Analysis
-
max time kernel
267s -
max time network
278s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-uk -
resource tags
-
submitted
19-04-2024 11:34
General
-
Target
url.html
-
Size
672B
-
MD5
c55b465b076a46cdd9262a61901dbd7a
-
SHA1
d538893d290cc24694e4fa365ffc1978d5611a5e
-
SHA256
d0b23959a96e5c1677aa19b43dd80606fc076979af71bd1a3a63a660e98613d6
-
SHA512
8efb6446db212398a42a609d91f86a94a0bfc0123350c6e989ce98ae801ce33304852c246027a74519e2ba521660fa2a071158bec63d3f8e7aa41f6e88ae77d4
Malware Config
Extracted
lumma
https://preachbusstyoiwo.shop/api
https://entitlementappwo.shop/api
https://economicscreateojsu.shop/api
https://pushjellysingeywus.shop/api
https://absentconvicsjawun.shop/api
https://suitcaseacanehalk.shop/api
https://bordersoarmanusjuw.shop/api
https://mealplayerpreceodsju.shop/api
https://wifeplasterbakewis.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 10 IoCs
-
Suspicious use of SetThreadContext 5 IoCs
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\url.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff73a646f8,0x7fff73a64708,0x7fff73a647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --service-sandbox-type=collections --mojo-platform-channel-handle=5432 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,2368344390375050539,2962440338199434618,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=3124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\" -spe -an -ai#7zMap12653:120:7zEvent83071⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\" -spe -an -ai#7zMap13103:186:7zEvent270491⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\tracewpp.exeC:\Users\Admin\AppData\Local\Temp\tracewpp.exe3⤵
- Loads dropped DLL
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\tracewpp.exeC:\Users\Admin\AppData\Local\Temp\tracewpp.exe3⤵
- Loads dropped DLL
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\tracewpp.exeC:\Users\Admin\AppData\Local\Temp\tracewpp.exe3⤵
- Loads dropped DLL
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\tracewpp.exeC:\Users\Admin\AppData\Local\Temp\tracewpp.exe3⤵
- Loads dropped DLL
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\tracewpp.exeC:\Users\Admin\AppData\Local\Temp\tracewpp.exe3⤵
- Loads dropped DLL
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff73a646f8,0x7fff73a64708,0x7fff73a647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,185055823372015502,16426610919196571073,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lockFilesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD522bb6af63c7710354ac7070e45ac988c
SHA134d29d6b316e39ed8fb8c5efb42c4269040fcf1f
SHA2561a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb
SHA51242c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5562e31e5cb9d938fc9c65b4de478876d
SHA1eb6a8629d7ba2ada392b37c1490e300f714fb78a
SHA2563723d6e56dd9a716507ab9144ecc11df425c3d4f593748f31ca4d2a20a59d23c
SHA51291b0f7baa0956c0f4134f6f7153bb5fe1256b45756938c7094f2f672b2e33c30181dbddd9486ddc20e54c2bc2cf1ecd38062a30c44c323d549814d9af394def8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD562677bdc196e22a7b4c8a595efb130cd
SHA1bd2adf18caf764c8f034c08b6269d9693875f3c8
SHA256b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6
SHA512d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
528B
MD56423728adef4021e6ea0ec9154243908
SHA165191e5abaa8933371992f022d7e8cf8bbfad5b3
SHA2566b7c2ea74c0971551eaf2438bfdf0754c804751722d8843a8de52dd7b6b604da
SHA512a0c0b0e7d67eaf43374117eab2f6d7785f95f826a987949d76257a8cf78bf09d919f347aad077412010313b82aa12484b977692dc5800a7ae2a8c84b0b206f67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5efb946a82a62230797349ac32a13a734
SHA18bb6c07a2d50672a6d694f22aa5a08f4e979c365
SHA256e5c6c075350a57a5d18f81a3c37677ae070ac26e0ed9e8fc8060b34e9a54f00a
SHA51231f3cc9181fc2c8fd54856ba95e656c1b8b998873e0fc57080fb225016e43ae79e42ff3a17094222a7a08361b7ef02eda625604ef48b938f73465d425fceaa6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58c24e9558cbcc1353285b7a278e7417b
SHA1494e53d6d438edf3859101f2418b524ad9e44e26
SHA2569be9ad012f8848f4fef4e7b235e7592af59268e979a555de7433c4ef41e68da5
SHA5129370e7d8c55ffe59139e93b4049d7b24c3e3c9adf418cdbe16023cd9bd3f0c9920e62b77711d61a32a1624c4ac27e7713e4158c5d226468f02aaa1088753d35e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50f3f581a1613198fdadd21c2724b149e
SHA1e63cc113b65ce2a0ccdf5877b113ab92042aaa1a
SHA256b22ed2f3da33f2f5362405628eb4e8656967fe3ba5a24dc3f75bfd09da4c0b12
SHA5127bd12b39c922da5c0fc63b16b8daebd488f2f237d0a78b2b932a8753058071f93f033896717a31426a51248960276bbd5a477610131d00be2cbf614f2c41c6e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD515f0da2c1bb1c660731c23a4c74ec06c
SHA1d4d9fd4357c9bf50e72ac4da6e52786631c3f526
SHA25607ce76ec9cad0406076f4f85a635fbc8ed2b56c0607b06f34441cd0abe1715e3
SHA5121d627b48d345c3b117e4c229bf25167e9a9e2fb786aa0f31802acf551bba2e86a26f3a0bf935ae1bb61e54dab8cd2cd11828eb30f4439528b3029ff07a9a8c70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5422e3aa32e6f0f719fc1ee0967a5624b
SHA1f97139424af9828e44895c538f3c5438931c2665
SHA256a862f341e8b19065e2f05458ef4f9b6d34d6bd55258c95261f7f9ec59d0f3172
SHA512437229aa74197379cd9535e4fc3f2eec128797aa7007378840d2f70512212e7b4c15683406e009dafca210dfae165d03d50c9bdb552a60f4871f0045b8aafc43
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5b2c0306c743b11618caa73d121781e6e
SHA10eabc24b3d3bdf470b861f7cefb91d9f5fc42dd5
SHA256903066e4d96f0673fe901b400a632e66b555346b4838eead54e35a15ba8f6c44
SHA5125d974ca5fdf34df25c621dd4ec705ad45bf12d136b2473be030461d9e66604005d5ef93d948a537c225c2b8123828a6d9e05db12067d95ff3e5fede73922b3f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5de2436a308ea59d96d1dbe292e76800b
SHA1cb7e47dd38c7dd269901f95f5199553e4678a14a
SHA256bf541ad46b38526ebe00d53b1f0a40b32b19ebd565a7d8fd55dc4df68c99cf58
SHA5123a69c86941d12685bc01af9d726d4e9a9859a44b47b8e5659154416942d33a9a4350706f6d02d5e0a25930d7afa6293eb124392dfe1a38ff8993c45c63261cdf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5dea380746a51f9d9acc6f39092a9b6fd
SHA13f33a562bccf7f883009e14ba074ac84443de20d
SHA25603d4605f33d3014feaecd1a00380dfbf46a7a7eb97d05ad30e6bcb089527795b
SHA51207f7b918fd68b841d2f20e95d68a1bcd1d35b05e6d0928987ba963f04ac3840b8f466d61e6494b2f36f0f52cd0a200287ee5d08bfc3cefa1ed4b8fbc303cf5d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c75b0e27727fa7aef1a978c6248a5fc4
SHA10350a29728143276b117e00919dd84316d8c6227
SHA256f23f3b80cacb667e61edaffec7977ebef98a611e0da0cab43f7d876d0a8b4183
SHA512872aede6e64338c33fc60e0377d04de7a3793cdb49090fc8ed89b8b19aefc44e59067aefc5427b843f61ac2ea0fe932bbb26697763f237827ae1f83b3a79b740
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c851.TMPFilesize
204B
MD5107978c0bf2677c52e75de5b25e39c42
SHA1228e287b66bc3a87690d36de95b05b319c6b4adb
SHA256d799d791321dddc0eca39e637a052720af18b06608353b734766c8c1b5d04d33
SHA51251f2f7b547d879d74a2a8775bf8a8d25745564f58b137706c1cde68c42211002dbb2e4282926f06ecac0991d47e20485bf0059d1e94ce3b5e352474a778cfc1f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD566cda8d7df6bf5ad74306223836eaaa1
SHA12f77b2491278cd04c1af9fe0b67de9f44674ce15
SHA25661c896d00ef414c803a509b844fba64e6b8024648ca36d1d6295bc7d7a8de14a
SHA512f9733693c35669e3898639adcda23e15d7bb824469842d7bfb7459b76cf20d62b1f576603510ffef20e9815ba3d86283be019574d299bdd28de395b3df96ee8f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5554d86841a9b3720fe15684fe83c5e9a
SHA1543577a0af202f934aa3741e0312baae246b95bd
SHA2564dc531e4c0bee5d454e424034ebb2cfafd4e0014cf2b136be237a9ab73d8eadb
SHA51285159161dd312fb0355757c2bad8291966d8646f3f3fbf2545538a3627e9f7e179444c8755efb2859e4a129c766f05869c618cf50b7356259e98a9289b73e9e1
-
C:\Users\Admin\AppData\Local\Temp\47fda6a1Filesize
1.2MB
MD5d9cfcf87631e00929debb59ff576ba44
SHA11b87461900b541ed5f412c739456cb68be275751
SHA2564e09aa8f7e4888bbc7b9a81c53b77133fffb511c7655b4de1dfe275bdfc3151d
SHA512130834ecdcfae57b1e080d581a08e5edf769cbe4336fd18563117e56d60ce8693ec35cbb22d36f48872676a485daff28614e25197ce92e8b49c9ce819863156c
-
C:\Users\Admin\AppData\Local\Temp\622bf42aFilesize
1.2MB
MD516e51a5a171391d7d52de1e96c560c11
SHA1b9cce3c91ea6f928c2aff3f540f0dbcd421670a3
SHA2566f38ec1fdb357a259433f37989870a24b48cb8d72fddb64fced90e25dec18691
SHA512fd890e8c677b97c29c8c5ceb1b77643cf8b3002fa28224fef1b47950cdd11e43952995a91060bb5fb05c6b2c04c853db4aaceb3d599bd6a1d8c241dfa62ac50c
-
C:\Users\Admin\AppData\Local\Temp\6d76080cFilesize
1.2MB
MD596ef8ab9dd6b5ebc90e40e724003b23d
SHA15f3f83b7e6f13c8566fbd814289c650999127f78
SHA2569f1feed0d43e75ca17bf0f041d454b2cf14fee16789c77d462f342c8c739a8f8
SHA512077834a38d7408a75dc46e9ebad2236a73ff64c3ea0af8f64c72e50410e1dfd871cbc8d14bf41d645fdb15b38f4cca17f002113281243f5b6c27b2d5d57aece5
-
C:\Users\Admin\AppData\Local\Temp\7eff41d9Filesize
1.2MB
MD5f10ca8074436935762e73e4634a5948e
SHA1ccdc3dbcd89377e103875758c1355b9bb8d44536
SHA256a0f4816fcf8f205b92f31fc12aef60dc1c7ed95f37588fdf10a8dca0518555ca
SHA512fa56b31f736f8ebdd11f3316aa8f76bd7835cd2ab10378b66ddd9f3684c25b2646b77b13db7239b183edfae577233cf171c087fd08d4d281f779ab5c60d56285
-
C:\Users\Admin\AppData\Local\Temp\8e936f34Filesize
1.2MB
MD53627d6501684f1e145a0a4f2fdecf426
SHA1c52df637a2989c579f798a6400f8ed1981b0e2d3
SHA25605e2275c00ed311d6654cd3d196530f2cbd78efca4ddf8bb7a2a4470fbc688f1
SHA51239a97e300f84d6bc803992f0d0aa7fd2d6c79349e6928fcb6c66618b82080dd19f493b084396e3bea3a936ec9def39fe7d670ed7bbd8354141b0eee74c5e43b2
-
C:\Users\Admin\AppData\Local\Temp\tracewpp.exeFilesize
207KB
MD50930890f83efad2a3091d1e3f0b82707
SHA1e0dcdefdde9dddd482e0b72504b35e96b795b27e
SHA256e8be7f038dd98179a1a27d5b176d23a60ad44426442699a3b9b714f9778c5cf2
SHA512608e2a169a9eb3c1b8e4459704e87123e5d04de57937175811a3f67559f0ead77b09e48562c1df732552a6aca7a8089528f43cda83bcdad1644a089b11a0e9f6
-
C:\Users\Admin\AppData\Roaming\Lswprotect2\relay.dllMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$.zipFilesize
15.6MB
MD56d7edac6cb84029775602fd41521baa6
SHA1bbb946fac6c00dccc01756237d87b3641ba45070
SHA256abd194b6386e37bae5ae7c38513c92ba96eb8cae7c4cdb08a1bbd121579052ae
SHA512f50eb887aa25dd795ba1e4028d8f8d673913279412aa2ce3f7fb04c3b34b67a01ddc8f4318202bc1970ae96f51d360df18da310192e984bf6c9866dc965acbd1
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$.zipFilesize
15.6MB
MD5225f2e14a20a8e6865cda75968f1c706
SHA1c8aac98fc8f7fa67df879f4f7fdd54e622d46711
SHA2562373daca49f914473ad56dcdf4a895d1374bb17ffad5e45eea982e8e11418043
SHA512d692cb7aa5278f0ee7f2047d2ed49ee899deb874344d7cb00495304560c23172f9d6d7d12e0cdd7f97f148a78690e482e0960c7122774e1a2759ca4596be36fa
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Data\level4.resSFilesize
128KB
MD564d183ad524dfcd10a7c816fbca3333d
SHA15a180d5c1f42a0deaf475b7390755b3c0ecc951c
SHA2565a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a
SHA5123cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\Setup.exeFilesize
2.4MB
MD59fb4770ced09aae3b437c1c6eb6d7334
SHA1fe54b31b0db8665aa5b22bed147e8295afc88a03
SHA256a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3
SHA512140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\UIxMarketPlugin.dllFilesize
1.6MB
MD5d1ba9412e78bfc98074c5d724a1a87d6
SHA10572f98d78fb0b366b5a086c2a74cc68b771d368
SHA256cbcea8f28d8916219d1e8b0a8ca2db17e338eb812431bc4ad0cb36c06fd67f15
SHA5128765de36d3824b12c0a4478c31b985878d4811bd0e5b6fba4ea07f8c76340bd66a2da3490d4871b95d9a12f96efc25507dfd87f431de211664dbe9a9c914af6f
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\foozle.cfgFilesize
907KB
MD59b3d5b2e3bfdf4a32285a884205d0192
SHA127734c145996527b70e6d921a17419b87f6596c6
SHA256a165198db6875dca2283adf0ef6309b9f64e0e07873303203b55261a62c9209a
SHA512d91a70c0eac2cd38b044d1643bf805748b5e14a4446b798e858a661bfc64f6a001671e973ac72e58ae0442a9edbf7e61d24b63dc7c8264a2b7773a523c454a6c
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\relay.dllFilesize
1.5MB
MD53e58f05e392aab774479ca857b93c692
SHA12839d32656227e73c4a1e51050ed181907f99dd1
SHA25604db97c97e4ac3e718ba049348e99dabea0aac5c401972580470b396427f4c27
SHA512e8c496294c8af6e126426d4a62097e26d72470d3817364b19a7be07f2e33ecfb33d8afac8b4a346dfc11e68ab2c6dc830d9b856ad13d4b6fd8ce711274eb17ec
-
C:\Users\Admin\Downloads\@#!!Open_FILE_2255_Pa$SWorD%$\@#!Open_MainFile_2255_Pa$á¹£W0rD%$\sidesman.odsFilesize
25KB
MD50f0bf557eb396d5001c86f6c309dffb6
SHA1dcbc069f43604a53060c17a20090d431feada805
SHA25601faf2b6bbb24771660ecc335ebce734c586cefda1c837088488afc380b53f98
SHA5126bc0d63c727ada577c32a15d75513cb8de19df9fa77d870466c4e575652fba8566759071307ea3abbbcf61149e40898dfaef527f2e03c5c604370b305f6c405b
-
memory/752-1475-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/808-1495-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/808-1496-0x0000000000300000-0x0000000000350000-memory.dmpFilesize
320KB
-
memory/808-1501-0x0000000000B30000-0x0000000000BB4000-memory.dmpFilesize
528KB
-
memory/808-1502-0x0000000000300000-0x0000000000350000-memory.dmpFilesize
320KB
-
memory/1200-1537-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/1292-1497-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/1292-1484-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/1292-1483-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/1292-1494-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/1572-1521-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/1572-1518-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/1572-1509-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/1572-1508-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/1632-1427-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1425-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1428-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1422-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1423-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1424-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1414-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1416-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1426-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/1632-1415-0x0000015857DA0000-0x0000015857DA1000-memory.dmpFilesize
4KB
-
memory/2664-1470-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/2664-1466-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/2664-1457-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/2664-1456-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/2836-1399-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/2836-1400-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/2836-1406-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/2836-1407-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3012-1449-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3012-1439-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3012-1440-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/3012-1450-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3024-1413-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3024-1418-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3024-1409-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3024-1411-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/3100-1453-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/3100-1469-0x00000000737D0000-0x000000007394B000-memory.dmpFilesize
1.5MB
-
memory/3116-1435-0x0000000000BC0000-0x0000000000C10000-memory.dmpFilesize
320KB
-
memory/3116-1434-0x0000000000B30000-0x0000000000BB4000-memory.dmpFilesize
528KB
-
memory/3116-1433-0x0000000000BC0000-0x0000000000C10000-memory.dmpFilesize
320KB
-
memory/3116-1431-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/3612-1522-0x0000000000D60000-0x0000000000DB0000-memory.dmpFilesize
320KB
-
memory/3612-1538-0x0000000000D60000-0x0000000000DB0000-memory.dmpFilesize
320KB
-
memory/3612-1520-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/4004-1479-0x0000000000A90000-0x0000000000AE0000-memory.dmpFilesize
320KB
-
memory/4004-1474-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB
-
memory/4004-1476-0x0000000000A90000-0x0000000000AE0000-memory.dmpFilesize
320KB
-
memory/4004-1477-0x0000000000B30000-0x0000000000BB4000-memory.dmpFilesize
528KB
-
memory/4456-1500-0x00007FFF82790000-0x00007FFF82985000-memory.dmpFilesize
2.0MB