Analysis
-
max time kernel
154s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
28-11-2022 13:09
General
-
Target
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f.exe
-
Size
4.7MB
-
MD5
1cf6319445434ff3bf912ba624b56b2f
-
SHA1
c8cf1473082c3f046c2851c73f662585db706ee9
-
SHA256
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f
-
SHA512
47e9f20d6ab5a4d70255b0af31586e478de412a662c35f7398d3b0f96899ef50529d1e716362afc60fe1ea25ccd33fe0054d41aa254b50e0c502ab9510a46929
-
SSDEEP
98304:nRtl3HelZF7TFtX2/jGop3R6baTwlnzy2T6iELKJ2N3AG+vlD9yqJOW:RfOlZF77XknNRsFVT66AVATvV9h
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
alaboo20.ddns.net:1177
Mutex
997f3e18461eb88cd8dbaeae467eb195
Attributes
-
reg_key
997f3e18461eb88cd8dbaeae467eb195
-
splitter
|'|'|
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 4 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks for any installed AV software in registry 1 TTPs 2 IoCs
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 16 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f.exe"C:\Users\Admin\AppData\Local\Temp\b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net.exenet stop SharedAccess2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SharedAccess3⤵
-
C:\crack avast.exe"C:\crack avast.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\crack avast.exe"C:\crack avast.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=crack avast.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.04⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb632b46f8,0x7ffb632b4708,0x7ffb632b47185⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6236 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6d1245460,0x7ff6d1245470,0x7ff6d12454806⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6892 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1916 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6788 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6632 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16942178751809808405,15888558425128620488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=crack avast.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.04⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb632b46f8,0x7ffb632b4708,0x7ffb632b47185⤵
-
C:\avast_free_antivirus_setup_online.exe"C:\avast_free_antivirus_setup_online.exe"2⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\_av_iup.tm~a02060\instup.exe"C:\Users\Admin\AppData\Local\Temp\_av_iup.tm~a02060\instup.exe" /edition:1 /prod:ais /sfx:lite /sfxstorage:C:\Users\Admin\AppData\Local\Temp\_av_iup.tm~a020603⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\pcaui.exe"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {5313d2fc-7e9c-4fb6-895c-3a229b317bcb} -a "Avast! Antivirus" -v "AVAST Software" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 2 -f 0 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\_av_iup.tm~a02060\instup.exe"4⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52c968eb620a865a9b9451323503e9c03
SHA1a203f45d9b90219e8e099a05f376a90cb97b11a2
SHA25692404c2ac949f1ffdd90086014ae73312a440c6e8cca8c6d0c95bbd83fc83453
SHA512c01ac079e97f5c92d9484a454cb3f8c2849bf249e1df3b75c5abf4ad700a3422f9f2ca35c77663223dbefb8f93ff12fcb85d62278e87cd4504cc7a6eed132f8c
-
C:\Users\Admin\AppData\Local\Temp\_av_iup.tm~a02060\instup.exeFilesize
193KB
MD52080dcebe27d92f29aab5fcff77613a2
SHA1c2cfe2952ffed46d37cd16dd5a005bbd940e4811
SHA256ebbbb3e92b01f1f1ff6330affa7d8c281ab5bb9aee1c900f5cf1aaf1e6813e42
SHA512e47395e5637d0e806a19e1038e13d6339f699708a97e47531d94c5cee68008eb243991ef808832cf4f6f95e7be058e08ba4c07b658abf0fc5b3d4ba0f53945f5
-
C:\Users\Admin\AppData\Local\Temp\_av_iup.tm~a02060\instup.exeFilesize
193KB
MD52080dcebe27d92f29aab5fcff77613a2
SHA1c2cfe2952ffed46d37cd16dd5a005bbd940e4811
SHA256ebbbb3e92b01f1f1ff6330affa7d8c281ab5bb9aee1c900f5cf1aaf1e6813e42
SHA512e47395e5637d0e806a19e1038e13d6339f699708a97e47531d94c5cee68008eb243991ef808832cf4f6f95e7be058e08ba4c07b658abf0fc5b3d4ba0f53945f5
-
C:\avast_free_antivirus_setup_online.exeFilesize
4.6MB
MD54af4d1d156df61fc7364d1193862a068
SHA15810199150ca3f0664cdbb28e27a01a8ed2de4ff
SHA2568ec99abde77997b132be9ed13d8c927428754bf95f49c0167b42427df83c7c3c
SHA5121fcc72b652e084294d9a4b425d58826bc2b777f168f238761da819a5dd2f05847360adab1da4b65487f6d5cf1095344b5b0f1fea6bd233cab642699d069d66d7
-
C:\avast_free_antivirus_setup_online.exeFilesize
4.6MB
MD54af4d1d156df61fc7364d1193862a068
SHA15810199150ca3f0664cdbb28e27a01a8ed2de4ff
SHA2568ec99abde77997b132be9ed13d8c927428754bf95f49c0167b42427df83c7c3c
SHA5121fcc72b652e084294d9a4b425d58826bc2b777f168f238761da819a5dd2f05847360adab1da4b65487f6d5cf1095344b5b0f1fea6bd233cab642699d069d66d7
-
C:\crack avast.exeFilesize
46KB
MD5e079e9f1e4546e1d06d9f620e74a22b5
SHA1b7704ae276c4b76f33799b533f4df83f3f81494a
SHA256c0916ec3cd6555759e285e3f24056e7338e3e331a8b04b14d2a10c64ff4c16e5
SHA51207b95f49138fa49e0694bbd4badacbc088013a74e8bbdfcb6e20743b5bd37153791179e892f5f90e8bd457da9f60f21ee32b3d2b8138f5d669d7fb7aaff9ded7
-
C:\crack avast.exeFilesize
46KB
MD5e079e9f1e4546e1d06d9f620e74a22b5
SHA1b7704ae276c4b76f33799b533f4df83f3f81494a
SHA256c0916ec3cd6555759e285e3f24056e7338e3e331a8b04b14d2a10c64ff4c16e5
SHA51207b95f49138fa49e0694bbd4badacbc088013a74e8bbdfcb6e20743b5bd37153791179e892f5f90e8bd457da9f60f21ee32b3d2b8138f5d669d7fb7aaff9ded7
-
C:\crack avast.exeFilesize
46KB
MD5e079e9f1e4546e1d06d9f620e74a22b5
SHA1b7704ae276c4b76f33799b533f4df83f3f81494a
SHA256c0916ec3cd6555759e285e3f24056e7338e3e331a8b04b14d2a10c64ff4c16e5
SHA51207b95f49138fa49e0694bbd4badacbc088013a74e8bbdfcb6e20743b5bd37153791179e892f5f90e8bd457da9f60f21ee32b3d2b8138f5d669d7fb7aaff9ded7
-
\??\pipe\LOCAL\crashpad_2076_CDTBJXPOVDAPVQFSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/400-156-0x0000000000000000-mapping.dmp
-
memory/432-166-0x0000000000000000-mapping.dmp
-
memory/632-140-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/632-139-0x0000000000000000-mapping.dmp
-
memory/1076-188-0x0000000000000000-mapping.dmp
-
memory/1136-169-0x0000000000000000-mapping.dmp
-
memory/1212-136-0x0000000000000000-mapping.dmp
-
memory/1508-179-0x0000000000000000-mapping.dmp
-
memory/1744-158-0x0000000000000000-mapping.dmp
-
memory/1764-135-0x0000000000000000-mapping.dmp
-
memory/1952-153-0x0000000000000000-mapping.dmp
-
memory/2076-149-0x0000000000000000-mapping.dmp
-
memory/2136-193-0x0000000000000000-mapping.dmp
-
memory/2232-142-0x0000000000000000-mapping.dmp
-
memory/2456-160-0x0000000000000000-mapping.dmp
-
memory/2556-175-0x0000000000000000-mapping.dmp
-
memory/2604-182-0x0000000000000000-mapping.dmp
-
memory/2692-162-0x0000000000000000-mapping.dmp
-
memory/2784-145-0x0000000000000000-mapping.dmp
-
memory/2852-148-0x0000000000000000-mapping.dmp
-
memory/3572-177-0x0000000000000000-mapping.dmp
-
memory/3668-173-0x0000000000000000-mapping.dmp
-
memory/3688-164-0x0000000000000000-mapping.dmp
-
memory/3884-134-0x0000000000000000-mapping.dmp
-
memory/3972-171-0x0000000000000000-mapping.dmp
-
memory/4148-192-0x0000000000000000-mapping.dmp
-
memory/4216-150-0x0000000000000000-mapping.dmp
-
memory/4220-180-0x0000000000000000-mapping.dmp
-
memory/4308-190-0x0000000000000000-mapping.dmp
-
memory/4324-178-0x0000000000000000-mapping.dmp
-
memory/4516-165-0x0000000000000000-mapping.dmp
-
memory/4536-186-0x0000000000000000-mapping.dmp
-
memory/4644-152-0x0000000000000000-mapping.dmp
-
memory/4840-184-0x0000000000000000-mapping.dmp