Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30-06-2024 21:50
General
-
Target
MEMZ.exe
-
Size
16KB
-
MD5
1d5ad9c8d3fee874d0feb8bfac220a11
-
SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595
-
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
-
SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
SSDEEP
192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 28 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:472083 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=g3t+r3kt3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=half+life+3+release+date3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:24⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5381⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Windows Sidebar\sidebar.exe"C:\Program Files\Windows Sidebar\sidebar.exe" /showGadgets1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199Filesize
854B
MD58d1040b12a663ca4ec7277cfc1ce44f0
SHA1b27fd6bbde79ebdaee158211a71493e21838756b
SHA2563086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727
SHA512610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD57c19f29f8cd070b2c5186f989d731857
SHA127e44f7d85243e776f8b8e09f71941fa642083b1
SHA25694aece1eab04cabe71e2d49dc97d58e5a02b75b5e79d6d56ace4ebe6d087c1d7
SHA5122103ebd2fefc7be7c26d75783a148e71f488e794a9a82e9a29ae67822a52c5a652b95d6dcf9a7d68bcf54cf70b11facf24b4fb68ad54a14548d7283d0debfbd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_DDBD94486534E9D7296CF30055005EDCFilesize
472B
MD5e6352fe4bdea282f2f0a1a5282bb5c32
SHA1b3682b4f01987e086fbe49c17c4f815cc005f855
SHA256d3b8198a69fccaea3806c21cdcf084d6a96152819ad06600ae0ba3175295a328
SHA5123e5f60fce6abff003346b7a72ae3acb939af741ff5c8111ee9e5cf9a98f9886a576034dfb8a1e9d233a33c820854e6ed7fd7964162950c9e4df3c5972a3a92ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199Filesize
170B
MD5a804219076e346060cda5f44385e0de4
SHA123f1acb274460c766e6c680636a9a8d10f9fcdb8
SHA2567236ccb19c3b0a5b56bb1b59fa790db39ace63fee33e2d5d77bfa3f057252ddf
SHA5129704ee87218a73543c8a991f73dc1e6654eeb78a1c5c5cab856ee80f5f2c2cdcd08165e81075ce0e6f41701fc918571049e3c299fb12e1f2f9c54308a6c5f4dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD562a87c71b2577aef216b85733d7cc207
SHA1296ff0458af68fc85d17c5df6d332ab9d1b20447
SHA256e7aacd3280aed713ab1a9db2d5f1269ff7c19a9e45068208f681636eb91ebb46
SHA51294a6e1b2ee48c4be52597ed3189dacaa6b488b9b25341e86481003fabbc282d745ba0cc2698a6a3ec3f7c5d891a329f42ed7ba6caea98bea95652f45b395073a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
252B
MD5193cc12a4194a22c9c42215b8941fd4f
SHA16d6ea953cbef13eba53443e44602778f55517b74
SHA256689d981dfcf428828d96a6a96f98fbed5fad309057ee548d3eb07aea67c28b9d
SHA512e38168ce5799ae4acbabcd473ee1e81635e63e0f9ddf1ef27b7ad2ed81c760907feb1fb95b58ab871cb835a7360b7db9146f6329400dabeabe8e06a5833283d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_DDBD94486534E9D7296CF30055005EDCFilesize
406B
MD570f44ac533c86cb7d02f72941a9ad9d9
SHA1785daf4981819107cc37a5c9bbb315a2ef7d369c
SHA2561d40235f65285fdf2e9f53e0190281021df45dcf19696bc5848693b20e815374
SHA512f8a43822e350c0a08468bf28fdcd775689415db8689b4ef768ac1e4465e7bec074d6604d282f92f10346d7c81782893a26bc6ceff6854a8037355893b8376f32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e3bb0c708e08485223062a94d4be5c8e
SHA10110d36c064af28737d89889f839bfe832168592
SHA25651656e59e24e586c781aeda480081e12311982da7fca837c47a89c569f125e05
SHA512bbcf5370fbea37101ca472a1e1694474f5693eb04f62f99de8b6dd7a1a8f7bb504eb52ffdfeb24d9c14b2f3b8b3c6f0361f39bb9b4e2556aa2a002dd9f12fb6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b025f9101af8a386652d1e5e4ee2cb7d
SHA1708434b47aa1f398d8701237857b0812c13874d1
SHA25652fe3cdfbdcd9df7f9fb850f1aaffb5f707ba222e1b2ca6239ac9854dc479562
SHA5125dd796084b3ebf0473dd12006945fec40c61259bb5cc6b7948d03bc2aa7333c47bbedf831e99274084653675aaf4e28cacebc552cc3a50bb8d8718e4ac8ae8f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50cc2857513f329064ae961ac2272d42b
SHA187a8f4bee2dbfcc7451ea5d4ca837c47c05de2d3
SHA256102129bf7808d3d664ba806f76c7016fb415f1a5740cd22e9e95d10a064a8ff5
SHA5128c30644da40ec1a8789e7dd9d3dcf57cd0937703b69ea2f88b3cd35cea16ccd26a138a59826b6043898b428c68adb27c9ecff9a7cc9b05d305bfd83e1aad29ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c7d1095b57012d0293aa45065e0917fc
SHA1eea8f1c64bbe085a6f6041b3898e1a57949d57f2
SHA256c762991662a8302aff8313e5b015d50fd7aca0f814591b3e669afbccc5184fd1
SHA512b267ae54764f8bc5e7c6ebc4089362b898a566578543143e6320a1d83a5a8a9f0de0ae1408fedae289fd06852a2832174f791a979b01b88662543fe465bdb7f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5747aea0dc6137513c18a414f6270b69e
SHA19b667bce045b6e7cfcc8aa4d2d4d922c60892c33
SHA2569221f12e25a279299aa3503d9a051e0df9f824e19c4ab5454725192d3c1cfb83
SHA512c9cc702a29068785df2eb5b7cd23cbbe5973614899a6504468b6fd9a043e4605126f1c6cfa49f79372bd89d71a9800c9a0f7e746c39ab86a961898d7268ff008
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e1fb30345a649cb610451a47ef8c695d
SHA1e2e2a60908f499ba172e251437594b30b8d6cd90
SHA256762e4a38a9c622dcf23d10e589867c2805d2678e40ab2e3b23c072ae087e89f3
SHA512ed59c489739c9d84eb071778ba4188faa9415785de725236c9eba91b87b450eb175c05b0c1260582a45e179418088ff7d60f2663069533b25f0f21666ae3d136
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a89037dc6edce528ee2999e083703132
SHA1ac6057f75950ada261dccb8033a1a6ab179f17cf
SHA256b4668f398a7ab5bdd671b1c32cebf2105726a80d025a99e920ed2a1ba5149a3c
SHA512f2b8e6c5adeaecac2a60f87cf660237d53215b126d0dd9e2fdd16aca920e3e431ee98ca5bbfca10d7ddfbdc2539602e2730c26e0835b704cd6414117768530e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ab338565b3d1d7eb00ef3c146706dbce
SHA16a3ae4f02a146c95f39912007464b5593427dd88
SHA256efb3050234a289386a686a2f96d3fae7e69340f6fe08dbbc5adfd9f44d539dc2
SHA51235c3772bc232bcb64a17e439377ebcba5617c3e86013d2bfa206daf397267b657269f3e3e4167d33a6f114cd64c071a71484ae64b2fbc52554c723893a532e8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51e31a198321ccf82d3e705dd174fc15d
SHA145389313d87dbfce7ce8468a80aa13e372970b70
SHA256d07b486e874ef80d7079232baed14d64f7091be5a150dfe7c4a0d13af3e06700
SHA512a851e3ba7acd45215333ca0cd8e8b41f646ea8f23c81bfa61622c6b7673c489e800e5dba98ef8671410a1af3563cd3fa3eef8032f0b7c87d5d232670a26a5404
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD578f95dd40dbd6484dc56e361a497cdda
SHA1ba212fcf43c4b813c7f2f934fa3a03258df70f04
SHA256c8494de3625c4286afb86c55b8a04d61077c7b59386fcda8cdb563cd905f431e
SHA512082e6ccfff5555b991db844a32ba55cd9e4b5b3bd05b654cea00747d12133fc6b23962789897a75c2d5dc88bec9b339582cb40733daa15abe01b07f0cf3f9a2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5dbc6d9cc7aa7c12165e3132aa23400d4
SHA1f397c75e77b95c4e2769fcb05b05de623d339b8c
SHA256a71e2942c5c948fb1d2b48297fd03421ec0fc83a55efdb9210ef31bbb7765125
SHA5123e6f0e07f513a3582d8549f78895d79fd9bedfa6ba91f10636775b90da76867605045ba311544803c0b5b8324db02e831eda655b91ffcff3b9cd1612a92c8ec0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ab155318de3c5637b4a869637b370d80
SHA176a2ff11f204f420f011dc08287cd52af227fffd
SHA2568a62222622fb53e1fb1ef580f808fd5fd35ae73a5fee7405e8e8724a45770813
SHA5123f00c5f1791d57f01eb317deaf48bf0c0b188f291bfae602c1bc783584cc9aae301d78fce6d9d3f565ebea935e7c345cea285df7ef3f5498044d75ed16326a4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57cddd0c4e4a1e1761fbb6622e89afe92
SHA146e689f509f26c1104378611af1c770564dd9ee4
SHA25605d1d7d5ad9a53f50901199b51efcd15e67c0026fabf724203984b1f6bb5745b
SHA5127a9c10d1d85c4baaea1b3e640181686c23c1df635c94467cf1849c1dc393fad5394b86a1f9d89cd4c2e53eeae2ce0aaf4524db02086dddbb2f1bd175c8838607
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD520eb7aebe7dc90bf34385d8504418ba2
SHA14d28f6d0952c7c81fce25583b9e3e4d576481547
SHA25690997a5d817f98ae6483645b0c225eddc91edf64b5bfb216f5cc13e55cb2885a
SHA5126142ebc2ee137564082814e7141364acdca88b2352dbdea8857cc82a7549df44d214f951969d088d195e21e74cb51f55f95c45f068f8c4131aa4275ea7edf3d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD54392fffd6a23d627284f61b4642be0e8
SHA134bad024ba92aff597c5a3207c60276d6706fdf1
SHA2561137595649b1c267a815cf34d1db9d03571e5be8056da40a454be8158eb3fde0
SHA512fa44a6a8d1ea5782beebcd99da4884f6c8cfc3bc8f8e94ab8fc95617ff9eb363bce43ef8e2849276099930246eb7905d41d68ea44a435a64d4f2fe19188b8d38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD513e939ae088632b612d9a9300ccdc240
SHA1f327ce54339c611bd622fa5032b463b2cb4894f9
SHA2563573ff8e1ed5080399da4d579974d75447f311803cf0f7ff9a0a30b6f5723a45
SHA51210aa97d24aaff57ebdf7b07c87de6b4b903c857c9e7ed920afcf650858f8c2760ea5be6d76d6957ab68f150f44ae6dcf0cd8f07f33abc7b987b9dc255096b002
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50ef0ac6f65b6954d4b59162f92d5c410
SHA1461d1ece935d46ac5c499cb6ac40fa50d54351d4
SHA25665c0d757215d3bf3d44bd4aca97897315d2e6bdccd50ce71d40baeca1906474d
SHA512ac40fbecc431c0ad63f0f548584363fda6c63ee9b279a81bef84f0d87afcc5583e4102c08b87e8ba4cfdc69872c5363c32fb43c44a7f921d5e3b859c876c1f45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53aa0cb43219581edfc654e789623af8f
SHA124d9ed12c4455d20fb9877e9c2491770fa0c6693
SHA2563e2f2113252ecfcbe1b7640dfdd4599c10823aeed954d808592d8884890488df
SHA51204ac6a498164bfc8ece5ee4185eda0926f3a4edbb955d9155c8147efc9e9c1e2658fc8333066f90accbc0f9343432c09454915e609a49d17b00652498ee35dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5073e448be881939a6689fe2361379a60
SHA1865376a7ec8ebbfb9a2975208b8c6aabfb803431
SHA256d009739d2c78d581c5f29e8d0e2ade18d77d69dde2f5b1a2be5029a7010d8304
SHA5127d4310a38c90f38bb303c8a602741e6647d3d136649370821914d676a7b939a9a1c782ae1c8f5127b01774c1d01c8fcf83bf11ec4a27771d864f662ff68fdeee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51899a12a265b89608c72c19e6b848ba8
SHA1bb3c54617f726907199adf3e5b83746c090b27ba
SHA2567a11ce98d45bed38ecf0b7f23ef412a354551fe5d69baab28b57fc8b5652a2fc
SHA5121011b214de9486888081d54437dfb20bd26d9de025b093132600e11324c81d29d89d2242c786c85ba50c3fde9f4da3bc5a2ea28f4ce8f818720fb55ac38be1f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5f4d4ac267374b80124a558642074b982
SHA1e9884ee20ada87db647daf1b6e094cec8f9e3d7b
SHA256aa2e81d0f977155bce74e3bcdefa2ef3108d51f27969c462bd7ca2d863d5cd40
SHA512c3df5e1b3b53fb692d2a415b0eb5ca60165cad3fde4da29398a4a9e3f5ef0569d57d1f5140d7fa190dd3e9a2fa706f871c3ef3335fb1cb13506b4728568611b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5bc168098f2969ee151637f9271d6a061
SHA16f0937c12e770013a55fe843938591ce4a2600c0
SHA2561e18b1a441cc2254e10f6c0e83df29cf05bc44abb797e103184233a693b4aca2
SHA512eddacb1203a7dedae667a7461c0eb46c6db352700df885a252c78b0a8d387c3e9905ffcd8fcf9f70f420d16cbfa83b4db947dfbe7a85ce9fd911e95b7bd4cc60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
242B
MD59d89b8ddeff4ee50d6a09b8f25e47898
SHA1b95dc32688b5f22f63313ee23ec5262544bcf3d0
SHA256575778d2869a5af685b79bdc814c5aacd182ca5b113f535c1ba42cb4e9650d5b
SHA51242dd8a38ee222b7c790ea2f0eacfc0a2acbc5f90c4cdbb8ac28823b2f4ff04de7e3886acad38b82d740ff715be3c6b75d86c5d73b533867c22a1c8db692ed56b
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TDAKJSHY\www.google[1].xmlFilesize
540B
MD5c25b317f652c33621da8d62da82e1852
SHA1038c7e7f11c1c9434f1ab4b84db97f72c3f82b5e
SHA256fd8df49d5b5431e4092e61ec81b20f6b814d213dd955cbf8fbcf9c4a6de83073
SHA5129d267f45e7fa82fbb8a57c5df9c6fbf720eb7e376b4ad77b2d6dbd8d48cf2217a2b6f8227dd98c9c46ed63658a7bae7b384d1f44fa41130835d10bf5ec214d6b
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TDAKJSHY\www.google[1].xmlFilesize
99B
MD5eabda3966cda33405471b431e8c2d4cf
SHA1de0ec47df7207c8c183e297a23c3158d89c59908
SHA2562280550e95b2c6deeec2f5098fcb0a8274de679d1ba92868e49f11ad66a81571
SHA512db6ffe12fee9b5e6b3c03148d64313b3dd90cc0d1a7d9f1e2cf7fca385cce6d8db602b883b0f62a10cd5a56ae35cf2a45bb046561e38faa93689733ce95668b0
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TDAKJSHY\www.google[1].xmlFilesize
238B
MD5743767671ab979cf7aa5c28c0d4ef36d
SHA1d02062991d2e410c01d2e600d191c953bd8d9bf7
SHA256d70d8d6663690f209ee4c2c87683d726e9ff57de672bfea795c0038a660796c2
SHA512bc1c69a4ac8893c112f1220b42172f202720050f9340c6ad32b113fd9faa44c66be93c14c66f8d1f685f2fb675f7d43be51146f2433aca3ccdc190aa1a3df9f2
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2CE26D1-372A-11EF-B27B-DA219DA76A91}.datFilesize
5KB
MD5881a233e25652cdd9e59ea30df6c3482
SHA1efa676908cd3e3bdd9669cdb291a945fde172a59
SHA256f8d16d37db3adc38b381a7133348c8be24e6fcf3356d99a936934043e97fe7b2
SHA5127de8bf307f848b9bb872de1d7281acf3447b21ba6758c6bfcb553cbfee399acd2d3b46565bd082a44103f4b09dbe019a9aaa781227d23381bd083205f225c42a
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{C46DBA60-0D46-11EF-A0B5-5ABA25856535}.datFilesize
5KB
MD511f6bbb27239c8f30c9cb10f27ba929c
SHA1352caa4b4b114b3954f59de717b8f3b0adf4473e
SHA256398e4f757f6a0bbfb6186bd93defdc1ca1427f9b835278f8693176bfb172b0c1
SHA512963adbaf93e3609c6b547a9bad2be26488965dcc5b3a73802854409796501b0e65c4178b454c87ea336a13d9df575d146a63a1616a5acea1d0354e5979b88da9
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{C46DBA60-0D46-11EF-A0B5-5ABA25856535}.datFilesize
6KB
MD59fa90e7cfee91a9070f11ffb041ad93c
SHA1d18e57db4a1a5007972a4f40b870ce3460e74039
SHA256d340a9bfa99ae960bdd4fd003afa6a4370eaa3e3fbb0da6096e8d0f2516d7327
SHA512005634fa37c44374f4e2d8d283dcf97e8aa5168c73c091658ca65b5d20ee3f5edb4557a58a3f56993b248a259c97303261b93d50a96960dd47e858290c0adc90
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{0C33CAE8-372B-11EF-B27B-DA219DA76A91}.datFilesize
16KB
MD5beea2790f687f4d354b9e65a3fe62180
SHA17074b5db7d8ef2af5444e8a0da9eae326c269a4c
SHA256bb4a56d264fed636a578f0779a5fe80a7c7d3ba3a89c273ae5d3d4b6989dad98
SHA512b7485aa2e02010545eacac169e4ed4355f1b0ef37416dd77b5239e1427502f30e0d348e073b5e46772673afa84014010b29dfa8347fdede4903459ec925a66e6
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{0C33CAE9-372B-11EF-B27B-DA219DA76A91}.datFilesize
26KB
MD5c9ed56db9a53eccbc792e57855739ace
SHA1fad4f778e9c244e9efb3594e22ff1026ad3d6d84
SHA256f76d40be6164318aca3c40a1b136f1fd4e63ce1ee0c79fa5671e2f92dcb3c4f7
SHA5128c18c27f78d84b53b073ba0863ab748f8fdcb1dc7bd9d50a869bb7a1f4288284c5126928d1d4756a69f1aa8fa948e20c62da03bffa0067c525796aa6a52e2348
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{0EC003AC-372B-11EF-B27B-DA219DA76A91}.datFilesize
5KB
MD58ddf013edc49cbc36357417cf1a6de92
SHA14bf6bc3563fa6cf59dc0c4f6dfca54d046d06d07
SHA2565d3df3997c76737d816e4e8f0e045e6c0ae5a99493bca692203f7a0be3d9aaac
SHA512121d46eca741577e7880feb8e03bf6af75434277a56d9c05b1ea9d6c1053bf790045b4b0074ae06a14bcac8f51c73192e3690bd01de07ad0413da6e05286f842
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6y0a2v0\imagestore.datFilesize
5KB
MD57af90ef3ccf8f7cf5e9944cf49bf5308
SHA1edf203f8b4b6a3d82643572ccc8414ed44c2dffb
SHA256e20f6ee21061cd7ab5fc30dd1394a66a551a88c0374545b9792dd2037fc28f84
SHA5122e487c504e543b93901e1d586322cc76b85d2da5a43bbb66c7dc41c32de2c2945778758626ca7525a19841188bab2bef948070d2aa57d9dadddbed69ec9426a8
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6y0a2v0\imagestore.datFilesize
5KB
MD50bdc3dd038c4edf085c447eb5d18aad5
SHA19f8f632e534a47087030ae2dda0da23c261de44f
SHA256d0d2911081c5c9f0b37b459c1abf2738766e14de0cf5a94f0bbb7dab481ef586
SHA51230f18a9924f6aaa14efa685c2a0eedf54e6c7800aae115faa022a68e07411e8a5f6b47abc22bd6b604d97dd36f8265fa6d189e33333dd3bf30c8d9fe1b5709a0
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6y0a2v0\imagestore.datFilesize
5KB
MD57c81310a2364cd65f540059c0f8d0b17
SHA1550a241905168fbce93e40ee157f30cba954ac8e
SHA256e4079f3f0c615d568cd95789055867eb290c4d404699806cf9eca7f7acce646c
SHA512e61b9e6808e0ec04838f7658338a51b861ab38dff51aae0296adf1e8b74d5f6a729faaec80252583419ea8d49dc35fcaeef53fc571d6953a1ff43ada8982da73
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\api[1].jsFilesize
870B
MD5a93f07188bee2920004c4937da275d25
SHA1901cfea09bc88d26a55cf2c57ccdaf45dfaea95a
SHA256587d5394ddb17dec6f39de2e973431f161a1e08a45d499fe7c7a6333a93904cd
SHA51216855a943a768355129e31623e5eb7064741d4d07ac2c0fcd21c5742a1b2e2a2c3af38e0f481bd7b8006dc96c408be07b91bbbe28ce7c4f7f0f7d53e427500c9
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\nAi3L_grIveh4_vTblADPYCzmMAuz2fY21GywUlmlrY[1].jsFilesize
24KB
MD5a60833c49e99a2e6bba69b878e7ca60f
SHA1ee07c061eb17230c0181a5c2c802e9fa07160491
SHA2569c08b72ff82b22f7a1e3fbd36e50033d80b398c02ecf67d8db51b2c1496696b6
SHA512d07320fbc0154e233152ad6d76754fc57b4bde0b7cd3ec3da4cfc64edf0a37a64cafd9c720dc60175d2a470c376bada2c0063f79f88c7dc7be5842a7fbca9160
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttfFilesize
34KB
MD54d88404f733741eaacfda2e318840a98
SHA149e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA5122e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttfFilesize
34KB
MD54d99b85fa964307056c1410f78f51439
SHA1f8e30a1a61011f1ee42435d7e18ba7e21d4ee894
SHA25601027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0
SHA51213d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\KFOmCnqEu92Fr1Mu4mxP[1].ttfFilesize
34KB
MD5372d0cc3288fe8e97df49742baefce90
SHA1754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA5128447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\recaptcha__en[1].jsFilesize
533KB
MD593e3f7248853ea26232278a54613f93c
SHA116100c397972a415bfcfce1a470acad68c173375
SHA2560ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a
SHA51226aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\styles__ltr[1].cssFilesize
55KB
MD54adccf70587477c74e2fcd636e4ec895
SHA1af63034901c98e2d93faa7737f9c8f52e302d88b
SHA2560e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d
SHA512d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\webworker[1].jsFilesize
102B
MD5f66834120faccb628f46eb0fc62f644c
SHA115406e8ea9c7c2e6ef5c775be244fe166933bfcb
SHA2568f063ae681a530a407ea4d17859790d9e45fd81ce5b3bb6202fc9e30cef95996
SHA5127c596e61967fe787bc29d262c945d7eb4e02f9f574d3c8c664f333c9c3b4dd4aff1dfcde8f34be1acfaf8c05423c1c118a4bfd50684a7cd9f90e5f40fbc89653
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\logo_48[1].pngFilesize
2KB
MD5ef9941290c50cd3866e2ba6b793f010d
SHA14736508c795667dcea21f8d864233031223b7832
SHA2561b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
SHA512a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9
-
C:\Users\Admin\AppData\Local\Temp\CabE6A8.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\CabE739.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\TarE6AB.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
C:\Users\Admin\AppData\Local\Temp\TarE75D.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
C:\Users\Admin\AppData\Local\Temp\~DFD8512945460A9C1F.TMPFilesize
16KB
MD5ed32d90d17e7197a7726f7ed2bd1973d
SHA13fdf1d16531b512e3ecc5ff23e76ff1f7ad45e31
SHA2567355d9d31b5fd170ac1841452f43eaa7eb8d9449981ba541ee64b90cef16e766
SHA512d49b5fcc835f523e3fd119fd4f9077fc182cb1769065cc64637414ade28c147773ca41c26db22d412a67b52c9af01a147121a5d14e8d5d0e2a948d3951798a2e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6BW47C0U.txtFilesize
124B
MD571bd7b069c21cfd855ab84080afa9be6
SHA1abb72392c3dd7a8899a24ec83ca313228a1f54a8
SHA2561acf728dfc4f48d10e5dadaf55864c70cb8f7eaa942cc9744b4d31c505d1dad8
SHA512ee0bc91398cd37cbf9dac71fd1e366ba16cb2268df6e44a9a3d32250f3b887d7d52c15da31e588b6a49ad8e0f4a742e110523c09457e7abb4083a87fef9b8ea6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BY4MQ6K6.txtFilesize
125B
MD51ad1f3330f8bb17ce25601262b5c412a
SHA17afbf9e1b28b573a4e3e93fe900d801296a1904d
SHA25651552ec083a411095b9ff70ebfaec0f18e2946034986bb98f6e5b6dc7bd2307f
SHA5125f29503b2b2179e0689d9ade37c4314eab9eaeeae8a49f8a09e108d5b6333085688220b7599a9f1ba8c01c2106bf174b6c8d00de20c48c4108d3c4d3ada7c720
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FZU4BI6C.txtFilesize
174B
MD59ce212ba7fc5f294b188fb9b533b9a66
SHA100a5e19d28b99988b5864f2f7eefbb69da4318b8
SHA25647ecda33913cb94036dad02c63c883907bf287220fe07b51b0699e1ba07ba125
SHA51283db85e1b96d61f66252f487f1b507370214c1d91ec920d595f0269ae04843cce799ced05d0c8ffc929ea47dd86fbca2baee247a972a9e6ac9e8e177dc6e2525
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QU5YM15I.txtFilesize
124B
MD55a4480c7fb3e5ccd0902e45cf22f34bb
SHA1cbb7f0be665bd8f3b3bf0e53b7ef553e17e895c8
SHA2569b0bd5e85c01315da72c363ef5935afbc71d62432203b73e199f3f18429739d3
SHA5123aed0e306a434176031a2a47f944667f63d15791579b8e63b3a67f57e4d3e662689814184f80b76d88edb0453d0556d0bf375b457caa3df7752078fa636027f4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-msFilesize
4KB
MD5595ee35bbd9018c13343720520cc7d49
SHA13e1ba6886ba6bdf857c40deabaf23916c6db28a2
SHA2569868552a07305550aed5db5df9437e4d6bb51f68d7f92511bfe30bc4fb7bdc51
SHA51279ad0f1735e1db10f275ec625f9b667053b2d9bcca4bd90b6ac12f233f280c6a598f1b2ec1a58c7f33da22abb3c7f7c355ab2de2ecd3ae66b16aa8c648cb85e8
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
memory/2696-1217-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2696-1259-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2696-1258-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2696-72-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2696-1253-0x0000000005420000-0x0000000005430000-memory.dmpFilesize
64KB
-
memory/2696-1218-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
-
memory/2696-2-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB
