Analysis

  • max time kernel
    207s
  • max time network
    211s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/03/2024, 21:10

General

  • Target

    https://launcher.erafn.org/Era%20Setup%201.0.60.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in Windows directory 8 IoCs
  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: MapViewOfSection 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 61 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://launcher.erafn.org/Era%20Setup%201.0.60.exe"
    1⤵
      PID:916
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1472
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:5116
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:424
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3124
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4072
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2648
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3688
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.0.1194543511\2009278722" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1652 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6419e4-04ec-495e-b9c2-f3f3514e385e} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 1764 16904ad9458 gpu
          3⤵
            PID:3984
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.1.769241576\1198825132" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0d3af4-40b2-4356-aa91-7865db63f0a8} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 2120 169049f9558 socket
            3⤵
            • Checks processor information in registry
            PID:4756
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.2.643172599\1698720007" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2820 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1c20042-749f-4243-aab6-73da5ab16052} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 2832 16904a5a458 tab
            3⤵
              PID:3392
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.3.1480931294\1119261489" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70176562-bb52-42ad-99dd-57133e369d6f} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 3480 169074a5458 tab
              3⤵
                PID:352
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.4.2131319750\2057244639" -childID 3 -isForBrowser -prefsHandle 4152 -prefMapHandle 4068 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31fa4d90-5791-498b-ad90-9834e033b919} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4164 1690a0cd758 tab
                3⤵
                  PID:5308
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.5.675363895\26253040" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bef0ca2d-1e6d-4534-b71b-3bc532dbc6e1} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4928 169093c2758 tab
                  3⤵
                    PID:5764
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.6.1932514136\1706431678" -childID 5 -isForBrowser -prefsHandle 4864 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e57c7743-3c5f-4d6e-aa9d-28c4c6ef2104} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4840 1690aecb258 tab
                    3⤵
                      PID:5772
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.7.1751842126\901480648" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d162f27-a494-4ecd-a644-0c3afc6d3e6b} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 5144 1690aecbb58 tab
                      3⤵
                        PID:5780
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.8.944022295\305326936" -childID 7 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c94927a3-fc39-4220-beae-419aacab4c2e} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4876 1690ce52e58 tab
                        3⤵
                          PID:5172
                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                      1⤵
                      • Drops file in Windows directory
                      • Modifies registry class
                      • Suspicious use of SetWindowsHookEx
                      PID:1536
                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                      1⤵
                      • Drops file in Windows directory
                      • Modifies registry class
                      PID:5056
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:5580
                      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
                        1⤵
                        • Checks processor information in registry
                        • Enumerates system info in registry
                        • Suspicious behavior: AddClipboardFormatListener
                        • Suspicious use of SetWindowsHookEx
                        PID:5180
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Drops file in Windows directory
                        • Modifies registry class
                        • Suspicious use of SetWindowsHookEx
                        PID:3536
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Modifies registry class
                        PID:6112
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Modifies registry class
                        PID:5316
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Modifies registry class
                        PID:5916

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZP3JQEV6\edgecompatviewlist[1].xml

                              Filesize

                              74KB

                              MD5

                              d4fc49dc14f63895d997fa4940f24378

                              SHA1

                              3efb1437a7c5e46034147cbbc8db017c69d02c31

                              SHA256

                              853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                              SHA512

                              cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cswg9rdm.default-release\cache2\entries\16B86C1965EC3363A01A5EAD675BE76E6DED9A57

                              Filesize

                              59KB

                              MD5

                              0d596abce928533c3fde246f21df3786

                              SHA1

                              326d01209fd751f1a142ef2beb52578db4074192

                              SHA256

                              e57a061d369edaa8181cac1dfa34ddb8fa9522ea2cd6cacaea4c9e32259f8428

                              SHA512

                              6f4118a362e61ee6086e1ed789b70170d660524b6d493539fe92e1179687ef5337c286bf5318cc6c58a5c603fc1aa93dd8a70cfb0c758e56dd807acd329591b4

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C5IGVFPC\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

                              Filesize

                              1KB

                              MD5

                              56afa9b2c4ead188d1dd95650816419b

                              SHA1

                              c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

                              SHA256

                              e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

                              SHA512

                              d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C5IGVFPC\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

                              Filesize

                              289B

                              MD5

                              9085e17b6172d9fc7b7373762c3d6e74

                              SHA1

                              dab3ca26ec7a8426f034113afa2123edfaa32a76

                              SHA256

                              586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

                              SHA512

                              b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P1VV82OS\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

                              Filesize

                              1B

                              MD5

                              cfcd208495d565ef66e7dff9f98764da

                              SHA1

                              b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                              SHA256

                              5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                              SHA512

                              31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RRM5UPGU\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js

                              Filesize

                              7KB

                              MD5

                              b3ca28114670633e5b171b5360bb1696

                              SHA1

                              683f2fb3d4b386753c1f1a96ede3ca08547f0e02

                              SHA256

                              a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490

                              SHA512

                              bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\4VJCJQP9\www.bing[1].xml

                              Filesize

                              97B

                              MD5

                              3df79986b763dd08d02f868415f88e78

                              SHA1

                              4a2f46163a887299abc5aa7ca7c3536ae5d4c51b

                              SHA256

                              12d6f3a730aa91d26c024970fcfca03e0bf69791ff83d2916969946725bd2bac

                              SHA512

                              10bb83161de108d68b6fef91b5f5be9eb6b46c4b4e182145c60adb4606169e1e47cd4cfae488d9b7c0c65bb8bc01ea6d024e6a490db3c898e390008d6b553a94

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G2WQRY1G\suggestions[1].en-US

                              Filesize

                              17KB

                              MD5

                              5a34cb996293fde2cb7a4ac89587393a

                              SHA1

                              3c96c993500690d1a77873cd62bc639b3a10653f

                              SHA256

                              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                              SHA512

                              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WL8BR2GA\favicon-trans-bg-blue-mg[1].ico

                              Filesize

                              4KB

                              MD5

                              30967b1b52cb6df18a8af8fcc04f83c9

                              SHA1

                              aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

                              SHA256

                              439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

                              SHA512

                              7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C5IGVFPC\Era%20Setup%201.0.60[1].exe

                              Filesize

                              335KB

                              MD5

                              f5d107e79cfd63671f178b4dfe445522

                              SHA1

                              092b2bcbc145b6deb5ef9e9e2315ee720cc861a6

                              SHA256

                              b4f9f036edf2d3be5c60d8578333912a9efdffc05ebefaab8a3ef3cf74488a9d

                              SHA512

                              5e2a4e254da10f9769f6511a33a528da04804d659335c0f1ccbacd0f120e84e0b37c51a181b3df3126aa8cf319fa5ac03d6f93e27d830b6ee296d101b14d0316

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\DLGQTMD4\55a804ab-e5c6-4b97-9319-86263d365d28[1].json

                              Filesize

                              5KB

                              MD5

                              46ee78c94150df13398d0517a789cf5e

                              SHA1

                              8d827947d19e920d1b6058baf7d641c5ba0b70de

                              SHA256

                              d8b70c9603b72404d8436aa9e4528f01e1dc45aef7834046d321b1f0a543dd08

                              SHA512

                              cc499b8e50e008530e67c8d8c06cc8c9b8facf71eb851f63855d2a180a00e6773b666efced032f93e68be048563c5d0d575274254583310c89a9e7a11f46c1f4

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\HDF0UTNK\en-gb[1].json

                              Filesize

                              105KB

                              MD5

                              6771959b1d2641b851d0f78f3671ba4d

                              SHA1

                              0e2645a2126060a1c51bc79467e7b9de72d60026

                              SHA256

                              dafd9a3e05dc008436eb905af646f09515f79ec85def28b06516ac3d783a13dd

                              SHA512

                              b1e8c041310f62d3f24304193ba3969f53e12299b49859abe072b8a4232d5eda2690ec6d848f06c2e80d902e53f499b6370e394830b1d676e61cb43c0a1cb7af

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\HDF0UTNK\iab2V2Data[1].json

                              Filesize

                              513KB

                              MD5

                              881ec6225d5d7d580dfeb205090a18be

                              SHA1

                              029dfe5644f15aa579ee1c2d13be96d53bcfdf67

                              SHA256

                              2d7455ab0cff7db7ab52eccb124284603dd0e86e77569d9daf94fe8b6a17b75a

                              SHA512

                              3e45df2392828dc4632026f257fde24e4eb703bf64083733bb4f50d70ffb4ea0e186c0f6dc6957e783471719bebcded0da962b96515e410aa6dcd961fd7354e5

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\HDF0UTNK\otBannerSdk[2].js

                              Filesize

                              426KB

                              MD5

                              9407efa17b9fa09288ff833eeb111cc7

                              SHA1

                              4fba1d46d43eeaeff48b8493245e5cda953285c8

                              SHA256

                              9cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a

                              SHA512

                              f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MH7TW64X\otSDKStub[1].js

                              Filesize

                              23KB

                              MD5

                              04a736599abd9d35460f225bdd4d2c6b

                              SHA1

                              f3a6c5e12a6862451d6a457230a506ce0dbd4007

                              SHA256

                              8dab3ce341beacb7483049495e317f00aad8ec7d960f98f2619536fb8f2f75f1

                              SHA512

                              a30d77969ff900e42f743bbbc44ff76a7c6abfba0641ebba1e8e93df72e8b232b774daa105252ecf52042bc6a995bbce17f9e91b2343f844776adc40967adccc

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\V19XC5R6\otTCF[1].js

                              Filesize

                              38KB

                              MD5

                              ccc7bdfd4fec43bb4e2ee254705af6f9

                              SHA1

                              9a2a188ff810fd0f025266d2b65f448a5ca84181

                              SHA256

                              0881d43075354250e7ca66af2628b7f894bca339f73be5add8c16e166d253708

                              SHA512

                              93e7b2cf7c54dda5bacede673dee2829335642aca27eb36afc4a117ee38e00bbc2ee801d751c7af5cbd1c31d0fb92643a862ca710f243e4e9fe64027fa0e39b0

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\AUG1ZHXV.cookie

                              Filesize

                              448B

                              MD5

                              6a90fbb84c3962c3ccd3b563b9c3b567

                              SHA1

                              6f6d66b84b5859481d4a285e11361c45e59de6be

                              SHA256

                              9d0c5dff26bb1b09a5c0dc0b124e84846f441762a2de5990853da52deb7a3882

                              SHA512

                              b1b27de26dae9ed8e44541e7892862640464d1c86fd5d66149c32399ba06b9f52636e6a4ae23ab5247261515159bf8f4bde9119470db6a98454f0b57e74c293c

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\L4CGQ6TQ.cookie

                              Filesize

                              521B

                              MD5

                              3c0ec5e3b8f6d38b64acaa95640684b2

                              SHA1

                              42c0ac2429bb878bc56ab2aedaed8886a88d4744

                              SHA256

                              725ad3aca49348912b179d7401fbcc16fdc9a556faefd417b13a59b4836e2d20

                              SHA512

                              0e0169acabd516077055f52558268a3d5447c1ce4432e942926e5c319e75048bd87faf23b6639e05a812a4dbaef9a8023c8669f3d26e820f44fc74176214de6d

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\RVW2GAOQ.cookie

                              Filesize

                              439B

                              MD5

                              98ab6cd74e394ca00d330f505fd16bf3

                              SHA1

                              7d3134997248fdb23ddfed3afef2f3b22c594729

                              SHA256

                              bb01b8a66c36741ff5e02eb87226c6f6dcb67f9826101f129158de2641b23786

                              SHA512

                              b1294ca61b7861695d39c34dced2377fe287bb24dd58d50a8eb36d8c2384a4d59c867236bb5fb4b49145ae62a56d2d81287dc3b960ecac603625a0332991a847

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\Y05IXII8.cookie

                              Filesize

                              448B

                              MD5

                              5c1a964a031a58e641698d5cc9e045c6

                              SHA1

                              4036515aecbc05da6457d229fed65e3ac99cf985

                              SHA256

                              a70ba4e0c369350ac0d210570c8d15815381594bc2883f0a22f54eff0d239b62

                              SHA512

                              7beeb8062c62774bb15f4dcfa635e48988060c51f0459953b6baba495290b89732176973cd6a40eeaea5de1ee07ab5806b36a16227b5f2ac78ae437ebeb65072

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\YFPZ1S3A.cookie

                              Filesize

                              448B

                              MD5

                              7db78f6fad892b50cf36af213cecdf03

                              SHA1

                              12cc045e2381ce9f1d84b21385cf40403783eabb

                              SHA256

                              20069711946d6d2f998a90979733ab712485e8382ddfc683ab6f09d6db965307

                              SHA512

                              ec8d079cea1b953632d7c5853337ba1f9c34cd004cdb0b660a93c9aa954361f7ab6024d746550e6b155e2c804b994c94956aa37e5801e755d4bfe06016876011

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\ZQCXM0CZ.cookie

                              Filesize

                              555B

                              MD5

                              d9662fe9d6b43b03dd58e56cc9db787b

                              SHA1

                              df393f6cb0a987a05824d111423fc43e1eb01c2f

                              SHA256

                              b9638f3896b1c79b4054a2bd8a3f8b6d33d0e261143545e6f872c712a397193c

                              SHA512

                              7410465194e51ee54af24f7c3b4d1f005909f45319d286e7e35ef930276dd5793dc825e7f950aa63ad6d5d9d312784a021ca072a9c7c0e87132c61f4b5515816

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\34I1T0U6\www.msn[1].xml

                              Filesize

                              285B

                              MD5

                              6167fb517bc280f4ce3ae0619b892fc9

                              SHA1

                              b37eb32f91169db741bbd18aebcd6835e4d12851

                              SHA256

                              ce5e283a2785663188466dd71c863bab88410817f8653713547a2dad013f29ee

                              SHA512

                              822ba16f311b5f9887a0d29de508fd4730eb9b95b6cd24c40b042f8805684e7fd3ab5e2aa7f79f042e8ac1f323e44528a4314c6eeff11eb08c55194e56189ff6

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\34I1T0U6\www.msn[1].xml

                              Filesize

                              485B

                              MD5

                              d8f4fd00e4d824d49dd413c33c6a6c4c

                              SHA1

                              48f934d680e0866463ae9822f3019f9dae8ffd6b

                              SHA256

                              44b67364bc4865ab9a771691f27792a1e21372d77c4f569504e3002b6d8bcc92

                              SHA512

                              1041071a3a46424654f53ec773db25d41389208b8b95d4faf5df79dcbc10776b9b541c728f3ff4412180a5850d2d0e8fd033cfff2177497c9d641816b6fcf7ab

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                              Filesize

                              471B

                              MD5

                              157cbfd1f273fe6a0866d8849188bfb2

                              SHA1

                              d01401b44a43abd5b1f45774b1de478cb1fbacf3

                              SHA256

                              18e29ce8d8fd37be968726ee4cf2945b4fe417b0e5bb9135f518b2cc10a7058d

                              SHA512

                              8bcd3f9f889a9f54089c8f806b09fee97b954fa9db224b5384dd103216e63aee65d3573b087806d344f9cb2efee9e4133263777614e5a278d3b705f851b81a14

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

                              Filesize

                              471B

                              MD5

                              c9697cd23866882247170285e455c133

                              SHA1

                              8edd9988deb80c6f249b05a2c8ebbf990ca4c686

                              SHA256

                              46ec47c20b3fe355b28a640aa0898677d8d05c1f0ab5054e7eba8b7ebf5a6ef2

                              SHA512

                              442f50f092b36e9a28b30710fe83b7e8d3e35c998b114311caf7d7f37467caa7bd251e04fe9f2e77ee91f0419d9856f5d5d28f01ef61b6cf15a1f4edce3ed679

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                              Filesize

                              412B

                              MD5

                              9084dad88089a02538c5be14995099ba

                              SHA1

                              dee8c285f6e32ad4cbc71a8109c611329bb239dd

                              SHA256

                              ccb91be3f7b4d2ae9e2a6403766b16cd9153d5cfed333a83776d5745183033c0

                              SHA512

                              4bf3b2d2b6838d52d85d5adfe7ca658b382d9338075946ded956ef4decb98c06022bacd8845493598993eb15a692237dfbf8bff407bedb03ab2b3e5c3c48f583

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

                              Filesize

                              412B

                              MD5

                              aa28d14a1522c8ff3ea5a17746c80e59

                              SHA1

                              a547c1c7913288e0a301b5f6640cbc3b0086a883

                              SHA256

                              10567649120777b47ff8dfad044de8c2eadec307887b7cb2ab7132cac18c1439

                              SHA512

                              b09525cec575f69dc5ca11bc6b2b474a00100b2b617837b28c35a694179781a40fc18fbd6f13bba71b0e2dff0b3ad16c942f01eacbcd3801621767cbe2b210ee

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

                              Filesize

                              224B

                              MD5

                              e66d36cbcfd69fdf8db6e5c649137ef1

                              SHA1

                              c1ce08cca33347fe58f95f78f61c31ac6501f511

                              SHA256

                              15376656ff62df570727bcac73caf451fbe0599729bb4bf648b5e65b3e97f5f4

                              SHA512

                              78a8c44885ce2f1a035a3075a50027d6eff5c1adbc4d4d134880b1aced5e5d0f70fb6ca8cb037327ec4890a392b3be84eb85c72f38d4cfac985afab64b7c81bc

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\db\data.safe.bin

                              Filesize

                              2KB

                              MD5

                              c0a991d6ff5bf4cdd80efa0b89380d85

                              SHA1

                              cc23f1b7a7cf5b9c3c653ce26dee241cea211314

                              SHA256

                              21d4f0365009e8da8df0cf1202ddd60560fbece93aa6d34d6bc92a734faf05c6

                              SHA512

                              a0c065e2525eddf53b91173cc71813e2d3168635e488c0f19b39c908fa29e9b32848cb093c94099ae1d38d74bcdacaab53db6f88080479f8e1c4bb510ca7529c

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\81c393df-3469-4280-a021-aaae18ff2ef1

                              Filesize

                              746B

                              MD5

                              d9c2dbc4d3cf1c108a6f1be9ae942b55

                              SHA1

                              fe812e846c6b388e0cfc72331ad1d21e92996374

                              SHA256

                              0fe474742aa688af691061703bca0fb7df514869798c25b72143c50b8e8b885b

                              SHA512

                              fc4ff79e385cba745229f93b9cac9eaa26140c3c91700b7af81a5eb00a5474f57bc84f39ca4067c1fc754307fa301a4347b13f5d79cdf7bd984f35f2e5030e73

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\cd87b071-a622-4aae-8ac9-ae8a7fe58c4a

                              Filesize

                              11KB

                              MD5

                              faf4a27e90d2439ba9d6d044d5f5ff83

                              SHA1

                              cc5194c12cd569b99630d01d36e20b6f7dff9316

                              SHA256

                              aa20e09f968d178859f432a6e2b650b32fad25a11b4afc8e586e5ead8a3a746e

                              SHA512

                              83b999ed7ac29d2b3bf0d65d80e698d5cdd4d0e45a1636c3fe7ea9ce24f48689705f8e7746e79304565ab29626736e2cb39717ef52d7e604cd67f26b9e0eb7af

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js

                              Filesize

                              6KB

                              MD5

                              caafe69a9b88bdd42427d13c9465113e

                              SHA1

                              dbe8c5cc6973641afc7594e1133a688239c6c668

                              SHA256

                              f2f1190ea84650906e2a09c33b0549b10fa05605b1a0c32383a84287a3304812

                              SHA512

                              0bde88938d77634385cbafbb68c89a2781afb58121e22b74242b74e8a54ab9ebc9f2b41b6531f7cf44cbc0f2ce69b05f8d555efbe2ecfb8914f5c9a79c58b1f7

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js

                              Filesize

                              6KB

                              MD5

                              cdbcaae2450918f2419b36acc6e6fb96

                              SHA1

                              825e5bc520e12130375ff6f9fd80b83a0b855aac

                              SHA256

                              373c7cc238aa3c3f39564277b73e83e0c900e593b1ecd09c5d7367749ecabfba

                              SHA512

                              0d652a691140367426f3ec63778a990b8b14c6d865a4924e14ebcc82ba90889d388d5226af435b540c9d8593a0dc53e1cf4c0c2ed2c6983b16d2365c18ca6878

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

                              Filesize

                              3KB

                              MD5

                              3c1e332907f453b17435b3267b632425

                              SHA1

                              52b4b2905d0fe42e49f55323dfeed3c1b69a7e48

                              SHA256

                              d1fbf22805339bcb91f290b60eb8961c827a150d294a43db5030638a563d0893

                              SHA512

                              71b89469b0dcd8e3652939a209455f16ad28c444c1b46191ecdb73b5851ee413cf29e61886da65c1cfdf8225970a5c136607e9d2584d7a9c703f38567d4d3100

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

                              Filesize

                              4KB

                              MD5

                              229c1a0b26519ed2bd78175fd507f423

                              SHA1

                              5808730737c6b785ec7ef0e4cb473986b73f7cc2

                              SHA256

                              311b7d4daebd6930ea8d75d1ea71ed4c990eae7510e966d792df3b1de5f54c33

                              SHA512

                              7a72c61c48d131a2b82855d11d3994c01d5f49344d9bce86213200da3da6e35b0cca868d314bbcd0c9f6b64f10563b9212be3ca141477fef6f46f3ad418d1ed8

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

                              Filesize

                              4KB

                              MD5

                              878f09accdd424c9d6c11e174f90e17a

                              SHA1

                              765447ce52984896cb42b99fcc5265278afe314a

                              SHA256

                              cce8374820308f07c7924542acb3490ac21fabceecd82c5c6c2ddd793f2336dd

                              SHA512

                              ec2a89046ecc9f5a8b79d9ef6a14b9a12deff71ef55c8489fb78efdcf28081c8d1a64db6351323d8c74ada318b2f018a6df8234c719520ed717418f9907225ce

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

                              Filesize

                              4KB

                              MD5

                              7b09ba1e7ec697cbce9694aedc6ac35f

                              SHA1

                              d89ee24996f9319d591b560c361c21ae228bb6a7

                              SHA256

                              af2c426f36d9c7abcc671a145e41d64370c60cedd0b09e187c9f749810805682

                              SHA512

                              387e92d8e8874521cae53b477bb6427722aba9f477c21da68f1637840687fd089596bcb88a62ef906387facf77c2e2799155362084243a655b026f3e6f64690a

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

                              Filesize

                              4KB

                              MD5

                              63194759f348d7c047ed8bbf1474bb5e

                              SHA1

                              c0c5ff6377562d4dec979d19e64054ea8b5340b7

                              SHA256

                              77c3a6d94f29a1ad533d13f87e1a857b852f1a9aed1e05db615a83050922d003

                              SHA512

                              e7d7ae62b23c8a1cac1ef12229b888b1d963dd08f5d33ad49dca411854d3d1737c4871296937840d5c5a32a2aa1a2d09b1642333b493ef8a141ee7712ea18881

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

                              Filesize

                              4KB

                              MD5

                              21578dbf0fd53b5a129c40334bdd0744

                              SHA1

                              0484fbb58b1018b1deaa604058f1758f0a95e437

                              SHA256

                              73145cdaae3c28ca01e9230cf3685b781a703a145100c6a781175e4e231b11e4

                              SHA512

                              80a9ef1d2c083ab9e249714c18bfbf8bcdd45a32239f49f82be9cdb3bad7859675ea47606438aef33fd73b2b89952ffbdbecc451ff62f8b0cedd34ae2a157aa3

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore.jsonlz4

                              Filesize

                              4KB

                              MD5

                              d7986e4c76c512d4d36d767417129865

                              SHA1

                              70b680b0b17a8dd0bb20c7d32a1465f765499c31

                              SHA256

                              385d86120ae6062e092c5e10832765a57b0a7247c8b9df2ea3f554d1f225889f

                              SHA512

                              6979244dddc90e089b15bf94728d408fcc302983a7ff4ef6d65f9b9940b93fdc66f6343af659a646741f22928e17bb37ca0f156158615ed570c3ccfbe9f15156

                            • memory/1472-66-0x0000017EA5C10000-0x0000017EA5C11000-memory.dmp

                              Filesize

                              4KB

                            • memory/1472-0-0x0000017E9EC20000-0x0000017E9EC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/1472-16-0x0000017E9F400000-0x0000017E9F410000-memory.dmp

                              Filesize

                              64KB

                            • memory/1472-35-0x0000017E9C1C0000-0x0000017E9C1C2000-memory.dmp

                              Filesize

                              8KB

                            • memory/1472-64-0x0000017EA5C00000-0x0000017EA5C01000-memory.dmp

                              Filesize

                              4KB

                            • memory/1536-479-0x00000242DCAE0000-0x00000242DCB00000-memory.dmp

                              Filesize

                              128KB

                            • memory/1536-489-0x00000242DC200000-0x00000242DC300000-memory.dmp

                              Filesize

                              1024KB

                            • memory/1536-511-0x00000242DCCD0000-0x00000242DCCF0000-memory.dmp

                              Filesize

                              128KB

                            • memory/1536-475-0x00000242DAF20000-0x00000242DB020000-memory.dmp

                              Filesize

                              1024KB

                            • memory/1536-472-0x00000242DACB0000-0x00000242DACD0000-memory.dmp

                              Filesize

                              128KB

                            • memory/4072-65-0x0000010D19D70000-0x0000010D19D72000-memory.dmp

                              Filesize

                              8KB

                            • memory/4072-62-0x0000010D19D50000-0x0000010D19D52000-memory.dmp

                              Filesize

                              8KB

                            • memory/4072-58-0x0000010D19D20000-0x0000010D19D22000-memory.dmp

                              Filesize

                              8KB

                            • memory/5056-737-0x0000021B78670000-0x0000021B78672000-memory.dmp

                              Filesize

                              8KB

                            • memory/5056-729-0x0000021B78240000-0x0000021B78242000-memory.dmp

                              Filesize

                              8KB

                            • memory/5056-741-0x0000021B78AF0000-0x0000021B78AF2000-memory.dmp

                              Filesize

                              8KB

                            • memory/5056-735-0x0000021B78660000-0x0000021B78662000-memory.dmp

                              Filesize

                              8KB

                            • memory/5056-733-0x0000021B78510000-0x0000021B78512000-memory.dmp

                              Filesize

                              8KB

                            • memory/5056-731-0x0000021B782C0000-0x0000021B782C2000-memory.dmp

                              Filesize

                              8KB

                            • memory/5180-597-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-589-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-725-0x00007FFE0F9F0000-0x00007FFE0FA9E000-memory.dmp

                              Filesize

                              696KB

                            • memory/5180-726-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-727-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-724-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-728-0x00007FFE0F9F0000-0x00007FFE0FA9E000-memory.dmp

                              Filesize

                              696KB

                            • memory/5180-722-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-721-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-601-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-605-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-600-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-608-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-599-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-598-0x00007FFE0F9F0000-0x00007FFE0FA9E000-memory.dmp

                              Filesize

                              696KB

                            • memory/5180-603-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-592-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-596-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-594-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-723-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-587-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-588-0x00007FFDCC800000-0x00007FFDCC810000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-586-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-585-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-582-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-584-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-583-0x00007FFDCC800000-0x00007FFDCC810000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-581-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-580-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-579-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-577-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-575-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-574-0x00007FFE0FB90000-0x00007FFE0FD6B000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/5180-570-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-571-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-572-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB

                            • memory/5180-573-0x00007FFDCFC20000-0x00007FFDCFC30000-memory.dmp

                              Filesize

                              64KB