Analysis
-
max time kernel
1836s -
max time network
1847s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
24-11-2022 13:50
General
-
Target
https://linkvertise.download/download/384100/teen/mEZNyU4WoIMed0cp3p3z1CVzuugN47w6
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Modifies Installed Components in the registry 2 TTPs 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 61 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 20 IoCs
-
Modifies Internet Explorer settings 1 TTPs 8 IoCs
-
Modifies registry class 64 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: AddClipboardFormatListener 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 27 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://linkvertise.download/download/384100/teen/mEZNyU4WoIMed0cp3p3z1CVzuugN47w61⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5b04f50,0x7ffbe5b04f60,0x7ffbe5b04f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3508 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3836 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7000 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6296 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5220 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6116 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,13220184356154205663,16365542604963835553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5180 /prefetch:82⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\8c79a30789a84d859a232969897485b1 /t 384 /p 7721⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbe5b04f50,0x7ffbe5b04f60,0x7ffbe5b04f703⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /42⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Teen - Linkvertise Downloader.zip\Teen - Linkvertise Downloader_XUwKN-1.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Teen - Linkvertise Downloader.zip\Teen - Linkvertise Downloader_XUwKN-1.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-86QUE.tmp\Teen - Linkvertise Downloader_XUwKN-1.tmp"C:\Users\Admin\AppData\Local\Temp\is-86QUE.tmp\Teen - Linkvertise Downloader_XUwKN-1.tmp" /SL5="$60240,1785071,899584,C:\Users\Admin\AppData\Local\Temp\Temp1_Teen - Linkvertise Downloader.zip\Teen - Linkvertise Downloader_XUwKN-1.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://justpaste.it/73ub84⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0x40,0x124,0x7ffbd78e46f8,0x7ffbd78e4708,0x7ffbd78e47185⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e3ef5460,0x7ff7e3ef5470,0x7ff7e3ef54806⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5704 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5420 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3128 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5488 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5496 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2160,3660806131167928473,33419209714892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:85⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\b88f856daba44301954c95c4601cb613 /t 1368 /p 34401⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f01⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\43d2d14bbeb64b1ca472f6349d002ecf /t 2572 /p 1768 23161⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {515980c3-57fe-4c1e-a561-730dd256ab98} -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD513ee140d3fbdbfa1b149bedee8c79537
SHA1da770b1f8b8024e6afe6ebdb0ec70eefd89756cf
SHA256fa234ff7d82cbbd4fd290bb9d56438f5ab4771ac7ce47f293f0e3f442188d76c
SHA512c368340fbe46f9caf4fa707c184c92d619ffdbda47967c0c62cfb6384dcf245611d814509e113f86c94fa8f8a59f5029f97263574a450dcdf1c568a656f2f975
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD513ee140d3fbdbfa1b149bedee8c79537
SHA1da770b1f8b8024e6afe6ebdb0ec70eefd89756cf
SHA256fa234ff7d82cbbd4fd290bb9d56438f5ab4771ac7ce47f293f0e3f442188d76c
SHA512c368340fbe46f9caf4fa707c184c92d619ffdbda47967c0c62cfb6384dcf245611d814509e113f86c94fa8f8a59f5029f97263574a450dcdf1c568a656f2f975
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\6n6KIkjDQPFIwsangwMUwKu18P4.br[1].jsFilesize
134KB
MD5139f278edfdebeb4dac1a37c2b055216
SHA1458ff41a835abe323c7c30d515647836bc977f05
SHA2564c7caa1c654162a553af0345a18dca82835712b464333eeab965b9e9c37814db
SHA512c9329d4de3ca40e8d2604f7d6c190b547e86ff6f277f66234c5b877924d6d1120fda49a94a3b61818b6df4d452f8a1a082f3ecf7d8c23c5e1f0803d832dd8a08
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\9CoUHSoLuEjBAvav2GP95cHcN0M.br[1].jsFilesize
2KB
MD5c3546304a0369da28a4e110e84f68401
SHA183e5975527a82846c84914ced08271180f485cc8
SHA2567fc2cb6c6c9743883de1c5e0f200a502b2a02e5a8e922e0e77744044f8b19eb9
SHA51278073502686954f130b9f2fbc1613c1ba746e23e2f8f341fe2084348c40262456ecd0f07a15636a9019100f0867461f109f5bae88babcfb731318dcaabc2b4aa
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\9RLIrLi3GlOL2Eylg9IcArIkw20.br[1].jsFilesize
8KB
MD5e9e0f2c7d9ff4e7ba872a004593454b5
SHA12db69a5f85d5afd2c523f8f6b8867eaa4e1125f9
SHA25624d847fbf4fd59be3529fdfa7542fd3fe9512662927dd482e60d11344175e778
SHA512f01ac1fed499aab6465f3f1fea96b5036043c260dd8a9029046895768794503264a98e41cc306f54557eac74c228af9a65a1e6cbdcfe6b4e0e8bbbd730f6a6a5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\AIIiBKwzFMTaUsvOQjuwJS0aYYQ.br[1].jsFilesize
95KB
MD55d0e2943e8bf04a9a4a13590be4b426d
SHA1751fc26d70057f9f207c264f2189ec37b86b7f61
SHA25645b602b74682864159b57a34735b115ef7886aa313acfbb37867e81067daa0f1
SHA5124b8142f7a54e5731d39de452230b01f43e2855c33fc8ddd3b707796de970fd58a7dec5aae7785fc68e740c68fcc85a3710465defe237b1b16b044eda6f09e37d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\BbP74Q2fjHDXtiPV_qE04CaYwbw.br[1].jsFilesize
46KB
MD59cda6739c673930227ea6aedaf7f270f
SHA11b18dffabea12d90f7db4c7e892cd23b7858d387
SHA2566db89bb081cc13c1cd74864a0a634ea201223f8cd36b8e0bb5fbef9636e16533
SHA51207590f8c67836ad48e5f4e9832a49a9bff54c79030385b984d29599e014f6d247a443742fe4f4615564a0ea5f5278ae1cc04e00fad12803d57c46b54c775130e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\C3_WoV2EzgZR6oe1rBJE7szWcS4.br[1].jsFilesize
197KB
MD58a94de8125ea3e0b828738d25e37b202
SHA1b8e3803196610957e2ae26d3df23f77685cb7e4a
SHA256c1fa1aa1a689cdafbe1ea1126857e6701086d2c40b0e47e5fdef6a0e32d7378d
SHA512479ce6990ec082555c32c1ab9ac16496ab3d6d549535d91e9e31ca49990ad3ec153f3af8546c09adb72468a5d57e60b14b2be3c232d5b9b1ea4e0cecf6d432d5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].jsFilesize
128KB
MD523c987e711c002d4ca3cd02deedc9bbf
SHA1c0c26b66ea6793fa884f143e76cb9ad2e0109c7c
SHA256a1c2f4c8ca6113ebdac36f2c33d6ce19bcf2f4bd99ec06e8ba845e2b25b03322
SHA512969bc04d69f629f08585c7c2ee23e998d8c91146b912370cf9886a7f0b067e68654a9581c0203da522d30533871e41c1b96bf60f18091b6c7eb86d1a863b5d06
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\EYNLM9RfkEXFtD8WH1unvJjwzGA.br[1].jsFilesize
17KB
MD5e86abefe45e62f7e2f865d8a344d0b6f
SHA15d4a0a597759412da2b8e9efd1affe8305e7d116
SHA2565d54790c856ce13811590e18ac3b0aceefefb61258852490f4c5c60748365e89
SHA5127903c3046865e3d1db040d66b2c052e3e56f791bc035c56d5fc76b28166dc88fdf6212699f98ee598fa6ba76222dd2da9e428f6662430776edbb4982a232c595
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\Init[1].htmFilesize
210KB
MD5ffaf8b134c6c3177f1f5fdcc240c7f7a
SHA149aeb8954fda6f5d849cf1a299c6bdc4fcd0c70e
SHA2564196ca98d1a6863fdf41423b3e0432d8fe510f47f6896d9d0f8f0e854418ead1
SHA5121e0db838e9347a7f6bcf42f9df82bf0c10c09a6c42d9b9f135ff10bb9b0e8ab86c7efc50eafc0d17238db6431bcf85a5e46638888ce189390cf654a6c02e1550
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\K6UQnplsBwsTgSSfAFnbot9BJ8c.br[1].jsFilesize
1.8MB
MD58a07e02c46a79bb74137a5f627591db2
SHA171523771c94c4666591147d165bd3e6e47e73c28
SHA25635af173cf262f05b45e45dcdc2df8b209202b8251748d89a77f3454e03480380
SHA5128f5ad7b9b332f82494811147e4134c1f945965a268ce6ec09956b01037d9bc3bd9f2ed26535c1b2e74d3d1cc218db29da7013f63d9938dcb049a2f9b7c70807c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\LisgCZCwGQ4lRz4go9tlwPslw_k.br[1].jsFilesize
15KB
MD5e515e69b21c49a355d5d4b91764abe00
SHA17571f85095e21ba061631d8a38d18623bcabf301
SHA256365f8b7a23865ca36d1c1f7a25553afddb6223ff524b56d4beb80fdd98c8e057
SHA512aa38791ce4ed4039a6d63cf6273be8ca0dde2436b8c6e0451937a85652d1c6ea22f38da9fd81ba9a4e877861b507603c88cacbbffe4e6b30ec602396f2b87a81
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\PvVze1dcpBMAPV5PYO5uw3GriyY.br[1].jsFilesize
2KB
MD5ebc45bdc869c203885b0d3322dceb64b
SHA1410a9e16c64795de5815519e56e5a3399f71029a
SHA256ca4f6ace2f342b343573167189121752a640860a7c2882ff81f5ed3d55b6f2b5
SHA5122a97b14c7ba17b4fa08eb5b08e94db67d6c298ff71b063de81102f7885f3279387b1e80581b1d9f4decd790adfcf5733207aab2c58c0e73948c990c19fad20a7
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\QNBBNqWD9F_Blep-UqQSqnMp-FI[1].cssFilesize
6B
MD577373397a17bd1987dfca2e68d022ecf
SHA11294758879506eff3a54aac8d2b59df17b831978
SHA256a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13
SHA512a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\Ryv5AeLQSnk-U44LNucIwHCh2Sg.br[1].jsFilesize
36KB
MD5643146d25c158fd55992c051d5388169
SHA17b1c139ce769d0bc439a8d43eda18be3a9e582ff
SHA25664b36287d98b964562a49f4e0c07c751084f3e077156588993870af9d967ca67
SHA51270cf50fc55eef71320f2fa43986eb26dbfaba231703cece8d9ca816e85d851a2c28427237a96c6cd3ef3cfa1ac3d83ba9f3a766079bb637d996ab5ab31653365
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\U7lYsMImC2KOE_VoqxIhF8N5thg.br[1].jsFilesize
10KB
MD5c71fa35c8852a1d72943055d9aa277b6
SHA146e8c8811a875c20d08fb5d63bc61f280fa3a1ad
SHA256000a7e5f4726722669e8ff8c495990630bfb58d15c0109bce7f06eaf854706db
SHA51208a8ea128ae3253f8cb91fb8cbe3bcf54f8313b6d21d11090917d5e900066f6f8109bf56a57de829d424457fc3072d42d482246da48cd19ea64d140af9433b45
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\VA9SqX6YZSWJrJ6ibXvpRZGCupQ.br[1].jsFilesize
44KB
MD56859b06c69a93bd325d6cdb2a5cecbd4
SHA15f1b96c6e59054c14d1ee9a3f3a2cbbc70e03b87
SHA2566a232348034a0564b74d8a293ac8dc15664e26664cd4e071e1d2e740b76d9ec6
SHA5129166d92cbf6945282259a2ca8d53f6d5986ff81de3d61c191d44a745b093936e21e71132833cb885a829c9bf9e4ce42618bd5e995b7a24929436615df35e91ed
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\VloYF9FShIwiHcSMbyb4TGer5io.br[1].jsFilesize
326KB
MD5fe8f91ec5139831fe663f0e2a90fde5d
SHA18aebaab85b4096d4b3553847aa5655c3becbf5d6
SHA25680d9026e1555629a19e88ae897dcf011e6ef1dc46eb7d7bdbc8ba7eb85c703ba
SHA5125476219a01edf99a389809793344fa4561a7f5ebe58d02c3533bdc607f7da708477da68567b128c4556e826fbdf3ea5b0fd87e12304b3d071410741078182670
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\WeaqEJfS9Yrl9laS6TOxoSX0WqM.br[1].jsFilesize
2KB
MD5121ad323544f8d0ab4947ca248ae67c0
SHA16ebdd821c5ff4ec648f60428086ac57fb4401286
SHA256828a496f74c81febe572bd1219f7cb4122669e8c1b800468647f169b1cfcbf0c
SHA51296b93cafcd50cb1325ce86bb8128bf9242250c22495ff238187233cd9da0bf8211005d81beaa7103d55abf7960b03e335a44137183a71bf6519f9505ee467ce5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\XGTOWbtsOB8bq4oK5IIDOP8Bno4.br[1].jsFilesize
5KB
MD5acff5d51f07df3add149c7f0d0691be4
SHA16af311eb357230534630bbcd469012772fecfea6
SHA25640b4f56449caed2936add68c02b0e90cd59dfc297af6a9751688ef3fd8ab291a
SHA512d4218a274666e12eaac1f855e61c0c50277c4cb14cd4ea4796f0660bf88acf9e4602f12e01d5527d34882dbc13ebb22306f5777fe15e6f47a09115ca5c1e4633
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\Xk0n9ycPBpl3ibUiCDpx5bvphM0[1].cssFilesize
5KB
MD55d1f1d6481d5004c729cf7c4e299270a
SHA13346206f67a5b9d7d96ac1feef2758724d188617
SHA2566931c8fcd193fb037fcca1f2ed3f3f7c61d775d117c74fb24760b9d648f90090
SHA51232c0cf86c053474e6741d8687e9baeb968366f9c70c299d49ac8d26ccee1d39a9bd99269727adadda98d2d031e3d1b29407ffd4943640d95f08457ab8ebd3ce8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\Z1XJu_2D0doVffx-LC0pjHj3f74.br[1].jsFilesize
5KB
MD512ebb523d3515f1e759f4d6057d50e75
SHA1f5a40488ef992e99a1465ea3f11f549e759a922c
SHA256470a8ea070b6b16d687b397267a1cad5933fbce46466e831d9ffe3cad6609c05
SHA5127cbfedc475d4680a2090c5d2ff210db67ece80d4a3fa3b734e9be3e114a12241a4afdc85c4261617bfd37f16e8619d8f67eb54c87972a878fc17de2785bb08ca
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\ZD8aWvkpZK5km-1BWuu_Q803Qxc.br[1].jsFilesize
256KB
MD55d461f03f11124854318c4b6e0134754
SHA15ac968476b7063a5977f2850c251574705a2bc56
SHA256e24e013de44ca5b8b8e5f515444a329f45986b17c4c7ec4c2232afc7b6cee8aa
SHA5122915d5329e27fb2630208b31af50a973bc0815e3e233cb129def2b2a1b2360018a554b5f4688c422c7000f32553a7353308694e8a26085ba8a4434f5194b38e3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\jReNPx8gS5IWDxQLFD-EkpG1n7w.br[1].jsFilesize
1KB
MD5617cadd50981066d960e52ae44362ab0
SHA17e268a834d6a67bd6c06e56b8c2e3732c13bd630
SHA256e933028aec3448b1202190e2efab00417f2d5abeaed20e6cf579db04c2ee86e9
SHA5124fe04dcef2b8a9e51fbb94245adcf4d8c15f1f47ea927b580aeeeff7c3d5bb015ffce2cf8bb44963a1f4ce21e57ab3bc97f51889face5066d1f413e41ec83696
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\jptBWImiVIYzQaI0kP9_1gjDeu4.br[1].jsFilesize
3KB
MD5e0c17b836158929804d3dac0d1000726
SHA1735c336f62427f7e3eb9e312b844791347b33576
SHA2564cf825a05be99be456c9f670be6516bf10a9c3fd06d4ce954ba9f0b032f54723
SHA5123032c7cff6514245b5f1afbdf1f6519731cf05439f89c04e41961c3b74d63a411aada140f7615859fe22f5d2854cb9f592badce07a5033dcceae71749d44ca62
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\kbAAuhaaEutXOrxtF8TNG8W9v1I[1].cssFilesize
208KB
MD596e76b3573588bdd5618a54a2afe5024
SHA1ba24780b9f260f42182d5a71f7bda935390cb728
SHA256ca3912af371e857dc282688ebec4c034856c9129237988613f81f07179f825fa
SHA512acf1e5e8eec7b5690450866899649beb1937dcc8e292b0158625a0333bd4f4cf85f4013d6ff888ecce6d01a4e22e5e3c573032b244ae157a210d33b08cdf94fb
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\lvO9r_utFfNYhfhkVKsJzZuaY3Y.br[1].jsFilesize
95KB
MD5a574d270be0177dae563ccb6974751c3
SHA1b5558528aa241598b629d52340cf35f512149f60
SHA256bad8e5b64ade165e2cea644a355fbbdb7cc7dae853256078c85d5a447e1fb9e3
SHA512b84a80922764c3e2df603a6883356c35096212dfc0af59ed892af1af16d44eaf4accc2b269c83701821d057ec923b6144f736c2c3c6c1bdcbe7a60a406717ca6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\onra7PQl9o5bYT2lASI1BE4DDEs[1].cssFilesize
65KB
MD5d167f317b3da20c8cb7f24e078e0358a
SHA1d44ed3ec2cde263c53a1ba3c94b402410a636c5f
SHA256be2e9b42fc02b16643c01833de7d1c14d8790ecc4355c76529a41fa2f7d3efad
SHA512afc65b0fa648d49a5eb896be60331aa222301894e228fe5684399e9276342f6510773dffa3e7e75b8d6197bc51c732bc7fd7518e593ecd20c4884c47058d46d8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\qRqw0fKEID_9I4HEO5LDdD8CaWE.br[1].jsFilesize
52KB
MD5a5c99328f8ddbf8ceec9f8156150d001
SHA14187c8884930b06621b4d311460c9d7062e903ad
SHA25605d0046198336f88241f3d2703c54350e98f5f6c9fd69824f342712b3d11d186
SHA512e545b2d4dcf9c7ec8bba96337dfd0e7fd17973592daf34f40d4edf5b9a81c5d6be175af25fc43acb507f8a00993dfddb50e0ef84a0f062bea082bf74851cee4a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\qv7SaK6Hh2LcbHkaUK4eKm-I3l4.br[1].jsFilesize
31KB
MD5948209220379be45d32830ebc2223fd3
SHA106bdc371d2d0fb7d165d15991c757fc0a5fb2d70
SHA2563bcd380040b5ce3978ad561fab1b5a1b6720fb5ed42abc2e87d82d8f80b7117d
SHA512f5c29c74a0c05befc798f9772540465b58987633c20e7a8b470c245ca33275cda9f6b270ea7a47993688b5a0f5365d88fd73bb894207941130806a3f78297f86
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\t8shg5d7KiteLFdk0T__nZRbsds.br[1].jsFilesize
15KB
MD5b2fc483e05387f3d76bcb3da72b05773
SHA193ba6e9e94c5435d9a839321096e3e883b49378f
SHA256001718daf3df6a85ffdc59f7d12039301e7aafaa16ccf96889729fbd5e1de0db
SHA512c3a07abb24eebf05806cd84c53bb414620b7a8e5afda2d9b9c2d3c811257b0f26c99fc5a7236e6b0d49fd0b6e08a9ff9a5b6ec259f4c3319f2c372d09eeb495c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\uANxnX_BheDjd2-cdR8N9DEWlds[1].cssFilesize
19KB
MD550d88809e1775e354015b7922ffb1529
SHA1e8f06b39d2f45166916d534c3dce5e3ec43d465e
SHA256f97b7c6a2949aaff58e70faf2c61123d7b111ca675ed3a476613d4d34932b7f6
SHA5122220661d17914126be8d62dd468861ecfea3348822e62fa5a949ff15d41cec6e78457d5bd94e8b663a245fd993d750f35706c233e254c51cb01f3054b0c5284a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\w9zqVJkEZ_qpNCqYvGYoqL8BWm0.br[1].jsFilesize
118KB
MD5129776db6ba6bea4af70cdb1ea56942a
SHA112bfe666c0b57b134e7b8b88bcf1a0c3b5dcf3cd
SHA2562d55886903198e35295b8e90738da47859837baba26d47e15bac87f90ee608d3
SHA512aedf99a152b97be6a57f0d1fb1dd43b0bb69508eae65b3a054024cd9e5dd59670ebeaff6ce7525e2b7263bbd7c963c30659628f9a2df16410674871538def94b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\QDNB016T\3\xZtFP6ADa5r6W-Gs9azRy1BzdoM.br[1].jsFilesize
14KB
MD5c994b0da70ad36c2b4dc49a48e249bda
SHA1fcd2f1cfdc33a946e393420c7a36c7ffc28b77b9
SHA2567baa4579de695048f2b372780b43e0b1d80ea9dbc43e45850cf6d488c745d3c4
SHA512dbaefcedd87defb461df22f2f4d300ca156859aa67b02dfb19c9c178fef2b2746633a8f14d4f3f297af6369fa7e770bd07bcba7ebd0c79d9c7d7de660b08f238
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\INetCache\H7CY52PH\1FLtrEdHrNq7YDeeCYhb8ssigCI[1].jsFilesize
21KB
MD54fbd3f0588a267ff74b33c96803217bb
SHA16220502ce22bf4f3fa307d684de41aee6c29417d
SHA256eb33166fa3c2d27116676731ec19c2e68610b40ef408e60951b0f201178a1217
SHA51200fdd7e684763fbd80298a52477772564fb210a63f807d5b0557386656a39b1c7d0653346aeb929cf9f9cd481303216fad19a6a97b3ae5acbf8f22afc348a78a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\INetCache\QDYBITXD\Ane5LYLWhZhlI27dRgdM_U8g7Wo[1].jsFilesize
52KB
MD57b115688439106b243e7529f2b1e7209
SHA15eba4e48d71f84b29fa0fc4a1e4de9e5b36eee72
SHA2563af230fd3148067706955368dfda26ae6e0090cee74023e2d5f99a926d392ea3
SHA51252e83f608dba5c22f9362e373410a4349231b09045adb443e1388e8a3816254c593290cb808c6a04ba05e4a6d3528be5fd38fd1dc59c441688f12b381eb5481d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442Filesize
1KB
MD51c4b220fb4541ee2dbfbb6535fcfd81e
SHA1e9d8a1e2f33bd7a44b93480c92c2d8dcf4c69b97
SHA256f48f3cf7ccadd4f743383379158353a88142ec20e93c20426c8126eb46fa985d
SHA51233abed9b5b4e5c5da5f54753f3181b2084271b18f7cbbb509f1e021bf31f59018f00e1d2e7ab9ede9cbb15b68a36d134993a3bd3aa2a659cea9f08771d55df61
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442Filesize
446B
MD5eee5ce747591c8201f781b93f18642fa
SHA13ac0e8aba85064fd9a49928a23439fff61370cc6
SHA2562c67105c168a04b784c0df8e36564b918f9850ccc3a458a78acbcf9d3d7d6663
SHA512cbed0f9d2b12350f8091e19a0d58a592298323b5fa5606820e9e2bd7020223603b0734042c2bf0446b0e3a943288cb500c6f568654c4cf1dd84342108792717e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DB12P5ZP\www.bing[1].xmlFilesize
325B
MD587be4236336e23f21f1935876ac6d1f8
SHA1a3f9652e67b4fb40c61874e414da5787c5b04a6e
SHA2565145e472a7f6d897dc493dba6bcca2cc1b50af8de69efc8285dd36b815deb652
SHA512b9f1bd1efb10c232fb99697c72a92c12cd28dedb5f647b3cbc327c9a3388868b8bcef65b49211060eebb59767576b71384816d1a86cc8abb40b9707ae7cccec9
-
\??\pipe\crashpad_4360_BQVDUSOLKSPFRDMKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/388-371-0x0000000000000000-mapping.dmp
-
memory/432-259-0x00000278BE9B4000-0x00000278BE9B7000-memory.dmpFilesize
12KB
-
memory/432-261-0x00000278BE9B4000-0x00000278BE9B7000-memory.dmpFilesize
12KB
-
memory/432-247-0x00000278BE340000-0x00000278BE360000-memory.dmpFilesize
128KB
-
memory/432-253-0x00000278BE9B0000-0x00000278BE9B4000-memory.dmpFilesize
16KB
-
memory/432-254-0x00000278BE9B0000-0x00000278BE9B4000-memory.dmpFilesize
16KB
-
memory/432-255-0x00000278BE9B0000-0x00000278BE9B4000-memory.dmpFilesize
16KB
-
memory/432-246-0x00000278BDB20000-0x00000278BDB40000-memory.dmpFilesize
128KB
-
memory/432-256-0x00000278BE9B0000-0x00000278BE9B4000-memory.dmpFilesize
16KB
-
memory/432-260-0x00000278BE9B4000-0x00000278BE9B7000-memory.dmpFilesize
12KB
-
memory/556-368-0x0000000000000000-mapping.dmp
-
memory/840-385-0x0000000000000000-mapping.dmp
-
memory/1252-383-0x0000000000000000-mapping.dmp
-
memory/1644-367-0x0000000000000000-mapping.dmp
-
memory/1792-369-0x0000000000000000-mapping.dmp
-
memory/2680-325-0x0000000000000000-mapping.dmp
-
memory/2804-381-0x0000000000000000-mapping.dmp
-
memory/3168-280-0x0000000000000000-mapping.dmp
-
memory/3168-282-0x0000000006910000-0x000000000691F000-memory.dmpFilesize
60KB
-
memory/3408-327-0x0000000000000000-mapping.dmp
-
memory/3440-166-0x0000000000000000-mapping.dmp
-
memory/3588-191-0x000001AFBE140000-0x000001AFBE160000-memory.dmpFilesize
128KB
-
memory/3588-194-0x000001AFBEBF4000-0x000001AFBEBF8000-memory.dmpFilesize
16KB
-
memory/3588-205-0x000001AFBEBFC000-0x000001AFBEBFF000-memory.dmpFilesize
12KB
-
memory/3588-204-0x000001AFBEBFC000-0x000001AFBEBFF000-memory.dmpFilesize
12KB
-
memory/3588-201-0x000001AFBEBF9000-0x000001AFBEBFC000-memory.dmpFilesize
12KB
-
memory/3588-200-0x000001AFBEBF9000-0x000001AFBEBFC000-memory.dmpFilesize
12KB
-
memory/3588-199-0x000001AFBEBF9000-0x000001AFBEBFC000-memory.dmpFilesize
12KB
-
memory/3588-196-0x000001AFBEBF4000-0x000001AFBEBF8000-memory.dmpFilesize
16KB
-
memory/3588-195-0x000001AFBEBF4000-0x000001AFBEBF8000-memory.dmpFilesize
16KB
-
memory/3588-206-0x000001AFBEBFC000-0x000001AFBEBFF000-memory.dmpFilesize
12KB
-
memory/3588-193-0x000001AFBEBF4000-0x000001AFBEBF8000-memory.dmpFilesize
16KB
-
memory/3588-179-0x000001AFBE100000-0x000001AFBE120000-memory.dmpFilesize
128KB
-
memory/3632-331-0x0000000000000000-mapping.dmp
-
memory/3880-277-0x0000000000400000-0x00000000004E9000-memory.dmpFilesize
932KB
-
memory/3880-300-0x0000000000400000-0x00000000004E9000-memory.dmpFilesize
932KB
-
memory/3880-281-0x0000000000400000-0x00000000004E9000-memory.dmpFilesize
932KB
-
memory/3880-279-0x0000000000400000-0x00000000004E9000-memory.dmpFilesize
932KB
-
memory/3880-276-0x0000000000000000-mapping.dmp
-
memory/4020-343-0x0000000000000000-mapping.dmp
-
memory/4044-304-0x0000000000000000-mapping.dmp
-
memory/4084-164-0x0000013002024000-0x0000013002027000-memory.dmpFilesize
12KB
-
memory/4084-150-0x000001300200B000-0x000001300200F000-memory.dmpFilesize
16KB
-
memory/4084-159-0x0000013002020000-0x0000013002024000-memory.dmpFilesize
16KB
-
memory/4084-142-0x00000130001D0000-0x00000130001F0000-memory.dmpFilesize
128KB
-
memory/4084-158-0x0000013002020000-0x0000013002024000-memory.dmpFilesize
16KB
-
memory/4084-148-0x000001387EE88000-0x000001387EE90000-memory.dmpFilesize
32KB
-
memory/4084-149-0x000001300200B000-0x000001300200F000-memory.dmpFilesize
16KB
-
memory/4084-151-0x000001300200B000-0x000001300200F000-memory.dmpFilesize
16KB
-
memory/4084-152-0x000001300200B000-0x000001300200F000-memory.dmpFilesize
16KB
-
memory/4084-153-0x000001300200B000-0x000001300200F000-memory.dmpFilesize
16KB
-
memory/4084-162-0x0000013002024000-0x0000013002027000-memory.dmpFilesize
12KB
-
memory/4084-141-0x00000130001B0000-0x00000130001D0000-memory.dmpFilesize
128KB
-
memory/4084-163-0x0000013002024000-0x0000013002027000-memory.dmpFilesize
12KB
-
memory/4084-161-0x0000013002024000-0x0000013002027000-memory.dmpFilesize
12KB
-
memory/4084-157-0x0000013002020000-0x0000013002024000-memory.dmpFilesize
16KB
-
memory/4084-156-0x0000013002020000-0x0000013002024000-memory.dmpFilesize
16KB
-
memory/4364-301-0x0000000000000000-mapping.dmp
-
memory/4552-303-0x0000000000000000-mapping.dmp
-
memory/4628-379-0x0000000000000000-mapping.dmp
-
memory/5064-373-0x0000000000000000-mapping.dmp
-
memory/5308-375-0x0000000000000000-mapping.dmp
-
memory/5324-306-0x0000000000000000-mapping.dmp
-
memory/5340-321-0x0000000000000000-mapping.dmp
-
memory/5400-323-0x0000000000000000-mapping.dmp
-
memory/5412-285-0x000001C9B600D000-0x000001C9B6011000-memory.dmpFilesize
16KB
-
memory/5412-271-0x000001C9B4680000-0x000001C9B46A0000-memory.dmpFilesize
128KB
-
memory/5412-284-0x000001C9B600D000-0x000001C9B6011000-memory.dmpFilesize
16KB
-
memory/5412-286-0x000001C9B600D000-0x000001C9B6011000-memory.dmpFilesize
16KB
-
memory/5412-287-0x000001C9B600D000-0x000001C9B6011000-memory.dmpFilesize
16KB
-
memory/5412-270-0x000001C9B3DD0000-0x000001C9B3DF0000-memory.dmpFilesize
128KB
-
memory/5712-377-0x0000000000000000-mapping.dmp
-
memory/5816-299-0x0000000000000000-mapping.dmp
-
memory/5844-329-0x0000000000000000-mapping.dmp