Analysis
-
max time kernel
186s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2022 18:22
Static task
static1
Behavioral task
behavioral1
Sample
128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe
Resource
win7-20220812-en
General
-
Target
128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe
-
Size
83KB
-
MD5
bc702cc32a4b9991061713f237109c51
-
SHA1
fb5d4a93ecd15cc4ba88d467ac15ff1de694774f
-
SHA256
128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480
-
SHA512
ab862328f7a202e578dfce6ddcf749fc66a8f1d02f13b17ab76c7b26876370c8fc2140a890a0bddfd7bdfd1a8accc3a119561fe655cfeb7939808802d59b960e
-
SSDEEP
1536:iRC1AczgD67rpXxso0+HRrlzFQ7/4wWUpa1a0NfqytDjf:pxc67lXi+Hllzq+j1a0NfH
Malware Config
Extracted
njrat
0.7d
DDD
frankooxyz2.ddns.net:48443
581153482cb6003050ef63cae0773a6e
-
reg_key
581153482cb6003050ef63cae0773a6e
-
splitter
|'|'|
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exedescription pid process target process PID 1428 set thread context of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1176 msedge.exe 1176 msedge.exe 2116 msedge.exe 2116 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
msedge.exepid process 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msedge.exepid process 4248 msedge.exe 4248 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exesvchost.exemsedge.exemsedge.exedescription pid process target process PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 1428 wrote to memory of 4432 1428 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe svchost.exe PID 4432 wrote to memory of 4248 4432 svchost.exe msedge.exe PID 4432 wrote to memory of 4248 4432 svchost.exe msedge.exe PID 4432 wrote to memory of 4636 4432 svchost.exe msedge.exe PID 4432 wrote to memory of 4636 4432 svchost.exe msedge.exe PID 4636 wrote to memory of 4760 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 4760 4636 msedge.exe msedge.exe PID 4248 wrote to memory of 4984 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 4984 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4248 wrote to memory of 2424 4248 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe PID 4636 wrote to memory of 1088 4636 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe"C:\Users\Admin\AppData\Local\Temp\128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"{path}"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.03⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba71846f8,0x7ffba7184708,0x7ffba71847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5560 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5780 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.03⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba71846f8,0x7ffba7184708,0x7ffba71847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4415653423824408689,16384239981032918618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4415653423824408689,16384239981032918618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
471B
MD56181e4e33ee379d858217e9e3c32d74f
SHA1f7ae858f7037e536203cbf1704d2a431b6f5f059
SHA25614844456416b1ef58fdff151b4cd0968ae95acb524ef369f225bfa0991e08a6f
SHA512d4196c5178acfdfc1f176bb21166f5974321e0d0550b44330c2a2dabc7b3e56521eaaa10e1cf5731e8eba4d82a7e722b658bad8154cd06afab4e8178e5611eca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
412B
MD5e8f4a398bee127bc9b767751445c364f
SHA1d5d643857fb6c554488c127dff96216830e9f3c6
SHA2561e086d2a00f0aeeb41b6036b1b47eb049928875fcae53a78f2dc09cf4229c8c3
SHA51248c2795c7bebaf9a65fdfefeb0b58ea19223acb6a062096ecf1e2ed955dbfafd272f8d15a3be87606f3372456cf155184af2eeb7fd812b5efd79dd1e58f3d1b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a58a7931227f93b9a54bc982c0d99582
SHA17591b129f025f2003039a81830b9cd5d7043d3e2
SHA256a6751ef5a8d88960e0fc22e205155f766e840d13c46c962166f35e3bf8367ac0
SHA51224eec66ba6b79cebb2b920cdad34f9b68fcc9503a2e4bc718ddf3d39b8f959ee1c7b0e73079b31a0e8acc98960fcedeb7e49f38b8f5036aa21294048f7f1a79b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56102471af38b45f30decc8db2f59a8e2
SHA135428c52f58b3a35d5028929b6298d6b95d6bdec
SHA25657e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4
SHA5121040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56102471af38b45f30decc8db2f59a8e2
SHA135428c52f58b3a35d5028929b6298d6b95d6bdec
SHA25657e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4
SHA5121040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56102471af38b45f30decc8db2f59a8e2
SHA135428c52f58b3a35d5028929b6298d6b95d6bdec
SHA25657e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4
SHA5121040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5213d0954389a12333d38c1bf4c914c4d
SHA12a97c33114b5d0767bb76972ace964d9c19386e9
SHA2561e811e43411cb252209e1e3f165a115e6e37387ac8e0cffc303798650b11bfc2
SHA512e547600f20b323c226e0d81067332e432852b666fdf11a65f90738b21943e6e6290902d66bbde64e3b468e55f4928b7d07adc16da90e2f933cda3415d01057b0
-
\??\pipe\LOCAL\crashpad_4248_NAWFIEBOGKXRVUHCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4636_KLYTHHNHMBZHPETAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1088-148-0x0000000000000000-mapping.dmp
-
memory/1176-150-0x0000000000000000-mapping.dmp
-
memory/1428-133-0x0000000075100000-0x00000000756B1000-memory.dmpFilesize
5.7MB
-
memory/1428-136-0x0000000075100000-0x00000000756B1000-memory.dmpFilesize
5.7MB
-
memory/1428-132-0x0000000075100000-0x00000000756B1000-memory.dmpFilesize
5.7MB
-
memory/1800-159-0x0000000000000000-mapping.dmp
-
memory/2116-149-0x0000000000000000-mapping.dmp
-
memory/2424-147-0x0000000000000000-mapping.dmp
-
memory/2492-171-0x0000000000000000-mapping.dmp
-
memory/2500-163-0x0000000000000000-mapping.dmp
-
memory/2672-157-0x0000000000000000-mapping.dmp
-
memory/3628-169-0x0000000000000000-mapping.dmp
-
memory/4248-137-0x0000000000000000-mapping.dmp
-
memory/4432-135-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/4432-134-0x0000000000000000-mapping.dmp
-
memory/4636-138-0x0000000000000000-mapping.dmp
-
memory/4724-167-0x0000000000000000-mapping.dmp
-
memory/4760-139-0x0000000000000000-mapping.dmp
-
memory/4820-161-0x0000000000000000-mapping.dmp
-
memory/4980-153-0x0000000000000000-mapping.dmp
-
memory/4984-140-0x0000000000000000-mapping.dmp