Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250610-en
  • resource tags

    arch:x64arch:x86image:win11-20250610-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04/07/2025, 17:40

General

  • Target

    JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll

  • Size

    239KB

  • MD5

    1c72367957ae0f222df760a6dc3dd540

  • SHA1

    348efcfdfc50737007890d89be7bb7819b1a727e

  • SHA256

    37b2f911915b4612170cd6d0e60a6c82ec6cb375c4e309f5f788531d724a1470

  • SHA512

    dc966cee81dbaee76708abb21ea91889066fc8fd9c2b3ee0527110ba8c870fce6606727b2bf445ca5464cc9baf47933fc04a32e88e325a8e19009889ca23742b

  • SSDEEP

    6144:7gmoADlSUSWIlbuks3mGvnDpNohzjCULspwAz06:7BoADl+lbuk492ha8sq6

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#1
      2⤵
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:236
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:6024
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of WriteProcessMemory
          PID:1212
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://go.microsoft.com/fwlink/p/?LinkId=255141"
            5⤵
            • Drops file in Windows directory
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Modifies registry class
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:4472
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7fffa60df208,0x7fffa60df214,0x7fffa60df220
              6⤵
                PID:4152
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2824 /prefetch:11
                6⤵
                  PID:876
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2776,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:2
                  6⤵
                    PID:3432
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2188,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:13
                    6⤵
                      PID:5908
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
                      6⤵
                        PID:5084
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
                        6⤵
                          PID:8
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4800,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:1
                          6⤵
                            PID:2288
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3672,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:1
                            6⤵
                              PID:1248
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5436,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:14
                              6⤵
                                PID:3812
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:14
                                6⤵
                                  PID:4476
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:14
                                  6⤵
                                    PID:2080
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6116,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:14
                                    6⤵
                                      PID:2520
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                                        cookie_exporter.exe --cookie-json=1128
                                        7⤵
                                          PID:5796
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:14
                                        6⤵
                                          PID:1644
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:14
                                          6⤵
                                            PID:5164
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:14
                                            6⤵
                                              PID:248
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6724,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:14
                                              6⤵
                                                PID:5804
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:14
                                                6⤵
                                                  PID:6824
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:14
                                                  6⤵
                                                    PID:6832
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:14
                                                    6⤵
                                                      PID:6840
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=1284 /prefetch:14
                                                      6⤵
                                                        PID:6032
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:14
                                                        6⤵
                                                          PID:4120
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:14
                                                          6⤵
                                                            PID:4060
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:14
                                                            6⤵
                                                              PID:3916
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5552,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:10
                                                              6⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:5060
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:14
                                                              6⤵
                                                                PID:2212
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                      1⤵
                                                        PID:3392
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                        1⤵
                                                          PID:5940
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                            2⤵
                                                              PID:1292

                                                          Network

                                                                MITRE ATT&CK Enterprise v16

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\autofill_bypass_cache_forms.json

                                                                  Filesize

                                                                  146B

                                                                  MD5

                                                                  9357a694006d8bec3d0f8c9607b76ff8

                                                                  SHA1

                                                                  6335ce691999ec10de742cd07d074eb648631259

                                                                  SHA256

                                                                  b6c37df977f149c5a444c72ea4469ce666c7975d34c6e2e0d9d8ec416f57dd44

                                                                  SHA512

                                                                  87c2d0192f3a78b13a691cda14da507f260d13331b792eb973869bd6dbd0f207faa48f68882be691641b46c06ed12ee8b9728a3b596df67a1f9a4831b4369a44

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\edge_autofill_global_block_list.json

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  adb5f6058f82680a26d6ed02b44e5a21

                                                                  SHA1

                                                                  6197ee74e40c742e184357dcb6dfcc7e32818cae

                                                                  SHA256

                                                                  7655c9afb5f2ea39b18e302498b34009ca02b72451f82a6d4e7fb4d8d954f050

                                                                  SHA512

                                                                  742dd8f6eaf1bd5f24b37e90d7a3dce7bd0a8edf399c2dec25cd92d2bd6e1d663ebab3c68234812f0144061d4f22f0c2c43de890f60e24d93133bbfe23a6d1c5

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\manifest.json

                                                                  Filesize

                                                                  119B

                                                                  MD5

                                                                  390af74c5ae643320cad0cef4fa8fee1

                                                                  SHA1

                                                                  22ce727f9bcff9a914eb1d58ba8384de6fbda7e1

                                                                  SHA256

                                                                  1148c28e540b9b96237b35170a547a13165d6c7c039b8fff9e4b2cd774b92f5a

                                                                  SHA512

                                                                  deaeeeffdddea1a9047e97d82e3bb701fb865adcd77ef9e985bb0ec5e4057155e7b83cad4f9f3dd256edf89f19d1075349cea5005dffff8420da4d0646be413a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\v1FieldTypes.json

                                                                  Filesize

                                                                  509KB

                                                                  MD5

                                                                  c1a0d30e5eebef19db1b7e68fc79d2be

                                                                  SHA1

                                                                  de4ccb9e7ea5850363d0e7124c01da766425039c

                                                                  SHA256

                                                                  f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

                                                                  SHA512

                                                                  f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  280B

                                                                  MD5

                                                                  017bc3fcd328486192fd0c7082796709

                                                                  SHA1

                                                                  8cfba6809f90567fdffd047fdfb707682a7d0595

                                                                  SHA256

                                                                  c4278254cc16ba1099967b98859236cc3b690f4824e682cfab43169fcb06a336

                                                                  SHA512

                                                                  73fc2778be9284d2b28c9489a216b3d2e454920a36478f72640bccddb03a916c1653964d008872edccd42b6c5fe11f2c2b843ce90f437e5ccbf7490645740363

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00004e

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  6f90b9ba6e745fec95b8a14a7601f532

                                                                  SHA1

                                                                  a0419fda5778793d0425b164082f5db80c33c5c7

                                                                  SHA256

                                                                  56d475b6b40a1e92cebba05bc70bc5e514ad96e8fa4151f020cbd87f8fc5a888

                                                                  SHA512

                                                                  4d1b61c6df966fe76ad8e6d57e599188f96d5992bb8d0ecb75c113474250eb42d336a747393ab81c1f361deb954f814e2a535edd8e3bb91eb4c2a7b33f979ab2

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  bfbda807e8c4ba75dac984ec59bd2c4e

                                                                  SHA1

                                                                  6a7ac758c98542a373b91dab645d5843b72c0715

                                                                  SHA256

                                                                  0700a12356f56665eb117a8baab58746373897dd3d1cd842daf5c28c1ec9215e

                                                                  SHA512

                                                                  131edd22833f3ed2fa1e96f988b3405f7cf681fc4654bf46e096285a48c51af8ddc902e0b54965ef3368b8ecc8a84dc08985a27ab04a353d3b6a65d79eccd59a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582333.TMP

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  3d6a0d699d2f04f813ed6f500caf2d33

                                                                  SHA1

                                                                  5ddacf490acca9831fb6eab2467dbad337a92c66

                                                                  SHA256

                                                                  ead61149017eae98b37254ee86eb7699b128a8bd63288300694a089ee07d4cb0

                                                                  SHA512

                                                                  8a896d1c18b0a983a1593e9edd758d3b3198fa378fae3048dbed20e7ed6ee672d5371b56d11752ce75d73bfa7e080c14d18ab624c609b70c8ed0b7d06f3ee590

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                  SHA1

                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                  SHA256

                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                  SHA512

                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                  Filesize

                                                                  108KB

                                                                  MD5

                                                                  06d55006c2dec078a94558b85ae01aef

                                                                  SHA1

                                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                  SHA256

                                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                  SHA512

                                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  1aac5b5f1b8e3f7f0f762c5789caceda

                                                                  SHA1

                                                                  55c34ba98602d833ac9d422e12dcf840993fccfb

                                                                  SHA256

                                                                  c6e0c3edabf69b85fbc2f1a8635ff32bf71a4f25769992a1a33c815833d9ea9a

                                                                  SHA512

                                                                  5471b5fa46962bff3bb701406376a9fa2de3f1735503c52592c6b8e0bdba9a41cc34731de8bdc7044b8da63613e47c622dde846b05c60ad660119ceb2776a6ff

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                  Filesize

                                                                  40B

                                                                  MD5

                                                                  20d4b8fa017a12a108c87f540836e250

                                                                  SHA1

                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                  SHA256

                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                  SHA512

                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  e3ef7396cce0c79aac0f0c6811f42ec9

                                                                  SHA1

                                                                  10a0e8e148f0e19d81e578ec4b4612417d86ed5d

                                                                  SHA256

                                                                  32ce1e5ab16c4dd64247732c14c3f341a1336b7690a61609339258eb6d7d80a1

                                                                  SHA512

                                                                  2fed0c9d2550ab4e3503ba99b18c2b393a5ac0b5ea43eeb753fd28f2d91e800a8391be4be53209a116c489fc4880895938b0953a34d2e2e5cf3fc8f177e064cc

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  24384621f949fcc204ce0d701ed15e23

                                                                  SHA1

                                                                  e482103533ef19c65756d68e6652e57ffa49d164

                                                                  SHA256

                                                                  31da6b846a494adcfd23782a634551e56599169dafd28528a362f1711221d271

                                                                  SHA512

                                                                  ede782e742854f9cc8e595a8d5c9fb9cbbd6ee1f9163247f9dfe6a9e54d9a67bda0d22c81f616825f1088c9b1e8ae2998c8ef84236d63602d2d4c0666e098fb6

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  13af00393a62342421c975f1b225f534

                                                                  SHA1

                                                                  7bd10abdd14323afe94d0c678fbe4a994f7b8748

                                                                  SHA256

                                                                  a0c4d9d5064b5e08518080091b95d0dd2e830d4d26e3b43b02b789e11588d083

                                                                  SHA512

                                                                  b029fe734134a51f21f561ea39c40d7407f317c66ac4a7be4401ef28f5a1ede2403ffa7a07c9df7f698f5ece62f34693770e81382b8b579297ae2bc12060be73

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a6b502f4-84f0-436b-b950-b62e4bc1623e\index-dir\the-real-index

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  0763cac2ce1445535a955823d3dfd745

                                                                  SHA1

                                                                  234dc0bf92edd9a755f4ae9585f6f232e126597a

                                                                  SHA256

                                                                  a75e46dc5c474cb70943cbc7aec2fea56d1b59ea5b30921ac8a0bbc5cd3d8bf0

                                                                  SHA512

                                                                  b06c3c1084b059f6e89c2d14b82d5f26e0f536adb41cb31e462ff3f3e0584ec7da4b8fb099b10c8b51a2f59dce99a859823780620594feebb7d5cdb7e43c3516

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a6b502f4-84f0-436b-b950-b62e4bc1623e\index-dir\the-real-index~RFe584755.TMP

                                                                  Filesize

                                                                  48B

                                                                  MD5

                                                                  dab7cb4aeaab9e07093f96e9571972a5

                                                                  SHA1

                                                                  55d2181f7102972477fa1fad1cbef4116b167adf

                                                                  SHA256

                                                                  56fc7517d6137d3e3b716f5de01794ab2ce15ee90d218d94a28d533154b77586

                                                                  SHA512

                                                                  dfa41585e4ef9c2ff440b8a163769c79851b3f9861b4d08a0edb652a4e33cb2979522c6c5291dd6fbf16a791cc6d0145290b05124a326addf91babbd0f3a768b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

                                                                  Filesize

                                                                  115B

                                                                  MD5

                                                                  07ef38727f304a882c0e9b3d28dd8a0c

                                                                  SHA1

                                                                  aadd56071a40f182e0a36efd8ef8e89baa8fe5b3

                                                                  SHA256

                                                                  4ca2755484392d400843166a96a53d89263be04e4043b94daf9f73199b19bed5

                                                                  SHA512

                                                                  9b64307c76eb7c1a060a5f213dd6df0ea5cea0c225bfd77ca80450692397899dcb5c991d2b06ed83d76d6a70d4d944bc3069cb4fe036694a0bebb1de3dea5885

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt~RFe584784.TMP

                                                                  Filesize

                                                                  119B

                                                                  MD5

                                                                  ff9a4345e396d9fe0bed805175e88c1d

                                                                  SHA1

                                                                  14e9fca42e3ac245bfd09e2160bab72df76cc70d

                                                                  SHA256

                                                                  1161d9fd4b5a56dacc016ccb62d8cd3d1af5819e4d26187cf51f15513052a983

                                                                  SHA512

                                                                  b61827e16eef4e6ccc610cdedeabf63dac2a77c9b098d6722f4799b1ea86e783ae5d42692c42a0f16ac69198a84d47ef106a003389e40f7e7b541c9af3c24245

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  301ebc676c5e100c278b66206fec5197

                                                                  SHA1

                                                                  4ae84d95ecd231460d5fc4e2f5155be8251fe1a5

                                                                  SHA256

                                                                  9c91333e7a1b2ea82fc2509d39ed8698e2f402cf445426f532d5bfef0b62cedc

                                                                  SHA512

                                                                  541812c5d57d2966f7402df48fdb2e328bbfa43cd26737ea21d8dc84833bf0b6465e6984e045405e2196a21385b814208038dd1a99eab8161e9d375f898af133

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f81b.TMP

                                                                  Filesize

                                                                  48B

                                                                  MD5

                                                                  319472c3def1821d87d2d77ebdcd818b

                                                                  SHA1

                                                                  6c99b8d7914faaa5ba73fc1cdee3713976d80f46

                                                                  SHA256

                                                                  842ad02b3601586dc913aad0a3c8e1a8a0987d0b55d47956d5e3c194d096fdf3

                                                                  SHA512

                                                                  75eb88cf9617463647b82cb1b79044f4556031f2b3e2c42b88ad6bf3b4c4d6625887dcab9cf2178bd1993b12c2e4795772afbaec76b38cf4bebc72a9d186bd62

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  2e9de69c3d25e831193a8a5bb89510ad

                                                                  SHA1

                                                                  42bc68ab4a4908fb5c1cb97859bbb1677d4be4db

                                                                  SHA256

                                                                  f32f839468caaee56165ef6f9e3402a362000b26c921a83f21597c7dde3e47af

                                                                  SHA512

                                                                  6b2c4a1b9bbbcbb6df487d1a405c805a55b3faf39e371fd60e230ae9af8a721cdc75a099d84cd6b478b0c881e750e0b595bbf485b3ba7210b397d1d39a60fca9

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt

                                                                  Filesize

                                                                  137KB

                                                                  MD5

                                                                  1bee2c36cebf096d8a559d5c4eeacff7

                                                                  SHA1

                                                                  c695eda67f31d729dfc336b8a471ad6346a39031

                                                                  SHA256

                                                                  5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999

                                                                  SHA512

                                                                  ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                  Filesize

                                                                  462B

                                                                  MD5

                                                                  d1e3b61e1182a961abbb0b042985882e

                                                                  SHA1

                                                                  d087957e5157bc6188e8f45a73c2b6cf3a3d4969

                                                                  SHA256

                                                                  716f277c30d2175ce3512140c0feeea57451e47e46fef34611bb9e4c555e2dd1

                                                                  SHA512

                                                                  97a8e90198a695a8b9e6f46db4a8fe6ed780a3230ae111d2d3a775fc0255cf60f2b1dc0c5da45ac99925b317f3c504992c5d31032ee31b68dd8f7d5c79817170

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  51KB

                                                                  MD5

                                                                  abc0c634444f0ea1b18f5b7e7eebaa85

                                                                  SHA1

                                                                  31c11bbfb22015ad7c14c5c28c2b50604e19d941

                                                                  SHA256

                                                                  901673cd89848600c53e7f34c43dd7a62a85f8be35713be7f18a645d92b37d82

                                                                  SHA512

                                                                  4b8f25e3394f54275abee3c9d8a5452ac7efb65cda8c656cc3ee1a1d71d197cb34545c922358620b366c030ed4571c1a22d46a2c70a2b584040b3f0d9e427409

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  39KB

                                                                  MD5

                                                                  31fcfd9d8652415663abdaf32d3cf139

                                                                  SHA1

                                                                  c624fc1ea063298fbb23282b1260e08e4215445b

                                                                  SHA256

                                                                  1685e68b16a013c3f2cc722ea521d555cfb264c1e4fbcc911418c85c264d8baf

                                                                  SHA512

                                                                  b98ec6febf6eb4ed2009371e63327a44c72ef5ef81b2ab92ed1406d6346603b030e15b564b74a1ab6fbdf6b0af5d7e3c61f3665528677e349e5da589f6445aeb

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  39KB

                                                                  MD5

                                                                  2f6e1e1d5ffcb010b1d5930a64dcd35b

                                                                  SHA1

                                                                  309ec8a9e70951a33050672d4fde0f1a969d08f5

                                                                  SHA256

                                                                  05d5903e35957f7acb3b4eaee2e82c19b5953db5da9c80b31ba58d8ddcd74f90

                                                                  SHA512

                                                                  87be952378014d7a71ed354ee9a7746819638a58ff6dddd06885386a4cb8a9c331e9f86cfe229018fdd2404994e1943f198c86c11f17385d9e586ac171e0e5c6

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  46KB

                                                                  MD5

                                                                  5231feadfecabdaccf94c7fcc8a0f758

                                                                  SHA1

                                                                  57ba65f87341362835af0ada43c5711e42abc82c

                                                                  SHA256

                                                                  edef1bc7214977dfea872f3ecb2076d7b402421b892edd20b82088e38f574bf4

                                                                  SHA512

                                                                  b72272687be13d27ccdb56819c418091d85f4b5dca6f618d2eab6fe18e8894abef50bcc7e17cd2f7286d57ec7dc01d849f769d0e5caf21e518a85e783d4abcc6

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                                  Filesize

                                                                  156KB

                                                                  MD5

                                                                  b384b2c8acf11d0ca778ea05a710bc01

                                                                  SHA1

                                                                  4d3e01b65ed401b19e9d05e2218eeb01a0a65972

                                                                  SHA256

                                                                  0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                                  SHA512

                                                                  272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

                                                                • C:\Windows\SysWOW64\rundll32mgr.exe

                                                                  Filesize

                                                                  88KB

                                                                  MD5

                                                                  a61ea5f2325332c52bff5bce3d161336

                                                                  SHA1

                                                                  3a883b8241f5f2efaa76367240db800d78a0209c

                                                                  SHA256

                                                                  e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

                                                                  SHA512

                                                                  fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_211788825\manifest.json

                                                                  Filesize

                                                                  53B

                                                                  MD5

                                                                  b4d869dd7052d78d29b3e439565f1600

                                                                  SHA1

                                                                  caa2cfa31729f4348a02514eba0235e72b88ce5a

                                                                  SHA256

                                                                  0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c

                                                                  SHA512

                                                                  1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e

                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\manifest.json

                                                                  Filesize

                                                                  176B

                                                                  MD5

                                                                  8177721150435a9b333475e2b8a6e691

                                                                  SHA1

                                                                  8aa8981617e8f3d8967a0a4a2d20315317eba293

                                                                  SHA256

                                                                  8a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c

                                                                  SHA512

                                                                  540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74

                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\LICENSE

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  ee002cb9e51bb8dfa89640a406a1090a

                                                                  SHA1

                                                                  49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                  SHA256

                                                                  3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                  SHA512

                                                                  d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\manifest.json

                                                                  Filesize

                                                                  84B

                                                                  MD5

                                                                  e0909520982fc48e47a6451443b11741

                                                                  SHA1

                                                                  0e46425274933c153ebf5a03f25e693267a8cea2

                                                                  SHA256

                                                                  2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654

                                                                  SHA512

                                                                  3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

                                                                • memory/236-1-0x0000000010000000-0x0000000010044000-memory.dmp

                                                                  Filesize

                                                                  272KB

                                                                • memory/6024-19-0x0000000077974000-0x0000000077975000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/6024-13-0x0000000002550000-0x0000000002551000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/6024-14-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-15-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-17-0x0000000000060000-0x0000000000061000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/6024-10-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-8-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-6-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-4-0x0000000000400000-0x0000000000420000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                • memory/6024-7-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-12-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/6024-16-0x0000000000400000-0x000000000041A000-memory.dmp

                                                                  Filesize

                                                                  104KB