Analysis
-
max time kernel
1698s -
max time network
1692s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27-02-2024 20:05
General
-
Target
https://gofile.io/d/ivdPHV
Malware Config
Extracted
bitrat
1.32
u868328.nvpn.to:5881
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
install_dir
SecureFile
-
install_file
FileSecure.exe
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 2 IoCs
-
Themida packer 10 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 11 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 51 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/ivdPHV1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe89b9758,0x7ffbe89b9768,0x7ffbe89b97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=840 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1896,i,17554710253081750293,13832609160171353941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Generators-Tools-Pack-The-Best-Collection.zip\Steam Account Generator v12.1\accounts.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Generators-Tools-Pack-The-Best-Collection.zip\Steam Account Generator v12.1\Note on captcha Service.txt1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Steam Account Generator v12.1\Steam Account Generator v12.1.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Steam Account Generator v12.1\Steam Account Generator v12.1.exe"1⤵
-
C:\ProgramData\vshost\vshost.exeC:\ProgramData\\vshost\\vshost.exe ,.2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Steam Account Generator v12.1\libEGL32.binlibEGL32.bin2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 31763⤵
- Program crash
-
C:\ProgramData\winst\winst.exeC:\ProgramData\\winst\\winst.exe AEMPbT7yIBHFU42B6wxKtB7xnfDFEVqfQDlSS5I8e3K4Kh2MaKqLhFCChQKRVW9k2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2256 -ip 22561⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator V.1.9.0 [12 Modules Supports]\Gift Card Generator V.1.9.0 [12 Modules Supports].exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator V.1.9.0 [12 Modules Supports]\Gift Card Generator V.1.9.0 [12 Modules Supports].exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator V.1.9.0 [12 Modules Supports]\lib.binlib.bin2⤵
-
C:\Users\Admin\AppData\Local\Temp\Daupe.exe"C:\Users\Admin\AppData\Local\Temp\Daupe.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Mspm.exe"C:\Users\Admin\AppData\Local\Temp\Mspm.exe"3⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Google\updater.exe"C:\Users\Admin\AppData\Roaming\Google\updater.exe"4⤵
- Executes dropped EXE
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator V.1.9.0 [12 Modules Supports]\Why the file dont Open.txt1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\Gift Card Generator By MT_SOFT.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\Gift Card Generator By MT_SOFT.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\ldap60.libldap60.lib2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/AccountCrack3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbd98d46f8,0x7ffbd98d4708,0x7ffbd98d47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10995519329155724146,16395875093686856165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\Gift Card Generator By MT_SOFT.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\Gift Card Generator By MT_SOFT.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\ldap60.libldap60.lib2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/AccountCrack3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffbd98d46f8,0x7ffbd98d4708,0x7ffbd98d47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18300010945736851536,15899942749809139815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18300010945736851536,15899942749809139815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18300010945736851536,15899942749809139815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18300010945736851536,15899942749809139815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18300010945736851536,15899942749809139815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18300010945736851536,15899942749809139815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:14⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Gift Card Generator By MT_SOFT\Steam 20.15.38-27.02.2024 .txt1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\ldap60.dllldap60.dll2⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\ldap60.dllldap60.dll2⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\ldap60.dllldap60.dll2⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\steam.txt1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\Gift Card Code Generator by amboss.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\ldap60.dllldap60.dll2⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\GC Generator by amboss\amazon.txt1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Dork Generator v1.0 by kidux\Dork Generator v1.0.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Dork Generator v1.0 by kidux\Dork Generator v1.0.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Dork Generator v1.0 by kidux\ldap60.cfgldap60.cfg2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\s.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Work With Dork Generator v2.1 By JohnDoe\Work With Dork v2.1 By JohnDoe.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Work With Dork Generator v2.1 By JohnDoe\Work With Dork v2.1 By JohnDoe.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Work With Dork Generator v2.1 By JohnDoe\lib.cfglib.cfg2⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x418 0x4141⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Uplay Account Generator - Freedom FoxY\Freedom FoxY - Uplay Account Generator.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Uplay Account Generator - Freedom FoxY\Freedom FoxY - Uplay Account Generator.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\Uplay Account Generator - Freedom FoxY\libGLESV2.cfglibGLESV2.cfg2⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 10803⤵
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\TSP Dork generator v11.0\TSP Dork generator v11.0.exe"C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\TSP Dork generator v11.0\TSP Dork generator v11.0.exe"1⤵
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection\TSP Dork generator v11.0\lib32.liblib32.lib2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\vshost\vshost.exeFilesize
238KB
MD54e6a7ee0e286ab61d36c26bd38996821
SHA1820674b4c75290f8f667764bfb474ca8c1242732
SHA256f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3
SHA512f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a
-
C:\ProgramData\winst\winst.exeFilesize
211KB
MD559238144771807b1cbc407b250d6b2c3
SHA16c9f87cca7e857e888cb19ea45cf82d2e2d29695
SHA2568baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b
SHA512cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220
-
C:\Users\Admin\AppData\Local:27-02-2024Filesize
4KB
MD56ab86d13748eb883e1347535b49d5ca2
SHA1a741a1453396594051aeae0095ac98c561d5f460
SHA256455f834422817fddacf02885508431485994e91389009352e441c90786d25371
SHA5124d2d8c9a572a561038764098e11cbf05816693d9f5d99f843fcc5ca8c409b2b9c4646df79bc43e1c1d9431feb58a6ce31d80cffb24e333ba3acbd3c2fd22053c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD50bb5ed39170f6ed228a0bf9c964438c5
SHA150ce6d0691f3369a92345053307d78d9a0923703
SHA256e52c42374cb8da8809692a6181449fa6b4c57e86472f02891385af4c79f2d7b9
SHA5120480503a08e6a6eebf759fec5d7aa2365d74308ef731b15ea1a5a983090c72afb13ab0e477ab7db696f7ff87515cb2e3154825e04ff1f0c708d55a0f385162ad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD580634ac5a3aa37f7bb23816cdb3b5496
SHA14bea140a52b4aacd2b1e246fdca049f7aacd898f
SHA25667939750915e00c1e7f3a53b043b519cf8c11c03226dfbc6845f306b088a0310
SHA512a153212ec9a97f206cde98f1a21aee12a780a2b8ff2ba57d62b5199efa906bc2089b890a655f362ebef048586b3d072c5ab036799ee1e932005231f1390ac859
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
869B
MD59985abe8fa89c11a303a9bc92c5696cc
SHA16a52bb93ee5ae424698df963b456b85910e10423
SHA256be181450c2fda394136124c6f205e7266b893356908c8202092644884354f4a1
SHA5123d83f408aaf8cd6402e58ee4081f1e48789e080511b6edd973fc719fdaddfdb0e6042bc2cda33878c4e8cc85c01ff24748f0503987ac1f16c946c79366188cf4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d0da793c8407fbf803a26a482c732dd7
SHA1ca7a78f23963011cbd5d1b1c76cdcb5e2229f757
SHA25637b863e5bd913077208cd9a61441a55993249bcb4410e1f19dc52867a6d7631f
SHA512b959905754edcd5ae9993a904d56210ca187a061a88a83557572c1dceda2417f67bf447a9c3630d82d9ed5c20a31f67ace43ffb021c9e9990763484e6905acba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD57dae351ee6d1aeea13f81cdd716630d3
SHA15a65026c64fe6cb87c91118544c24cb6002584d4
SHA256e962dd5b05d5bd27c481127f694e2d6c7696d4a9514cab3434e5b8e6ee6c6872
SHA5121ff3a290b8be6b78f6f30c064f8fcd4956c51b9f7686ebf0132e84638e00cced90ac18c26f7f0dc6d5aaf76a8cd14c9e0c3b114f036cfacb1eef83bd97d4f7f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD55c1fc36292b7f0385b3526757c93e8a1
SHA1c636909d7259a1e79f25b85214168b6b624896f1
SHA256a66bcc13f4afb8eb2e6784039f5b38c5be39d6cb113b5136785b3caa151d0d9e
SHA512461c18cc28e91d2ca6f5e4f1bcf908a0e5c7a59ed7224bdbaa1fd649a2e0c56c5dd37e7aa97614094ec43ded8c0f5466869ababe64c815f52f7a1f9923652630
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
253KB
MD5ec248a159370ad67624a8ecc23091970
SHA1510b172b380e51f259780873329ac46c3f0461bd
SHA256bedea0913d85ad23e303d35ebe79a1575eefd363774b068d3afe7cef61834a5f
SHA5121dd30bd96cdfb176e65ad08be7c7311e52e31493788795087e71135ebc0cc76b0110e6c13f1f1e25eee4aa44f3d9912fdef0509dcc9b4ca6aead04df03dede12
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
253KB
MD599b903b3d42e703532c7aafa2c301652
SHA1f944cd187d751c1df77a69a02533b30b06f99fe3
SHA25633ac1c3a2bfee8f0c8e0b395813ee5aabc7e320148a268d2d20543dc0a877713
SHA51206c1b21ce19c57e432a64dbbb51cbd39b5a591a4363df2b1f0c103c1a788019ed3d507322e06b68ef6e22a50501385a69b33dba8099ab35b54ae2d0de2167d97
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
110KB
MD55971bc9a7e99555b0a600cadfb0c031e
SHA1e5ed910efa902bab6f5b57b5ddcf34e4f9632b9b
SHA25645c45c69de9072066830ae66b52e8a99862c799d2122fd3c2751fb8064486c5b
SHA512e5dc11df5a92e49b32f7dd4da74bdf9095d325195ea28da82ba4abb73acdc4ca5539132f49f5845166da0f6fcb42c4e0934e9ff940207c24c0b03f48873a9b3e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
106KB
MD5c627ab7cc53e467f13f5f3724bda6796
SHA15a091516fa381189e72acad2a907d76d1692c465
SHA2568648de235442183c4c2d207761386bdbbabb1cf8db9c88085d982df4f6f933dd
SHA512c814083bed65ccc2cc754c717b0e440ff1a3688866ec25ca8e8ffb46bdf512a432087dc3e0325dd55a8a3d06aa38d819da2df98abedc45d4ccc28b7eccd17473
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b6c91.TMPFilesize
101KB
MD53bb3d01fc7b87caab70898a1765728e6
SHA1f7b8b44b39763e9243a20223fa2efa7a2666e8d7
SHA256805423671765aa4013cbd2a4b321da395848f60cb2c05be90e746ccfdfa459cf
SHA5122c5b21a3ca17ce12b02241a9167fd42e42d9f941374fcb779984d6854f5dce198ed6d91383cb788ec758580fbab1cf4487e1f0a33b5fb762321bbbcf643198a8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ldap60.lib.logFilesize
1KB
MD58ec831f3e3a3f77e4a7b9cd32b48384c
SHA1d83f09fd87c5bd86e045873c231c14836e76a05c
SHA2567667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982
SHA51226bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51e3dc6a82a2cb341f7c9feeaf53f466f
SHA1915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA5120a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD536bb45cb1262fcfcab1e3e7960784eaa
SHA1ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA2567c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA51202c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59d4b0df11b894c0a933c19d6d1fc0a01
SHA1a2296406499fdca810e4bd19931d60779560f3f1
SHA25639475947524dc2ef6765306a7aef747e22b3cef11b36e8602b6e8afabd4c7eb1
SHA5128278aa08467862b88ad17c44daeb6e24001aeffbebf2a7546f47050b59501cf6c3a2597f00faef70b34e4d2a1f2ece8c261a541ac41f20ba6a1e8064eb2ce103
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53d4c2c0051fbd50f55c5bd1876a42a45
SHA1afd970b36d3669d728331702f5742df2a81fc6b8
SHA2562d3eb15c03fd7db452d0ff0464da88afcc5dc75c5d026ba7722ffaa374376b57
SHA512ce6b9fa367beb8a6ddeda4672ba4a1fb20120eacb449d164a25f9362742f4aacb9647f39e1776fa10bd769b484a611016b8c62ab29ee3b5616bf11d67ba84f65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51808564-300b-4574-85b1-0b1c2280e8c3.tmpFilesize
538B
MD55fedb003468bff953913492754d726d1
SHA1812b09ec4088e311c0f121939574006e30047f37
SHA256b89bfde5da9b0ff46f91de0af7afaca4bc0629437c20732a8eb30f3d9b543f28
SHA512c5fe74ae0d6f0bd28c29499b0ae5b4621d29f48019d3930b04321282bacb33e25da1af7da069fc89c02fc881e3a7e4479e59248412178ed88444a497467ad1ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5701447a-b519-4aa8-9960-657de9bde539.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD54d742423ce897417cbcf4391c99f75c6
SHA165bb68e91d278148afec55c720524ebac9c96e2e
SHA2568e22f00c64dcfebcf6e6a0f134758e7d52146d0c516bf8c7e6e1abb431709c45
SHA512aaa8d322450342c4f2ec27284fd7699f9c3d9b2f329a41a50fb8e3929ce7a6f2baf4676cee5a1e0b19d75b5e10880e830e9e1fb9994170cf1b6cb61e6b9a373e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5190f5d2fed87bcd72dd196f2d9da840a
SHA1d41cf35cd8610c45e3fa6ba7d50093cb2f9b9737
SHA25672a1e6d9391f18ed5b2b07bf64fafbd1172c8b32fe05188d421aa9b70ded5625
SHA512209dd81707e00e1f868bdb753f3b446111a5905a7f30b6145e848b09e03a782d57ff161647f428b02efe4518fe734d98850946f35a751a604df9d5236f810c03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD54f32f2eaeb1288d541997d458c1432ff
SHA1af06ffd78216a8153d5ed30fde63b92f0cdb15dc
SHA256212a1af2628c7f4edf205e446ebf7a040b5ebcc8b0c8dd988464c3baaca54e8e
SHA5124030ebb6da8392b0ffe9d076fb8fcea46904f0e5e6c2977035b75e9cbe9bac2fd00a45cb9658fda526acb25175935bb72aa98c8bccfa5048dcfb67bc5f991323
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOGFilesize
322B
MD53704647954a1f1f70fa58346afc60e83
SHA143ebeb4d22ad78de767a66097137d76d81518c2d
SHA2569b836337e663306d1ba8d3a80d85d9cb252fc3618095a2d07f2072f7ec9055f7
SHA51297d8093f7a0516d264209e4ecdd7cd75dcb58327213ad440f77584f2635aab19371aa5e81a1fccf8b8cd86ec7fd1d0e612e74a2babae8b7f6c37e890e79615cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD5cc51d1d2972dc2839a0ec142384d5351
SHA101820cd6f5247680c61a67860d633c53e8003978
SHA2565b48d52816d1610ce95d73597a3e5e2ec7833604ac8c3d29224c2d8e23056bd1
SHA512dcf50957832f9bcc81c1c04f77038e5f85d585573af21a367e707509f1b869cbed17e7093f092e817d75b94f116fff306a9f9f86c857eaa0d28bda1d44bf3695
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
459B
MD5bd6d1923b57dc8112cb0f22005403650
SHA13bba0e304845a81631187d1b100c0216abe44c6e
SHA256ac23a9d29aad70933c09a0f693d00f874cb643ddbe1efe8640fb449f440b598c
SHA51266798ae83723b5b099968157d2ffb932c0af5ce077d17db31261c32da5db083c0cc000ec39579208b3bfe717a07e502e3ebf3949d7d4e8717a15ac17471c74a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5802f03cf8f671f342bfc2d7176ff34e9
SHA1ff30a937c01c9766eccb4706aab1fff513e5481a
SHA256e67fb8ecbd26363d9e3ef8b3883750bc23c0e9047093ca18e6105ffc3226cb99
SHA51262727cc0852365a90d9b4fd18509843819756af7a0d5d91089bf73ac1993325c9ea7cee53f2f0bf50c30d24cfa40f6d948152fa4b04d94691a2309bb1c8470ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
442B
MD53e5e894d6ea364745c5bfc04649ab2cb
SHA15facd63a1d9378355a4964f3d00ebcceb24beab2
SHA2567096173f8c6e75a85b7af99f38109fde7c596092449f6bb1f75cfaf185ec7171
SHA51220e298fef69509621743db5b9490160e500a287c6aeff8ff59b3c09d900e6d6b0c47762f08bf2e55974581c702fada96d8893911a109bedefedd3ca01a7cd9f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
442B
MD5b02779f2acdaf4ec0e5dbdf90136fd25
SHA175fde76aca3413e402d801eb0e71be4be6fcbd39
SHA25665798a082818bf1b53e800656d8dfd13399ad09ef69d5641a92b8875e19bb939
SHA5128d58a514e4fc5edd6bc31b70fbc242a8c53dab5bd5a7e3c7f28d05177e2b909936520bcd74f81e15284202bcd851abac8ddab3da7c56a3ddf93264622582f073
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5430ffc855429ba3a9b5f961e139f8725
SHA11b60d51115148cf42f4b4d941662586bf813ef54
SHA2560fd3233ad67acc38e6afdf57ed6ace161ce0964b8467ea11e3406dddfbd6d174
SHA512b0c193e606fb29f4156ac8f9095dd900b76691197992e2b9f7a0e43f74db47c0ad0c25d4222330571cf18289d7014f05e8bc331d41dc6dadc5de9d461a780bf6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD599fd8f372ede24d6c83c3c47dea32457
SHA19d948b78c45f2602046f927d2519dd15b466d168
SHA256c1e03a6890e33e2ef2b17abc5d58ee1167832d1c2d114736522f9cedec0c1d9d
SHA51296cf56605df8f8d6f8f9c7cb5ea5b121b041f8336288d1cdfe4ae89f89463d4e040c227f6ef4bd764342a44a64eb8e6e99b303fc2099d0365d18b701aaae3eb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD545472e6fc8b60247b49d9cc4c0512467
SHA1a5631143ad1a61b069215c3f792b3ebee95f8e6d
SHA256a5a218a2c4be203886bb5d2f80172cfe5f4c4cbed0d4cea2998fe56b12b891c2
SHA512676765207dbfd5793998b19d429860ea5b4bcccf738e6df8976da798186caff4c3382ef265e606c88f8d03210c16be6fbf7d18fe6929f9b8c8f08b0bc15d76c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c850cf908e2506512ce963c312471002
SHA11e0ce72afe1a8fddd1d787e943659e046576e3c9
SHA2562875408d6798dd5552f9bda8ccb9ef3ca53e4a6c291358a5be271895501ae73d
SHA5129e8c5f43fd32a4e8e8ce832729911a1f2b0288d843a730014d7f09131ef86512e8a63ca894147ed1e55cc13448b9abb661b9657fa341f31d36529d201e123c38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
175B
MD56153ae3a389cfba4b2fe34025943ec59
SHA1c5762dbae34261a19ec867ffea81551757373785
SHA25693c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61
SHA512f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD50ffb858798cd755c7c81b92a2d391d40
SHA1c2cdaa0f87cb4bb71c7d41c58ba857aab1d10c1a
SHA256d824e296469e16bf544c050d481d4b69cd18bf967ef30c5fea72d1e53a26b2eb
SHA512eed4f3b173aeb6de18d18e1b90ef551119f101123c1af348306fc5ac277d96e8bba7a2069d1887236d0d28b5b2d9cf82939436d350e4ce5df1a7cfe59d87035e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353538509752334Filesize
1KB
MD5cd089ec500e80157e9f0ca11fe6237e6
SHA152ca88ca9cfa255d1f2dcc16425f6fe3323c0894
SHA25687799e1585a5ca01b5fceccb83420badfd4ff919528e668969f2651ff741dec9
SHA512cada6dd5b93d56d1f3bef5d0a81057f8caada629affbbb91d5151d85aa98adab2f4da1ee57eb4aa6788f0ae572b762e5fa465c9c590f4d9fc24e295de67fcbec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
112B
MD564d45087c1744cd8e7211df66b422a7b
SHA1c25321714a8c2c4a24bd70a801c8dcb91aea1bd2
SHA256c1f9656fffa636f77b175a6cc1ec5a811faca89d00db68b9b32f8826fbd7eb48
SHA512a789516a1c164c66a0a6028397b2a5495013c9c6a0547b42bb8afb3e2ac472959b5eba9c366a0fd5740d2bf9bfc3cf8da572799f05b178e1e9aa0404fe313dcf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
350B
MD5b067ec19c2dd002d3803ee285a8801a9
SHA16c480498ff0e84d266494ccfe8c622db90fd6b6a
SHA2564bb6c695a5404516bd29c494d1280c87a5c2059e64d36eaa517b784f52cc4c91
SHA5121a1b55c9b3de72a3a2132ea74574fda727eb81a6d81751ac03ae1efacd669c7356dfdb978ebbf3a2d6eee3d3f0fc31cddce1dc16d23c7f3f48d8b6ecf3fc81b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
326B
MD54f60731bbc2eb1d2bd8a41d8d9e1713d
SHA1229f3789db7d0960428de3f83b006fa8419ae5ca
SHA256e88c2337de2681add5001046c269093838a4a2679d9956118a4385a19dfd0efe
SHA512f32960bb310f58f1679dd8c6b843f8d9299e53742ba18713b5c5b5eb444c0bf040a1cb8ca230aff869bb08035124e53624f8f75c5dd0be8c96ffafce51ac1db3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD562c2f14cbaa2a15f41c2e26f4d14f80c
SHA1eea634241943ba5bfdb642cddf89b199ab25c194
SHA256d27334508ebdffb1e19e2b29dd929d33e45c1486dab221827bfa85d1b76fd8a0
SHA51210cdd18f42368499ddecd96f336d94697d60f0ddd7a8a4efc718128034cfb19495298c4c24dee4b1ae306e6b101398769db709339c5cea5448327651b396eb59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
44KB
MD5b5debdedabd883d061a9f0e19e3973d3
SHA1d092bd785076a4707bc05ca80a532cb43d18a149
SHA25647e3430cd625f319d0323cfd394d3a1fdafd44e93b0a06c5f4fe4db5b8b7d5e5
SHA512be1d61304ef05b963b4d1c909796663b2ca8b2fb3519a1092bbd993fab7ed79f75f73f24f9d1f483a8be64409ba93402c6b5a652f4b577c5497c0d049758449a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.logFilesize
206B
MD51edf547ce2327d4c9916210c70567aa5
SHA14d4e5d545e3767b38f86732803b794b1206f93cd
SHA256ea4e929a0e195d6dc4524a626530dd21b4a7334dc856a0f07370df0384fcd5a3
SHA51275942f4fc734c48f9021dc1a8db67bc813335b2d7dc97a3598e84ee948837e4b9355579c933db80d84640eda0bbcb0f59fde5ca17700d843bfa9cff1b88525a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
322B
MD5c2c44ef296eaedeb18007d32db1ab115
SHA1698041d82ce31e13c2c5e747d44d7e7207ab0013
SHA25653427f854b2c6a930e46def3996ab4a5fdae5b7c37c35eb021b88107af530bdf
SHA5121d30a8b6a7b5342c7021be164dcddb1a6b2f7b10ece6ce63ba4cf7365d42588832ff63575bb20c47d68b93dee1373856358b2c124f8757f5508b246caa8d8f16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
594B
MD5b2555fdd6e8b65672d962a0d75e6b441
SHA17cccbcc4c47086ed8efa4ea89a7dad49258ae695
SHA256c6e33b2297f5820b60d93299baa198f41dc8988c85d3597ebd7babfd97049c98
SHA5125646dce420afb1f16b2804fdb45a4da41ef6b2e3d7542176baa557fac5c39cac352f00e5988d89259d6d86ac4db41ed83497aff701011af7f45c987503d3fdce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
340B
MD5d1f6b4275e39881e07dedf9ea9bcdb83
SHA1d0a35a6fe15f23f04e61c36ab7822b0afcb9355f
SHA256ccfcb04c58f7a6fa9a26c44a607a7d250f71ffc316d158b8be3650a6ab56d3e3
SHA5121fea6f8146336d0c84275bc031e9d7bbc67b3de13b4a068d5842d66c80575f1878a0dea08af019b5e4591dcb6d9e2ad87021291cc3b7cf0d75ab0d8b32813f7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5dafda85da3d8ab2a3ad6771881799dce
SHA105cf5dd9d7a96d22f981bc83b094430684b2b426
SHA25665de9d719a8aff4b6013891f1a561d9582facd2e8dce10320ae56d562f29ac5f
SHA512ef79f97ad2a8485a99d6e752c7f6202afebd33de3cd389893ffe69216a2e72f0fbecb509457a778137b0648c67e23f5a8e5267ffb32c84a5357297b21b20f58e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59f9725800f002a428232b5a055c3d0ee
SHA17e020074ea48f3a199956d3112430df52e52c60f
SHA25637357326cbe9cad91a07f9aaf8c55b06eada79c0fea6d745d5ef3fea7d14e8ba
SHA512496e4671162c1200f5a7cf37249ae78326d7c996f67f53927ca24d1d6c91109f84608551fb1a347c0ed93c43e4f4f35c4b2bc95f7d667a483eab0eb28f780925
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdbFilesize
256KB
MD5ada33a90378d26e9b0405656f480cc78
SHA193bb46c67e6c04410cd2b7b7e93697a6081ff541
SHA256294034453ce05b61266f21ee10c7c715c560d2b7679e9605438a743e0fb37cf7
SHA512ca3f722fa3c6d8919aecbea3e223ecc3e1ff51892b34da9055f3b06b2d0cb6fc022c1bbc0ab29e1f652d79137d2a485e117785e04ff739196d28954f79cce5f7
-
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bakFilesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
C:\Users\Admin\AppData\Local\Temp\Daupe.exeFilesize
2.5MB
MD5b907927e236d1c45b47f18e25c9dfece
SHA1b1b349e2c75853978ee4dbaf2368f6d81c2fb97e
SHA256810d554612e57fddeacf4a2b8183d4a2c8dc1f7110f37269b8259510cd16386b
SHA512cab2a4599b4a2f93a0c962095623d185debdc107de2e37896a454904573b4b40ab16b98c6e3aa2211cc99a5f270011ab672fd68bf8826f2a526b950b76871b80
-
C:\Users\Admin\AppData\Local\Temp\Daupe.exeFilesize
1.1MB
MD56527ebb4d8e96c4e70e7de5cd2133bc2
SHA16f25e43e7364bb6dd78c969577ebf67476ec7eae
SHA2569b45e52ecb3224947640b33ea4d31c7d2c7c807763c15f697598faa46be532e2
SHA51207c14509316dbad6380852f33003754f252640060f57ace9bfd2107f15ea28d3f23cc07959878fd22575482a890f21e63871bcd74e560ba1b1c9fc4d06765428
-
C:\Users\Admin\AppData\Local\Temp\Daupe.exeFilesize
1.8MB
MD5ddcf8e8564293b65ceaa40824f689ca8
SHA15e500bf6065f622314b2c82db78a7db9c1c04395
SHA256581969a3c8c82e6f34c99bb3286c09e8c9dffb432515a6e5175cbb809c47a41a
SHA512a031aad67d6e231a2d5903796ce074185eb56bae1f9ee0d4cf3286bb72ef9e29f24f0c54571a6dd66a4ce2708eb46c23b2e42c19bf6c316663262cb5ef637a8d
-
C:\Users\Admin\AppData\Local\Temp\Mspm.exeFilesize
294KB
MD578d52c35bcde89021e1bfbc4a06b53ef
SHA1019268718cc322b53e1ae908faa6c6c2ef65ef6e
SHA25640717768fb0cdeaa39a22dcc402bffd06a05f8d6e9f749cc26962b020463f56c
SHA512d97fb76ae65bc5acb9303522d8bc69f29fc7f7d9377cf302594873e7d379ba23e2a7a935f35a4b7ec117089b1307f0391aa8dd87ccce10c589aaf76426c2cfba
-
C:\Users\Admin\AppData\Local\Temp\d1faf11e-8bcb-489a-b1b3-d360a3b149bb\CaptchaHelper.dllFilesize
2.1MB
MD5db956a02daba647f229b01d56ea5d892
SHA11c8d576d60f74b97ac0b7a419fd1ee710bf0ab8f
SHA2565b4f5e6cc52df647673b94249e5392e6f00cc5ffb7e1fc7c4219351762618cdd
SHA51229c5f194757d515ecf3f08bab3ccd30c3acf99b602cad2f084b782d19a023f6d742dae709256479f163241b3413a2df7cb558fd231ee8cb844b9227d4ee83c89
-
C:\Users\Admin\Downloads\Generators-Tools-Pack-The-Best-Collection.zipFilesize
1024KB
MD524cfd0093a3814488d724f9fc12531fd
SHA1aada653c8619d23231ddd1c60eb3df5744fea1b6
SHA25617aa49436642c9733f5122f25c86853dd83aae8a0850dd5ea5ec24c3f03e8082
SHA5126bd4f429ae90fe057038eee04b9f88ca24a6f79a56bce788d531698cd202d2733d209139dc92e310f6ee60b2d7f0232c586d1b9a74d4a24aa0bb82096287ab0f
-
\??\pipe\crashpad_1852_YMALROVCNEPXHGXAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2056-232-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/2056-236-0x0000000005990000-0x00000000059A0000-memory.dmpFilesize
64KB
-
memory/2056-235-0x00000000063C0000-0x000000000645C000-memory.dmpFilesize
624KB
-
memory/2056-234-0x0000000005930000-0x0000000005984000-memory.dmpFilesize
336KB
-
memory/2056-233-0x0000000005990000-0x00000000059A0000-memory.dmpFilesize
64KB
-
memory/2056-380-0x0000000005990000-0x00000000059A0000-memory.dmpFilesize
64KB
-
memory/2056-231-0x0000000000E40000-0x0000000000E56000-memory.dmpFilesize
88KB
-
memory/2056-381-0x0000000005990000-0x00000000059A0000-memory.dmpFilesize
64KB
-
memory/2056-441-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/2056-379-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/2256-177-0x0000000006240000-0x00000000062D2000-memory.dmpFilesize
584KB
-
memory/2256-176-0x00000000064F0000-0x0000000006A94000-memory.dmpFilesize
5.6MB
-
memory/2256-160-0x0000000000380000-0x0000000000ACC000-memory.dmpFilesize
7.3MB
-
memory/2256-159-0x00000000751B0000-0x0000000075960000-memory.dmpFilesize
7.7MB
-
memory/2256-161-0x0000000005530000-0x0000000005540000-memory.dmpFilesize
64KB
-
memory/2256-169-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-171-0x0000000077CB4000-0x0000000077CB6000-memory.dmpFilesize
8KB
-
memory/2256-170-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-172-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-173-0x0000000073830000-0x00000000738B9000-memory.dmpFilesize
548KB
-
memory/2256-174-0x0000000005840000-0x00000000058A2000-memory.dmpFilesize
392KB
-
memory/2256-175-0x0000000005BB0000-0x0000000005F04000-memory.dmpFilesize
3.3MB
-
memory/2256-193-0x00000000751B0000-0x0000000075960000-memory.dmpFilesize
7.7MB
-
memory/2256-192-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-190-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-187-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-186-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-185-0x0000000005530000-0x0000000005540000-memory.dmpFilesize
64KB
-
memory/2256-184-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-178-0x0000000006430000-0x000000000643A000-memory.dmpFilesize
40KB
-
memory/2256-183-0x00000000751B0000-0x0000000075960000-memory.dmpFilesize
7.7MB
-
memory/2256-181-0x0000000071DA0000-0x0000000072362000-memory.dmpFilesize
5.8MB
-
memory/2256-180-0x0000000005530000-0x0000000005540000-memory.dmpFilesize
64KB
-
memory/2256-179-0x0000000006D50000-0x0000000006D98000-memory.dmpFilesize
288KB
-
memory/3248-194-0x0000000000670000-0x0000000000AAA000-memory.dmpFilesize
4.2MB
-
memory/3248-195-0x00007FFBD59B0000-0x00007FFBD6471000-memory.dmpFilesize
10.8MB
-
memory/3248-196-0x0000000002B00000-0x0000000002B01000-memory.dmpFilesize
4KB
-
memory/3248-197-0x000000001B730000-0x000000001B740000-memory.dmpFilesize
64KB
-
memory/3248-225-0x00007FFBD59B0000-0x00007FFBD6471000-memory.dmpFilesize
10.8MB
-
memory/3368-415-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/3368-230-0x0000000005860000-0x0000000005870000-memory.dmpFilesize
64KB
-
memory/3368-223-0x0000000000F10000-0x0000000000F60000-memory.dmpFilesize
320KB
-
memory/3368-226-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/3368-227-0x0000000005860000-0x0000000005870000-memory.dmpFilesize
64KB
-
memory/3368-228-0x0000000001910000-0x0000000001911000-memory.dmpFilesize
4KB
-
memory/3368-229-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/4056-595-0x0000000005950000-0x0000000005960000-memory.dmpFilesize
64KB
-
memory/4056-596-0x0000000005950000-0x0000000005960000-memory.dmpFilesize
64KB
-
memory/4056-448-0x0000000005950000-0x0000000005960000-memory.dmpFilesize
64KB
-
memory/4056-447-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/4056-594-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/4056-449-0x0000000005950000-0x0000000005960000-memory.dmpFilesize
64KB
-
memory/4284-428-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/4284-417-0x0000000004E80000-0x0000000004E90000-memory.dmpFilesize
64KB
-
memory/4284-418-0x0000000004C70000-0x0000000004C71000-memory.dmpFilesize
4KB
-
memory/4284-416-0x0000000074600000-0x0000000074DB0000-memory.dmpFilesize
7.7MB
-
memory/4724-705-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-728-0x00000000754A0000-0x00000000754D9000-memory.dmpFilesize
228KB
-
memory/4724-442-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-422-0x000000006FD50000-0x000000006FD89000-memory.dmpFilesize
228KB
-
memory/4724-421-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-420-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-402-0x000000006FD50000-0x000000006FD89000-memory.dmpFilesize
228KB
-
memory/4724-401-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-400-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-399-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-394-0x000000006FD50000-0x000000006FD89000-memory.dmpFilesize
228KB
-
memory/4724-393-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-392-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-500-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-501-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-503-0x00000000754A0000-0x00000000754D9000-memory.dmpFilesize
228KB
-
memory/4724-391-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-390-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-389-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-388-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-387-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-386-0x000000006FCD0000-0x000000006FD09000-memory.dmpFilesize
228KB
-
memory/4724-444-0x0000000075620000-0x0000000075659000-memory.dmpFilesize
228KB
-
memory/4724-597-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-598-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-599-0x00000000754A0000-0x00000000754D9000-memory.dmpFilesize
228KB
-
memory/4724-384-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-383-0x0000000000F90000-0x0000000001109000-memory.dmpFilesize
1.5MB
-
memory/4724-689-0x000000006FD50000-0x000000006FD89000-memory.dmpFilesize
228KB
-
memory/4724-445-0x0000000000400000-0x0000000000AFC000-memory.dmpFilesize
7.0MB
-
memory/4724-706-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-707-0x00000000754A0000-0x00000000754D9000-memory.dmpFilesize
228KB
-
memory/4724-708-0x000000006FD50000-0x000000006FD89000-memory.dmpFilesize
228KB
-
memory/4724-726-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-727-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-443-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-729-0x000000006FD50000-0x000000006FD89000-memory.dmpFilesize
228KB
-
memory/4724-731-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-732-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-736-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-737-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-739-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-740-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-742-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-743-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-746-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-747-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-752-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-753-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-755-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-756-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-776-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-777-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-801-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-802-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-813-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-814-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-817-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-818-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-824-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-825-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-382-0x0000000000F90000-0x0000000001109000-memory.dmpFilesize
1.5MB
-
memory/4724-848-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-849-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-853-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-854-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-856-0x0000000003530000-0x0000000003867000-memory.dmpFilesize
3.2MB
-
memory/4724-222-0x0000000075B00000-0x0000000075D15000-memory.dmpFilesize
2.1MB
-
memory/4724-224-0x0000000000400000-0x0000000000AFC000-memory.dmpFilesize
7.0MB