Analysis

  • max time kernel
    134s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-uk
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-uklocale:uk-uaos:windows10-2004-x64systemwindows
  • submitted
    10-07-2024 21:57

General

  • Target

    https://github.com/knightxanavsem/PremierePro2024

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://sensitivyitszv.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/knightxanavsem/PremierePro2024
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa333cc40,0x7fffa333cc4c,0x7fffa333cc58
      2⤵
        PID:3272
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:472
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
            PID:5072
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2368 /prefetch:8
            2⤵
              PID:1872
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
              2⤵
                PID:4116
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3344 /prefetch:1
                2⤵
                  PID:3068
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:8
                  2⤵
                    PID:5080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:8
                    2⤵
                      PID:944
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                    1⤵
                      PID:2636
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:4208
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:4388
                        • C:\Program Files\7-Zip\7zFM.exe
                          "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\git.software_v1.3.9.7z"
                          1⤵
                          • Modifies registry class
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: GetForegroundWindowSpam
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          PID:2652
                          • C:\Windows\system32\NOTEPAD.EXE
                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC5AEE748\Read me.txt
                            2⤵
                              PID:4036
                          • C:\Windows\system32\taskmgr.exe
                            "C:\Windows\system32\taskmgr.exe" /4
                            1⤵
                            • Checks SCSI registry key(s)
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:3292
                            • C:\Windows\system32\taskmgr.exe
                              "C:\Windows\system32\taskmgr.exe" /1
                              2⤵
                              • Checks SCSI registry key(s)
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:4220
                          • C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe
                            "C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe"
                            1⤵
                            • Executes dropped EXE
                            • Suspicious use of SetThreadContext
                            PID:4372
                            • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                              C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                              2⤵
                                PID:3616
                            • C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe
                              "C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe"
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              PID:4432
                              • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                2⤵
                                  PID:2484

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                Filesize

                                64KB

                                MD5

                                d2fb266b97caff2086bf0fa74eddb6b2

                                SHA1

                                2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                SHA256

                                b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                SHA512

                                c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                Filesize

                                4B

                                MD5

                                f49655f856acb8884cc0ace29216f511

                                SHA1

                                cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                SHA256

                                7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                SHA512

                                599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                Filesize

                                944B

                                MD5

                                6bd369f7c74a28194c991ed1404da30f

                                SHA1

                                0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                SHA256

                                878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                SHA512

                                8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                2KB

                                MD5

                                ed3c8846a87da368e58134a298dfc1a4

                                SHA1

                                3b932b4c263ba2eace0c49e6c1a632bab55e0803

                                SHA256

                                2258cb7950a7df9928ecf67deb61d419e961209f476ddb295989f7c135badaae

                                SHA512

                                94f727d281a2f8d8a80f6569a134ec1779d6fb5ae57d1bcca3c105289fbd51bda7d20f5b1478f7f1cfc4a363767a8da2589693bfa16217835b1882cb982e0120

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                a3b370d22dd8b349a1390c62e1e889e6

                                SHA1

                                d8a6fbed2ef778693d7174891b5a16b01aaf3bbc

                                SHA256

                                dcc202e8b5b9968701ccaba876f6a26a63182814a65d48e9dc60a1bd51865721

                                SHA512

                                e983cbfbefce9b5d5c749a22fdaa13014b92a3f29e688a3aefc0284fb18a01318250ec167c3f8ae7b4369df9927e85ad34032048b54bb65a13e4aa1c8834c554

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                299744f942bfbffb31143f5187c8d4b0

                                SHA1

                                0d1ff1c17007e3d1e0e034ec882e621ca945155c

                                SHA256

                                0f4604c2cf8640f569b064ca0f6a70c828846635f172aad70b875d820f09eea0

                                SHA512

                                7bdbdfc13b4653cae0ad3c742a844bc378be9a5c4428d0e071db63b7e7690104fec4c3ad185ae56060ed5e3ecfdd5881ca571cda31ac73cf3b6bfb5ad96e5e43

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                1e86d8e5bf22b325594ab16aea706bec

                                SHA1

                                f2712a82bbe0e301b9962b992b041e26c0b0100a

                                SHA256

                                0307db303e0876e3e494b66df2c827d3f5d16206428c574b3349976710c6c9b6

                                SHA512

                                d496387926512a65c4ae0a5ddd9ba738afa6f4fb749e8da8c32ac69a0be49b1c69cfb39e8c7e5a53be7b64ba61399e95feafe31a6050153c39c4cebbaf9a218c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                ac6a736377068e321f092d06952a6789

                                SHA1

                                20f50602e3472940c694ac685204fd140fa44895

                                SHA256

                                c2dfc9622e4a8b5a7758390f0f85d8d774877aeaafe10697ab5dab3d38ba8c90

                                SHA512

                                2047518e8e3b099ceaed09812beefebe8999f20f6896111ee7cb49a6a476eaf52e9df9d4dcaf77c5aad8fb6a2752e5a0158af696a9487709583589311d81acc5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                405f5648bcd16d7206eff3cd473f20af

                                SHA1

                                32bd75bbd294c1f1956fa445b35923f82264f87e

                                SHA256

                                733c2536a8fafbbda490bafef915aeaa4d4545446fc5ef236e2a3a157953f190

                                SHA512

                                dbbd14dc8f8d4c44a3056153a7b54755a0e56e94c713b0dbed7cafc20edcbcbf8a4aad516cefefffc1fe123a17a7f77689651e69c2650592189aade929192008

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                fb1656be15a2422379c78305f1ce937e

                                SHA1

                                4fc3d8ca502dc19255491d502157540b2d7e4524

                                SHA256

                                a9d3e93f7865cbd53dddeaa05e5dc810738d5d62d51a94e66c69cdb0609b6a00

                                SHA512

                                e4352d45faa911d98e571f5980d41e6793d4ed17a1996150d84c276d78c61a83efbdc77431725f1b0a725432fcf5972290f1d08e8718af4f5ba7d475191a8e86

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                a372bd25d99bd59bfe7dc14de7b04809

                                SHA1

                                499b00a9059901064041c86f79c59ec8adfd2c93

                                SHA256

                                dc30b98fe11f8c9c9fc5cf882161a6958315d6dd05ece2c56140931228e7d40b

                                SHA512

                                ca271d9fe3cd088c3c95e383b02df231ba4daba202492f45469e45d17af9d3b189cb636e23bed572e1bb94e5f66bd8a3904dec1cee543ef6327e27ab8aa63a11

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                923be145a2c35a0067e7cc30af3cf394

                                SHA1

                                16b8f867e00f21ded8cfb8f696336affd7f72020

                                SHA256

                                1563283e40036936b3cbca53592af36567936dc5e06c89c0e89b904d2ef90947

                                SHA512

                                df3d7a52f15b87467ef5042e0e6df9a110f4231c3804150d5bba9e0d9aeb3c0a637935df10d16da726720ee52ea67670c3d08689054102fa7924854c6ed04f74

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                d5731d7e35118697577606d581f108df

                                SHA1

                                bd8f266d3aeab6c2638d2148002e653545a44d91

                                SHA256

                                44a3f09b7a4aa075d75e73faa9366e63753a4d980e9ea96ad4e01f01026c4f55

                                SHA512

                                a34e7aef580121cd8aeb5c1b38367054586b19c6574742b169cfe68231097d232076a26fabf80216f759c657d4cbf86c175f9a0a1667f2d1d043c7e5dcec6121

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                181KB

                                MD5

                                b912ac6e3b949eb88a921b7c91c7248a

                                SHA1

                                7f196eb7bcb093ec304c011cdda056f8fea5c2c3

                                SHA256

                                440f6adc742f2835c513b8e8e100f0573a4ab41beb403843fc235ee5d1bde012

                                SHA512

                                9c836ab809c16b7cb6b466b46c42161be1b4800972d5ebf9c0302a193916118df089226cf84c25ebbe401e8606497d909efc37d9c4e582395fa3f0c4c0babb05

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                181KB

                                MD5

                                b249929ad2c83c4ac0beff82bd02d85c

                                SHA1

                                320fc8e215e6eea41e2f6224af76c56aa35a704a

                                SHA256

                                784c7fda46698df2ee4e868e440a99689e193884823074fb6ee70faa71742166

                                SHA512

                                02cb94d13cdcd825bed949e16b250f0abb2ddd7b58182beed2e7d3b18cb3c6d62c00620127f7910245d67454ba2ec2e1932ff897dbf92a8d09e11f9be93c0ad9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                181KB

                                MD5

                                d9f10b7d25da53cf4af08f62ba4d1eb1

                                SHA1

                                1db1aebcd5d2013145eadbc2dea43ad89769a165

                                SHA256

                                713f9400ba5c4dbf898c2ef793747e4c1cc4f6e0d70ea3ea32b26b80ff4de51d

                                SHA512

                                6d4ce5c4b13c875a1b1b3adf4559e1989a43e65a3585d258510fef3629e7d89f8e95c61d1461582a39f2f7e5200b107ec8a7c912325fcdbe133ad85161f24416

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                Filesize

                                264KB

                                MD5

                                71a06f0f86b81ee9c16062eb93f8ad5c

                                SHA1

                                55398378951975c01757aeaebac856769e448a5f

                                SHA256

                                d6e1b0b6e8515fc2b02e8d94702235dc2fe0b613d294df830aaa6057ea32910e

                                SHA512

                                319246f2cda60de80cf46be2fa891d2aabb3118d9301fc1b4919f12f1a7ba37191654fc070c5083f46b5907bf2c8be1caedb44b62e8fc471acd98e6917724f2e

                              • C:\Users\Admin\AppData\Local\Temp\7zOC5AEE748\Read me.txt

                                Filesize

                                21B

                                MD5

                                1b1001b50ec2880a656a82884ea99075

                                SHA1

                                17d5379e1443cde363639d8eb7787db842307aef

                                SHA256

                                9e47d314de104ec433194891d99eac4b24344730d4b87c5ecc85b49b0f645794

                                SHA512

                                d6e42565573e64be48741151019ba1240f8676cd8102f18fa029be91b3d315865535768d7fee783882c3be9642c818223606e2d1d352955093276498955b1777

                              • C:\Users\Admin\AppData\Local\Temp\fake_useragent_0.2.0.json

                                Filesize

                                344KB

                                MD5

                                0af58abd8a3fd21eb8c012a05a58ad0e

                                SHA1

                                1725c9a836ff1aa112b84cec370fa973a5e8f7ce

                                SHA256

                                12a537681364542407e0e1a7bf52d51b213335f28bf8253a4871c2599ff55602

                                SHA512

                                51dcbcd971f9d5a1f4b0967f9f6a277af0361698d436869c0d167567d5bf4188c6cf3e3bbe1095d9901b9e5524efc0db3e59b54a0e8c191eff40956ebf211002

                              • C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe

                                Filesize

                                20.6MB

                                MD5

                                2c096c46d1011d83c1617dfc1da3c4ef

                                SHA1

                                afe98a6b8d9a05b8e7eaa5d5eb36ff5abd1bf645

                                SHA256

                                3ff74f5275a2ed06959e63a3e321d051da4d7167efc3f6f3d80fbc134a187b3c

                                SHA512

                                69cc2076efc119e4ae4ef0afe5d48ff8cbb0034caa78943f42a220a2929afd11a5d9f9a15710def565958973105d377b185d064d675d4e87a066040e7eb5b298

                              • C:\Users\Admin\Downloads\git.software_v1.3.9.7z.crdownload

                                Filesize

                                7.9MB

                                MD5

                                3207a4ed7ff4c038327e18671b46a729

                                SHA1

                                9c3df43214b54fdd365c89b0c0fecba478635775

                                SHA256

                                134ed02afe18b6c871113ec40ade8e67497e875da6492e4a04a896ddfe498556

                                SHA512

                                58625db8c8c6f84592c6b0c8bce689247648854898ef5cefd61c5b422b751446502a86063c8baf7b6225009e317d42c597f820dbedfba59be78479148c95ec6c

                              • \??\pipe\crashpad_3996_BPYOUXNEHRTSMEVM

                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              • memory/2484-785-0x00000000006C0000-0x0000000000715000-memory.dmp

                                Filesize

                                340KB

                              • memory/2484-787-0x00000000006C0000-0x0000000000715000-memory.dmp

                                Filesize

                                340KB

                              • memory/3292-607-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-605-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-606-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-617-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-616-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-615-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-614-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-613-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-612-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3292-611-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

                                Filesize

                                4KB

                              • memory/3616-668-0x0000000000870000-0x00000000008C5000-memory.dmp

                                Filesize

                                340KB

                              • memory/3616-670-0x0000000000870000-0x00000000008C5000-memory.dmp

                                Filesize

                                340KB

                              • memory/4220-646-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-636-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-644-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-645-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-638-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-647-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-648-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-643-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4220-637-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

                                Filesize

                                4KB

                              • memory/4372-665-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp

                                Filesize

                                21.1MB

                              • memory/4372-669-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp

                                Filesize

                                21.1MB

                              • memory/4432-786-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp

                                Filesize

                                21.1MB