Analysis

  • max time kernel
    134s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-02-2024 05:30

General

  • Target

    SWIFT TRANSFER.exe

  • Size

    1.0MB

  • MD5

    397cd818297d991cdd6497572d261a25

  • SHA1

    11cc48c47f1aac9af6ed1e15f66bba98899581b9

  • SHA256

    0112a299785ef16cc0d6b84bf084a0122a700788180242afae4dac3b40a2bb50

  • SHA512

    c683a1327f887c8e82eb032df862c84e3faa58dcfa9ff37ad5d7fd6287a356e59ae32b8512862f88d03bf8d63b71a95682343c8d3d982f76c3ce398371ebcb4f

  • SSDEEP

    24576:pO9cxPuT2Vj/wgFXRtl+btB7QVdWfXDE1MIz53u:pOV6Nz9YbATWvDlIN3u

Malware Config

Extracted

Family

darkcloud

Attributes

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

  • Detect Neshta payload 63 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SWIFT TRANSFER.exe
    "C:\Users\Admin\AppData\Local\Temp\SWIFT TRANSFER.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\GuQWhxmyGNWUd.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4060
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\GuQWhxmyGNWUd.exe
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4724
      • C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe
        "C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1476
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GuQWhxmyGNWUd" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA568.tmp"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4904
  • C:\Windows\SysWOW64\schtasks.exe
    C:\Windows\System32\schtasks.exe /Create /TN Updates\GuQWhxmyGNWUd /XML C:\Users\Admin\AppData\Local\Temp\tmpA568.tmp
    1⤵
    • Creates scheduled task(s)
    PID:4528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

    Filesize

    210KB

    MD5

    4e9262032e93288dfe112b7826368938

    SHA1

    c178ec72b8ce9d9d4452aac4f41159f9c838a1b0

    SHA256

    e34be25af81c305026235db00c96b743d368f45d873eb1f827fc4c807cf0fe0c

    SHA512

    40fff2df38dd9b199ac15af9ec6816dae4e89d98000fbd14f80ce2615a5c9183946db6c3e76e79eb4830e0619ad4f2dfafbd9f0ae947cead54889d8786c685f3

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

    Filesize

    86KB

    MD5

    3b73078a714bf61d1c19ebc3afc0e454

    SHA1

    9abeabd74613a2f533e2244c9ee6f967188e4e7e

    SHA256

    ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

    SHA512

    75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE

    Filesize

    211KB

    MD5

    2fdf8fb22bb2adb9090d00bbcec9b38a

    SHA1

    c049b8fa33879e0e0e90bffaf164e17d6e9cfb77

    SHA256

    b92f246c28d24e89d764bf1ec94937f17fdb63a596ede008f0e294b844923f24

    SHA512

    2a2e7708aa4c4e7cbc3f97250888f11acd3612c597746b7e02f57bc0e4f06ca620029e069fe44954c407879476650d4d32057ebad110c9617b31a36c7a65e129

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

    Filesize

    175KB

    MD5

    576410de51e63c3b5442540c8fdacbee

    SHA1

    8de673b679e0fee6e460cbf4f21ab728e41e0973

    SHA256

    3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

    SHA512

    f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

    Filesize

    258KB

    MD5

    6c66e9fe4ff78ce1505fc23fe5bae7eb

    SHA1

    567b0043b79b5cbcc243fd61a64519b7d3096774

    SHA256

    5d69d08f02db87ccbbd02926583359bb932543814591a9a94ca930cb2a243867

    SHA512

    e994741a961232cb678972cc007100d66efd7bc43b77d70146b6922484a1957912ef5cc60f07fbfcca0e4f131f4152e152de7d48601092391480ae8aff1e28d6

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

    Filesize

    378KB

    MD5

    31a69461f312732af67fc6e59f9f4628

    SHA1

    549e46b06f55461fceec31ecc591b3b910cbbc24

    SHA256

    c012d4ea4bf49ef8c23824667b4604b18004fe788fab7fa68f05fbf582fe5304

    SHA512

    2652048cbe849be2750617893f0e353143ca16cf53ab933da71ffdae347f28a2634369a54c0099a6df396bdb4ec84fd241c83a98367eea6c8f08e7b8a18c3912

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

    Filesize

    26KB

    MD5

    6d97dae8a024c3ef75fb312bacb75756

    SHA1

    14b9df968da17121d56c7a7cd89a6ae7d40c6aea

    SHA256

    12a679c1943654b17626c852657ebc41906ee994c76f5820f882780a3e41f01b

    SHA512

    831283921fd5a58d7d84657f766556f789bc1508c61aaa9a76f1a9aa90dc0b4b843ad325a9fbdf93ad5a9b95215f965c202d9ab214a580a3a56d89b1de518901

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE

    Filesize

    183KB

    MD5

    9dfcdd1ab508b26917bb2461488d8605

    SHA1

    4ba6342bcf4942ade05fb12db83da89dc8c56a21

    SHA256

    ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5

    SHA512

    1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

    Filesize

    64KB

    MD5

    c3378fbd81d53131e333aed0f21a03ae

    SHA1

    97d054d99058f9c7877dc67a40986426909ee349

    SHA256

    7c2ff7a1d79b4e0175e881f7cdee41d6bf68608fe00a2d9d39ad9cfbeef100ab

    SHA512

    9b5b088eebef2a2bf2f502ac08558d5270c24fc5223530213d1f9f78703c5ef5d0083fdfb9eef46d54fe39d5c978e443faffb7c6d8d2843d823f003aee6569de

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

    Filesize

    75KB

    MD5

    f2d683a9e72e4447827d04919fc8542c

    SHA1

    044fc4a648a7f20fad3f75725a620b01181c3958

    SHA256

    9a8ac3c113ce893f748ae474a263644dcbbfb1c33d1a615b54b75d3c232120cb

    SHA512

    17a0fc1506b9c4bff6fd37429932c5837935de38fdd5b29bcb11f055e1b8214817a2801fd0b3ea378ed8c1db64e8992527309ee778915f97c0db9a3bc95b0a7a

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE

    Filesize

    83KB

    MD5

    8ab3dbe90f81234010b4f4fa85e18712

    SHA1

    e3baa4b9e3b719222578875877f2a95cc3b4aee6

    SHA256

    b21e98662dda6fa3155ef3f89c60483c1910b4457bacd38247a497e0f1765044

    SHA512

    8035707bc74458e5c61c66aa3cd596ddca324118371afc27f0d270677fea0df86811565b2950be729e56cf84b345d9394ac71d922892f9f112af09f003862a4e

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE

    Filesize

    1KB

    MD5

    173a0679f1f079ed485095d59c927e40

    SHA1

    8e773b83c56de72e6c07c2a7cfa1ed4a5814a997

    SHA256

    f1e7e929216d73934576bb882d4e322dbc5dcfd07833294fc1a253fa993fa199

    SHA512

    c7088aa947a6ccd798477711f1d869aec3aa00e92868ce4858561ed086fa6718f836ec6d4f5c2ebd5f7cc6e8df746f3db0f011492544b588ae5d8713e771d6f9

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE

    Filesize

    147KB

    MD5

    3b35b268659965ab93b6ee42f8193395

    SHA1

    8faefc346e99c9b2488f2414234c9e4740b96d88

    SHA256

    750824b5f75c91a6c2eeb8c5e60ae28d7a81e323d3762c8652255bfea5cba0bb

    SHA512

    035259a7598584ddb770db3da4e066b64dc65638501cdd8ff9f8e2646f23b76e3dfffa1fb5ed57c9bd15bb4efa3f7dd33fdc2e769e5cc195c25de0e340eb89ab

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

    Filesize

    125KB

    MD5

    cce8964848413b49f18a44da9cb0a79b

    SHA1

    0b7452100d400acebb1c1887542f322a92cbd7ae

    SHA256

    fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5

    SHA512

    bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE

    Filesize

    106KB

    MD5

    bd7c04caae063e164e5b020428e74e4f

    SHA1

    61d9f8a799daa3c5ad241721850a964c73df7e76

    SHA256

    9d61eeca6db035a3ca689dfe733eec8e9b4bcb994b0de458356a690d6a1c6e17

    SHA512

    89e6bef9ce32024b7d7de9ea92e49a0e61446019157b4cb907d4dddfcf968d6b7e22fa579ca8ee4e50d8baa9276beff4c221e9b0d0ab772336b4d305cc905b39

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

    Filesize

    124KB

    MD5

    3b12ce8423dc773634f8e180cd9109e6

    SHA1

    403cb9cb6edf75cfa5c8c049dd352e44a71805d0

    SHA256

    b04c3a15ded941ddb33db9f2c3437883c802a0fe31b6e367b992ce5249f956b5

    SHA512

    634c83d96773fb576d495b683030c0b50739c8f5a55447b31128aab879a7396729e9fe4234eb7c3cc71ca4be15a350df168ec4ead5eb8cb8fbe9a1b927a1c758

  • C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE

    Filesize

    130KB

    MD5

    6f889c9f64d4927505a415675777e9bf

    SHA1

    bb993fb6bf3819952f13c1ec5678dcdaa881ea65

    SHA256

    08b0b0479019223c46c55b2549eba6c7473a2c6614529360cfd340cd08a33579

    SHA512

    f45c5cd570c081216dc7137d78515ca57c8bdd3ac40b1a04d481e64ed3b4ac1f71372c5be820029442ea538883db23e369ddfa64776dad6376f553dcb878058b

  • C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe

    Filesize

    236KB

    MD5

    e826b7671456ec846c8b4661b15fee8c

    SHA1

    09104f2f28f0498bcb98d36bc6fdb1b26f3bcb4a

    SHA256

    6e7a3e4f9f854784cc54c6060a14cf13f83d0e0c9a05113135d659375ef125a7

    SHA512

    fa2399ab18a76600eba0fe622c823dc66da1bc2b9390fae22c7b63bd3ebe3daf4252c9bcc63612118cc18104bb12a35d6dd46c829e274ac6601c36e19397a9f0

  • C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe

    Filesize

    96KB

    MD5

    772c8c9ccde5a807d6172912cbdab9a7

    SHA1

    d21fe4045acbae1b1c22597f3512c12cd9ecbb7a

    SHA256

    b4ae913b6fa3aae3be52d8b95064d2213691bdbce878146e17f6e3337ed3cf5d

    SHA512

    322d87b501d054bae16930c99c04aa0b1782c7a05a9256f4dd5c928b996729c2d468d37135c1234c82c15b5c2c5dc47113b2f95b17ade025a8dbc1860afde1fd

  • C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe

    Filesize

    91KB

    MD5

    f1eb04ae3c1c2e7146660a0e2dd7a93e

    SHA1

    3b5fbf5cb05dd1602d01ff3f2a56559bd6a4b8a4

    SHA256

    0dd96b3a1cecc7935c0fe9f443b0688a2a24466467f72e181f4f37a46badf14b

    SHA512

    221fbc1f73b9bca41bfbfb4aed2766dcb67ad860b0e90d9cc0fdade0a64260f2230f7312d8525a318072c6a6c40fad48944a38c88fed4cb9fbd70ce66b30c83e

  • C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe

    Filesize

    111KB

    MD5

    e40087a543b8b9f1e3264ce9b9906328

    SHA1

    efa144121174b1dcb14500e425e246035ad31879

    SHA256

    5d5c4a837d8c287039431b2d9a1bbad44bdc53269165129138bf6bfa00ecc733

    SHA512

    62396615aa2e2e682d763e9afcd2ad6d31d559a66fc0b26ff18e2bead69c126aef6a57c0356051aae09f2f1ff4091b5c77c280f6c3acedaced6d16d58eed5aa0

  • C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

    Filesize

    121KB

    MD5

    cbd96ba6abe7564cb5980502eec0b5f6

    SHA1

    74e1fe1429cec3e91f55364e5cb8385a64bb0006

    SHA256

    405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa

    SHA512

    a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

    Filesize

    123KB

    MD5

    4006fdbcd1992759072568a865ab1485

    SHA1

    b7fe1469dce49f10e3dec50e4d5d51a639411125

    SHA256

    0149257d2dda68e7b23fd92004886318247f53b3ab3c9d4463039dbce7aa1d21

    SHA512

    924c9e8f87d2ebc16c1c6b3a3b907bd0b2b1fe3003e45e92efc2f8873d43e1b940c14336f9c55235d1d526e79ce23e125afe001b185870ee0f64c905845b00dd

  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

    Filesize

    93KB

    MD5

    20eebf8b19a1580a2180c14a51c91959

    SHA1

    c0cd19727e9ca8d601e0ac3e7adcb10fb7563a62

    SHA256

    0eebfba6022afbdf591517a6f51177b104064730c4beecaafb3f017da46dec1c

    SHA512

    b935e1a62ecadcab8757314f489942671708c1aae3c5433de9bd6c9b19cf22e862f483b56ba0295d4d5d08eb9529aaa4ec9d0b66a4c3da93470e918d6bce5a43

  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

    Filesize

    77KB

    MD5

    e6486c80ae6d62878a5f7a7251d67d12

    SHA1

    41d8f874a4a3c92adaa9b31db60e12de27b0838b

    SHA256

    8db3304f253877485f504803024ccb84416fb12ae2f0721ae2b2d13783be4a0c

    SHA512

    a8f7c3c8cb72d40cad33c823d3d69f0225cfb0c565187b020ff9ac920035bebdad937131af07e9ad2629a847e50d61804b1b78796d3acd4648500b52f76d7384

  • C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE

    Filesize

    76KB

    MD5

    806506dc1b532a87c20728e7d7995484

    SHA1

    4b90819a71ecd0447037714996cd9f72377d490e

    SHA256

    5b06449b1bf926c48b2b81b00a9d893348b6354fb8bad921dcaf0ee0ae664fc9

    SHA512

    73392bd9d5db2470d8253356412bf9b67f92df154def2e8c0f9fec783ca932bb2fd4d2baa4d8e0514121e52cd49b8b3848a6dea6cf873933f260041d97333e24

  • C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE

    Filesize

    80KB

    MD5

    de19928b6bb96aef85ca5a6f5f0f0cdf

    SHA1

    56889c4ee233c53b648d2ad382c44f118d05e52c

    SHA256

    8e26ab8f98f103a89b9682925c79267c6bf18a8905f59a4b6fa9dbb7294bf482

    SHA512

    dded66b7d6726f3a1011af57639cb3ce402041d674528d2d208a3665b2d614aa0215b58e0638339356c7f4929b9ab5bb9d97483b4e488a632b59bf2220937966

  • C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE

    Filesize

    36KB

    MD5

    66d58304c686ca499e3d50d28c18eae4

    SHA1

    fae1a8776d0370216d018258418e1bc15d4a4181

    SHA256

    71827d56e028e45cddeef5445756ee64736478137b00571076b59b41f9a0b42c

    SHA512

    f07e9844db8b53544f212b6e717b4a86fd49ba273718e60dac5113bbfffece1f6abf1a278d995e7a56b02bd91f94c8cb0b4a93bf3be672a4e62a81fd78b5c482

  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE

    Filesize

    92KB

    MD5

    79f4f75dbf35054c19c4c0f7b0731d04

    SHA1

    a7e3800b6ac782b31b5ff12db35e3f7ebd24b795

    SHA256

    d70077bbe4cfcc6edd54a63d9f61ed34e28fede0726e5cb9989302a825165a2a

    SHA512

    dc73920fdbf1fa656f13f5681727495c7130c84f77139e08c02a18b4b7ce3f527d374eb0af3d64e2fa62497eafa11c5b0c215354e1edf793af5ebdf3ae2ef876

  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE

    Filesize

    56KB

    MD5

    9233cdf0e88f79ca7af9aed31e8ceacf

    SHA1

    8dd5c97c037f5fb777e59f1a05822840a324f762

    SHA256

    9d8cd6b047d263594d3770dea0b4d488db3682ca3e743ec2217bdcb995053e0b

    SHA512

    7705b2ba531b0070f20266c0ae2c476a07bf4a075ac88dd0b5d950495e9bc2fa455819fb734d4e069b6f335962c68bb8db0547be07b7adb894f6215a262ce26a

  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE

    Filesize

    91KB

    MD5

    ed7b32f91ab26c43713b53481db53f1e

    SHA1

    7978090e6000d8526746d5403e63cfaf0477dbde

    SHA256

    834b04d54530559c109e789596522fb2e5bdb7dbc677bd7558c389a8531f6911

    SHA512

    0818a42d21a705fac77b21ff3b558041351bdad24e545659179c639bc0b2e46710639e626b9756c094fa1bdc46ea3caa804a75a8b2c890a0ce6744ea3dfcbfba

  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE

    Filesize

    141KB

    MD5

    293268b64ae0154ad2ac7e7fa2a31c05

    SHA1

    d9abde255de480f5d6c8fdd4e005411ea939fb63

    SHA256

    718a846bde003a03fbaddbe5f7a860ca270ea3acb0478363753f340e8513b887

    SHA512

    c05345febc3f8a458d9f516768b3af8d968c67e84486661b1cfa485be444a998726f74d618c6dc437b4828c71543ca82726a9214f5d43b322eb5cffd485ed85e

  • C:\PROGRA~2\Google\Update\DISABL~1.EXE

    Filesize

    68KB

    MD5

    eedf897b9de40180983927a4456844a0

    SHA1

    9c4c9847991d70ee9a606171abd00b164f85e4d1

    SHA256

    e088f6d38e3bc32a483d4266926fa0f086ffaba181bd2ee49c4b330f88e6318d

    SHA512

    f66b1221f428c80f2664e73934b9afe8fc9306754d149a153579aa5ad5457707e4e8e1a580f35d904c5a28aeda65c21a08d1d2e026de9c9d7d0ad1c2db422d53

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MI391D~1.EXE

    Filesize

    67KB

    MD5

    0161d4b7ebe866d19097b97d7c90a0d6

    SHA1

    326ec7bb5ceb6b579bb8e1d70b29d794abb6bd68

    SHA256

    da52c52d7763e7d08e3f47f4fc6adabdd2cf091440e15b2a700eafce2237395f

    SHA512

    83d386cb7c833116a4adf31781795bf7b5c656f710e60caf35860f9c96e39ec1d500862832541c8077af921c7dcfd428f0ba7b54f1c2123e185297d756a2dcd9

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MI9C33~1.EXE

    Filesize

    54KB

    MD5

    44f3c8d2d36db22720b9cac430967f78

    SHA1

    ffaaa5aea18bfcc9791aa827b5682296948eb0c2

    SHA256

    0d935aeca8fbcf7f24d9da62b1fb9878bbdc9cbd5e5a500ae79709e7a3ca4c53

    SHA512

    372e5ceba8141ad7ffffc61254d36c6b0af5380c62498dd5e1972d6ba7fd9b1f3c1301c9da028520d373fa95b4a6ada78a79cb8d7377bda1cce17adcd7b47a5f

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MIA062~1.EXE

    Filesize

    68KB

    MD5

    bd8a7f540878a6387c059dbdc14efcf6

    SHA1

    5fd909b5981a622af986823778f36ae5bb33d7a5

    SHA256

    e48151b5a44495bdd520ee6d04187affbf82debce0f5d5097c63a3979a1a5515

    SHA512

    4e98dfef142491152acc5e498bcedadfd490a172dffc4669d823c884d24ce5418cfac5556b3dae3ed339cb1b7c4075bbe8dbad9f9cb3a2cc4a4050eb27d65b53

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MICROS~1.EXE

    Filesize

    127KB

    MD5

    d93ce36f85d5ee2e8b0364845316bdcb

    SHA1

    d6a21222e1247040462c72ef10b697e3e5a2809a

    SHA256

    dd830b9197fda16e7bb3b6a6e98fff0471e0f23c1a633f3426c88e82c71763ba

    SHA512

    0947c1e059eba122668e1fa4487bb575cf4c6cabbb923f9e294f8732362d4c6582115d54c55cd810fefa49e5a321496626f6a355e66662e57331be289f251648

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MICROS~2.EXE

    Filesize

    116KB

    MD5

    3fd24962bce0480fd90f4425263c0e32

    SHA1

    ca304138a22c000bd4ad7f670f2b17840d313ae6

    SHA256

    e924f528d850fe41c0fcbbd3ff8bfd817e129117f5fa06d255af5f743de4247c

    SHA512

    7c7e6d8b2423ee14b4ec415aa03ed6f027a6151823bd4cbcde41891a74efaf00c4f0c9ef6c6d616a707d63aff7c604f32ea61e297e8fa6781d07674140e5df34

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MICROS~3.EXE

    Filesize

    112KB

    MD5

    8c1883579ff1b4cc640c15d1d65e69d0

    SHA1

    0fb35c9faae3220688b102016087b367358444ca

    SHA256

    cfba8662e0263cf5af418ddfd2b8bdcf191680769cb9156135173fc6ab61317d

    SHA512

    c2f4a5e147206fc340bf1c307634f40e42ac929adfec28cf7c2ccbe866591365bbd781caeb0ad691f35e7319c8010e6b612f96d46589e9985844752de230f421

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MICROS~4.EXE

    Filesize

    34KB

    MD5

    e22362c947d2997993e26461492ba5f0

    SHA1

    317f40ba452087bb3dfca75a4885df6652c27dbb

    SHA256

    91133772a09802192b95bcf210727e595ee8aadaefa97f1e398910cc7f58bd97

    SHA512

    c9c9908ae78a457bd96b5be634512d6116fb230a44ced673b0296982bbadd812ed57e1e59d2617255615fdc555ff9eca762e401a5bca90748d18c70f92c98f8b

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13181~1.5\MICROS~1.EXE

    Filesize

    63KB

    MD5

    654972193331728e807c04c8285043fe

    SHA1

    e786f2b424e4949c15381fb77d3998687d4857f2

    SHA256

    2555fd917720214102dca2b91044c3d673b5db8ae5fddc3acb7eea74cca4bcae

    SHA512

    865c19cca38ca06507d1c2456862975a6ac9bebad391787bfce44de6d90d870c5a4a046e07a943024a289d504f3403f008a18f7cf079525ec61dc1455419016f

  • C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe

    Filesize

    60KB

    MD5

    11e961a9b0fad2bccbe0947cbdd1776e

    SHA1

    4839eda3b55324b4239bf75a426e3af7944f0bef

    SHA256

    811957afb267b525d926dc5fba4f4b083b67097fe94e8943252a50d924d29219

    SHA512

    6754b4b1df956dec80619f4eddb09632bf349dbda407be0263b9dc771c9df7a5ef2ce8e13851f7f1f1b1996420a65e9ed8ec968f607eea521984f6aa13a8e77b

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE

    Filesize

    316KB

    MD5

    299e3ab8ceace4c41af62565337626ea

    SHA1

    282239125bcac3517579794460eff2a1c6d79603

    SHA256

    681b0a127a8185de1a1955d5117b3d1294cc4d89ba5cb88ea54c848e43dd082f

    SHA512

    7c99450c53153d136ba3c64bfcb2a145642cf73bb076ab0fe683fe525f62874797f0edc73e2f32e7c49d8bc35a0ec750d4123093d301d41f91e9f4ad46048611

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE

    Filesize

    138KB

    MD5

    5e08d87c074f0f8e3a8e8c76c5bf92ee

    SHA1

    f52a554a5029fb4749842b2213d4196c95d48561

    SHA256

    5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714

    SHA512

    dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE

    Filesize

    196KB

    MD5

    c7900eb3ef6e5f6ca2299da55ddaa155

    SHA1

    74e546fb50a734e9e01bf9220925c2b699b1c00a

    SHA256

    00d4fc71d5faa8f78161e3b0c839825112855d5c302ba4d37e813d97728cc2e9

    SHA512

    71649c5e8d118b13c11ba9a0fc76a740f16a0b5e28133553dcd46454727d9e7743164380ff67c4d4a1b9efd2771db8631baad7d0fad6db322d3c32dc6fbde0c4

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE

    Filesize

    224KB

    MD5

    9dae8953acd6f96684d4c592e14d296d

    SHA1

    fb1fca4142ba789972f967aed747f3bf4b66429d

    SHA256

    567ec4d2b674d1d3c6c944c6bd224f1d39c4d468264a79e9a134ea0517314507

    SHA512

    ded3f1bfa8b72bb9803683a3ca035bb47e1b4caaa0e438a5be8506827f7aa45c9727f4661c7cecbd2b9c205511f96941119cd91db939d5295a59389cf89b6da3

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe

    Filesize

    274KB

    MD5

    bbcba1ddeaa2bbb2c9157dffb6761716

    SHA1

    691423a7e607b4d64f7e41f6002b345d51442da3

    SHA256

    91f3c594927ff639a1a15d601f58f4b4e1e4cfe3dbf599c88f419361a9a30a39

    SHA512

    2516753508c1233e61677de20e9638c94d840a3e65fbb7d48681ed0ef518daad39ddfee7d7d73381b200ecff12cb02632a74f2f6d604c86ffb4cb78965481fd1

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE

    Filesize

    123KB

    MD5

    17edb8cddde752ca2771935ae57df81a

    SHA1

    1739ec7c5586f9ce0d1eaa20d24db3359d0beef6

    SHA256

    eedd50feb0005dec18a7b97c78b63a34609c6ffeee7804c4fc52f9393d3864f3

    SHA512

    b9c08b22b13410d367fdedd5c8f9a3be58f04760961f5f6b73006693c010aeef6b827ea82f8e3b3e7e837de967888dd399bb61dea16df5bd408bf618a9363f95

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE

    Filesize

    214KB

    MD5

    f684c4da6c7853dab3bd5e74e36d801c

    SHA1

    d2e3ee1583e7c9ec3e8536c6c2fc2549d86d361f

    SHA256

    106c2007b986fc7c41f5a4f3fe80502fc1f3b6f5fa7c49ff5963a3e28729dcc0

    SHA512

    53e125968d21813d53f021b194d9c58dcc10ed1f637ef8707bb7b2cdfe57ea4088d582c2ffc611cfdadb66b8d4469bef74801ff7b590bfa3ff732faf20bab795

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE

    Filesize

    159KB

    MD5

    8a92124fef39ae87b2c69ff5db5c5719

    SHA1

    16dc4f8030d4d164ec02f53ca256f19e80e2dc2f

    SHA256

    a6e33af08bae4b7b98991f5d220d4405ec60241e51c07b0c03bedf65ad442785

    SHA512

    fc95d5fbebbe3951f585ae27cd056c4628ef8e8b71f65d01c4285819c5575ef5c96fe7d36956747b9c055329fe390b56fc86e2a4ca1dbaf81c19778b06054032

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE

    Filesize

    269KB

    MD5

    06cf22bac4b35acdf35713bfab2fc648

    SHA1

    5224d29db145e87fe9697aaf151c833fa960d964

    SHA256

    93829548eecba2c843de972b4abf88da6a059c059853095da31cf8d91c19419a

    SHA512

    69666f86e0300851c740ec2b9036bc6e390d856484953106edb2876a9f955aaf5f650232ec49d698b0291e7988cb42c876911d5532455b73f5338e7c5fd39aec

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE

    Filesize

    248KB

    MD5

    9ecb3eb9b0b3d1f3aa23291b16dd716e

    SHA1

    a4653217b4178f5b672ea3b034bd50ce29542e40

    SHA256

    9ad86cf109472772aa168eeec0de57145f62177e768933eccc6b5d3b3783e357

    SHA512

    2db5fcd2c875534e351e31145c57e6bb472665a84b3afffd41738ef046e839986603df1edbc7ff1b99cfb8ab843a3972aa33d6dee2f309c6252fa87dc4885a9c

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe

    Filesize

    191KB

    MD5

    1ca9789c60209aa73de32d55fee672de

    SHA1

    6455e9b659eb3f819f0d2cfef31325f094fc9f14

    SHA256

    8b34882ad6523c22961bbc6609c0bab5e25ac302e1b14b3a8eaf1f5cb3c02985

    SHA512

    87e86f47a08fef5b0bf066215fb88fbade3cc956c8eb68dfd4004caf443a2117c841b83142c6687cac7a04fa4e61a3b350fc608d45da1a988cb43f001a9107a4

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE

    Filesize

    118KB

    MD5

    0894ac82a69155969971a23d01a92daf

    SHA1

    7159f63822f9961ab53e1086cf060265088568a0

    SHA256

    6fe1a2ac278cac696268beb5ac79932899e826b5d0b8a68f8fcde4b0a6cfe7de

    SHA512

    d61643a8eee67aed3956f8e803245ed51f608d257b2632c732289729bfca53b57ce98eac67edc106eb44b16aaa24222e9d1a832a50a47ded9f8ad35dd6857729

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE

    Filesize

    79KB

    MD5

    0fd390162e4b1c2e314253c44bec8eda

    SHA1

    9f21449349028bb1368b9995bb9502ee8922a083

    SHA256

    c11cbf21dcbdf955e32870b32c2ba43fbdafa585c6c15041f2353fba9e638ad5

    SHA512

    f8f2fe689095c38aa77b3c8550293d83e8af03adcb59f5341765a60460c2b0b757694138b23496953ac08efdf4082ea1835fc328343d66b89359523ecbb59e3c

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe

    Filesize

    149KB

    MD5

    fcf3eab00afaf8e90c82b9015155747c

    SHA1

    53bf72168806b5e15f3333c792c5668ef9f28652

    SHA256

    ca374476582d6dfa05ca6b0d4520b5ee83ee90285a483a4f105d3c90c7592a7a

    SHA512

    1459e810f4c6cd0ae37e83eb061906eb7504c79825a01806cb1564f22c768745bb4fc2ad9eb2d0ed80b14417941b367a9a7c8068bbbc8eb36e7fcab0d7f90762

  • C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe

    Filesize

    187KB

    MD5

    2d8018c369b1868e7e6257a684a1f298

    SHA1

    9d9d861902d7a6991b5b8ee583d066b639d22341

    SHA256

    d2e15c2f9a05489f5bfc5b6e697e46fb7693b60a7338a82c982482f383b35401

    SHA512

    7e38aea50f58b499547074f998701fa12eae0067804c69e924ac15699d3827480663736c8280270e296483445ddbd2358c59fed20a6eb2b1e0a559444040081c

  • C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe

    Filesize

    82KB

    MD5

    386ae305ecf4ba8fe45c4ca2a069ff39

    SHA1

    fa68d07a253177c14d5ca456926b5ed934e86749

    SHA256

    ba95237ac63b94f174e9bc34d780c25db791a3d4ccff93bf2460811084bdead1

    SHA512

    104e19ff20cb271555d9051193b80b4211cb020ede43b565b0077727fb292524c2f484338b686765849b61dbde34b351ec59476cb6eb08852cac167c923751eb

  • C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe

    Filesize

    163KB

    MD5

    b65947e3a7c0d0ea82634bf3c652c58d

    SHA1

    c3ce1767210c11b395a77014935fd47f61a4804e

    SHA256

    4a02bdb21826a2e335f9519f6af9208fcf339620c9d1b647017b75885aa2871f

    SHA512

    0358a8e13bef44e483807d474352bfb854e34f715bba3b3da2313c66826e3874522d51d9c17853d1f6a6c528229deeb1ab6cbd3a3e5698fc468a54e640a7c922

  • C:\Users\Admin\AppData\Local\Temp\3582-490\SWIFT TRANSFER.exe

    Filesize

    117KB

    MD5

    c46034168de3829b2082c256e41ad3cc

    SHA1

    216e955a3e1ed738bf292faddaf7aa94c4dab164

    SHA256

    239b22be5a4b2a75ed8a0056542ad2d41ce67e1768c906b4a5c458590975f605

    SHA512

    9546d0604588c08f8156c625f7d0347456b09c80c25d379a19f1ef8bc3e6a27c580b38fd0a9db196a09da928afa3f33022522a796e9c362a44f1dd8754b692ea

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ageuktgt.vh3.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • C:\Users\Admin\AppData\Roaming\GuQWhxmyGNWUd.exe

    Filesize

    83KB

    MD5

    2b9eae1f34cfcd29f8f2e4649a2cfc7c

    SHA1

    314a1de53026d907fb4b420979ae9a38532f8c23

    SHA256

    86ed3561fe3589a0ee7d6cf245429d594ed8bacac5356fd4eb96be8342224501

    SHA512

    b92683e1e7962b9f7d3155969cc0daaaf007dd639e96414ce0fce95f28c9488142e8fdde57a92bc7eaa861c4764f3bf5d6741fb69808bcdee32c572cc6a8d958

  • C:\Windows\directx.sys

    Filesize

    109B

    MD5

    97a1b4fc59e7f5eeb09640d5a38dda6d

    SHA1

    90f937904823e0a9c5c255e9158bfebdfe5fc38d

    SHA256

    2277d70bef948f4a3d7c49f506368d1127f5634013de861d9432135d87f888cf

    SHA512

    759ee58c3b4cc0a4f7e75ae12c17c0cafe0e20ed30ff8c6a13e85b3f6178f39cec0aa832d61fb3ca6262e74aac33fd2927c00f57c83000982b7e34fa4ae339d8

  • C:\Windows\directx.sys

    Filesize

    84B

    MD5

    b364923878bcdf692aa56a8676909f49

    SHA1

    769dcc85e12af7f22f975a253da496f0a26de79d

    SHA256

    da1f1df88b7c2e8c5634c1d03f8f556a0a5f6f939ed5743b55bc8f41b565130e

    SHA512

    4dd3572efce76b4ba238f576cb54f505cae24b5efc3f860930ac64456f720823f60e35659822688ecc3d98a3083e5e1c8ecf9d957510476386980f5aa44dff9b

  • C:\Windows\svchost.com

    Filesize

    40KB

    MD5

    b062ed524b6ca8adb3d610e1e9ca6e3d

    SHA1

    109f4126d0066ffd4f15e7cd0f9fd88b5caac539

    SHA256

    f2da19edfd2d7adb438eb4042cea781d546a07d2f9c36200202e3f37baa38935

    SHA512

    e7292bb0ea58a0c815f25bff11257dd20e7bf9a5ab2ee3ec5fbb2eaf6682551ee4afc427edeeb1c7a13d9e447121ee1562c5868644a5ed693664aa67605e0397

  • C:\odt\OFFICE~1.EXE

    Filesize

    383KB

    MD5

    b4d5c5a1eddac571d48317c9b879d109

    SHA1

    79d061ba4f91ef9bbd0bd7bbe05c4bb4704cff0d

    SHA256

    1c469ad94d78a9e348fc63fab51cf8e6d5a1ccd2b720ab1daa75e22931602d30

    SHA512

    88b8dc8e637f416a7ceb24a73635084e41d4d1bc0f2ddee588e1949814627fea30873c08a741d85d1b5542ea2a2916c6f89d561727ca39ba321138f37888add7

  • memory/1104-21-0x0000000005C60000-0x0000000005C72000-memory.dmp

    Filesize

    72KB

  • memory/1104-18-0x0000000005040000-0x000000000504A000-memory.dmp

    Filesize

    40KB

  • memory/1104-112-0x0000000008320000-0x00000000083C8000-memory.dmp

    Filesize

    672KB

  • memory/1104-20-0x0000000005CB0000-0x0000000005D4C000-memory.dmp

    Filesize

    624KB

  • memory/1104-110-0x0000000005ED0000-0x0000000005EDA000-memory.dmp

    Filesize

    40KB

  • memory/1104-142-0x0000000073100000-0x00000000738B0000-memory.dmp

    Filesize

    7.7MB

  • memory/1104-13-0x0000000000540000-0x0000000000644000-memory.dmp

    Filesize

    1.0MB

  • memory/1104-14-0x0000000073100000-0x00000000738B0000-memory.dmp

    Filesize

    7.7MB

  • memory/1104-15-0x0000000005660000-0x0000000005C04000-memory.dmp

    Filesize

    5.6MB

  • memory/1104-16-0x00000000050B0000-0x0000000005142000-memory.dmp

    Filesize

    584KB

  • memory/1104-17-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

    Filesize

    64KB

  • memory/1104-22-0x0000000007EC0000-0x0000000007EE2000-memory.dmp

    Filesize

    136KB

  • memory/1104-25-0x0000000005C90000-0x0000000005CA4000-memory.dmp

    Filesize

    80KB

  • memory/1104-19-0x00000000052B0000-0x0000000005604000-memory.dmp

    Filesize

    3.3MB

  • memory/1104-111-0x0000000007EF0000-0x0000000007EFE000-memory.dmp

    Filesize

    56KB

  • memory/1476-252-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/1476-137-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/1476-141-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/1852-109-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/1852-219-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/1852-113-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4060-251-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4724-207-0x0000000005610000-0x0000000005676000-memory.dmp

    Filesize

    408KB

  • memory/4724-225-0x0000000074040000-0x000000007408C000-memory.dmp

    Filesize

    304KB

  • memory/4724-239-0x0000000006FB0000-0x0000000006FCA000-memory.dmp

    Filesize

    104KB

  • memory/4724-164-0x0000000004F10000-0x0000000005538000-memory.dmp

    Filesize

    6.2MB

  • memory/4724-163-0x00000000048D0000-0x00000000048E0000-memory.dmp

    Filesize

    64KB

  • memory/4724-241-0x0000000007230000-0x00000000072C6000-memory.dmp

    Filesize

    600KB

  • memory/4724-238-0x00000000075F0000-0x0000000007C6A000-memory.dmp

    Filesize

    6.5MB

  • memory/4724-161-0x00000000047F0000-0x0000000004826000-memory.dmp

    Filesize

    216KB

  • memory/4724-242-0x00000000071B0000-0x00000000071C1000-memory.dmp

    Filesize

    68KB

  • memory/4724-224-0x0000000006E00000-0x0000000006E32000-memory.dmp

    Filesize

    200KB

  • memory/4724-235-0x0000000006DE0000-0x0000000006DFE000-memory.dmp

    Filesize

    120KB

  • memory/4724-237-0x0000000006E50000-0x0000000006EF3000-memory.dmp

    Filesize

    652KB

  • memory/4724-236-0x00000000048D0000-0x00000000048E0000-memory.dmp

    Filesize

    64KB

  • memory/4724-240-0x0000000007020000-0x000000000702A000-memory.dmp

    Filesize

    40KB

  • memory/4724-223-0x000000007EFD0000-0x000000007EFE0000-memory.dmp

    Filesize

    64KB

  • memory/4724-222-0x0000000005CE0000-0x0000000005D2C000-memory.dmp

    Filesize

    304KB

  • memory/4724-243-0x00000000071E0000-0x00000000071EE000-memory.dmp

    Filesize

    56KB

  • memory/4724-245-0x00000000072F0000-0x000000000730A000-memory.dmp

    Filesize

    104KB

  • memory/4724-244-0x00000000071F0000-0x0000000007204000-memory.dmp

    Filesize

    80KB

  • memory/4724-246-0x00000000072D0000-0x00000000072D8000-memory.dmp

    Filesize

    32KB

  • memory/4724-221-0x0000000005C80000-0x0000000005C9E000-memory.dmp

    Filesize

    120KB

  • memory/4724-220-0x00000000057F0000-0x0000000005B44000-memory.dmp

    Filesize

    3.3MB

  • memory/4724-214-0x0000000005680000-0x00000000056E6000-memory.dmp

    Filesize

    408KB

  • memory/4724-249-0x0000000072F80000-0x0000000073730000-memory.dmp

    Filesize

    7.7MB

  • memory/4724-206-0x00000000048D0000-0x00000000048E0000-memory.dmp

    Filesize

    64KB

  • memory/4724-162-0x0000000072F80000-0x0000000073730000-memory.dmp

    Filesize

    7.7MB

  • memory/4904-135-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB