Resubmissions
31-03-2023 20:37
230331-zedkyadc34 731-03-2023 20:34
230331-zcqgqaee9t 731-03-2023 20:32
230331-zbentsdb88 731-03-2023 20:28
230331-y8zvladb76 7Analysis
-
max time kernel
107s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
31-03-2023 20:28
General
-
Target
MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Runs regedit.exe 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 28 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ffa870e9758,0x7ffa870e9768,0x7ffa870e97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1340 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6cb967688,0x7ff6cb967698,0x7ff6cb9676a83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4904 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3524 --field-trial-handle=1728,i,7435243291239986719,8068700627472360153,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\System32\SystemSettingsBroker.exeC:\Windows\System32\SystemSettingsBroker.exe -Embedding1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservice -s SstpSvc1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
- Drops file in Windows directory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s RasMan1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3a01⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
696B
MD58b7e18faa44f912c591bf1043aad5a4e
SHA135641932168e745d1d9abbe91c93ab5c5c625fbe
SHA2561e02d2cbdf26f928e43a74dbfbfdb3710ed6700842371f97f391c03350d8b31c
SHA5126d5e43c3283bc70c9389624e74c446d52bf6d6a6b899ee24b607037883530d900b07ce4e035691e809bb3017a818ec85bf14074331517317d4197fd65771e89e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Filesize
264KB
MD505b0e939f12209453e6c3c1d5fdf7319
SHA1e63e1dfa79eebb8740dd7e64a8795f24e901ad7e
SHA256b2c1fcad3548eed625e05497ea6c6b3847ee4f0b4da941ab550a04ebc9a7b8a3
SHA512aec2332121472d248b6aaae9e95640ba6d70fec1c09a462b2152ffaf14ec79a32f8ce4570b429f94aac30d68daa2090508e0bf5808866c2a8cd8fc5f40facac0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD57689bb9ade2d5ce75ae237ad9e57c14e
SHA1d3311aecc8c0df691db738a7bc49ecb2dc4e63c0
SHA256938ab5b1175a47b00b118483cffb5c943b5615b88f0bbf1759d22c0fbd0b279b
SHA512eb9045d25efc15b3f7cd8449fe47f5708598f147fb7360cc4f80b347e29ac573e37110543f964f01c7549c18860f1d902814c79fef1d43ae1bacf096322c0088
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD5f13c0fd634d9a1ca6c1dcfba2e313b26
SHA16540a5d90c2312165cea7c27ac05bec97d175845
SHA2560be0f53a83f6c5fa53b8efcaf951fca227d1adbf15b25308235a9543772036ea
SHA51269e9831304123d9aa418d3214a0035f10de8a8dc9ab489d94744ca70d97ae7916176b53b2fc51b7be75d9fec06b93d417fa44b1591a53e39b866fcd3b30fb690
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
539B
MD5bb1883d7443d101455549c0f240ffd66
SHA112742c90688b52861538c3eb1c45038163108dca
SHA2569207e4910b098f1dddc0cc4ded356ebfafd889509ddef4304ed9944a8016aedf
SHA5128e6df648716e3b4f9a9ebe509adc3995d2ffdd0bc7f58c0e5896400c9dbf22e13b6c3d00c7659d289344a6dc4888d388e6983abe03e8fd6a5d4ee5e56b5bd429
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD52bfc53f043c3060e15ed242f9d68fb7c
SHA1e17b5f73f572d225ae84262dc8590364051205af
SHA256884573c0b9da7fc54b8d46be9e97421859d202f28c27c9cbad92f452eabfe3dc
SHA5126b2a43683da108b32f0c69f299c46123adf8b8a6bb914c01113bd68ba7810b8ab280fe156ce477b1cbb0807a34315a021f149d702006de8280a03c023aaf45f7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD57f49ac40451178ea4db5b7cfbe7b7e90
SHA1589ec0cf53906c2643641b61108064836f54b4d6
SHA2562d1fd638fe1dfe87ac2518c51e5b88b3f2c86a284d83e196d33e3cb7758ebef8
SHA512a22a7f33ba7b2a291a7b41c2484d2f0e087a10a02f4f5b7548b5d7e2902ec223f993f53ac42a1f22fde21528841a7556f0c4bb92da833a84098061a96d002cba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f8c7164fdd7ee11690ca5b015afe78f6
SHA1bf0ab416ac4134b06d2e92c2b7383c903af28727
SHA256867f4be4e3cb5b9dd4c51d81139bcedafd55546b0ec49ede3f56e5e366418f2b
SHA51257fd9045115b3a1cb3ca471f94614669a890f8adc9f663365890b68859b77ad114b24f1bae4f53fd0751038480d0a5e197fb8ff1bd91893879a58aa2d10d2f7c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD57c928e643cba1e234fce289821fa77b6
SHA14a30d58cbcc80d5c21e601a3aaf8c9c5f65fdea0
SHA256e4f300afd4d25c4b5d4afd454a913d797a0d253965fe847a148bd43c427a973f
SHA512108271aa58d3be8920b613d8e140ed9f7be29a543d03814ddfd994d42320f656ef0e8593d5775d55371944baae3a89ba06f4b0a7510f4ae664b52621c7103f7a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a2b8.TMPFilesize
120B
MD517d176b4cf8aac5552758a0540113c73
SHA154d60bd3b63cf759a83e23706177f19476912ae2
SHA256879f89b32019635497e9edcd96f123268d0a4594e0fca88c0ea06f0f02dfa230
SHA5124bd9fdbd1cfcf312b66f1adf4682fe1738ed229abccd5e3b0222148d9d9565993ecaf74345fe5504176160d960fb96fa25acfb96526b05bf399bf84099c9a9c7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD57429aa15f49ae0a1434093fb0db0e6dd
SHA16fd3f1a6ccf795b8d2fbd36dcbcbea5fe89e9a00
SHA25600d107d484158e99c6cac63dd740a38f010ad1cd63861829eab8dc899ec5fff2
SHA5124864cf8e0628d4222d60ba3b077b5b2d6387208dc83de733faae1560998963640a97045c814db8147bf1e29a8a1dbc1b9d2de559262672c0853fab3e90460dc7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD53f07bafa1d443639eaa0baa746209802
SHA1b259aafce6cca784e480430c910206d159360670
SHA2562687ae58224a7702796460a7b9ac50900a0a2e515b6b5d33546fe2ff87dd543e
SHA512ed5efa749af7952e5b37aec47efd5a5de2b355024a80921705569ffe84bc75027871a28f7cefdca01154b1ee380423b244ad968352d9d039e1678a1f77e0475e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YY6GZGLU\www.youtube[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\037IYG6E\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.logFilesize
512KB
MD5b25779167fe31f5bbab9db0278f45fbb
SHA1c35ee4276df43dbc83cab69fda9d77e193ca7f8c
SHA25601e0a4d5a0766878d82d2d18b257445ec05a9df590f325654a7aa2cbc88b5a0c
SHA5128f43f5a554d69b9bda0463d8a6d44a3f5fdd1ce6f33d182630053f6925507e70056df623dbb759b2ddee4eb9d2ccb560ad65b3b3935a6a1810a058e9ab06c6be
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD5a371c997de65fa1d0c1c6e2d862593f7
SHA12cf4f67996db546829222259c361d0f3f91d8718
SHA256f3e826add98dc2b453bad19a6492b09b9faef9de7651197314ad673583db5458
SHA512b986495e52fa6d9472fcdf7fea433e24a4acc0ff29734455d722e233737de199c2ee32788facb98de681ca4fba985783d736acfb028e0d5b53399687022a6811
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_3B19E079B02C6E9472149DB847F37EF9Filesize
472B
MD501dec6104ef463d96442a8770eed9efd
SHA1aa2b574c90a9cf761437a445601672b4d5f44305
SHA256074646cf44812ff410b1e71224bc69214999105760b3bd2f138bf30a2cc5459a
SHA5125b0863303be78dd7604537e003d4237441465995112d2be61f770f6539d6aef47e8f422079e46239c02e0d200d7994fc1081cfc9064dcbfd8b96423c45ef741e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD5da6d117af223ddc146a61c327692cc13
SHA12bbde3ee3d1fb894854226439e4b74f1fbb943e3
SHA2568ab4ccfe5b4c0f6dd81bf753f6453867f696a3d898d058e72fee9e835edba5ce
SHA512f3bc8d99239e0ebbedd53b46047b851fee943b47ffe14196758a9607f67ae0a016a4de3aab540cb5874a9f6330a84e946a07f2d0a0db938c9d1412c01054ec8c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD55f14bb1f59c28dcba2d2f515a1235dd4
SHA1d01e9eda29c9df1d483de706e797ba98df7be119
SHA25644bf2aa285727926d029708f3621821a56c6758e1a69893b95b1dd6b7c010561
SHA512a5f332b9fb34f10ac39f429ee6a10c71a2ff3270ac1d01ff8592bd9eed3fd3d2f79692e6b6d0684726e95357f1b5ed2e669254d1180aaea99a1e9c98bc0e2836
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_3B19E079B02C6E9472149DB847F37EF9Filesize
410B
MD54d682ce71c0a75a1564207f8c93e482d
SHA19cf0bcd96cd42f97bf0d53e82040969a1ad5894c
SHA256755cd466678f2c40d059ddb466755c85ee278604dc857bc86669e9e9defc4584
SHA5125c221af6992ad67c3a7914bc46faaf6808162a965d7af447a28b4bc1fed8197a15bf5724dd680a90ea16b2dbafb3027c4f937b79c61f3b7bd8848ddcadf52157
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.priFilesize
207KB
MD5e2b88765ee31470114e866d939a8f2c6
SHA1e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\037IYG6E\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.logFilesize
512KB
MD5602b59b7701ad1098455e261836fbede
SHA1c4265d920483931bb448c7c229b7f0b747e4978b
SHA2563c47a3d208f1868d4d305e2bb6b1867e1d08ab69c46becf99214156aca3a5a59
SHA5129422ef2fea97e09d18aedae0680ecd935ee566d46ac6e7af4512dcc48a17647c0d5989f332883fc68ed25a3d31797d906d10851c74bb38333f2ce2cf6e433aff
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.logFilesize
512KB
MD5e88a68bf7ceefe03ad4e9abacce833dd
SHA1fc753136ce1c567f91eada358abd37e8ecb33da5
SHA2565bb3b7edd90e64007e6be23daecba66fe2ffb5c9ce28d444c0dd4e6a50ba23e8
SHA512d458c06e5e48a6de4712ee97573189bff276089aec5f9670b35f7ae831c57e1fa0b73ac9c4335afde53329240cdfb33ddb6c2b2ef773ba8ff23256a0d78898c9
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chkFilesize
8KB
MD515273bec8a3a1b30239f3116f55351d9
SHA195f592edc3926d32e526f0759b74466c7122c8fa
SHA256552e86262946dbb21a3608da8856e206b401ba9fbd7bc942e02a670e9aa959e8
SHA5123d4e075c60191f15f049795c399896bad1961c7dd1f40a790b327ed457144643138dd92fce9c3c94864935e361e4a23e33fc1b1435d2c5d07b2726c3ff968900
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chkFilesize
8KB
MD59122a81c25891dbb2be177aea04fd1d8
SHA10c06c504c8757f3e414b6f5c3cbb18c260382195
SHA256561a66262893a6acea9101217be957224d749d6caf238f90dbe1436b15e3320e
SHA51219cc8eda4e2ea63337694fd83df76fb058861dc16e68d20ca0afcbbe8c58c5bb48100129b2fa4f3ec09802b07467a4a817ef7520ea78a5a9c42928a04442a8e3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edbFilesize
2.0MB
MD501264f09bacf240ac20f6b80d37cfa31
SHA13976f2745aabd035e709caffd343dd8a9f79efdf
SHA256f73d67dca185c093326919eac81b5e7b599c0196a482a9b065276eb6b7b04279
SHA51242aefe836daf00e0c0ba3fa208bd68a1fb9c1b32db9f429eeb1322ec9d738f32b59ff9e76501218d7e9e8c465e554348aeb725a43bd458504e0ab1bf5723bbc7
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edbFilesize
2.0MB
MD55957c58a191288b578e922f137969c8f
SHA167b2de28b6daf20586c49fcdf53b10c6887d751d
SHA256a4f427120908a0c197f9e60d8e9b84b040386c6c15d56ca52e4d762b6bb38a70
SHA51281a63eefeca837de145bc826405ca77f849baa68e0b2b9ba5c968b29cf70a1825d89ee7a30498a81e8353f9f4e6db8caaa75344d642bd45c2da00df59a0a31be
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfmFilesize
16KB
MD5437e269606f38af8c40ee35d86876f55
SHA10066c97e5d28c7c9f79f09a5af1f32c5c9f7dfa6
SHA256024907bf52d0323d62af02b47e41ed66fd3ac36e1896840225ea9de0819b2c42
SHA5125bc8736019ef594a9b0d3af745b54c6979621c1a9eaa15e1b1a2650ca811f68813a9168aa49a932bc3c1683e44ad994b626629ed4d23e9a14e3c16cf5b9de7a6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfmFilesize
16KB
MD59913fe6800bab5713bd4ac8fb397b4a6
SHA17815c644dde57aab28dcee88efca8ccbad25c486
SHA256811f2a78f70946bc8b93a820e081b888fc1f932e249791fee5e2d29df1259dc6
SHA512a287ee19f5b9ff93f89aa58125fc8640e9a9fe473d77e429137149332b7b7c5c205efe4a10d6bbb90f4dec4c6e23636b230af706b14bc6ea45ee0dabf33f629e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\r7myges\imagestore.datFilesize
5KB
MD56dd6b2cda4ab541635a32a4581241321
SHA1abe53c17c4bf36cb686b41f9f7448ea1afedd8b9
SHA256b3e4a82c0871ae550582169f7be314a8c78b4aaadf805da8d91f75682419e151
SHA512c5360c74ee733ea66d7a95de88d1ef2bfc24dfb4c8c2f375ff2099957303fe9c8837051cff4339fa2f6924f3efe74aa6d8b7093013ead92b235d66aff0721eb9
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{7EB87D81-6854-4261-B579-78EB0C207F53}.datFilesize
4KB
MD58a532d3d95e79e8ecbcfba8dc7807e33
SHA11777a7eadfe7ed4be99175cc8ab4f677f9ffc380
SHA256e1bf3b77d07ad9e7e670243faaa27e9f93b1ca4975111875c73dfa95c73b55a9
SHA5122daf04bc758cbe0942227fae80507ce757a07fb6d821136f36d65d1d8596d9e3dcdef53afc4b67b674e7798b480a26632c6eaa6073b7374b226cde19df0f6bcc
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{87C51EB3-F566-4666-B2EE-29568EE50A6B}.datFilesize
5KB
MD58519d0faac23b605cb0751b0d72ff8a1
SHA1e2979c92fcb62bfcf63b1e7f448cdb6b6ed8157b
SHA256461506cf2849c46da72a1935678e1ae5f4bd6b8a5fa756c05e8cce1e5ac0aea0
SHA512ecf5ecc8495b40cfb982a66b976fc6ad08a25e901fed9e290568b469d1c588b484dd5d79f053231e3fbae5a99163889eeffa0c970e8a16dfe39c50ccad190c88
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9DB74C28-B272-4AF8-9513-DC7F750F4142}.datFilesize
8KB
MD5164d05baac68b2bf1f258673699b448f
SHA168573795fb6058be2e27a55468928f1bf2b100a6
SHA25624021ca8a10a0af05ba4f884ba2e24878d8135f8f7315bf3bd376329bdcea342
SHA512146829a12b775e5a19e1589348d95b3e82fefdd7c3823b021b44a861c7b83a761c742402dbe0b8c6113b094796ca8fa7ae3a118a0d23003f5676854ee028e257
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{A91C5AB2-EBBB-4355-B263-031D4A336A2A}.datFilesize
8KB
MD5733b84bacc7911dfd9a5a693d7ee196e
SHA130e9e6a71a4f6bf8bacc6cfba8e19b7437e9c5a4
SHA25667a4d28e02bf84e65951b3cc5ff2ed26cbca4299a32f666ae43e15048aecb071
SHA512654343dbeee707ae386389809651b01a3c2265ca5ff82481b6b8986c59d436f8e0179c5738c765b8c5143c12e4c5fd1b60a3d3d832af4b618aae101efc393b24
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{F1F2CAE2-5909-4AE2-AE22-9218A5F78ECA}.datFilesize
4KB
MD546575793ade0fcd2404c70171cda8719
SHA1e1b65e6acca261c33c0d079c529eee060cb01c65
SHA256b40832432ed1e932425c372766f76c506bdd435afbe5261d423f9051e5e24f53
SHA51293b8f03e41bd4cb0ee68be25bc951d161162f62bacc9478da7aeb82b7f64bec0903b8fe28b2868a5139ca7364e96e1f4fb8036a6428c5077d9e1409122a6f533
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.priFilesize
207KB
MD5e2b88765ee31470114e866d939a8f2c6
SHA1e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d
-
C:\Windows\INF\netrasa.PNFFilesize
22KB
MD580648b43d233468718d717d10187b68d
SHA1a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA2568ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9
-
C:\Windows\INF\netsstpa.PNFFilesize
6KB
MD501e21456e8000bab92907eec3b3aeea9
SHA139b34fe438352f7b095e24c89968fca48b8ce11c
SHA25635ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f
SHA5129d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_4204_BWMAJYDWSPRAPITKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4768-451-0x00000291FCCF0000-0x00000291FCCF2000-memory.dmpFilesize
8KB
-
memory/4768-408-0x00000291FC120000-0x00000291FC130000-memory.dmpFilesize
64KB
-
memory/4768-426-0x00000291FC500000-0x00000291FC510000-memory.dmpFilesize
64KB
-
memory/4768-449-0x00000291FCE20000-0x00000291FCE22000-memory.dmpFilesize
8KB
-
memory/4768-454-0x00000291FC690000-0x00000291FC691000-memory.dmpFilesize
4KB
-
memory/4768-445-0x00000291FC690000-0x00000291FC691000-memory.dmpFilesize
4KB
-
memory/4768-458-0x00000291FC670000-0x00000291FC671000-memory.dmpFilesize
4KB
-
memory/4768-447-0x00000291FCCA0000-0x00000291FCCA2000-memory.dmpFilesize
8KB
-
memory/4768-450-0x00000291FCE50000-0x00000291FCE52000-memory.dmpFilesize
8KB