Analysis
-
max time kernel
299s -
max time network
316s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
15-04-2024 17:20
General
-
Target
abc.exe
-
Size
39KB
-
MD5
86d5da568119c68aa30262d2a4ea0ff5
-
SHA1
bf8f5daf767ffffe48ce3c0efdd47cd6ac617cba
-
SHA256
3cb4c1cb608cf1fb9f880c19bbfe949557b2577b77469a7b4d4e8844c3ca6e52
-
SHA512
fe234f30c7f9dd4ac7ce8115a7f3a463af12a03fca1682dfded849f778e5fae09776a4ebc11bd8685d31e2189ca71d2f22a49f7ac82914ecbded4864fbc9a2ca
-
SSDEEP
768:MG7+qmT8ztyh6pwDYvCL6v6hCuuJf27j1fFWPG9/V6OOwhljObe:7fmT8ztyh6pwDnGwCuuJf4Fv9/V6OOwR
Malware Config
Extracted
xworm
5.0
127.0.0.1:7000
vsXimiB0W2OqCifx
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect Xworm Payload 2 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
AgentTesla payload 1 IoCs
-
Drops startup file 2 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 1 IoCs
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 49 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\abc.exe"C:\Users\Admin\AppData\Local\Temp\abc.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\abc.exe'2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'abc.exe'2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\abc'2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'abc'2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "abc" /tr "C:\Users\Admin\AppData\Roaming\abc"2⤵
- Creates scheduled task(s)
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.0.1478782754\1991138272" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fad671f-6a83-44bc-87ad-1a1055680b38} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 1780 1b9a98d7b58 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.1.292082996\1501047950" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a40cfe8-dab7-4d2e-b658-a2e8f5fb11a8} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 2136 1b99e86f858 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.2.2076753864\2020696528" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 2956 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b182d51-9c0f-49ad-8dba-8ec5cd2b1bd6} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 2952 1b9adb9fb58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.3.743285155\958075357" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3520 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ab62108-484d-4872-a501-ff03eb6f0ef3} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 3552 1b99e861658 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.4.868845884\1315768050" -childID 3 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da814752-a40c-493b-a7e5-87052b7783a0} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 3692 1b9aedc4858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.5.2017752123\757630722" -childID 4 -isForBrowser -prefsHandle 4784 -prefMapHandle 4776 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9335bd69-465d-43aa-b0b1-15ebd5e02a22} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 4404 1b9ae1b7158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.6.9336336\1335932950" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {851e6912-a350-4f09-990f-9fe8bdc335a1} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 5004 1b9ae1b8958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.7.963129696\2064412652" -childID 6 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdafb975-3472-48f5-b0b2-15bda783cc11} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 5184 1b9b1215258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.8.686967818\1724710248" -childID 7 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69480e83-c942-44f0-a6b6-1ac143cf4502} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 5592 1b9b1c1a658 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.9.950829872\1680296428" -childID 8 -isForBrowser -prefsHandle 5696 -prefMapHandle 5800 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9753802-7f53-4eac-a85b-f286c4189758} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 2848 1b9aef86d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.10.1574936676\1785770315" -childID 9 -isForBrowser -prefsHandle 3688 -prefMapHandle 3476 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c496e9ef-e2c3-423b-822e-02424d4beb8e} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 4740 1b99e830858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.11.1574757196\1114860209" -childID 10 -isForBrowser -prefsHandle 5144 -prefMapHandle 5048 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9445ef39-f825-4f07-b84b-e3515580283c} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 5132 1b9b1727e58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.12.1992128800\1062231646" -childID 11 -isForBrowser -prefsHandle 5776 -prefMapHandle 4876 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27478b4d-1bcd-49b0-a471-2cf28e4d775e} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 6032 1b99e86ab58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.13.149431783\1904879134" -childID 12 -isForBrowser -prefsHandle 5868 -prefMapHandle 5756 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb8510e-c3a6-4ccf-bcae-0454c171401d} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 4368 1b99e867b58 tab3⤵
-
C:\Users\Admin\AppData\Roaming\abcC:\Users\Admin\AppData\Roaming\abc1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\abcC:\Users\Admin\AppData\Roaming\abc1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\abcC:\Users\Admin\AppData\Roaming\abc1⤵
- Executes dropped EXE
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Roaming\abcC:\Users\Admin\AppData\Roaming\abc1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\XWorm V5.2\XWorm V5.2\XWorm V5.2.exe"C:\Users\Admin\Downloads\XWorm V5.2\XWorm V5.2\XWorm V5.2.exe"1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\XWorm V5.2\XWorm V5.2\XWormLoader 5.2 x64.exe"C:\Users\Admin\Downloads\XWorm V5.2\XWorm V5.2\XWormLoader 5.2 x64.exe"1⤵
-
C:\Users\Admin\Downloads\XWorm V5.2\XWorm V5.2\XWormLoader 5.2 x64.exe"C:\Users\Admin\Downloads\XWorm V5.2\XWorm V5.2\XWormLoader 5.2 x64.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Users\Admin\AppData\Roaming\abcC:\Users\Admin\AppData\Roaming\abc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\abc.logFilesize
654B
MD516c5fce5f7230eea11598ec11ed42862
SHA175392d4824706090f5e8907eee1059349c927600
SHA25687ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151
SHA512153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
3KB
MD58592ba100a78835a6b94d5949e13dfc1
SHA163e901200ab9a57c7dd4c078d7f75dcd3b357020
SHA256fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c
SHA51287f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD54b3bada39e4e5a772b92eba38a5944f7
SHA1f823af0da54745d1bfd941572a287c37b0b6c959
SHA256705c462169297416d7fc5f8bbc9c9eda7543b54e3753eb59f1ef06b5bfc1fd70
SHA512724898d4b2c5e6ee2c366d575bb617845ff2a53cf2d20623128f1b921051044e851cf4dca4c39d9a52a4f62149fe07d01129bd69520a1fcaf0558bafdb7f474b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD5b626fd181283dfdfb1033d4a8d51c62d
SHA102a417880a6072426de3614b9f7786f66d6485c7
SHA256f85abff86ab67d1d2be0882bdff95da2e87a00cfae3274745791ff993cd993a6
SHA51226d57653c20862a55736c629eae95421c56fa587730cd17fddafe3f45d58709cebdfc3e746800fa74bf66bf6aca8a537cad7dae670f622da30e6802e20f99ea7
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD5aa79d2afa4b3264193081158452cfa18
SHA14eb95365d5b2a994e64829b2a160496f0a7d6d65
SHA2561b5867f257505d5b527c23e2a68b89f0e2038d74d893e7d8362a4a57e305d658
SHA512bb25d63759eae55c694c39c7aa5e036f1e3dbd45b7dd0f202e5985bd976720e409ca9af513619a1169a8aca829b2ead81df6521ca3ea985c25c02a8af87f614f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\7457Filesize
9KB
MD569d1af0f78caf302358e23d4d221acf6
SHA18f7ea3ba1048d9e532ce9799effd0b2c03937b08
SHA256a4e9b07cffa5bce7ffeda95ae4df51e04beae6b70ac7852bbbaa2fc7f6a7800f
SHA512e94697d48327682373586e214a9425128b151688600004c4c04879154c8d02070af3fbc6ad4022d045429d86ba0eab8c872fb3360f1e0fd09a1c774d9a7eb005
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftlFilesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C96XYHU1\dotnet.microsoft[1].xmlFilesize
765B
MD5e6afbc7034c88e0cb5c6b90bd3b69db1
SHA11ff715997ebad731198b7cd8fdf670b0fd02354f
SHA25605be215ca7f03a7e2c1df8481d94fb1fc33a9d2c4832d8257ecb523e0aeaaf3a
SHA5127c02fd2770a43291096a405a1451b6cbae52f2dd73042aab974fe0ac6633e364549bfb507718dd12bf28807e75baac237b4d941dc1ae3f0878640eca969152e5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C96XYHU1\dotnet.microsoft[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3W6S0IRV\favicon[1].icoFilesize
161KB
MD58565042b6db20c23647202bf4b95f11b
SHA19f0829cb3ceef14ac10e0b66338d8b7243a09101
SHA256dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969
SHA512dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\bk1lfrn\imagestore.datFilesize
101KB
MD50b025cfaba9c4e45efde21488d81ec71
SHA1d03eb49e8ac7dfbd9d3d7014809abbfa15395b2d
SHA2568fee7ca2a59d6534b266fa55de871f3c6a9afbe25598d3e8b08c450ef6d3703f
SHA5129b2b217ac862b830bb257942276493050720851fb9f5ea476cab0d17ed3fe9923e115af61444b8c813ada734bbb33a20c27e400dabafceb102a0ca4eb93f108e
-
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dllFilesize
112KB
MD52f1a50031dcf5c87d92e8b2491fdcea6
SHA171e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA25647578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA5121c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ididy01l.0bi.ps1Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
15KB
MD54b6a0864fa1d378a952354a6af1bd3d9
SHA10a4322ea0211a02e82ce9368e7dcc359239b02db
SHA256ae24b6217ab7eeeeeecb90628e7b631b82f3e51fbe1eff7c59f7ae1e4ef8f5a4
SHA512dfb1df48de5ae6475a468217e8945f2b4cf89ddae3a3035fafc6ea75efd43af690232ba9ececfddb8f82efca989537c91228d736ab21891e3bcf52b9e9f7ab80
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD50b0e361f75d4891733fe90dc7161c624
SHA179b285c5a74b9f9b4f8b7aa1342862f6d2669f9c
SHA25675494db2bdacd3a16befa5a3c7c8c16cdeb05e524249e9d962587e48a9ffe768
SHA512a2fd46066df343d3c34f8daff50184f6ffd6e4bd3fef29a38d535997e1014112e97072128123561f48f4718d3f7a110ccd0132eaa15ab615bf5e9b7a13fb10f6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\303cb259-e265-4a5e-a145-00054a32c8ffFilesize
855B
MD566baaac12f7de77f506faafd517b7b56
SHA1e506bdb92d387335c09e982116c98d58a06e73cc
SHA2560ca7c5fdbc765452e3b53fd547955b486dd6d17383c2bfd7a5ba47ee91cce99e
SHA51255945f5309afc9d9a0d7de84f492b848136de47264f05cd5cb8c63daad123f57aa8f8cce212602cb525a61fa5e696375f63f81445788daf2df4011712223c0fa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\332133c7-d911-4a44-97d7-83d58112d869Filesize
1KB
MD54834cf5b1ca217210550ecfb7d2b2c52
SHA126c1edc2565e69b8ad45acec7ee60d9b066fcc6a
SHA2560d71f26022c178d5eb61e3e71c4f2272becd052b5d4d802ca65bb3b99584fd11
SHA5129e209db8e91a6ffeec08c36fc1cde3f3f7e413ede5dc8e203e5445cc76b0fcda407632bab5a77e8a5089ac6514013a300cc222f4b10886961f9fd4c18c9db9e6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\3d4cedc3-7f3f-4fd9-bc54-ddef7a9a2b34Filesize
10KB
MD53fc0f6a08c1402cba9c9e5d813a72c57
SHA15e7297cfb37bcafe8e5192acc96482855b7a3615
SHA2561aad14c7986f8fda10751342e5e1814687d0e68885aaeb5ec571b5a4b3bb4707
SHA512736e3cb700ae77073b57996bba0fcf89df1244552f32c9c20bff6c11920649984ff4aca159082bf8e9154f4e3d250c8ea51d5a6792a80ccf7158ff29a622851f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\c63b233e-564a-430d-8241-cbc0d3bf5934Filesize
746B
MD52eef389bc198ef22fd21e7f9f06814cd
SHA1eb4b769ddb750e58e03b21ea15d1fab2882ebd7f
SHA256e3547798753a21a103495281f49c8f31845388c321f3441d9a91542f1ca24aec
SHA512a38973a9d326e0b79dacaf61c6aaa4dfeb7b18757a6456862522580cf30f86f7409e0e7665013c827920c6914e7a89daca668f63ef347791dfdc3de2b4b44683
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.jsFilesize
7KB
MD58ae9c1a5fc5f7265cf02f79f78b513bb
SHA164bf29c3819b118250a38c1c655b1acfdde9ea17
SHA25693877124b75b7f4ca9c40f2b7bf2f1eadf0a7bf1666772e8f84d07c853b1ef18
SHA512bb15cc074da5ce9a6b2796d9513a67bf692dbd139f15b010e386460b937adcc88974b865e70a18b8c8d375ef3d4eec9e0bac495bc3c1955cdb4544764897e4a3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.jsFilesize
6KB
MD5b2b8452a17a8332b79868de59758287d
SHA1f2946564b7d5dc580148a243e03d82f6402acf46
SHA2562cb4cb43bfe2e63e6ba64a6767b1745caf347f978ba02692d0256c89be7328b0
SHA5128f7a9d86836c134f9d8a12c2714dd75d51883299aaa2003a7faa9e16ac31e64fee32efe79bdd9419b3e470fca58c70ad5c8acdb9346f76c903041d75968d8a9e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.jsFilesize
6KB
MD5d946a4a053f5e51429d9d201927377d4
SHA12d55782f1ab300722ea3ff218f10850341b22bfd
SHA256000fe2d6a424cbbe529bdba812572583a5994f1f63abfc2d76636110e1d85cc9
SHA512c984ecc0da8a6530a473dff5a66058391c5192572dbfff23c006410c670aed94c6f68a5e71785e52ed5cc035685f1e9da2649cd1057fff8fb5ac1df5546b782a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.jsFilesize
6KB
MD5c52b829627ae7b2048deaf4e458b74af
SHA1552d7072aaf91d6f4e426f1c41372ee7615f1123
SHA2565c5f1a1bba293f7c6dbc50fb4f5746ef214e5d5133515475f1834c8e749b7bc9
SHA51216124ed830f162b9a554e1f31595573463d0d1e52a02498ac22f0db6c86bbb97bd2fe9a8bc032f0badddc92751725b8ded89ff19d786cc2f4e9ef2db12b87b95
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.jsFilesize
7KB
MD580eadf4d05abb8e84336ba24c05a6851
SHA11fd5c28d5680acf406c1d362877ddedca17e3849
SHA2562cc5511eb38a6bcdeb9f5ec60a6b95c922c703b5100af020be84de186eceaef4
SHA5120813c142c999cd8c0717afd21e96d3d35d34045ec53aa3c1038ac756b77ee749ddd069fc81871836adeafb366449a110e2702a81bfee38bd07225db905fc265f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
3KB
MD58b4434a62200c39d0a2bea36d07fd3e8
SHA13d1b35766ed27eb59c056a5e52222361769b67b4
SHA2563ca515133f2c3b58508662d588ad64e1f94d307fd3f43661c0226997b1acc86b
SHA512524b5cdf6a271ba6d6d00e511f49fdbf35a3070c7ee5f58133971b33879d56aa8ab66755b30cb6117eefcef4c124469aca7e4a2afda2979e368637cf326951be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD53db160cbf580772370974cd585eb81da
SHA1b48f1ccc2d17317a21dea09d15bfc2941ff0dc4a
SHA256e58664d779a5eb2fdb50cbc78423b51b0bdd4a70f1aed96be1326015b6917102
SHA51268f6bdf2ab9b410c9e4c24aa79687fca78b38d5b836a6f9560d0922326fdd1b863393a6adabcc24a3eec3f88a679d20605d8f6e385b7b83db7bc4fc5b26389d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
9KB
MD5b7fa2f4b56d45805c69cbe6348fcf321
SHA1db501415f0c1424e2abf24c60fb3cd3c90760c60
SHA2562c1125103899ea91970dd92101c96a8c1169254da24fc14ac2d22755611627f7
SHA51262d39a217b0f73c31a52e8a760564c0788b821d415d063d72c2c9eb5e7f2972fb6f4f808dc9c4d73a01ede01c0aae8fbd28c614280bd3e705acf5f7513b87aca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD5c763a050d01f8b9e842a3142e8f8c0a0
SHA1caf1b1030bbec186976193c14caf6614a149a37e
SHA256e8e4a4111187676047ac2d05bc83af69d75c66f817442818cacd8862940791e8
SHA512ccaa26d1083b347058cfc1b493bcb3f898612f7d0dea55eff61402c837405d5845474984b7586a6f122e977d32a71455b0e67a80d69b318fc65a18c0173bd4a9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD5ee55cc503510c0200ef21f33e09f015c
SHA114a6f3cf749501a8205e659fd9958c34470c93b0
SHA25601d873d96ba554115698a266ba1d53e4a33d9850ae150fc15f1b10fab1e9b116
SHA512c9a2126ab51c191d699c6cfedbaf02b9a5cd3dbb691d4943f8cc6f79070c86758a987bd98570921c91da621881f7358fcd2a483642e9c968707cfc26562dc6d5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD5ee035c7dc284c08ae12fae239b22535b
SHA19e5102a246bd984ae9b0d030f332bbf4698ca172
SHA256ac9b87b7bf838ec6f0d9364bc72654228abfd61558a48974fad34b1fc77135e4
SHA5120d9dde6ee1a4cea85d1b97c47d900d14da03e5f05d7fb29e164a6a8b49f1d20864ee5d4497b75e8c5e4468dffe985cc1f3535b4926e8cefd9370a0731b0305a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
9KB
MD53710477a23c923c072cde8e16a12a213
SHA111c2e8e8e1396bfc756c1d681b489f2437bfd963
SHA256f3ba41a2e64bbf63ae953678529db7dbdb5830fbc109ef276c87115ac1754855
SHA51273c7ae37bf5652160fc7d84f82b9918be425b87e4d05bc70938bf12922801cd30a033b9ad129874c92e1c3e7706ef0692eafdd38638cc5769d418696e1ed92c3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
9KB
MD5aabc60c051215e10dc2243bfb227a314
SHA1a2c4ea151d6443ba82e4eb8b8088c267b3209898
SHA256b2bd39142c436cfc370e61bb7e7ccf6de1e119f12d8e1f435b62f3e38e454455
SHA5123cef7e3eba66207b8ed54a2cfbfda4a4292ac22b0dae9ef9c82b246a771abd444860f25fc79cfe27aa2a11d1a5eecb245d32f62e9c79fa44c8188b0f444f2685
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4Filesize
9KB
MD5381d1fcaa9d6262627b39c0bd5d4b222
SHA181022239a0c3da6d7906020251b8b4652b3dc8cf
SHA2565e2b91577cf687c128606c04151a44c22304a70d81c274ec07aa09bc48cd98ee
SHA512dba448686c4aee9eb68f4154b8726e6c9576d7f8e36599800b73efcd43c7e05c5e2462af71930b934166b368ca270296a7c233959445348b0f01c1eeac6bd7eb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
192KB
MD5eebc861a4dce8a1116ae2548bc77118f
SHA1b83691e80ea389c5563c1a007e7cfed5504ad8b8
SHA256855f1b2d2f8edd89d13571c1d98dde4dd51234ffebe9cae89df6e6dfe3474dd0
SHA51297ad6cf4aa9a0ad44c665ab4779f6fab9dce4d98da43d1a657f77df7b40a962e500bde18b04dce642546c8006214476292386a67df74a931b7da004d389bd1b6
-
C:\Users\Admin\AppData\Roaming\abcFilesize
39KB
MD586d5da568119c68aa30262d2a4ea0ff5
SHA1bf8f5daf767ffffe48ce3c0efdd47cd6ac617cba
SHA2563cb4c1cb608cf1fb9f880c19bbfe949557b2577b77469a7b4d4e8844c3ca6e52
SHA512fe234f30c7f9dd4ac7ce8115a7f3a463af12a03fca1682dfded849f778e5fae09776a4ebc11bd8685d31e2189ca71d2f22a49f7ac82914ecbded4864fbc9a2ca
-
C:\Users\Admin\Downloads\XWorm V5.SXukrbIF.2.zip.partFilesize
40KB
MD55806662e1eb5019892f72942ef240fbb
SHA15bd0008d2722fe5417176cbb09ebd5c45ab84cf0
SHA256212e0b8480c67e367c11caf462e64d067b8e3057a352a789dbf3cad7b6d3fdc8
SHA512c94a1ed5a8bb71864ff56e2c52ba1e90316778f3f98b8762932bb2d2b8f0d1e15ff6ccc33d1841301d5a1ca577fa1b02987f239b7c1b4f8ecbc52c61f56e682a
-
memory/1040-834-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/1040-835-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/1956-458-0x00000000009B0000-0x00000000009C0000-memory.dmpFilesize
64KB
-
memory/1956-0-0x0000000000090000-0x00000000000A0000-memory.dmpFilesize
64KB
-
memory/1956-402-0x00000000009B0000-0x00000000009C0000-memory.dmpFilesize
64KB
-
memory/1956-380-0x00000000009B0000-0x00000000009C0000-memory.dmpFilesize
64KB
-
memory/1956-1-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/1956-511-0x00000000009B0000-0x00000000009C0000-memory.dmpFilesize
64KB
-
memory/1956-265-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/2988-1116-0x00000179EE8A0000-0x00000179EE8A2000-memory.dmpFilesize
8KB
-
memory/2988-1023-0x00000179E9A90000-0x00000179E9A92000-memory.dmpFilesize
8KB
-
memory/2988-1017-0x00000179E9A30000-0x00000179E9A32000-memory.dmpFilesize
8KB
-
memory/2988-1089-0x00000179EF9E0000-0x00000179EFA00000-memory.dmpFilesize
128KB
-
memory/2988-922-0x00000179D8180000-0x00000179D8182000-memory.dmpFilesize
8KB
-
memory/2988-1122-0x00000179F0100000-0x00000179F0200000-memory.dmpFilesize
1024KB
-
memory/2988-1025-0x00000179E9AE0000-0x00000179E9AE2000-memory.dmpFilesize
8KB
-
memory/2988-1019-0x00000179E9A60000-0x00000179E9A62000-memory.dmpFilesize
8KB
-
memory/2988-1012-0x00000179E99D0000-0x00000179E99D2000-memory.dmpFilesize
8KB
-
memory/2988-1005-0x00000179EE730000-0x00000179EE732000-memory.dmpFilesize
8KB
-
memory/2988-919-0x00000179D8150000-0x00000179D8152000-memory.dmpFilesize
8KB
-
memory/2988-1015-0x00000179E9A10000-0x00000179E9A12000-memory.dmpFilesize
8KB
-
memory/2988-924-0x00000179D81C0000-0x00000179D81C2000-memory.dmpFilesize
8KB
-
memory/2988-1021-0x00000179E9A70000-0x00000179E9A72000-memory.dmpFilesize
8KB
-
memory/3596-420-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/3596-425-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4100-259-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4100-254-0x00000158A61A0000-0x00000158A61B0000-memory.dmpFilesize
64KB
-
memory/4100-198-0x00000158A61A0000-0x00000158A61B0000-memory.dmpFilesize
64KB
-
memory/4100-173-0x00000158A61A0000-0x00000158A61B0000-memory.dmpFilesize
64KB
-
memory/4100-171-0x00000158A61A0000-0x00000158A61B0000-memory.dmpFilesize
64KB
-
memory/4100-170-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4668-19-0x000001C0EFE20000-0x000001C0EFE96000-memory.dmpFilesize
472KB
-
memory/4668-16-0x000001C0EFB60000-0x000001C0EFB82000-memory.dmpFilesize
136KB
-
memory/4668-106-0x000001C0EFB90000-0x000001C0EFBA0000-memory.dmpFilesize
64KB
-
memory/4668-9-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4668-12-0x000001C0EFB90000-0x000001C0EFBA0000-memory.dmpFilesize
64KB
-
memory/4668-153-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4668-13-0x000001C0EFB90000-0x000001C0EFBA0000-memory.dmpFilesize
64KB
-
memory/4668-149-0x000001C0EFB90000-0x000001C0EFBA0000-memory.dmpFilesize
64KB
-
memory/4780-850-0x0000020931D90000-0x0000020931F84000-memory.dmpFilesize
2.0MB
-
memory/4780-851-0x0000020915E00000-0x0000020915E10000-memory.dmpFilesize
64KB
-
memory/4780-859-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4780-860-0x0000020915E00000-0x0000020915E10000-memory.dmpFilesize
64KB
-
memory/4780-861-0x0000020915E00000-0x0000020915E10000-memory.dmpFilesize
64KB
-
memory/4780-849-0x0000020930DE0000-0x00000209319CC000-memory.dmpFilesize
11.9MB
-
memory/4780-848-0x0000020915E00000-0x0000020915E10000-memory.dmpFilesize
64KB
-
memory/4780-841-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/4780-840-0x0000020914E30000-0x0000020915A68000-memory.dmpFilesize
12.2MB
-
memory/5304-267-0x00000206763E0000-0x00000206763F0000-memory.dmpFilesize
64KB
-
memory/5304-324-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/5304-266-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/5304-268-0x00000206763E0000-0x00000206763F0000-memory.dmpFilesize
64KB
-
memory/5304-297-0x00000206763E0000-0x00000206763F0000-memory.dmpFilesize
64KB
-
memory/5304-320-0x00000206763E0000-0x00000206763F0000-memory.dmpFilesize
64KB
-
memory/5396-878-0x000002751A400000-0x000002751A410000-memory.dmpFilesize
64KB
-
memory/5396-897-0x0000027519C50000-0x0000027519C52000-memory.dmpFilesize
8KB
-
memory/5396-1168-0x0000027520250000-0x0000027520251000-memory.dmpFilesize
4KB
-
memory/5396-1169-0x0000027520260000-0x0000027520261000-memory.dmpFilesize
4KB
-
memory/5568-577-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/5568-578-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/5684-330-0x00000274D26D0000-0x00000274D26E0000-memory.dmpFilesize
64KB
-
memory/5684-329-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/5684-331-0x00000274D26D0000-0x00000274D26E0000-memory.dmpFilesize
64KB
-
memory/5684-347-0x00000274D26D0000-0x00000274D26E0000-memory.dmpFilesize
64KB
-
memory/5684-370-0x00000274D26D0000-0x00000274D26E0000-memory.dmpFilesize
64KB
-
memory/5684-373-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/5760-1236-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/6068-696-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB
-
memory/6068-742-0x00007FFED3DA0000-0x00007FFED478C000-memory.dmpFilesize
9.9MB