47I88I4Q06T3SE1H17.exe"C:\PerfLogs\E47I88I4Q06T3SE1H17.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=minecraft%20hax%20download%202024%20free%20no%20virus%20undetected5⤵
-
C:\Program Files\E51Q41W8L17A3KK3R51.exe"C:\Program Files\E51Q41W8L17A3KK3R51.exe"5⤵
-
C:\PerfLogs\R23Y37P0M87E4XN4N17.exe"C:\PerfLogs\R23Y37P0M87E4XN4N17.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\D28X30N0R74J5BO3N17.exe"C:\$Recycle.Bin\D28X30N0R74J5BO3N17.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 5606⤵
- Program crash
-
C:\Documents and Settings\R11H06T7W35K7UA1W07.exe"C:\Documents and Settings\R11H06T7W35K7UA1W07.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"7⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System328⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\K80E07H7M15G1UV4O28.exe"C:\$Recycle.Bin\K80E07H7M15G1UV4O28.exe"7⤵
-
C:\Documents and Settings\S56W56E8E41V2KH2H66.exe"C:\Documents and Settings\S56W56E8E41V2KH2H66.exe"7⤵
-
C:\MSOCache\O75T71K7I31A7PP6Y71.exe"C:\MSOCache\O75T71K7I31A7PP6Y71.exe"7⤵
-
C:\PerfLogs\L07B14E3L78Y3JK3U64.exe"C:\PerfLogs\L07B14E3L78Y3JK3U64.exe"7⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=best%20way%20to%20kill%20yourself%202024%20method%20free%20ultra%20undetected7⤵
-
C:\MSOCache\X64H15C6Q10B2GC4J62.exe"C:\MSOCache\X64H15C6Q10B2GC4J62.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"7⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System328⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\PerfLogs\Y73L06W5J07I1TM3W06.exe"C:\PerfLogs\Y73L06W5J07I1TM3W06.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20remove%20virus%202024%20free%20method5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=club%20penguin5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:26⤵
-
C:\Program Files\D06C42V6F77N6CK1P46.exe"C:\Program Files\D06C42V6F77N6CK1P46.exe"5⤵
-
C:\Program Files (x86)\N22N16E7B71C2ZO4Y72.exe"C:\Program Files (x86)\N22N16E7B71C2ZO4Y72.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20to%20get%20free%20money%20no%20virus5⤵
-
C:\ProgramData\H01B22W0L63Z3CP1Z55.exe"C:\ProgramData\H01B22W0L63Z3CP1Z55.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=mcafee%20vs%20norton%202024%20free5⤵
-
C:\Recovery\W05X47M2Y21M6CR4V43.exe"C:\Recovery\W05X47M2Y21M6CR4V43.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=system%20to%20user%20exploit%20bypass%20undetect%202027%20method%20free%20fud5⤵
-
C:\Users\K57X01N4T81C4DN0J77.exe"C:\Users\K57X01N4T81C4DN0J77.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%202%20buy%20large%20amounts%20of%20highly%20illegal%20substances%20undetected%202039%20method5⤵
-
C:\Windows\M80Y75P2J76K4QH0Q25.exe"C:\Windows\M80Y75P2J76K4QH0Q25.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=system%20to%20user%20exploit%20bypass%20undetect%202027%20method%20free%20fud5⤵
-
C:\Program Files\U70A68S1C51O0VI2A33.exe"C:\Program Files\U70A68S1C51O0VI2A33.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\R58N47J1B10R3VW5K64.exe"C:\$Recycle.Bin\R58N47J1B10R3VW5K64.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 5406⤵
- Program crash
-
C:\Documents and Settings\F03E76W5E34W6NJ6W46.exe"C:\Documents and Settings\F03E76W5E34W6NJ6W46.exe"5⤵
-
C:\MSOCache\E40N62X4V03X3IZ8P06.exe"C:\MSOCache\E40N62X4V03X3IZ8P06.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%205%20mobile%20apk%20no%20virus%20free%20download5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\Program Files (x86)\Q25F40L6Y01G3QV5I67.exe"C:\Program Files (x86)\Q25F40L6Y01G3QV5I67.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\R58N47J1B10R3VW5K64.exe"C:\$Recycle.Bin\R58N47J1B10R3VW5K64.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 5606⤵
- Program crash
-
C:\Documents and Settings\G38L06J6N66F7UH1G36.exe"C:\Documents and Settings\G38L06J6N66F7UH1G36.exe"5⤵
-
C:\MSOCache\V42X02H1B25K1NR0E11.exe"C:\MSOCache\V42X02H1B25K1NR0E11.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20remove%20virus%202024%20free%20method5⤵
-
C:\PerfLogs\V60C87N5Y12N6BR5A14.exe"C:\PerfLogs\V60C87N5Y12N6BR5A14.exe"5⤵
-
C:\Program Files\Q08Q87V6Q58K5JO6E26.exe"C:\Program Files\Q08Q87V6Q58K5JO6E26.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=virus%20builder%20legit%20free%20download%20no%20virus5⤵
-
C:\Program Files (x86)\T73X24F2E27X7UI0N44.exe"C:\Program Files (x86)\T73X24F2E27X7UI0N44.exe"5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\ProgramData\J58B80U7X86G3GF5U46.exe"C:\ProgramData\J58B80U7X86G3GF5U46.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\C32H86R1B08S4ID7D85.exe"C:\$Recycle.Bin\C32H86R1B08S4ID7D85.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 5406⤵
- Program crash
-
C:\Documents and Settings\M51J48Y7O20Y3DY2O65.exe"C:\Documents and Settings\M51J48Y7O20Y3DY2O65.exe"5⤵
-
C:\MSOCache\P15M67N3Z68J8ZW4U16.exe"C:\MSOCache\P15M67N3Z68J8ZW4U16.exe"5⤵
-
C:\PerfLogs\Z78N53E6G22M5YS8L47.exe"C:\PerfLogs\Z78N53E6G22M5YS8L47.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Q27T10B7U80Q8SC5E41.exe"C:\Program Files\Q27T10B7U80Q8SC5E41.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%205%20mobile%20apk%20no%20virus%20free%20download5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\Program Files (x86)\B85E81X2C00F3QE8F41.exe"C:\Program Files (x86)\B85E81X2C00F3QE8F41.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=why%20am%20i%20extremely%20gay%3F5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=system%20to%20user%20exploit%20bypass%20undetect%202027%20method%20free%20fud5⤵
-
C:\Recovery\O65R81R3T25L6KX8V64.exe"C:\Recovery\O65R81R3T25L6KX8V64.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\R11H06T7W35K7UA1W07.exe"C:\$Recycle.Bin\R11H06T7W35K7UA1W07.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 5606⤵
- Program crash
-
C:\Documents and Settings\I84J56C2F63M7IR8O10.exe"C:\Documents and Settings\I84J56C2F63M7IR8O10.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\MSOCache\C76H07Y4Z70R7SH8E61.exe"C:\MSOCache\C76H07Y4Z70R7SH8E61.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\PerfLogs\Y16J40D4Q64F3BE8W27.exe"C:\PerfLogs\Y16J40D4Q64F3BE8W27.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\D82M88K7K11V8XA2R53.exe"C:\Program Files\D82M88K7K11V8XA2R53.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%206%20premium%20free%20download%20no%20virus%20undetected%203am%20challenge5⤵
-
C:\Program Files (x86)\N74M80A4H52X2TL6Q11.exe"C:\Program Files (x86)\N74M80A4H52X2TL6Q11.exe"5⤵
-
C:\ProgramData\H83T84X1R17K3ZP6B53.exe"C:\ProgramData\H83T84X1R17K3ZP6B53.exe"5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=minecraft%20hax%20download%202024%20free%20no%20virus%20undetected5⤵
-
C:\Recovery\Y51X01J5O85J4DS4K20.exe"C:\Recovery\Y51X01J5O85J4DS4K20.exe"5⤵
-
C:\Users\M05O30X0R10P7UF5V01.exe"C:\Users\M05O30X0R10P7UF5V01.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=why%20am%20i%20extremely%20gay%3F5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%206%20premium%20free%20download%20no%20virus%20undetected%203am%20challenge5⤵
-
C:\Users\Y01C65B4Q28A2HC3E00.exe"C:\Users\Y01C65B4Q28A2HC3E00.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\H44T47B2S72S1AG8N46.exe"C:\$Recycle.Bin\H44T47B2S72S1AG8N46.exe"5⤵
-
C:\Documents and Settings\Q27T10B7U80Q8SC5E41.exe"C:\Documents and Settings\Q27T10B7U80Q8SC5E41.exe"5⤵
-
C:\MSOCache\R51B16Z2X08A7XD5G57.exe"C:\MSOCache\R51B16Z2X08A7XD5G57.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=virus.exe5⤵
-
C:\PerfLogs\U68Q40G3O66Y0OZ8S83.exe"C:\PerfLogs\U68Q40G3O66Y0OZ8S83.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=minecraft%20hax%20download%202024%20free%20no%20virus%20undetected5⤵
-
C:\Program Files\S18V27A2A35W7ME4B87.exe"C:\Program Files\S18V27A2A35W7ME4B87.exe"5⤵
-
C:\H2.exe"C:\H2.exe"6⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%206%20premium%20free%20download%20no%20virus%20undetected%203am%20challenge5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20do%20i%20make%20sure%20i%20deeply%20enjoy%20anal%20sex5⤵
-
C:\Program Files (x86)\X23T58V8Z25J4KX1Y35.exe"C:\Program Files (x86)\X23T58V8Z25J4KX1Y35.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=best%20way%20to%20kill%20yourself%202024%20method%20free%20ultra%20undetected5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20to%20send%20virus%202%20friend%20undetected5⤵
-
C:\ProgramData\C11D64H8N73F8LW3G85.exe"C:\ProgramData\C11D64H8N73F8LW3G85.exe"5⤵
-
C:\Recovery\U42F88D1H03J3KL7W30.exe"C:\Recovery\U42F88D1H03J3KL7W30.exe"5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\Users\X07T87J3X27C3GE5V10.exe"C:\Users\X07T87J3X27C3GE5V10.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20do%20i%20make%20sure%20i%20deeply%20enjoy%20anal%20sex5⤵
-
C:\Windows\Y78R47N7L21D6ST8U78.exe"C:\Windows\Y78R47N7L21D6ST8U78.exe"5⤵
-
C:\Windows\D60M26I5G73Y0JZ2R52.exe"C:\Windows\D60M26I5G73Y0JZ2R52.exe"3⤵
-
C:\H2.exe"C:\H2.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "Admin:F"5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f C:\Windows\System326⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32 /grant "Admin:F"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\$Recycle.Bin\T05P43C3K85X0GV4G36.exe"C:\$Recycle.Bin\T05P43C3K85X0GV4G36.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 5606⤵
- Program crash
-
C:\Documents and Settings\K32A02H1M65F4AA7A78.exe"C:\Documents and Settings\K32A02H1M65F4AA7A78.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20to%20tell%20if%20i%20pregunate5⤵
-
C:\MSOCache\Y83U47C5W63L3EB0G08.exe"C:\MSOCache\Y83U47C5W63L3EB0G08.exe"5⤵
-
C:\PerfLogs\R47M58I3L05K7NW4I82.exe"C:\PerfLogs\R47M58I3L05K7NW4I82.exe"5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=gta%205%20mobile%20apk%20no%20virus%20free%20download3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=skrillex%20scary%20monster%20and%20nice%20sprites3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && exit3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how%20to%20get%20free%20money%20no%20virus3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=why%20am%20i%20extremely%20gay%3F3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\H2.exeFilesize
22KB
MD5669902e0baf0307086c9d347c66152a8
SHA196a5cc7d488c2273ae58a3ef22bc468d61684132
SHA256900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea
SHA51206f6538048379ce7c861671592b6d04989c4b3400b4875cc50b889404a731e3602aa64a78be654a1b151ae3e39419d21f6877b8eb6c6dfc214a653ef276d227f
-
memory/268-151-0x0000000000C80000-0x0000000000C8C000-memory.dmpFilesize
48KB
-
memory/300-111-0x00000000013C0000-0x00000000013CC000-memory.dmpFilesize
48KB
-
memory/556-338-0x00000000001E0000-0x00000000001EC000-memory.dmpFilesize
48KB
-
memory/876-133-0x0000000000320000-0x000000000032C000-memory.dmpFilesize
48KB
-
memory/1308-162-0x0000000000380000-0x000000000038C000-memory.dmpFilesize
48KB
-
memory/1484-69-0x0000000000E70000-0x0000000000E7C000-memory.dmpFilesize
48KB
-
memory/1612-137-0x0000000000A80000-0x0000000000A8C000-memory.dmpFilesize
48KB
-
memory/1820-77-0x00000000009B0000-0x00000000009BC000-memory.dmpFilesize
48KB
-
memory/1924-334-0x0000000000840000-0x000000000084C000-memory.dmpFilesize
48KB
-
memory/1928-375-0x00000000012A0000-0x00000000012AC000-memory.dmpFilesize
48KB
-
memory/1968-28-0x00000000742B0000-0x000000007499E000-memory.dmpFilesize
6.9MB
-
memory/1968-9-0x00000000742B0000-0x000000007499E000-memory.dmpFilesize
6.9MB
-
memory/1968-8-0x0000000000870000-0x000000000087C000-memory.dmpFilesize
48KB
-
memory/1988-148-0x0000000001070000-0x000000000107C000-memory.dmpFilesize
48KB
-
memory/2020-0-0x00000000742BE000-0x00000000742BF000-memory.dmpFilesize
4KB
-
memory/2020-1-0x0000000001260000-0x000000000126C000-memory.dmpFilesize
48KB
-
memory/2216-159-0x00000000000B0000-0x00000000000BC000-memory.dmpFilesize
48KB
-
memory/2272-134-0x0000000001340000-0x000000000134C000-memory.dmpFilesize
48KB
-
memory/2308-332-0x0000000000880000-0x000000000088C000-memory.dmpFilesize
48KB
-
memory/2320-160-0x0000000000CD0000-0x0000000000CDC000-memory.dmpFilesize
48KB
-
memory/2384-139-0x0000000000850000-0x000000000085C000-memory.dmpFilesize
48KB
-
memory/2408-372-0x0000000000AF0000-0x0000000000AFC000-memory.dmpFilesize
48KB
-
memory/2504-149-0x0000000000F60000-0x0000000000F6C000-memory.dmpFilesize
48KB
-
memory/2544-41-0x0000000001190000-0x000000000119C000-memory.dmpFilesize
48KB
-
memory/2636-39-0x0000000000970000-0x000000000097C000-memory.dmpFilesize
48KB
-
memory/2640-52-0x0000000000240000-0x000000000024C000-memory.dmpFilesize
48KB
-
memory/2836-81-0x00000000003E0000-0x00000000003EC000-memory.dmpFilesize
48KB
-
memory/2864-147-0x0000000000C90000-0x0000000000C9C000-memory.dmpFilesize
48KB
-
memory/2880-86-0x00000000008A0000-0x00000000008AC000-memory.dmpFilesize
48KB
-
memory/3004-380-0x00000000009F0000-0x00000000009FC000-memory.dmpFilesize
48KB
-
memory/3240-291-0x0000000000350000-0x000000000035C000-memory.dmpFilesize
48KB
-
memory/3264-302-0x0000000000CE0000-0x0000000000CEC000-memory.dmpFilesize
48KB
-
memory/3316-280-0x00000000010C0000-0x00000000010CC000-memory.dmpFilesize
48KB
-
memory/3320-251-0x0000000000A20000-0x0000000000A2C000-memory.dmpFilesize
48KB
-
memory/3480-301-0x0000000000B40000-0x0000000000B4C000-memory.dmpFilesize
48KB
-
memory/3568-277-0x00000000002E0000-0x00000000002EC000-memory.dmpFilesize
48KB
-
memory/3584-313-0x0000000001130000-0x000000000113C000-memory.dmpFilesize
48KB
-
memory/3804-364-0x00000000011E0000-0x00000000011EC000-memory.dmpFilesize
48KB
-
memory/3884-240-0x00000000011C0000-0x00000000011CC000-memory.dmpFilesize
48KB
-
memory/3936-237-0x0000000000E90000-0x0000000000E9C000-memory.dmpFilesize
48KB
-
memory/4344-287-0x0000000000ED0000-0x0000000000EDC000-memory.dmpFilesize
48KB
-
memory/4728-306-0x00000000012B0000-0x00000000012BC000-memory.dmpFilesize
48KB
-
memory/4948-307-0x0000000000CC0000-0x0000000000CCC000-memory.dmpFilesize
48KB
-
memory/5088-305-0x00000000002F0000-0x00000000002FC000-memory.dmpFilesize
48KB
-
memory/5536-339-0x0000000000DB0000-0x0000000000DBC000-memory.dmpFilesize
48KB
-
memory/7792-389-0x0000000000A90000-0x0000000000A9C000-memory.dmpFilesize
48KB
-
memory/7852-388-0x0000000001360000-0x000000000136C000-memory.dmpFilesize
48KB