Resubmissions
25-05-2024 07:32
240525-jcy6vsaf43 1025-05-2024 07:22
240525-h7ev2aad3w 1025-05-2024 07:15
240525-h3nx5sac5y 825-05-2024 07:05
240525-hwh4baab2t 7Analysis
-
max time kernel
494s -
max time network
500s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
25-05-2024 07:32
Errors
General
-
Target
http://pixeldrain.com/u/QEeXR3cT
Malware Config
Signatures
-
Windows security bypass 2 TTPs 3 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Executes dropped EXE 15 IoCs
-
Loads dropped DLL 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 3 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 13 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 5 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 6 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pixeldrain.com/u/QEeXR3cT1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0xdc,0x7fff5c833cb8,0x7fff5c833cc8,0x7fff5c833cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5238901903826850829,15806412385126985425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2616 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\пездець1488.rar"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\пездець1488\Шутки\Koteyka2\Koteyka2.exe"C:\Users\Admin\Desktop\пездець1488\Шутки\Koteyka2\Koteyka2.exe"1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Antivirus Platinum\AntivirusPlatinum.exe"C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Antivirus Platinum\AntivirusPlatinum.exe"1⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\WINDOWS\302746537.exe"C:\WINDOWS\302746537.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F085.tmp\302746537.bat" "3⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s c:\windows\comctl32.ocx4⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s c:\windows\mscomctl.ocx4⤵
- Loads dropped DLL
- Modifies registry class
-
\??\c:\windows\antivirus-platinum.exec:\windows\antivirus-platinum.exe4⤵
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\attrib.exeattrib +h c:\windows\antivirus-platinum.exe4⤵
- Drops file in Windows directory
- Views/modifies file attributes
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Antivirus Pro 2017\AntivirusPro2017.exe"C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Antivirus Pro 2017\AntivirusPro2017.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\SecurityScanner\SecurityScanner.exe"C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\SecurityScanner\SecurityScanner.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\пездець1488\Трояны\YouAreAnIdiot.exe"C:\Users\Admin\Desktop\пездець1488\Трояны\YouAreAnIdiot.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 14562⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4024 -ip 40241⤵
-
C:\Users\Admin\Desktop\пездець1488\Рансомы\Xyeta\Xyeta.exe"C:\Users\Admin\Desktop\пездець1488\Рансомы\Xyeta\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 4762⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3696 -ip 36961⤵
-
C:\Users\Admin\Desktop\пездець1488\Трояны\FreeYoutubeDownloader.exe"C:\Users\Admin\Desktop\пездець1488\Трояны\FreeYoutubeDownloader.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\пездець1488\Шутки\Hydra\Hydra.exe"C:\Users\Admin\Desktop\пездець1488\Шутки\Hydra\Hydra.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Win7Recovery\Win7Recovery.exe"C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Win7Recovery\Win7Recovery.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 5562⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 8282⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 8722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 10202⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 10642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 10642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 10842⤵
- Program crash
-
C:\ProgramData\WbVhxCIDDK.exe"C:\ProgramData\WbVhxCIDDK.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 6203⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 12522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 16362⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 10562⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2348 -ip 23481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4680 -ip 46801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2348 -ip 23481⤵
-
C:\Users\Admin\Desktop\пездець1488\Трояны\FreeYoutubeDownloader.exe"C:\Users\Admin\Desktop\пездець1488\Трояны\FreeYoutubeDownloader.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 2348 -ip 23481⤵
-
C:\Users\Admin\Desktop\пездець1488\Трояны\MEMZ.exe"C:\Users\Admin\Desktop\пездець1488\Трояны\MEMZ.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\пездець1488\Трояны\Spark.exe"C:\Users\Admin\Desktop\пездець1488\Трояны\Spark.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\bcdedit.exe"C:\Windows\System32\bcdedit.exe" -set nointegritychecks on2⤵
- Modifies boot configuration data using bcdedit
-
C:\Windows\System32\bcdedit.exe"C:\Windows\System32\bcdedit.exe" -set testsigning on2⤵
- Modifies boot configuration data using bcdedit
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4680 -ip 46801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4680 -ip 46801⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
6Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d56e8f308a28ac4183257a7950ab5c89
SHA1044969c58cef041a073c2d132fa66ccc1ee553fe
SHA2560bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA13f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA5129f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD50aa73d421fa43ca1528c8b5673c864b8
SHA1196011c894e8b650e0a44b6fe0e29bd03360565a
SHA2561e0911083344ead4753d1dbb3333dda2460ddcb8c586bd681c3c4d9a42cd2c73
SHA512e46863010cf881d8f89118449bbdd2eaf39e1bd7a66874b76eb62ef88e46fc6f29d75f58cc9c0ca0f1d58552d328b3505d9544a9b63f350597ad7e4f3e1b1cd5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
182B
MD59eb9d67f919ae153884991ffc5223fdb
SHA18ebbb1a763b529cc9bf2839b13f0564f10d10046
SHA25608e4c57ce93d9bce050befa4e516d8aca239010d22692f90ea30a39ba91a1d40
SHA5129aad23e77ff458c7b49381fec4e0c650172314e46cdae969744d948f67eabb8ee25e2d04f6d81d43bc97f2d704fabc43b4b63ece97a14f09fde78c59132a003b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5cee145658bfe176215a725a72e51fd66
SHA1d74ddd1c9a22ed32b2ad92d47eba1c8f4ca62607
SHA256b9bab19c5d32605c19fc6a97ccbc07016453ac93216c01b76b869ee03f7bc6be
SHA51249ed75acb05fb66e15011eae25d64e5b46cd37c2dd2d53829389d282362634e11160bf2b8b7d18011c8f4ad821eb2ba8cc0b3adc4496da6ced71b4f8c5022ed1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD585125e0b50be415759bd08a32a711bda
SHA11e66cd1fa5161b3e3178a11987cdc8e637228f0d
SHA256a81ffd10b12604a0e4b69f5617d53bd08faa1e5798f485127b44bbcabfd88e61
SHA512b12e36875883eb1e723e20831362d1cc58106990bcb6020eaba5fc699c8c3f8f32ff3fef0eece26221689bf14358918fa0f3920e5b156e8805b89b604a3ccb17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57236e95f16ae6e98c6ec348dd347a594
SHA19baf846e1d35df086bb3c67580da94d6691548f5
SHA256fbcd72826f979a3a99d86b12886704895d0d75a826274fe6e6e52faa116cf295
SHA512c9efa96babdc17f89bf86dfec69a3804bc2cf153c6e33bf4fa1b28e850cbc9e39bbb7d5c083f41677e1a5784004b0d87c9bf61bb6f495a5f011c99532f2ae46a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ef5a9ca2bc4f0e3798cf63b886377958
SHA1992fa021f971d7101ceb6a9319f48df2e6ea0a5a
SHA25652ba956fb6c027990163eba831f454bf3553e466b4f1a2c9dd4dc715dc64717b
SHA512d9bd4ca9aa2c5e0c6bb93ccb1cfac7efa5d89f2c8aebf51789ae2209a73b51ebecca0345795b1fca074e308270775c047f6a13494cc7e7802f80fb5ae2138c12
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD504a179881d761d1287dc6ade1fe30947
SHA129f012fda335718d6d40876a2ea2be55d9bea670
SHA256226c7ea34bc87d3c9536ef39203f4d0b9f477c78736adca38f4e78927cfeabcc
SHA51277e67b4ec7f2d8ddf5b83747808f84142665990d2111398c15a9ed0aad9277795ab3360894b9f1c69d5da75c4ac27c6d0a79764e6d775c3e2d70faf070e1e952
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54a253362846c20464f6870b24ec131bd
SHA1078bc4450f7db49ac3cc9e859fb69ba62eba2ddb
SHA256a0e1062bb5c227a60c87df7725326115215a7905fa6369cd57b49d3df1009c46
SHA512ef31d8b95c689413684d520e29cdf6f98493f181a7a1f07faf4ee04873bd99cb5e304d3d60d7a7275e1977a186240916767cd738b865aba64815696ffd0b960b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbFilesize
14KB
MD5da61bd331d137ca1013635a45b56f86d
SHA1a6dd776f269553aa9f12f198c6417ebbcdcac4fe
SHA256ea18ae36abd5fcebfdca3ff9537ea6b66079a18ebf50e33c37e2af749038f784
SHA512ec37d5cce84c92a595d6c710f0ebde0ae04ddd813bbe6203485b32ab20baef8697f7487c1f8318e7b2eb9146f78b0f6b79b5b57e623c2da5848af982b2bb2bde
-
C:\Users\Admin\AppData\Local\Temp\Adobe_Flash_Player.exeFilesize
114B
MD5d725d85cc5f30c0f695b03a9e7d0c4c0
SHA1131b68adcddb7ff3b3ce9c34c5277eb5d673f610
SHA2564d4588c42fa8df0ea45ad48aca4511bb4286f0deaa41fdf188c3b7ab9e1b698a
SHA51201f270a15aa10e60e14ac140ccb54e38cf8e57833ef1c0db7d36688a93ecdc0a59ecf9ead9366a5920faac7e28a2e0ee03759eb0fa92d455abc72f406fe8775b
-
C:\Users\Admin\AppData\Local\Temp\F085.tmp\302746537.batFilesize
348B
MD57d8beb22dfcfacbbc2609f88a41c1458
SHA152ec2b10489736b963d39a9f84b66bafbf15685f
SHA2564aa9ed4b38514f117e6e4f326cb0a1be7f7b96199e21305e2bd6dce289d7baa2
SHA512a26cf9168cf7450435a9fe8942445511f6fda1087db52bd73e335d6f5b544fc892999019d9291d9dcc60c3656de49688f6d63282c97706e2db286f988e44fd94
-
C:\Users\Admin\Desktop\пездець1488\Рансомы\Xyeta\Xyeta.exeFilesize
84KB
MD59d15a3b314600b4c08682b0202700ee7
SHA1208e79cdb96328d5929248bb8a4dd622cf0684d1
SHA2563ab3833e31e4083026421c641304369acfd31b957b78af81f3c6ef4968ef0e15
SHA5129916397b782aaafa68eb6a781ea9a0db27f914035dd586142c818ccbd7e69036896767bedba97489d5100de262a554cf14bcdf4a24edda2c5d37217b265398d3
-
C:\Users\Admin\Desktop\пездець1488\Трояны\AxInterop.ShockwaveFlashObjects.dllFilesize
17KB
MD5451112d955af4fe3c0d00f303d811d20
SHA11619c35078ba891091de6444099a69ef364e0c10
SHA2560d57a706d4e10cca3aed49b341a651f29046f5ef1328878d616be93c3b4cbce9
SHA51235357d2c4b8229ef9927fa37d85e22f3ae26606f577c4c4655b2126f0ecea4c69dae03043927207ca426cc3cd54fc3e72124369418932e04733a368c9316cf87
-
C:\Users\Admin\Desktop\пездець1488\Трояны\FreeYoutubeDownloader.exeFilesize
396KB
MD513f4b868603cf0dd6c32702d1bd858c9
SHA1a595ab75e134f5616679be5f11deefdfaae1de15
SHA256cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
SHA512e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
-
C:\Users\Admin\Desktop\пездець1488\Трояны\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\пездець1488\Трояны\Spark.exeFilesize
495KB
MD5181ee63003e5c3ec8c378030286ed7a2
SHA16707f3a0906ab6d201edc5b6389f9e66e345f174
SHA25655bfcb784904477ef62ef7e4994dee42f03d69bfec3591989513cccbba3fc8fe
SHA512e9820f60b496d6631e054204c6fc5b525527d40a578faac1d5cdb116abcb4a35aacf4f4354ff092a2b455c5d9c2e0f29a761d737d9c9ad3d59d70b51d0583d92
-
C:\Users\Admin\Desktop\пездець1488\Трояны\YouAreAnIdiot.exeFilesize
424KB
MD5e263c5b306480143855655233f76dc5a
SHA1e7dcd6c23c72209ee5aa0890372de1ce52045815
SHA2561f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69
SHA512e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Antivirus Platinum\AntivirusPlatinum.exeFilesize
739KB
MD5382430dd7eae8945921b7feab37ed36b
SHA1c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128
SHA25670e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b
SHA51226abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Antivirus Pro 2017\AntivirusPro2017.exeFilesize
816KB
MD57dfbfba1e4e64a946cb096bfc937fbad
SHA19180d2ce387314cd4a794d148ea6b14084c61e1b
SHA256312f082ea8f64609d30ff62b11f564107bf7a4ec9e95944dfd3da57c6cdb4e94
SHA512f47b05b9c294688811dd72d17f815cce6c90f96d78f6835804d5182e2f4bfbd2d6738de854b8a79dea6345f9372ba76a36920e51e6cb556ef4b38b620e887eb4
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\SecurityScanner\SecurityScanner.exeFilesize
2.2MB
MD57dde6427dcf06d0c861693b96ad053a0
SHA1086008ecfe06ad06f4c0eee2b13530897146ae01
SHA256077c04ee44667c5e1024652a7bbe7fff81360ef128245ffd4cd843b7a56227cf
SHA5128cf162f83ebfa2f3db54b10d5b0e6af590e97596ac2d469058a98340bf27de2866e679c777aa46dd530db44c27503d4cea8c34d96cb83b71477a806b5ab7c1b9
-
C:\Users\Admin\Desktop\пездець1488\Фейк-АВ\Win7Recovery\Win7Recovery.exeFilesize
467KB
MD5ab65e866abc51f841465d19aba35fb14
SHA1ec79f1f511a199291b0893bc866a788ceac19f6e
SHA2562ac0ca4ffda10b1861dd4ae0c2f0131a6400214cb4f5fa33951f3062b784a755
SHA5122474905f174635b236e5f6e8f8c497e44435c94edd02ec47d3440c9a216f6840d040e6acc5fe2ec301ada80467f6cf55225d6361c1e7c6c6c7edccb9e7b5a35e
-
C:\Users\Admin\Desktop\пездець1488\Шутки\Hydra\Hydra.exeFilesize
43KB
MD5b2eca909a91e1946457a0b36eaf90930
SHA13200c4e4d0d4ece2b2aadb6939be59b91954bcfa
SHA2560b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c
SHA512607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf
-
C:\Users\Admin\Desktop\пездець1488\Шутки\Koteyka2\Koteyka2.exeFilesize
762KB
MD57734f0e56da17e9a5940fd782d739f9b
SHA14dfae67e40be6c4c83191ea0cf8d1b28afba884c
SHA2568855299560183b57556d9714a2b958cdc6190fcdfb270633da2a47dfeee20015
SHA51253d07938bafbcb9524cdba6d25e09fcdae128a83718ab686374f0526730e2e6380f60e3bf951601e48f6f8e64563c484ddd8baf9be2878a5ad393817028a9632
-
C:\Users\Admin\Downloads\пездець1488.rar:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Windows\302746537.exeFilesize
22KB
MD58703ff2e53c6fd3bc91294ef9204baca
SHA13dbb8f7f5dfe6b235486ab867a2844b1c2143733
SHA2563028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035
SHA512d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204
-
C:\Windows\File Cache\DLL.dllFilesize
116KB
MD5a61c26b360471c8258c7571037c4bca0
SHA15db105e0384f25b1ab165c10a9445e6b943cd0ff
SHA256e77316a1fd682e1af8af3ccd03c170f886b9ec8edf7013e1be6a6207cb5a6f16
SHA5123ef680d50ccfa4311d3d1bec1648c48cf8e8633353dea5e06f52339047ede36fd1655ce728541e769d9fcaa6ab8c2a66981aef708a9f4d05ae46ad26f9d6aef4
-
C:\Windows\antivirus-platinum.exeFilesize
9KB
MD5cd1800322ccfc425014a8394b01a4b3d
SHA1171073975effde1c712dfd86309457fd457aed33
SHA2568115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0
SHA51292c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6
-
\??\c:\windows\comctl32.ocxFilesize
595KB
MD5821511549e2aaf29889c7b812674d59b
SHA13b2fd80f634a3d62277e0508bedca9aae0c5a0d6
SHA256f59cdf89f0f522ce3662e09fa847bca9b277b006c415dcc0029b416c347db9c4
SHA5128b2e805b916e5fbfcccb0f4189372aea006789b3847b51018075187135e9b5db9098f704c1932623f356db0ee327e1539a9bf3729947e92844a26db46555e8cd
-
\??\c:\windows\mscomctl.ocxFilesize
1.0MB
MD5714cf24fc19a20ae0dc701b48ded2cf6
SHA1d904d2fa7639c38ffb6e69f1ef779ca1001b8c18
SHA25609f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712
SHA512d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1
-
\??\pipe\LOCAL\crashpad_3604_UJHCOLCJBGONQAGQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/932-410-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-465-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-304-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-446-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-384-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-364-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-388-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-440-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-399-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-328-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-401-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-329-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-436-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-449-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-406-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-379-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-451-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-430-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-428-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-469-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-467-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-453-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-463-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-461-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-459-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-457-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-374-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-424-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-455-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/932-426-0x0000000000400000-0x00000000006B8000-memory.dmpFilesize
2.7MB
-
memory/936-370-0x0000000000400000-0x0000000000410000-memory.dmpFilesize
64KB
-
memory/936-352-0x0000000000400000-0x0000000000410000-memory.dmpFilesize
64KB
-
memory/944-447-0x0000000000400000-0x000000000043C000-memory.dmpFilesize
240KB
-
memory/944-441-0x0000000000400000-0x000000000043C000-memory.dmpFilesize
240KB
-
memory/1424-546-0x0000000000030000-0x00000000000B0000-memory.dmpFilesize
512KB
-
memory/1424-554-0x0000000004DC0000-0x0000000004E14000-memory.dmpFilesize
336KB
-
memory/2968-405-0x0000000000400000-0x0000000000843000-memory.dmpFilesize
4.3MB
-
memory/2968-408-0x0000000000400000-0x0000000000843000-memory.dmpFilesize
4.3MB
-
memory/3380-380-0x0000000000400000-0x000000000040D000-memory.dmpFilesize
52KB
-
memory/3380-365-0x0000000000400000-0x000000000040D000-memory.dmpFilesize
52KB
-
memory/3380-375-0x0000000000400000-0x000000000040D000-memory.dmpFilesize
52KB
-
memory/3380-382-0x0000000000400000-0x000000000040D000-memory.dmpFilesize
52KB
-
memory/3480-444-0x00000000000B0000-0x00000000000C0000-memory.dmpFilesize
64KB
-
memory/3696-433-0x0000000000400000-0x000000000044F000-memory.dmpFilesize
316KB
-
memory/3696-434-0x0000000000400000-0x000000000044F000-memory.dmpFilesize
316KB
-
memory/3740-462-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-373-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-464-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-387-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-425-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-456-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-389-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-458-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-400-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-460-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-402-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-448-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-381-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-450-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-427-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-466-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-409-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-468-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/3740-376-0x0000000000400000-0x0000000000A06000-memory.dmpFilesize
6.0MB
-
memory/4024-413-0x0000000000AC0000-0x0000000000B32000-memory.dmpFilesize
456KB
-
memory/4024-414-0x00000000055C0000-0x000000000565C000-memory.dmpFilesize
624KB
-
memory/4024-417-0x0000000005670000-0x000000000567A000-memory.dmpFilesize
40KB
-
memory/4024-418-0x0000000005940000-0x0000000005996000-memory.dmpFilesize
344KB
-
memory/4024-422-0x0000000005730000-0x000000000573A000-memory.dmpFilesize
40KB
-
memory/4024-415-0x0000000005C80000-0x0000000006226000-memory.dmpFilesize
5.6MB
-
memory/4024-416-0x0000000005770000-0x0000000005802000-memory.dmpFilesize
584KB