Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1d854192e5...da.exe

windows7-x64

7

1d854192e5...da.exe

windows10-2004-x64

10

Resubmissions

15/04/2024, 10:50

240415-mxdmfacf29 10

15/04/2024, 07:11

240415-hzw5cahc99 10

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe

  • Size

    767KB

  • MD5

    ae2f422a1ca6558ca6dd723c1b351b7a

  • SHA1

    eeec0b0012f1b6c41a70f6f13d2ec01e0b3ef6ad

  • SHA256

    1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda

  • SHA512

    30a0ea93646669e6b2aac357e36c558da8fbd166435cc05d33daf80e01d12c4dfa903e6532ff0e58c47faee12c63998aa2313bb2e73650878f3d050654c751c3

  • SSDEEP

    12288:WMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Ks:WnsJ39LyjbJkQFMhmC+6GD9R

Score
10/10
evasionpersistenceransomware

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Readme.txt

Ransom Note
Attention Tax payer: All Your files have been locked with ransomware by law enforcement for violating cyber laws. All of your important documents, photos, and videos have been encrypted and cannot be accessed without a decryption key. This is a serious offense and you must pay a fine to unlock your files. To unlock your files, follow these instructions: 1. Contact us on telegram = @Lawinfo19 2. We will tell about you problem 3. You need us to pay a amount for your criminal activity 4. Use the decryption key to unlock your files. If you fail to comply with these instructions, the fine will increase and your files will be permanently deleted. Do not attempt to remove the ransomware or tamper with your files. Any attempts to do so will result in the permanent loss of your data. We understand the inconvenience this may cause, but it is necessary to ensure that cyber laws are not violated. We apologize for any inconvenience and hope to resolve this matter as soon as possible. Sincerely, Law Enforcement

Signatures

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies boot configuration data using bcdedit 1 TTPs 4 IoCs
    ransomwareevasion
  • Renames multiple (391) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes backup catalog 3 TTPs 2 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 2 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe
    "C:\Users\Admin\AppData\Local\Temp\1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Users\Admin\AppData\Local\Temp\._cache_1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:704
      • C:\Users\Admin\AppData\Local\Runtime Broker.exe
        "C:\Users\Admin\AppData\Local\Runtime Broker.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Sets desktop wallpaper using registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1872
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4088
          • C:\Windows\system32\vssadmin.exe
            vssadmin delete shadows /all /quiet
            5⤵
            • Interacts with shadow copies
            PID:1440
          • C:\Windows\System32\Wbem\WMIC.exe
            wmic shadowcopy delete
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1156
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4656
          • C:\Windows\system32\bcdedit.exe
            bcdedit /set {default} bootstatuspolicy ignoreallfailures
            5⤵
            • Modifies boot configuration data using bcdedit
            PID:4336
          • C:\Windows\system32\bcdedit.exe
            bcdedit /set {default} recoveryenabled no
            5⤵
            • Modifies boot configuration data using bcdedit
            PID:4352
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3756
          • C:\Windows\system32\wbadmin.exe
            wbadmin delete catalog -quiet
            5⤵
            • Deletes backup catalog
            PID:3916
    • C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Sets desktop wallpaper using registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4548
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:756
          • C:\Windows\system32\vssadmin.exe
            vssadmin delete shadows /all /quiet
            5⤵
            • Interacts with shadow copies
            PID:4200
          • C:\Windows\System32\Wbem\WMIC.exe
            wmic shadowcopy delete
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2248
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3284
          • C:\Windows\system32\bcdedit.exe
            bcdedit /set {default} bootstatuspolicy ignoreallfailures
            5⤵
            • Modifies boot configuration data using bcdedit
            PID:2496
          • C:\Windows\system32\bcdedit.exe
            bcdedit /set {default} recoveryenabled no
            5⤵
            • Modifies boot configuration data using bcdedit
            PID:4376
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4424
          • C:\Windows\system32\wbadmin.exe
            wbadmin delete catalog -quiet
            5⤵
            • Deletes backup catalog
            PID:4480
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3380
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4460
  • C:\Windows\system32\wbengine.exe
    "C:\Windows\system32\wbengine.exe"
    1⤵
      PID:1292
    • C:\Windows\System32\vdsldr.exe
      C:\Windows\System32\vdsldr.exe -Embedding
      1⤵
        PID:4756
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Checks SCSI registry key(s)
        PID:3644

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Synaptics\Synaptics.exe
        Filesize

        767KB

        MD5

        ae2f422a1ca6558ca6dd723c1b351b7a

        SHA1

        eeec0b0012f1b6c41a70f6f13d2ec01e0b3ef6ad

        SHA256

        1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda

        SHA512

        30a0ea93646669e6b2aac357e36c558da8fbd166435cc05d33daf80e01d12c4dfa903e6532ff0e58c47faee12c63998aa2313bb2e73650878f3d050654c751c3

        Download Submit

      • C:\Recovery\WindowsRE\ReAgent.xml.FBIRAS
        Filesize

        1KB

        MD5

        47a246fb22f5cfd5de6b39a40f9513b5

        SHA1

        c2a08a21bba93c68d7a9d23c2bf0b967e550c660

        SHA256

        9db68678a83c2df1cb0b0e80c0701393646ee76dd590410e21ded1080962fdb5

        SHA512

        eb027e8ed5bbc61f2722d924d323e283384a8122cf271dcb286442ce31cee1c3dcb75af391e7fd97669c8f39ffee35a78ef269f6e0a31336b93f73eb73d1c84c

        Download Submit

      • C:\Recovery\WindowsRE\Winre.wim.FBIRAS
        Filesize

        403.9MB

        MD5

        70d76331bcbcd3675ef7b045b19433af

        SHA1

        b26aa0b7e03e7283e5371f6043c4751726e9c41b

        SHA256

        eb1a8c4714ed0524844da8af3fbd313e0a1f2d9f4c69e054292df200181750bc

        SHA512

        d8a4947c38ade32ca31b940d4c18243d95a1adc55f164017e63515aa52f6cf222fd2e11f2b8987fcf37cf701b8087302d4b744957236bf6b23baf1a9d2d98869

        Download Submit

      • C:\Recovery\WindowsRE\boot.sdi.FBIRAS
        Filesize

        3.0MB

        MD5

        1220d3b539f8753f8c0c28bf219e266b

        SHA1

        f6f969a7ad0ecee2f308ce7cb015dd0d4d8e8895

        SHA256

        4c474e0a55aad69d9eccc001a6c5a5442dc7dcfe9ad9ab2dd2361209e2be33e9

        SHA512

        7f4c405d89f72210efedbe8d56e8509faf03b8a9822e12cccca11c8f39d5b2081e7a7b8b5a5e2abd2de664f4a69e9804abeb2c5dbadf834e1eb2a63cb60a98b7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\._cache_1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe
        Filesize

        22KB

        MD5

        c664f5be59fb3a17761dd2ada9eef228

        SHA1

        1f32c2b1aa103c73c9fb9624e53318d5bc8d60f1

        SHA256

        2a567c61c401c4fd6f7a4ae88265d7a0dbd0c14fdcc116f8c5d98da6022066ec

        SHA512

        c24a25237d009715f3b98fdf4489af8a484ab93091dbbd6ab1815946c9af24cff3f026bb3e7bff969348621cc82769b7fd1dde5bdbaba14768b229cac85b2259

        Download Submit

      • C:\Users\Admin\Desktop\AssertUpdate.xltm.FBIRAS
        Filesize

        634KB

        MD5

        0aaed45a7a298dda6add4d919d67b92f

        SHA1

        b55691ee09711da98432d822ca904e4a7de3d6c0

        SHA256

        ac8929fc9aeb8b4a6c6c43eef805c17949449789aa2d0cd57cb9160c4e932d3f

        SHA512

        5bfd105c4eadedee15b63c6d0ac6cc6ceda1527889ceb069ae4f9bdf2eea313fd2a288e3a9724bd63df1af9b1ec20dd47dbaf60212e09586f5976d2cb4049bfc

        Download Submit

      • C:\Users\Admin\Desktop\CloseRename.ttf.FBIRAS
        Filesize

        569KB

        MD5

        a34b6ae9351fcc4ad6a5b0c1fa4ef5f0

        SHA1

        5f42a9e6049cdbfca92db3a25bb87dc24f6bca10

        SHA256

        7e8bad8f0ebb40c95790a6f0bc29abdb5958e348a614d9d0010ad269f2f7b174

        SHA512

        fd5f3ab7964ec30723f9a3ba9a9f8d703cf19c699803a54e8b6f53d88efae62e78cc611d7fdd436e2290ae79b20bfc8941d1b7d961ed141b901f2660e7d6a7ba

        Download Submit

      • C:\Users\Admin\Desktop\ConvertToCheckpoint.wm.FBIRAS
        Filesize

        601KB

        MD5

        4a03bf3ec9bd456f9abbcc4dfb260fad

        SHA1

        ac83b88d25b4ba8a66655059576a24df8164a373

        SHA256

        5d9cbd2fa6fd2dd347065d4defe64ba20bace64006186b4bcd3e477070319998

        SHA512

        34af2bc24fc7a46b1dd24328a017cd8f9be92c4b8a9838ec13557c9090bcb46187bb1ab684de1e19fa9c10fff1907b1e6fef3f340f20fc76a31839f798ee6f5b

        Download Submit

      • C:\Users\Admin\Documents\Are.docx.FBIRAS
        Filesize

        11KB

        MD5

        046d85d7057f68094a152aea4f435182

        SHA1

        b856941fda37c239f4d0f5b0a99ee6120c94f22e

        SHA256

        e476e8bd830831b43cab648ae8ae6a2e06ff3df796bfaaace23a2fdb15cf19f5

        SHA512

        073ba1e4f709dfce74d9b3f4eb4aeb5526e6dfe1bdfd5eb79bef1d06f7ac16b27abbc7d2ccdc2bb98e8f3c7603cc0328715baa4e041786a7a71720d35da28941

        Download Submit

      • C:\Users\Admin\Documents\BackupMove.pptx.FBIRAS
        Filesize

        435KB

        MD5

        d5431c2642f2c1da8de9805c6b5c6f8b

        SHA1

        fb0edd46f762359a17defce6ce62895287dd7033

        SHA256

        2adc1a0ac27cdd183bf36c9f92639acdc9daa6b80d51c592fe816fb9037bb600

        SHA512

        23dc37f5ff2f1a7ef2901a724cc1eb410939dd4195138c32dbc2c4a0efefc6be67635d08b877435ecf723eea3dbfb7b1d16079dc3043d1e41987dd936ec03d7a

        Download Submit

      • C:\Users\Admin\Documents\BackupUnprotect.vdx.FBIRAS
        Filesize

        827KB

        MD5

        39e3f2c36597270bcc6a45f579993cce

        SHA1

        63ba98416076706e3e4c6b6e4615c60cfaf576f7

        SHA256

        2b399e48137ca7583154cf2766b40eb72e68515a8cb113491e5ca3c9d059ea54

        SHA512

        7d06b29c36ef12013f129e07537db461f4f66501af4d54703105125ae948c7e0d91c1248874fe53272ff62651ecef07b731aacca2e3f489993a0ad3a9ff51afe

        Download Submit

      • C:\Users\Admin\Documents\CheckpointTrace.pptm.FBIRAS
        Filesize

        870KB

        MD5

        7867e55f3d5f6dec5e6f26d681c44504

        SHA1

        86c5eeb6af83835dd072eea23605233d682eddf6

        SHA256

        05da988d53572ac2b159f9d831b4899047407c069550f21e4fc2b0c8f4f068b6

        SHA512

        a345d6814e7c8d39a4e2070cbb920e3d7dd93f2113dc1e2c6e4f1a16e708539a9621e67ea0bd2f9905671a02426c869bb3e67b1410ddee4b9c241e3a1df7e3c3

        Download Submit

      • C:\Users\Admin\Documents\CompressUse.mht.FBIRAS
        Filesize

        957KB

        MD5

        74f865bc353acab441dbc9dfbe8d3210

        SHA1

        561ffa8b084aaa06de6768a3c72a21e6930513c3

        SHA256

        03733b5c1a1ea38a8d8e84457952a6d67a8fb581ac0118938907a34710b57749

        SHA512

        37735a92d893f0d0aea7b502235ae963b23c059aadb45bbe077d2871fb187a797b06345f3c5c24e404ed98aec3cc2f3c687fb7e53b26e4d5c548245531ac2569

        Download Submit

      • C:\Users\Admin\Documents\ConnectExpand.xls.FBIRAS
        Filesize

        1.1MB

        MD5

        bcea74af04b69a8aa2c8f54b74972a6c

        SHA1

        71e3a96a34998041d9c780bc961553f1bfc8d5dc

        SHA256

        206a6273bf49620c4123aa1474a9af91cf989ccafa80beb1860cb59d7af61492

        SHA512

        ab19a99287c04a53c323235a284ecf8322ec7dc26f36da449208ef130032b9cba25bc800e5a81854451462c0dd4b2bd9c2b7770a85ece1dc01867a034f0feefe

        Download Submit

      • C:\Users\Admin\Documents\ConvertFromMount.pdf.FBIRAS
        Filesize

        740KB

        MD5

        d8573734b6f74ced7dba398f9c143a4d

        SHA1

        68d56e38348912f318fec01d56d6a121bbb33f1b

        SHA256

        d3cfe80d34f3644334ca8306d5062aa073c83aca48c7933214ff01ee1f24a255

        SHA512

        1b3cee9a80a849cddf41b0328017a117e9ddfb12eded29f01723620d9769a73c587aa6927d08b854903577aed700fb91647bd94c3acfecd1ff6b51eded6fe814

        Download Submit

      • C:\Users\Admin\Documents\ConvertFromRepair.xls.FBIRAS
        Filesize

        1.0MB

        MD5

        0aae2978f4ba2b9d29d91027cb5f1849

        SHA1

        099705373339f959992cf820e53f30de013f7221

        SHA256

        1d793837d826e22dd2d9a25c860be411fa00cbc659ca21ea9a26a9e2d69f5e7f

        SHA512

        1985fcd011424c2ed55a68219ffbcc43afe89bf365a577805104bf7c0e4ac5cd3248ce81639619734f4bb26ad995d95f12fbe97433422344c12e077f99d462fe

        Download Submit

      • C:\Users\Admin\Documents\CopyExport.xlsx.FBIRAS
        Filesize

        479KB

        MD5

        4b9119bc9fdcb2b79b8aeb9fb99271a1

        SHA1

        c2a8982916f811d9ac8c2e78997b915066b3806b

        SHA256

        f5bcbc68f7783e6689da861a49936f84fd71578c16477a684b486df5364dda9e

        SHA512

        c9186f9cb9b32886630643f24745f21d34269538e30a3c3385fa895ceaf1bd8e4cbb0f6e6952ea0f5bae9b14195377036e058095a7f86599e1569d9398da15cf

        Download Submit

      • C:\Users\Admin\Documents\DisableSkip.xla.FBIRAS
        Filesize

        1.2MB

        MD5

        4e25d40ad8138329529084df98be34db

        SHA1

        fb601997de12cb64c167316e0d3df6284a1d8b8e

        SHA256

        c4c25f2fbcf1380b41d09e09045f678f1dbc43cf5b1202ed8d130f6b471863e1

        SHA512

        046fd6f4052f710c036584b6728e23273412d01df72971a0141097b97ce70e62dcb65c190e2e26642e20a73a8480972ac3e156f3b9a3cdb6cfcb3bf291f1e471

        Download Submit

      • C:\Users\Admin\Documents\DismountRequest.vdx.FBIRAS
        Filesize

        1.1MB

        MD5

        793698f7235dc4762fffff51a955de89

        SHA1

        7f1339a3e8201657fe4ab823c164786103bc5551

        SHA256

        6de89e22d66a5073142d319c11bacab854531fd8bc4ea619f15726fb600fdc8d

        SHA512

        e9f96e6c60ee9b260bc888344d159dd57d2c8f573344fbc140397563fb8bcdf28fcad71a9fc1d2a049f13b5ac265b4835f39e3e02fa8d9280ae80013b0910e48

        Download Submit

      • C:\Users\Admin\Documents\ExportConfirm.vsdx.FBIRAS
        Filesize

        522KB

        MD5

        527e8e13ccd36f9915c4f9a5a7e5d70f

        SHA1

        4e9cd83c75bfa0e0c2d94f7ae720bb1024bc0d36

        SHA256

        addec559b22b43f1492b72dcc4fd61bd21ca33b9fc4a737957b12c70463a67b0

        SHA512

        4fd7e65459847524b7aeacb364d3eb39e9545849456cb06f5b34e7ccae9280eed16e4d8052ebd932e28f3430d65ff9328d52bea894b7f905dcd6991034bd37f9

        Download Submit

      • C:\Users\Admin\Documents\Files.docx.FBIRAS
        Filesize

        11KB

        MD5

        7ad5331b6853d305f6d114457e3872fa

        SHA1

        c619580391aaf545f6aff813423230043b39393a

        SHA256

        c9416731daa70670871c21515a2ab33ca3bdb24ca9fe0f2993d492bc5d657f83

        SHA512

        a2c3da3d625ad00c970a7ddbc01a270e7ebb2ce268788abf5d6765240656939716f753203b1790d594f2a0305c9675024bb1fe81284804f62acf8cc6fbc478d6

        Download Submit

      • C:\Users\Admin\Documents\HideNew.odt.FBIRAS
        Filesize

        1.7MB

        MD5

        8305117f4000eec33935fb684e412ed3

        SHA1

        a75cc181151aa92801d5ac3f2e1c70d2b5733802

        SHA256

        a1c2f6ff49efd1f70717d613d351fccd52e17dfa89c6bec906754d3ea448c083

        SHA512

        03be3d765b9bd26cf19cf385569bdccf23dfaad60621f4146da7c61352e24d34023ada66952e73485bea452a07741aaa5b2d44ae2edb26addf0606c89988fa1d

        Download Submit

      • C:\Users\Admin\Documents\NewInstall.xltx.FBIRAS
        Filesize

        609KB

        MD5

        c66aa9a051d00f9c28bdbac797084524

        SHA1

        f762eb4a46e3d67d24f7e5eec0e89c2207a1b5ff

        SHA256

        3bdb73369bcb75f42c5ca56af8307b18323d23e367a919ddf590751875e509fd

        SHA512

        2321a6708f13370772c1bea998a9d3774c12617a3f40c6b2d4cfd3f669139d3757702896d2b64ec7f12adf1932b375aa4ab22a5d614f7325baa3084bc16943e2

        Download Submit

      • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2.FBIRAS
        Filesize

        6KB

        MD5

        b21b9c7e119b7a4d5c8a4c2da1815c79

        SHA1

        ebc0b5d59b1ede9b40535de6a8e5982dc621a126

        SHA256

        85e32dee377b3ee2eaf43a781cbea060bad35bad60edfc77fd1efda46d04c376

        SHA512

        e947d5f1d915a39b0fe079a2b4f3a13800b651bcd93a54d840924e29347dcae71518363ef5bcffa0d069fdf9636ee8fca02d92e086e9461f3bfabf222558d212

        Download Submit

      • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2.FBIRAS.FBIRAS.FBIRAS.FBIRAS
        Filesize

        7KB

        MD5

        700f536bfc66fec4d5300edf421b4e0e

        SHA1

        d225c8f9ce69e7d8933f38bc1956418c1606f4b8

        SHA256

        252732889a12cd04cdc608d3295c1e861dd3e9f6602d0928fb5fa334f2f46f09

        SHA512

        8b5a2113fe26522d4add7a8bd1488915b6f440823eb09b68e0e0cea0dec0d242e21b9123ebefb18f6e47fbd2ef17db3b8d04a006bbf7a78601858bbe859b3abc

        Download Submit

      • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Quick Notes.one.FBIRAS
        Filesize

        352KB

        MD5

        3e3ffdec00424459c17e702f3c52df82

        SHA1

        fb12e2fcc43a1417e89c9df75a402a59a2d7ffdf

        SHA256

        bbaf59d7b34f23d8a475336b6c399dfb628fe8df9a1e484e73fbb6b2cb66c797

        SHA512

        ba93279b89b519442e8d1639416b3b9cf7e9c9641c5ddbd84ac2424379a8316de1fb24fdc46da6ce0011cfafc634a72f2076b6ff1d26ce8aacbaf53acf1df59c

        Download Submit

      • C:\Users\Admin\Documents\OneNote Notebooks\Quick Notes.one.FBIRAS
        Filesize

        5KB

        MD5

        b0fd78734f698857c5555373a331a0f7

        SHA1

        71040676b037dbcbc0e256b1fe5950942bf70936

        SHA256

        665be1fbfc005734fef61f35d1b8bfb306212fb1401f0a6f102a8d431a557e41

        SHA512

        a123980d6e2fcf8caad4f4556393740ade2ad25413b8908bfb59312ef94bf758721f87891e511e8646a8df83a20de4c3ee52ebc6efcc0c857935e5f9d2983ce0

        Download Submit

      • C:\Users\Admin\Documents\Opened.docx.FBIRAS
        Filesize

        11KB

        MD5

        2474edfdddfa3c9890bee708a4597484

        SHA1

        23c975d58a549889a23c181c840732e9056e67fb

        SHA256

        bed9f49f19f8b7ea30e8d767498e6a7bd217baf678ba800ed913898cec5bc031

        SHA512

        5366bb52aea9016b62580f5b3f2d842b0d8c8de05860da21cd33a32590aa81ccb9f929ead885d8e830dbec23c99db4b8618e5a59d3b1d1d90f51412f3bc2e805

        Download Submit

      • C:\Users\Admin\Documents\Readme.txt
        Filesize

        1KB

        MD5

        4e5afc973a7d062342a5020e33bf85dc

        SHA1

        345fbfd0fcad94b2975021c802f5345cce10e037

        SHA256

        ce82cff28fa692ed34a2e9076641f2097248412ac990fd1fe59fc1ae6cda7401

        SHA512

        e41f9fb8ce570fdb5b6fe213f9774f639d156f43a10ba18c0c90f528956f8ca1677b9663930132242751bcf26174eaedeb909779c1f4e521b00468647904e5a5

        Download Submit

      • C:\Users\Admin\Documents\ReceiveUndo.odp.FBIRAS
        Filesize

        1.1MB

        MD5

        82cf7364ee3ac6e90a7ddeaa41b8df1c

        SHA1

        9a3ebaa9a25f11c9e4374d98233ba39ce34f03f1

        SHA256

        3239ec57dca26114fce97a6fcec5d9e7b2603bfb10b01b19d7dad7ad3b8b4c66

        SHA512

        f4a26e26f44d2778be98124204d6972484492e14ff378196006be4200e999f826cbf07363650bbc7a83dfaded4f919073bfc4e20a24da585bfe5dba4ba72192e

        Download Submit

      • C:\Users\Admin\Downloads\BlockCompare.tif.FBIRAS
        Filesize

        576KB

        MD5

        1b4da589fbcda36c3c241798996eaa30

        SHA1

        3762a9570b531e0296e65e6e4d4333214dcd9800

        SHA256

        ff962803a86f97592f8455831ad512b3bdfddfa2ee2d4c340b5952e64c1a230d

        SHA512

        850ee710d08088f8b86a1e2d17f245736605d0e0733f223e51f6ae7bfe37cf66e4bca615dc4f6c1123e52f6c2915344a16383a83f9a26faba357b676d0c39316

        Download Submit

      • C:\Users\Admin\Downloads\BlockEnter.wm.FBIRAS
        Filesize

        526KB

        MD5

        d9deaa635d1118b0786697777f1d9c28

        SHA1

        9ef45e2820caee5e708bf02f5f767d3a29bc8633

        SHA256

        16b526fa637073ecec44262ff639ca0f4fb349ee6adbc228d17d5276397ea20b

        SHA512

        6d179ad0225ef5b0721d8c901edabec08c8a8508638541d7057b79ab7c8cb2b470559ad4232a78f12378303e9d9b28a0f9220307a82a494893987984d7925147

        Download Submit

      • C:\Users\Admin\Downloads\ConvertResume.rmi.FBIRAS
        Filesize

        376KB

        MD5

        8a4acd2bc1432b1f71135206f37d530b

        SHA1

        b9913b404b6446ae33f61a3e0e135086c2863d88

        SHA256

        a02e832787b3abf97c739a3493e593c7eeb1c5552f66d5ded4666ded798f9125

        SHA512

        d41f8aa63156cfec0eeeeba569d72bbe8b2301a209adf222c98d390a8c7a9373f420c94b28847598c2df17c3263d54f1d7a43a1dc645439d55e5bcfc026a90b4

        Download Submit

      • C:\Users\Admin\Downloads\DisconnectRevoke.css.FBIRAS
        Filesize

        901KB

        MD5

        b538cc5137146ab8a3df9361f77a74e2

        SHA1

        f52cd923efa780c283cb9d50fc071629f9efecb6

        SHA256

        4071581dad4b2688b2394a6d54494bd514fa2348cf6d097743791caa53996fcc

        SHA512

        317895204dbd1f4328fd7d3b2fe0d3f562e90957baaf4a32242587d3ad8b27e7e7bc0125bef829e3822bcf8da0ffec7508adfd415e31ea998115d73b6d56784e

        Download Submit

      • C:\Users\Admin\Downloads\DismountPublish.tiff.FBIRAS
        Filesize

        976KB

        MD5

        731fbdb76cd1c55cb994ffb5bca9b395

        SHA1

        7371a86e6befe2b9989eea5fb99eb87c48427ba9

        SHA256

        e363c0300aa4502a5646ed77dcfe19d6415d2a74d0062a2eec3c1cc771498a4d

        SHA512

        8941bf34155f24e788aed568dfda0733b1a65b68da9bffbd2b08949297eea6041c710d85f0d3fe81e651bb8cd54b225aaa901830310323fb60b36445b7be84a5

        Download Submit

      • C:\Users\Admin\Downloads\FormatUse.ini.FBIRAS
        Filesize

        726KB

        MD5

        69f39cfb95f5601474ed2d24f3588c4d

        SHA1

        06a982b7ffca4ccd8b5443e21b8b54523718850b

        SHA256

        9f6366d1bff51d8ff190e3ce6a5d91908947f148964e8ddc276ea50b8ee1a2b1

        SHA512

        36282dba54a781a35703caebed7ca28ff653ab550da8d0c93ec169bd10e8729d15568d00b7210a750a7bd80c0d3c1006e0547fa154628f25f9c176c1c854dfd6

        Download Submit

      • C:\Users\Admin\Downloads\GroupUnpublish.emf.FBIRAS
        Filesize

        1.1MB

        MD5

        da8f827ba9cbbb7bf7cad93a343548f6

        SHA1

        bfd301dbc2c92df82a4017cfc293148c6deb535b

        SHA256

        0601bb8d4b6ad97a25f7c344b89336d28be861d71f0ea2c13c38e27c8bb130c9

        SHA512

        afa770a11ea9b67ba6252dd136e3eead46d0b6296d5499bb5c90f9f7df17b97f621da779d0b1cac4ab181f5bafd78f758a459c177ae102c3c346610c6c11c7a5

        Download Submit

      • C:\Users\Admin\Downloads\InvokeDebug.mhtml.FBIRAS
        Filesize

        451KB

        MD5

        2eaafad2edc8307ced00d65da4c1bc8d

        SHA1

        aa2f37bb6ec4734fcbd78157a9d8b2f0e94c7e60

        SHA256

        fbc66a01f3e3563804a0926ceed9d576155123ba5d31f5ee2529f3f79ad89723

        SHA512

        a958ec82827937d02929756fe326d657e3030cfd8c6a6f6a11970e3ca0220c4e1923293295f7a7e32acfd595c63b4b80efb62ded6a0ef1d4e2df7683f5291dbd

        Download Submit

      • C:\Users\Admin\Favorites\Bing.url.FBIRAS
        Filesize

        752B

        MD5

        6e7d998369e935769d5b215b24bded61

        SHA1

        5fa349ef5412a1c2780d9c81a5a0267a0c257a93

        SHA256

        e42524587e75259e7eba52370133f8c073ae4cd0999e511a93f684915ac897cd

        SHA512

        648009898c629330cea78a4e99ecde4d586112534c67f764beb848a8b6207596ed7b919273fcba0b3bbbe0a5c30bc89fcf1ed02c23862659da19f7118e234e42

        Download Submit

      • C:\Users\Admin\Music\ApproveGrant.3g2.FBIRAS
        Filesize

        876KB

        MD5

        70905a107df2cbfdd5341f53a82eb0e2

        SHA1

        55c22eb49a574a5e848716b042ea1fc074291518

        SHA256

        aa4edac42cffcd33ebad5361f52710e66a871d73b51bc8b53a6c886dbc21b68a

        SHA512

        d6d864a45b929f0151d74d3ecd3cdeede3ed66f318e88bc3148e0f33c2b6051b7095637abbb9587d8fa426235a921eb3485388cec19a135acd4351db520dcec7

        Download Submit

      • C:\Users\Admin\Music\CloseUndo.jpe.FBIRAS
        Filesize

        783KB

        MD5

        d7420999553fef738696b3c51072b0fb

        SHA1

        8a6cf60470ccfcc9c6f62e78ff7fd6c9cc53340a

        SHA256

        0be79488d984519fa5ca2fb7b1baccde4936f6c34fe951abc52573c40bbffe3a

        SHA512

        5b288efff8b335c322f28ce8f0d599288fafcc3b3a87d45a8bdccb41a5323ede3c3df6d969d8369b821bff10bf29d1858452dce103f16157ce7fda8dcf1b597a

        Download Submit

      • C:\Users\Admin\Music\CompressInstall.xltm.FBIRAS
        Filesize

        1.8MB

        MD5

        7a59b0af5032f41e98dcb7f3e812cc98

        SHA1

        c49510e1443b48c2cef9591d2b410c0370158427

        SHA256

        46f306bde0f32f59f75e89fc25262401c59a8833c1cbdef32de314ba7d620db3

        SHA512

        dab1aaa50e6566f08e4d312915be573a1588cd1f58e3564c7f765f11ce1f465f1ebc629eef023f3c2aada00cc00d0387d606b70dddd3bb85bcbcb68dd5bbb986

        Download Submit

      • C:\Users\Admin\Music\ConvertSet.tiff.FBIRAS
        Filesize

        1.1MB

        MD5

        5a09183580914c4a0837c9065df6eca8

        SHA1

        708facf4cfebd7dc1968463f32c0b088664e6f45

        SHA256

        a4dc72c5a809179dacda6b70402dd01f7046a81bbee490c4347518b9b09f2329

        SHA512

        204ef1cc13b33d088cca22250bafaf385f131ea3ef9fc678b7d5c206a2befe5bf41586b3c6ecf3527b13d03ecea5ef303f57db9566e4a88f292f4b19d7b4b9b3

        Download Submit

      • C:\Users\Public\Libraries\RecordedTV.library-ms.FBIRAS
        Filesize

        1KB

        MD5

        e7922946804dbd6863e5afe163c3bc7c

        SHA1

        28550b5794dae773db29511ff0224845a3a34590

        SHA256

        c555b71f5b36f9c615ce47256ac625260ac0ca1c6e5a75f70b7918f7460bb34a

        SHA512

        4795137b052bf16b720bdaf585e19aead507206bae1934937eca5af167b226097b00db49cf7fdf7918d13f9e1edba55d4b5148fff380c0fc33fd42b0d5d397ee

        Download Submit

      • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt.FBIRAS
        Filesize

        381KB

        MD5

        12224d8ff29cea65032954397ac1906e

        SHA1

        bbe789512abbda594f05f6fd00ff873d55d4b737

        SHA256

        9c2522f52d572a3b8b3fd11bcf9c6398d423ca014013d015b033d0106d86cf29

        SHA512

        a16a48016cfd1925aad1b004ce8a3876947f388ea1c8b5fca2f6f0e47698353bf1c90c3d6be749253382d9b5914d730d10c34e70658c4144331ef1fbe70fb915

        Download Submit

      • C:\vcredist2010_x64.log.html.FBIRAS
        Filesize

        87KB

        MD5

        8406fc31f3af2208c8647cc768add79f

        SHA1

        bdebcd2e93a2895fe359f2da57961c6104fa906a

        SHA256

        083bc56256a7c6aea7e0125157d59d4744de888d21f5b4a8585d8d374eb0f22d

        SHA512

        0ef23510804318682dab11baca42b118b18f9aa92ff52d88cc8baf6276431cf9e2acf04449d23a28b3de850cdef51945fd900ab951b1f747efe82cb942e381c0

        Download Submit

      • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt.FBIRAS
        Filesize

        397KB

        MD5

        bd7cef410f14b29bd3537aedbabc2149

        SHA1

        1a9bb3b3c3db5193e5d41d0f50e76ea6bbd26466

        SHA256

        4594b63896f8cea23ca223fc712e9d6ff8aa77eea0403a49d10cc357a0dbbb1a

        SHA512

        ec1c908c1c024e764c5737efcf94069bc9a995ddf85df07d25c6c6c9859bc57c40292747676efaa8283ef8251fbd049a7f4055d18889d4898f664cf76d356e05

        Download Submit

      • C:\vcredist2010_x86.log.html.FBIRAS
        Filesize

        82KB

        MD5

        9770385a7cb52a44813c38f99ddd83cf

        SHA1

        c22daeb07732aaea07c08a4876df1471515e49e2

        SHA256

        acc8b7cf24d2765fb9c0fb9978d015837fdc2ba2ac59a3b2a83671d74d725dfa

        SHA512

        5c0ebbf051155a38c8a253ecce5da7771d9717e1942dc31fdf4939eff3ffcb2942bff3f4e311b8e1c972c7059e1d4e27bb7eb7305b6c239a6bb1fbf0e364e1cc

        Download Submit

      • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log.FBIRAS
        Filesize

        168KB

        MD5

        89ebada2331cdf5c4303ac04a64340cd

        SHA1

        0711f58df9a44155dff92242ea3e4400a84bec3f

        SHA256

        337c663ff4b18639b089216085f66973cfb5a1478cbb7e57607c60e76f0ad48b

        SHA512

        d2702d581481b0c1e1bc1fe9487faf0f89a567a1ec2a1103ce1f80122a81ff66bc951c266e11cc5361b66366361d731cc4f27d6cdb1938b7f020de17bf466b90

        Download Submit

      • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log.FBIRAS
        Filesize

        195KB

        MD5

        9990b1b42957627545836b068b799873

        SHA1

        8d1154e2e1b87a96312178da06bc8257ebdf054f

        SHA256

        b41abb00518755f01661a76d6d2a6a9f6707946b1ef37b9acd27b73f1495e7a2

        SHA512

        f0b4e2aae211cdf44ef9a3074a7d12dab332a1577340f9dfebb3e2bd82ba3576a1a3bbbbd640a38a008733fd0fa1d98642b0448df14be0aa8fb1f75cd547b650

        Download Submit

      • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log.FBIRAS
        Filesize

        171KB

        MD5

        f3744be83142d965f21241e142b1cdb3

        SHA1

        8ddff4592d5501f989cd96ba8acb2cb86486c245

        SHA256

        919e85bf401a6fc621cafa6bbcbd1d7735b054bff882c0a8f403c72d4149924c

        SHA512

        5f74b6a2f3a71404674f938ce983e2c74eb947bf943b7f3f5ed57ee39f2241c52f6ca02d048c691800118a08f062cda03ee1a1d3a2b75912344d0f2098950e0d

        Download Submit

      • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log.FBIRAS
        Filesize

        209KB

        MD5

        ae5e18bc8e282d32c449acd9734249af

        SHA1

        f69a8e4356be1a459d046bfd730a284c9210ee01

        SHA256

        115db7343a983f5d47c214c3eef87bd1bf1e667465508c5e0e41c2ea147feaa6

        SHA512

        0d416bf64e6466b8d14eaa5a792d2ca61fc04255b92b8f8a60b91a7f9c5bc196c0b1ec4bfb258ec39d380b5a224b0c615fabb79c72600d524ff29476cd73c4c6

        Download Submit

      • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log.FBIRAS
        Filesize

        170KB

        MD5

        d818ee31285c41d793f0ea9d2df9e3b2

        SHA1

        aaf3283acc4c7befadbece86a13f507d3a5222aa

        SHA256

        51b5e16792219ba7397c3ff5c0616e3ca842b8e139316708671f8e68813cf283

        SHA512

        2bc1d0cda1539e6304ac39bd0fd57d61c06ed16d27e1237aff7940d1f30e12172a2268b6e65fc74b868ed821d01ed31b094c7d19f746e9724e3c0e64d119e174

        Download Submit

      • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log.FBIRAS
        Filesize

        191KB

        MD5

        402700f36d84d0231f2c0e669789d580

        SHA1

        54b780ec367c085cada2cc37d9f85829955deeea

        SHA256

        e4145462bb70698a4bd36fe2d7d4124301dbfeb07fa00cb1bd8e0dac7f5cc792

        SHA512

        8da9e6de6c6fbb18f03cbe3f06466c4bc2830f98c54a262f112df761527ce19611e7f3bb8871981502a533e4b657da94b0f7a42e522ebcbf1a05992674c8920e

        Download Submit

      • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log.FBIRAS
        Filesize

        171KB

        MD5

        04cad0f6a864397eea88a9f52caeb553

        SHA1

        1e053561fb8ff5ee2177cdf2e3505999e92d3014

        SHA256

        7b90cc705b423d26f62a712ddb7c79f0e2972e02013c481d92b8e8e905653ccc

        SHA512

        799fb0c40514e9f7109df7207676151ef8528b146fe72802a6bc1a42b495d12dd86441697141242be8d6a94d94756fce4d60b572269d735e9f8913a66f997248

        Download Submit

      • C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log.FBIRAS
        Filesize

        199KB

        MD5

        5efab1aa907d03682c6d7e3efc25ac74

        SHA1

        f437a583cd0068c01473b99ff36dd2e0bae39bb5

        SHA256

        38c77f61fc66a35be4e66a67e603f47a0189f1335d326da6f75f71c1a02f1e14

        SHA512

        f8fec3786c4aaf6e807d8b3c8eb7d97e15e90804eb8a37e396594efd18445495be9c9e3bc9fb16eca12b38f826738c1aa810ee1f2f7255e8a3d226f5fa0c2166

        Download Submit

      • C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log.FBIRAS
        Filesize

        124KB

        MD5

        358ea7b0d2e2e8bf7023f3b00342561d

        SHA1

        ed9b5ee688ed60a81005324e298904ceaa8fc65e

        SHA256

        e9487417c2407aa895a4fb2eef5f257070178a8e55a47a949d5c7cfc2b7df7df

        SHA512

        aaab4533f33955ff5c3c46e4b36324e3f1ba8eb6e4274e4c7c510ff87938a3dee141467b7b8f7ae4a3502364539421877c4da0beb4b1b5e773261d26562313cb

        Download Submit

      • C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log.FBIRAS
        Filesize

        130KB

        MD5

        d7ba681a61c815a329d3fad7c847b812

        SHA1

        d9d6670387ee749301eca529beed50af70ea340d

        SHA256

        1fcaac770052bd29c7f6f1619b6c69d285d091fa913df881645e7a4f70ce3ea5

        SHA512

        2ce75cf4ce70d1cfe1aa6db5f21c2d3775aceb320275d2dffd21d4c4f8aec6e2578aa8f09a2e69fee4f030c016b5f66a137c50894ee320e997c3c3212470848a

        Download Submit

      • C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log.FBIRAS
        Filesize

        124KB

        MD5

        3dfc9f2e696831677f04562cba3a0d7a

        SHA1

        dea4ac03a4c33ffe38f95c8e02648d343dbdc6af

        SHA256

        89433203ff75b2f757015fb8986f22fae0c5df9f65db642ea759afb58403d53c

        SHA512

        9984738abdb9004bba01f894a4ba5eb911120459735a5b5089a9f82c1f15ee3351e50d1d8ca32f137da37d595069d2ffb7676877b4300b2bd5a6933aacc49ecb

        Download Submit

      • C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log.FBIRAS
        Filesize

        136KB

        MD5

        3a956f5e08394190ac7dd69dafda0069

        SHA1

        2b648e7ef6fdcfe1a64cb8cecc0b5eaa5d5f89ae

        SHA256

        77041a389ff99acc1478252102a986901261ba5ec869044fc4b1dde29c88b3d3

        SHA512

        460a701a52c4ca26a77a43835726e351b3406f2b91c583b40c23387ad4ee31bf4fd98989693db148d2d63e9666943c6be8d41c7d0755576256187df77b810897

        Download Submit

      • memory/704-194-0x00007FFD62850000-0x00007FFD63311000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/704-126-0x00007FFD62850000-0x00007FFD63311000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/704-70-0x0000000000310000-0x000000000031C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/1452-1157-0x0000000000400000-0x00000000004C6000-memory.dmp

        Filesize

        792KB

        Download

      • memory/1452-134-0x0000000002030000-0x0000000002031000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1452-1131-0x0000000002030000-0x0000000002031000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1452-1130-0x0000000000400000-0x00000000004C6000-memory.dmp

        Filesize

        792KB

        Download

      • memory/1872-195-0x00007FFD62850000-0x00007FFD63311000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1872-196-0x000000001B150000-0x000000001B160000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1872-1119-0x00007FFD62850000-0x00007FFD63311000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3380-711-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-574-0x00007FFD80C90000-0x00007FFD80E85000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3380-522-0x00007FFD80C90000-0x00007FFD80E85000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3380-514-0x00007FFD80C90000-0x00007FFD80E85000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3380-440-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-515-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-494-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-483-0x00007FFD80C90000-0x00007FFD80E85000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3380-712-0x00007FFD3E760000-0x00007FFD3E770000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-715-0x00007FFD3E760000-0x00007FFD3E770000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-1129-0x00007FFD80C90000-0x00007FFD80E85000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3380-539-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-1128-0x00007FFD80C90000-0x00007FFD80E85000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3380-1124-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-1125-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-1127-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3380-1126-0x00007FFD40D10000-0x00007FFD40D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3460-0-0x0000000002260000-0x0000000002261000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3460-130-0x0000000000400000-0x00000000004C6000-memory.dmp

        Filesize

        792KB

        Download

      • memory/4548-1120-0x00007FFD62850000-0x00007FFD63311000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4548-401-0x0000000000D10000-0x0000000000D20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4548-279-0x00007FFD62850000-0x00007FFD63311000-memory.dmp

        Filesize

        10.8MB

        Download