Analysis
-
max time kernel
450s -
max time network
457s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
03-02-2022 08:37
General
-
Target
https://gofile.io/d/ifZLuM
Malware Config
Extracted
limerat
-
aes_key
blunts
-
antivm
true
-
c2_url
https://pastebin.com/raw/1NRAsuVh
-
delay
3
-
download_payload
false
-
install
true
-
install_name
FortniteAimbotESP.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Signatures
-
Ardamax
A keylogger first seen in 2013.
-
Detect Neshta Payload 1 IoCs
-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
-
Contains SnakeBOT related strings 1 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Executes dropped EXE 25 IoCs
-
Modifies Installed Components in the registry 2 TTPs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 53 IoCs
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Themida packer 5 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Detects Pyinstaller 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Modifies registry class 11 IoCs
-
Suspicious behavior: EnumeratesProcesses 58 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 48 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 38 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://gofile.io/d/ifZLuM1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb70ee4f50,0x7ffb70ee4f60,0x7ffb70ee4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1512 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4124 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6028 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6060 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5528 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6288 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4252 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=908 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4124 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4420 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1444 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4268 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6228 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1504,6672573409207444617,325828785303805677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\" -spe -an -ai#7zMap31420:156:7zEvent215961⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\Amazon GC Checker by Sen0a.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\Amazon GC Checker by Sen0a.exe"1⤵
- Executes dropped EXE
-
C:\ProgramData\UserOOBE\UserOOBE.exeC:\ProgramData\\UserOOBE\\UserOOBE.exe ,.2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\database32.libdatabase32.lib2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\database32.libdatabase32.lib3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode con: cols=120 lines=304⤵
-
C:\Windows\system32\mode.commode con: cols=120 lines=305⤵
-
C:\ProgramData\winsrvhost\winsrvhost.exeC:\ProgramData\\winsrvhost\\winsrvhost.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\Amazon Gen.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\Amazon Gen.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\database32.bindatabase32.bin2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\database32.bindatabase32.bin3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\FortniteAimbotESP Cracked\FortniteAimbotESPcracked.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\FortniteAimbotESP Cracked\FortniteAimbotESPcracked.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\FortniteAimbotESP Cracked\alocal.cfgalocal.cfg2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\Admin\AppData\Local\Temp\FortniteAimbotESP.exe'"3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\FortniteAimbotESP.exe"C:\Users\Admin\AppData\Local\Temp\FortniteAimbotESP.exe"3⤵
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\EmailPass To Userpass\EPass To Upass.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\EmailPass To Userpass\EPass To Upass.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\EmailPass To Userpass\Qt5Core.binQt5Core.bin2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Dupe Remover\Elite Dups Remover 1.5.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Dupe Remover\Elite Dups Remover 1.5.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Dupe Remover\data.bindata.bin2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Keyword Scraper - by xRisky\_Keyword Scraper v1.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Keyword Scraper - by xRisky\_Keyword Scraper v1.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Keyword Scraper - by xRisky\Qt5Core.dllQt5Core.dll2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\KPortScan 3.0\KPortScan3.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\KPortScan 3.0\KPortScan3.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\KPortScan 3.0\data.libdata.lib2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Malwarebytes [Crack.sx]\Malwarebytes [Crack.sx].exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Malwarebytes [Crack.sx]\Malwarebytes [Crack.sx].exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Malwarebytes [Crack.sx]\data.cfgdata.cfg2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\MD5 Hash Decoder [v2.0]\MD5 Hash Decoder [v2.0].exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\MD5 Hash Decoder [v2.0]\MD5 Hash Decoder [v2.0].exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\MD5 Hash Decoder [v2.0]\ldap60.binldap60.bin2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Minecraft Generator By Zed\Minecraft Generator By Zed.exe"C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Minecraft Generator By Zed\Minecraft Generator By Zed.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Minecraft Generator By Zed\ldap60.libldap60.lib2⤵
- Executes dropped EXE
-
C:\ProgramData\NSGMFX\UMT.exe"C:\ProgramData\NSGMFX\UMT.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\6c833cff1d8f44ff8a0299eb3d93bbb3 /t 4984 /p 18761⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\UserOOBE\UserOOBE.exeMD5
a45d72861c04aed5572d07cc35b23e75
SHA11939ee9056721ac184fc2257c2076c89e843b822
SHA256fcaaafe25027d1a1611df258626527c35b01fb82c19f5d9648c7b7562f1d95da
SHA5122ecd805fd512913df33e9b411b1dcc5ba74e9b44fb6fdab2894a8e37de00ee3725e32be6a2eedd6c6102225b7e73145ec9cfee834b3de86bfcd3ec868f34ab29
-
C:\ProgramData\UserOOBE\UserOOBE.exeMD5
a45d72861c04aed5572d07cc35b23e75
SHA11939ee9056721ac184fc2257c2076c89e843b822
SHA256fcaaafe25027d1a1611df258626527c35b01fb82c19f5d9648c7b7562f1d95da
SHA5122ecd805fd512913df33e9b411b1dcc5ba74e9b44fb6fdab2894a8e37de00ee3725e32be6a2eedd6c6102225b7e73145ec9cfee834b3de86bfcd3ec868f34ab29
-
C:\ProgramData\winsrvhost\winsrvhost.exeMD5
20c523142f15b0120a7dcd6afef1c37c
SHA1cf0adc270f17108c5f83febaba66769ed1b02da3
SHA25603fe6ee0fb2d086f49999e5180453dcd9b7df0d38f4543fb5ccd97a65371f947
SHA51200e171cad808010c197ecf5e098cbbef2d8f5d4fc69af92b5215ea5ffcaec8cfddc46fd4527e164e7befc8ba15ec5c491bf539dc4574cb900209c7d9d5f1ae27
-
C:\ProgramData\winsrvhost\winsrvhost.exeMD5
20c523142f15b0120a7dcd6afef1c37c
SHA1cf0adc270f17108c5f83febaba66769ed1b02da3
SHA25603fe6ee0fb2d086f49999e5180453dcd9b7df0d38f4543fb5ccd97a65371f947
SHA51200e171cad808010c197ecf5e098cbbef2d8f5d4fc69af92b5215ea5ffcaec8cfddc46fd4527e164e7befc8ba15ec5c491bf539dc4574cb900209c7d9d5f1ae27
-
C:\Users\Admin\AppData\Local\Temp\_MEI14802\VCRUNTIME140.dllMD5
a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI14802\_ctypes.pydMD5
41a9708af86ae3ebc358e182f67b0fb2
SHA1accab901e2746f7da03fab8301f81a737b6cc180
SHA2560bd4ed11f2fb097f235b62eb26a00c0cb16815bbf90ab29f191af823a9fed8cf
SHA512835f9aa33fdfbb096c31f8ac9a50db9fac35918fc78bce03dae55ea917f738a41f01aee4234a5a91ffa5bdbbd8e529399205592eb0cae3224552c35c098b7843
-
C:\Users\Admin\AppData\Local\Temp\_MEI14802\base_library.zipMD5
ab6d3149a35e6baddf630cdcefe0dab5
SHA144cdb197e8e549a503f6cfcb867a83bf2214d01c
SHA2561d91fa604893531393f83e03e68eb97d2c14c2d957ed33877d2b27b7c30ce059
SHA51228a882e86d92d42ff983b68445cc90431c2b65b7ec3abbffb5585a9750d67b8b52a1361e20d4d80ca4a30b927fe543a2e9c9a65c1846e42a112b511ddc59545a
-
C:\Users\Admin\AppData\Local\Temp\_MEI14802\python3.DLLMD5
c38e9571f33898eb9f3da53dc29b512f
SHA15be348c829b6dfa008d0dd239414ad388e5d7ace
SHA25670596aea8c5ca8f3bf88e46a0606522413b50208ec9fcc6b706f7a064cf83b79
SHA5121704be273e3485013282c269fc974558683204639fccfb46e6eb640c64a0769a21572a07ee62fe1d5eb1eed4d1419f2293d6e4fd8193caafe128c6d66bd48f6e
-
C:\Users\Admin\AppData\Local\Temp\_MEI14802\python310.dllMD5
c6c37b848273e2509a7b25abe8bf2410
SHA1b27cfbd31336da1e9b1f90e8f649a27154411d03
SHA256b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8
SHA512222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40
-
C:\Users\Admin\AppData\Local\Temp\_MEI14802\ucrtbase.dllMD5
5b1c91b53ac3c3026d50de8c05aba139
SHA1b9c2d160b1ce856d9904a340362236473a3d559c
SHA256d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7
SHA5128e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack.zipMD5
f49ef0b6658440036ef1290a8a4a93c2
SHA161a6b9a9a7a6f277ef8258eb47bb25d2299d5b9f
SHA256d212d98ac141ce9579cdfeec15b6bb1dd4f7ed22d4d46b45396b7461fd3de667
SHA51259901a2f2958486683901c12bfadbd0821c70a66996e56da35b947ba2ac6f56338ce0c676fdc825121cad8e5a27f46a8ace2b1308971167339ca7542f5cadf09
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\Amazon GC Checker by Sen0a.exeMD5
f0dc7ceb074700afbe3521ae560d5eab
SHA11e70a90da14cdf3c16347c19d28ce6e882f1a721
SHA2566759a46583e63b1cb1f51d3fa411b2f4745b7e0571275fd048f480c1bd94fb4f
SHA512778f40cda8c68066c1489b97fbe370d68619189a4ac34f6ed79dec5827b8c19d8f0b0c5630e1ac779437258a685fa0c5e4f1e761728b9b9ef3b43f6fd8595f27
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\Amazon GC Checker by Sen0a.exeMD5
f0dc7ceb074700afbe3521ae560d5eab
SHA11e70a90da14cdf3c16347c19d28ce6e882f1a721
SHA2566759a46583e63b1cb1f51d3fa411b2f4745b7e0571275fd048f480c1bd94fb4f
SHA512778f40cda8c68066c1489b97fbe370d68619189a4ac34f6ed79dec5827b8c19d8f0b0c5630e1ac779437258a685fa0c5e4f1e761728b9b9ef3b43f6fd8595f27
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\concrt140.binMD5
20c523142f15b0120a7dcd6afef1c37c
SHA1cf0adc270f17108c5f83febaba66769ed1b02da3
SHA25603fe6ee0fb2d086f49999e5180453dcd9b7df0d38f4543fb5ccd97a65371f947
SHA51200e171cad808010c197ecf5e098cbbef2d8f5d4fc69af92b5215ea5ffcaec8cfddc46fd4527e164e7befc8ba15ec5c491bf539dc4574cb900209c7d9d5f1ae27
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\data32.cfgMD5
a45d72861c04aed5572d07cc35b23e75
SHA11939ee9056721ac184fc2257c2076c89e843b822
SHA256fcaaafe25027d1a1611df258626527c35b01fb82c19f5d9648c7b7562f1d95da
SHA5122ecd805fd512913df33e9b411b1dcc5ba74e9b44fb6fdab2894a8e37de00ee3725e32be6a2eedd6c6102225b7e73145ec9cfee834b3de86bfcd3ec868f34ab29
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\database32.libMD5
da98fa8d513449fd7099fd4ffce67658
SHA1860c88e32a1236c7ffc408cd648441edc33ec864
SHA2560ff0661173044a63362910004ca54f310c8f6b6dc9fa81f9e3ed7fb88c4adf00
SHA512d7557be604655b4fac773aca02e6f8330630abe547ee5cd9f095304b3de7ec5514dba62ac0c704855a994872a0ad9eadd3b5d6ff23ac85569f3d006d1078ae8a
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon GC Checker By Sen0a\database32.libMD5
da98fa8d513449fd7099fd4ffce67658
SHA1860c88e32a1236c7ffc408cd648441edc33ec864
SHA2560ff0661173044a63362910004ca54f310c8f6b6dc9fa81f9e3ed7fb88c4adf00
SHA512d7557be604655b4fac773aca02e6f8330630abe547ee5cd9f095304b3de7ec5514dba62ac0c704855a994872a0ad9eadd3b5d6ff23ac85569f3d006d1078ae8a
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\Amazon Gen.exeMD5
805be309f925e5b2649ef67412bf8cb9
SHA1bf6f99dff0500ef5982c39760f9400992ca1ee79
SHA256b064441c80a9d0d515a9581ca050a20438774225ee505159a7f5250163955de7
SHA512d917a6826471d112cd93e24bb37dfb3c455b6638b7296076c03279b2d4572cb715259a73ec79e8caf214a2f03c8b8f3d988bb07b6f954cca93fd2caa39f2e0ba
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\Amazon Gen.exeMD5
805be309f925e5b2649ef67412bf8cb9
SHA1bf6f99dff0500ef5982c39760f9400992ca1ee79
SHA256b064441c80a9d0d515a9581ca050a20438774225ee505159a7f5250163955de7
SHA512d917a6826471d112cd93e24bb37dfb3c455b6638b7296076c03279b2d4572cb715259a73ec79e8caf214a2f03c8b8f3d988bb07b6f954cca93fd2caa39f2e0ba
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\database32.binMD5
2582517c97036ad1a37291bca5434f62
SHA1ede9eccf1da5122a04555bac9d3413b637886c85
SHA256d8089e81d2f768a198d23691af979d3d677ee6cca59a58efd1a681e97d1a5889
SHA5124a67fc5ece89a63bbd74858cb43d4933d80134fd6be3dba04cb88795fadcfe91bf9c8a6fc840233df6b3428290781d4fe6008ac515d1d528a2744ba8bcd29724
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\database32.binMD5
2582517c97036ad1a37291bca5434f62
SHA1ede9eccf1da5122a04555bac9d3413b637886c85
SHA256d8089e81d2f768a198d23691af979d3d677ee6cca59a58efd1a681e97d1a5889
SHA5124a67fc5ece89a63bbd74858cb43d4933d80134fd6be3dba04cb88795fadcfe91bf9c8a6fc840233df6b3428290781d4fe6008ac515d1d528a2744ba8bcd29724
-
C:\Users\Admin\Desktop\50-Cracking-Tools-All-The-Tools-You-Need-To-Crack\Amazon Gen By Sleep\database32.binMD5
2582517c97036ad1a37291bca5434f62
SHA1ede9eccf1da5122a04555bac9d3413b637886c85
SHA256d8089e81d2f768a198d23691af979d3d677ee6cca59a58efd1a681e97d1a5889
SHA5124a67fc5ece89a63bbd74858cb43d4933d80134fd6be3dba04cb88795fadcfe91bf9c8a6fc840233df6b3428290781d4fe6008ac515d1d528a2744ba8bcd29724
-
\??\pipe\crashpad_4116_YKYHENLTCREGRDIJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\_MEI14802\VCRUNTIME140.dllMD5
a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
\Users\Admin\AppData\Local\Temp\_MEI14802\python3.dllMD5
c38e9571f33898eb9f3da53dc29b512f
SHA15be348c829b6dfa008d0dd239414ad388e5d7ace
SHA25670596aea8c5ca8f3bf88e46a0606522413b50208ec9fcc6b706f7a064cf83b79
SHA5121704be273e3485013282c269fc974558683204639fccfb46e6eb640c64a0769a21572a07ee62fe1d5eb1eed4d1419f2293d6e4fd8193caafe128c6d66bd48f6e
-
\Users\Admin\AppData\Local\Temp\_MEI14802\python310.dllMD5
c6c37b848273e2509a7b25abe8bf2410
SHA1b27cfbd31336da1e9b1f90e8f649a27154411d03
SHA256b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8
SHA512222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40
-
\Users\Admin\AppData\Local\Temp\_MEI14802\ucrtbase.dllMD5
5b1c91b53ac3c3026d50de8c05aba139
SHA1b9c2d160b1ce856d9904a340362236473a3d559c
SHA256d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7
SHA5128e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f
-
memory/516-144-0x0000000000E50000-0x0000000000E5C000-memory.dmpFilesize
48KB
-
memory/516-173-0x0000000005880000-0x00000000058E6000-memory.dmpFilesize
408KB
-
memory/516-185-0x0000000005970000-0x0000000005971000-memory.dmpFilesize
4KB
-
memory/2244-146-0x0000000000B10000-0x0000000000BC6000-memory.dmpFilesize
728KB
-
memory/2244-154-0x0000000005540000-0x0000000005A3E000-memory.dmpFilesize
5.0MB
-
memory/2244-189-0x0000000005540000-0x0000000005A3E000-memory.dmpFilesize
5.0MB
-
memory/2244-266-0x00000000076A0000-0x00000000076B9000-memory.dmpFilesize
100KB
-
memory/2412-148-0x00000000049B0000-0x0000000004A4C000-memory.dmpFilesize
624KB
-
memory/2412-149-0x0000000004F50000-0x000000000544E000-memory.dmpFilesize
5.0MB
-
memory/2412-150-0x0000000004A50000-0x0000000004AE2000-memory.dmpFilesize
584KB
-
memory/2412-270-0x00000000074B0000-0x00000000074C9000-memory.dmpFilesize
100KB
-
memory/2412-232-0x0000000008AC0000-0x0000000008E10000-memory.dmpFilesize
3.3MB
-
memory/2412-145-0x0000000000060000-0x0000000000106000-memory.dmpFilesize
664KB
-
memory/2412-159-0x00000000058F0000-0x0000000005D8C000-memory.dmpFilesize
4.6MB
-
memory/2412-155-0x00000000023B0000-0x00000000023F1000-memory.dmpFilesize
260KB
-
memory/2412-211-0x00000000023B0000-0x00000000023F1000-memory.dmpFilesize
260KB
-
memory/3124-281-0x0000000001050000-0x0000000001070000-memory.dmpFilesize
128KB
-
memory/4004-153-0x0000000002A30000-0x0000000002B10000-memory.dmpFilesize
896KB
-
memory/4004-157-0x0000000005310000-0x0000000005366000-memory.dmpFilesize
344KB
-
memory/4004-147-0x0000000000650000-0x00000000006F4000-memory.dmpFilesize
656KB
-
memory/4004-264-0x0000000006C90000-0x0000000006CA9000-memory.dmpFilesize
100KB
-
memory/4004-156-0x0000000005270000-0x000000000527A000-memory.dmpFilesize
40KB
-
memory/4004-191-0x0000000002A30000-0x0000000002B10000-memory.dmpFilesize
896KB
-
memory/4368-126-0x0000000000400000-0x0000000000866000-memory.dmpFilesize
4.4MB
-
memory/4368-127-0x0000000000400000-0x0000000000866000-memory.dmpFilesize
4.4MB
-
memory/4368-128-0x0000000077BC0000-0x0000000077D4E000-memory.dmpFilesize
1.6MB
-
memory/5000-186-0x00000000091A0000-0x000000000924A000-memory.dmpFilesize
680KB
-
memory/5000-158-0x0000000007480000-0x000000000758E000-memory.dmpFilesize
1.1MB
-
memory/5000-193-0x0000000004A23000-0x0000000004A25000-memory.dmpFilesize
8KB
-
memory/5000-152-0x0000000004980000-0x00000000049E0000-memory.dmpFilesize
384KB
-
memory/5000-165-0x00000000049E0000-0x0000000004A21000-memory.dmpFilesize
260KB
-
memory/5000-151-0x0000000000160000-0x000000000019E000-memory.dmpFilesize
248KB
-
memory/5000-267-0x000000000B6E0000-0x000000000B6F9000-memory.dmpFilesize
100KB
-
memory/5000-163-0x0000000007D50000-0x0000000007DA4000-memory.dmpFilesize
336KB
-
memory/5064-263-0x00000000025F0000-0x0000000002609000-memory.dmpFilesize
100KB
-
memory/5064-268-0x00000000007B0000-0x00000000008FA000-memory.dmpFilesize
1.3MB