Analysis
-
max time kernel
112s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
29-06-2024 10:53
General
-
Target
https://mega.nz/folder/ZflXmB7b#pJtCDDPXU-sFsv-WfFcF2g
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 2 IoCs
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Themida packer 11 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 42 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/ZflXmB7b#pJtCDDPXU-sFsv-WfFcF2g1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c04047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1692 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1492,18120246873511342277,16569339806136458366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x470 0x4cc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Xworm-V5\Xworm-V5\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe"C:\Users\Admin\Downloads\Xworm-V5\Xworm-V5\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Xworm-V5\Xworm-V5\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe"C:\Users\Admin\Downloads\Xworm-V5\Xworm-V5\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026Filesize
17KB
MD5950eca48e414acbe2c3b5d046dcb8521
SHA11731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA51227e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD53137aaec7274813f23d11c40932f0dd6
SHA1e6af52b2112a1c3ec124c8727ce10ed26dab5f97
SHA256c6b085aa29f7e38035a68297dab6c23e0d55790d575433172da7c7c8d83a226e
SHA51298d7929223907b72263c81b8429d0e264cc2bb95ebb60d326199ca8ca48ffdbc05e30b9c2e966b2acf1ccef6349482056917e800e5d12d20d8df78ccdeff3205
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c1598f8153d5326b4430f585d5c4510d
SHA14717ef88abc9a5ebb17f02f0764144326a0d11e1
SHA2564a10ab33d2f64aeb2140012f0abaff29479466fc4480cf99777ffdffdb374270
SHA512686f2a4fa87ec35d89bae7d03ebe9dd8e2c618d356f061cdca42db4c23efb4020d4752c9fa0dd316a90bcfaf99af709da0fd47a8867e025e74bf325b2b32fdcc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e98838176ffc1a4e5219f46f904f64e7
SHA1edc7351780bd0e8bbbef3ef7d9786cd290bd8669
SHA2567a50b3c10e7b1ef410e58edde254c3fa8413224349aa26edced5a9eb734f04a1
SHA512e68e9c2b0c5bfac95bef6a0e1d52be4fe5b2ff42f3b80ae7a1dd561994c8697165fb9274a9de615441f3a5b5ed53f068723349673f7fa82306238c3d9a26a90e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ee46ae8e634f91eac5b045a8fc990f22
SHA1f851af6d2a353b5832480b606e7a14bace97b67c
SHA2565e9e456dbaea4a134e0a484c508002878c8e55a1a396efb473356c754e869a95
SHA512df134e73551d19c07e33dad3dd1f5fdf143e5820cd5e35f9699112ed70a1d514279bebe3583e9f14dc400ba471d0c8e94af1ec18fd0a0eb93ec6b2c984a8bd5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59cbba9178d6160027c377912d42250db
SHA1a66d8e6ba991d8a69f57db65d789048d67859e90
SHA2565ccd4da693d7853a5da750f467601781c8c5f40d4a318932d4edad0c19aa7779
SHA512f7b9229f6b2e65680fbabc05b2df9d07df4918038795363f0923219c12f2ce15740f6acfdb98ab9376ad9c60de5ae6565b2bb811515b1c9d6d5465d0aaee437b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b8254b8bb193f54dd45a91f78ec15e39
SHA1c4a01b42653ea73e43f810e9294524b47f129479
SHA256d5bae0a2ee30ed997d65d2fbe3c256ff2792df2e173221ebd27f1c67f87ed5e9
SHA5126b97c44baeea0db2d70fb74894c574d2ae4db2cce08832c37480b570a9f1da2e5cd41258067d18003af9bb7401aee9785932ce7b508513ce5126073b713a6235
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5578f0688801c856a9eb060891c5d9afb
SHA10793927ebb4572f810c565381823fbbb75e2a8a2
SHA256db5dfc7fd23f15b9ec2de47bec2f2c80800d58380d9e5c4a5d35f785369b0e96
SHA512796adce5332e42e6dfd58a018e5dea649604987bd506adbc4c5570616be9f71c97c4a545eaede448636e58cf258c82f7331524643c675a51fe731293214005da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57df83.TMPFilesize
48B
MD5346b5fa26dc01ddee65252219247e3be
SHA13fff3c95dc18aad0b69f7196527f8c480a5a2cc9
SHA2563275563bf126c207c86d2c1c2752cd636b34dbe0867131fb2cae78a96f331568
SHA5126d4eacb0a3afb5affaae12c30b4979124d60d15114e831ebbfa7fa0f86c4238ee58763a67fb8fa32115e2516dde3562a3853981b43a8511f86e7e70e3e8affb9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD52ae1e8e9a4691fa359b18554b8b96933
SHA18b89331d80daa734b88b5ab96bede2e57be159ee
SHA25663be45c3a0e9e426c6b1e6675d2ec517b5c036d145a0ef303d68ffab5ff3d41d
SHA5122655f95b15059c3e83ba58a107b96093641142abb86f9a9183a1c55da6c149822faaa5eb34168a4edba809e04ae84908437b81d183d1d2c13d001e5112cd82ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD562b9c22519cacc9a8d764f92b58a9ea9
SHA1cd9eb1cc595848db3947a05289fdf219f0024e0e
SHA25666a0cd5837701aba1347d1b0900a83802cb9e7cea00b85a44ae82a2771895b77
SHA512896c4956109ee87ffc8246dc97a6c35f2e63a093571bb952515c762497f45277216b213fe7edea3b6144af22ed230429248e81aa9ae111820032182d1f090d2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5921330043b5ccfbf58222a7ce8fa7f88
SHA1c4f98b38b980ac2632bd004dcbd901f246e652eb
SHA256578c9c6af67fce8b72eb1a91920e40451ffa8b1e1be632b35d9df26e89e87a94
SHA5127d21c484af0d17b59655b2848f35af3027dbe507150930a315c0b6d8fc7f9ca9fbe939025c3981681d26dab0295498ca6aa89a8fa858e5caae1fd45b6c6e8c83
-
C:\Users\Admin\AppData\Local\Temp\6cfd30b3-8e17-443c-a5f6-48fbf06287fd\AgileDotNetRT64.dllFilesize
2.9MB
MD59bb6ed08af544d3738e60200d2804180
SHA15a40b484ca56b1ce59add4ec283e21d60070be02
SHA25686d49f3894cc3de038abcde03803de8b6f239c237f34930ce5c41ab725c26cb7
SHA51263e6b90457c3e3e6e419e30fe57e35c66e08059611fbe4ffb60d28acd6ee8d9f0ccfa31d7b27e9af44ab13512490f3b7b7f5130df947c5de50a937dcee0a91a5
-
C:\Users\Admin\Downloads\Xworm-V5.zipFilesize
11.7MB
MD53a3bbacd79d78716bc67352fc7e83523
SHA16049c534aaadfd4da556c4c427f3b237f7a8fae3
SHA256ab560cf5949f93b0b8dc4fe6566e1750dfa34eeb575d67aee1430dd8c94d5441
SHA512751a18d1d38ed8bd0a970b4b60ef5c9e7ad7bc908506e50f808c6904f53772d3aed1f34d49dd544eb9e5ae3849b6fc2c705989dfd46ec059b62a458dae2758d4
-
\??\pipe\LOCAL\crashpad_2808_IDBGYZCEAQQJULPMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2040-319-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/2040-316-0x00007FF8AB610000-0x00007FF8AB75E000-memory.dmpFilesize
1.3MB
-
memory/2040-315-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/2040-314-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-277-0x00007FF8AB610000-0x00007FF8AB75E000-memory.dmpFilesize
1.3MB
-
memory/4556-305-0x000000001BE80000-0x000000001BE8C000-memory.dmpFilesize
48KB
-
memory/4556-311-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-302-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-263-0x0000000000C90000-0x00000000011CA000-memory.dmpFilesize
5.2MB
-
memory/4556-274-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-272-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-320-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-321-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB
-
memory/4556-323-0x00007FF8AAE50000-0x00007FF8AB602000-memory.dmpFilesize
7.7MB