Analysis

  • max time kernel
    97s
  • max time network
    234s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 17:18

General

  • Target

    TLauncher-2.919-Installer-1.3.3.exe

  • Size

    23.0MB

  • MD5

    38d4740072a8962d2301b482c96ad41d

  • SHA1

    f4058683b559f1a3cac9e19ff6121a3d990a5909

  • SHA256

    1127fd6ea53d54feb45168d7e98488387e11b0673123142cf8a8f84fbe73140d

  • SHA512

    77b981c49fdcb351a5b6cbe0a0feae3c702b98d68c71ae28b570f0e8a449c664f284059887fbf3f7d32d7e3ea0ae54ce63cd7c2c4ecfdcb89b9a9d0aab2179b7

  • SSDEEP

    393216:c25K22hvhyr4hQ5+kcOWyiGhtkNtdal39+ytpUcOy0rr6of5MJ7ZWqxPAIgtMIMo:5K2Q7m+QWpGEtgl3n3vObrrKJBH5lFRq

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.919-Installer-1.3.3.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.919-Installer-1.3.3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.919-Installer-1.3.3.exe" "__IRCT:3" "__IRTSS:24067351" "__IRSID:S-1-5-21-2297530677-1229052932-2803917579-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2064
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1708464" "__IRSID:S-1-5-21-2297530677-1229052932-2803917579-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:2692
      • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
        "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Users\Admin\AppData\Local\Temp\jds259465012.tmp\jre-windows.exe
          "C:\Users\Admin\AppData\Local\Temp\jds259465012.tmp\jre-windows.exe" "STATIC=1"
          4⤵
          • Executes dropped EXE
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2800
          • C:\Program Files\Java\jre-1.8\bin\javaw.exe
            -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
            5⤵
              PID:2404
            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
              -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
              5⤵
                PID:3008
      • C:\Windows\SysWOW64\DllHost.exe
        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
        1⤵
          PID:1236
        • C:\Windows\system32\msiexec.exe
          C:\Windows\system32\msiexec.exe /V
          1⤵
          • Loads dropped DLL
          • Blocklisted process makes network request
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1964
          • C:\Windows\system32\MsiExec.exe
            C:\Windows\system32\MsiExec.exe -Embedding 86FC18534DC95EA727B1C0B774493351
            2⤵
            • Loads dropped DLL
            PID:1616
          • C:\Windows\Installer\MSID617.tmp
            "C:\Windows\Installer\MSID617.tmp" C:\Program Files\Java\jre7\;C;3
            2⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1176
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Program Files\Java\jre7\bin\\installer.dll",UninstallJREEntryPoint
            2⤵
            • Loads dropped DLL
            • Registers COM server for autorun
            • Installs/modifies Browser Helper Object
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            PID:764
          • C:\Windows\system32\MsiExec.exe
            C:\Windows\system32\MsiExec.exe -Embedding C7A4A0BBAD0FD7BBFC59AD916659BA96
            2⤵
            • Loads dropped DLL
            PID:1548
          • C:\Program Files\Java\jre-1.8\installer.exe
            "C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Registers COM server for autorun
            • Installs/modifies Browser Helper Object
            • Drops file in System32 directory
            • Modifies Internet Explorer settings
            • Modifies data under HKEY_USERS
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:2112
            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
              "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1240
            • C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
              "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup
              3⤵
              • Executes dropped EXE
              • Registers COM server for autorun
              • Modifies registry class
              PID:1176
            • C:\Program Files\Java\jre-1.8\bin\javaws.exe
              "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent
              3⤵
                PID:1628
                • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
                  "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
                  4⤵
                    PID:2404
                • C:\Program Files\Java\jre-1.8\bin\javaws.exe
                  "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent
                  3⤵
                    PID:1664
                    • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
                      "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
                      4⤵
                        PID:2836
                  • C:\Windows\system32\MsiExec.exe
                    C:\Windows\system32\MsiExec.exe -Embedding E91AD0273C2224C2DD8EDBB6C2D9B3A0 M Global\MSI0000
                    2⤵
                      PID:2212
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2224
                  • C:\Windows\system32\DrvInst.exe
                    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003A8" "00000000000003DC"
                    1⤵
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2996
                  • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
                    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                    1⤵
                      PID:2520
                      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                        2⤵
                          PID:1528

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Config.Msi\f76bc6f.rbs

                        Filesize

                        113KB

                        MD5

                        aaa5d22dfc87e04069d7e52cb0a21326

                        SHA1

                        791c5e36c52e85bcd429120de56c55fab348758f

                        SHA256

                        13f4e9c737e703cf394c5712476d295e679c433c96f4139fc4b45bf1d578f9ff

                        SHA512

                        c294a45c5fa270d6452c21b61557e9a310a61dbd84ae02f06dc5b2e8612546f7a97740562aac340ca3f8aa3c1440163605254803a8404c10157f0b1b84622d72

                      • C:\Config.Msi\f76beb7.rbs

                        Filesize

                        962KB

                        MD5

                        9a15e4b1945855f9ece32908b170bdbe

                        SHA1

                        c0d5b2d8d23657a39ffe5a5e633f12d402f4bdc5

                        SHA256

                        3e583852a3ded5a8ba85ea90415707c27c81fc72231a9494445ee47453ab5392

                        SHA512

                        e5234c381100cddb5344988dddd389ba3d1f7fa0f3ce03b9fd8291c0983654f4544ef2ad3e22fefa3360cb69973ff1a6af846d23b829d852c9068e43613b031d

                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

                        Filesize

                        177B

                        MD5

                        6684bd30905590fb5053b97bfce355bc

                        SHA1

                        41f6b2b3d719bc36743037ae2896c3d5674e8af7

                        SHA256

                        aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20

                        SHA512

                        1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

                        Filesize

                        173B

                        MD5

                        625bd85c8b8661c2d42626fc892ee663

                        SHA1

                        86c29abb8b229f2d982df62119a23976a15996d9

                        SHA256

                        63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a

                        SHA512

                        07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                        Filesize

                        68KB

                        MD5

                        29f65ba8e88c063813cc50a4ea544e93

                        SHA1

                        05a7040d5c127e68c25d81cc51271ffb8bef3568

                        SHA256

                        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                        SHA512

                        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                        Filesize

                        471B

                        MD5

                        17965f5ac37a3d2a0e07c0d41f7d4196

                        SHA1

                        b82ccf16459772f471d2fe330dd3376d09bb6eec

                        SHA256

                        819ce2088812aa36c3ab0ad9884d57ce81db03be13aa1200c9ea6abe06d5f9d1

                        SHA512

                        0b84bbac81ace00a670ad65cc73edb6cd87234dc795d03263f1d4dacef440fbc424544ab1d3fa97b8766b01b44fdcef92f2ac9b0b258059fc223175b8f497492

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        e1dd3efca25d6348ee63b87bd8620f3a

                        SHA1

                        ac66eddc23225c75f95b930f58f1fe7894f827ea

                        SHA256

                        6ba611d8cfb7c39111c3b4e0809c36fe12cb5a9405d289e65d894377450d91e7

                        SHA512

                        5df776b6e564849ab59212f70b5736538e6e2c27385dc3da37d7b00006aa403343ca605714de609de944456334080c8e49ef98f11d97ba4332ac006b534861cc

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        604a52ffbb6594d84b1a3ddcf06c8a45

                        SHA1

                        0cb9a7995fb67fdac7d3b0adec997a93bd8b93a5

                        SHA256

                        4223b21e39f50881e88ab343241adf6ad33fd5b14a991866ea002deb03cdce8c

                        SHA512

                        ea705e406cb1c79b3278fe2135d0dd264ba4582043467cb438a3b04e12003593807fed7e9cb729281605255ea256839427900163a18cc00a0a0ec59b4bf8208c

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        43605910dbe575fea98072d820a1112b

                        SHA1

                        ce780b52ae953cc7215bddf809bd673a924059d4

                        SHA256

                        01ac665eb9db75237b9b30bf93be63ff52156b1802b2e932d3712d2070ce1cdc

                        SHA512

                        210e0b0ea951351033c0b0868bc0736455112aca66f931ab4e1c7bb97b707b2b8139242862efe2ac38fd98284cac0b63f68261bca0f62fa4fc8bc1e2ede6865f

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                        Filesize

                        400B

                        MD5

                        5896b57963ba467bc111ca9706941706

                        SHA1

                        52ee196f8fc1e35789964e30cc9819c1c9006300

                        SHA256

                        a5ab3183e285125fd6879054042887314c0c81098bfd2d24c137c724ce338ff4

                        SHA512

                        ad558669fb6aca5b46557ae861d7641c0cd6c5c397492f5686eb339926d6e75b5564ad84d9f58b57c1b585a380ab312f551a2590459d79f992767cf0cb0bd521

                      • C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401_x64\jre1.8.0_40164.msi

                        Filesize

                        60.9MB

                        MD5

                        4b80c230492aedab6757f904167b4e17

                        SHA1

                        ca169fc089c12341ac8a023e98e5f7d58a1d5d90

                        SHA256

                        0d961da2bc9f0fe029c31beb616d5069b718abd7f494f28a86fc6ace8e4718ea

                        SHA512

                        fcfbaa9c987bda1143f2596aca5bb3c04eebbb8ff7cacb9f855ef66d4c1b433a0a07c9694dcaff56f481df0234e8cc833e0c4b66aa52c2541db5fc562a741aca

                      • C:\Users\Admin\AppData\Local\Temp\Tar2AFF.tmp

                        Filesize

                        177KB

                        MD5

                        435a9ac180383f9fa094131b173a2f7b

                        SHA1

                        76944ea657a9db94f9a4bef38f88c46ed4166983

                        SHA256

                        67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                        SHA512

                        1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

                        Filesize

                        116KB

                        MD5

                        e043a9cb014d641a56f50f9d9ac9a1b9

                        SHA1

                        61dc6aed3d0d1f3b8afe3d161410848c565247ed

                        SHA256

                        9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

                        SHA512

                        4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

                        Filesize

                        1.6MB

                        MD5

                        83a8f0546164c9ba1a248acedefd6e5d

                        SHA1

                        7652f353ed74015e7e78bc9f9e305a48d336b6d1

                        SHA256

                        e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9

                        SHA512

                        111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

                        Filesize

                        12KB

                        MD5

                        3adf5e8387c828f62f12d2dd59349d63

                        SHA1

                        bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a

                        SHA256

                        1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0

                        SHA512

                        e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

                        Filesize

                        43KB

                        MD5

                        75decfe97d92fa34481d3b502316fd2f

                        SHA1

                        b98065fcacb2e19cb67eec0bf6f2fce53403b38b

                        SHA256

                        247a19e724dc8cf8ff5d3dce60fdc12c839e55149670d0366b362d827f7d0a91

                        SHA512

                        10dfd147f5366143357de272b0f2ff2db517c0a9b6b5da2956b52a5bd141c8d6898d0575d3efec3b146fe194eafa3b8cc968bbc5dcf6776de2d16cb62eb85aea

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

                        Filesize

                        644B

                        MD5

                        e9f67b64d881a992b1cfd8e3530cca32

                        SHA1

                        2a94600e58d1d88e7ddd19419b98c58cb3202be3

                        SHA256

                        b1b65f3ef3b45ea3d98a19c8b1b2dcc25c54a2a5887525724434ec64d7677089

                        SHA512

                        0d1bf5b51368132b9bae5510227e15ff9d4c68716b2760950adef49735553f4c721067ee4867255607d492a9f756e5501ea1095dd0ed35b65aba6a7122b16635

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

                        Filesize

                        40KB

                        MD5

                        7c707de88ac21b3c96714ec7518a23e3

                        SHA1

                        c0ad9f5ad7e0584a1734c6c8123883c3c938a3e8

                        SHA256

                        a4ea28436ddb281bd848406fc8136a15738ff86ebf5f7e1925f69accb97d6dc2

                        SHA512

                        403fd9ef1071ed76fd25a9d67e8084de0f5954d1864bc49cdfd68b24c6869c5b079f46a11ee086c57f831a61db27394f7b96c5355f0fe111ddc1284971e53ad1

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

                        Filesize

                        12KB

                        MD5

                        f35117734829b05cfceaa7e39b2b61fb

                        SHA1

                        342ae5f530dce669fedaca053bd15b47e755adc2

                        SHA256

                        9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3

                        SHA512

                        1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

                        Filesize

                        12KB

                        MD5

                        f5d6a81635291e408332cc01c565068f

                        SHA1

                        72fa5c8111e95cc7c5e97a09d1376f0619be111b

                        SHA256

                        4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26

                        SHA512

                        33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

                        Filesize

                        438B

                        MD5

                        121558ff4a60cbdd63a2c563f64e3a8d

                        SHA1

                        c5a58189193a6dd14ecea5e8f9abfa534182afab

                        SHA256

                        57e4e472dd3e5a8d82a63b607d79e9d96ed42c69bca5d3f9aa4b1a338ff7318c

                        SHA512

                        36b2366bd1fa8597c20ff43b041c5dc1c62183ba536dea31ca1125cc1f99ff1dcb7e907959d6f0672e57ed82be585615ceaa6b963a8b5e540510d329c610a267

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

                        Filesize

                        325KB

                        MD5

                        c333af59fa9f0b12d1cd9f6bba111e3a

                        SHA1

                        66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

                        SHA256

                        fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

                        SHA512

                        2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

                        Filesize

                        136KB

                        MD5

                        1ffd93751bc3400074dc0affa49ddfaf

                        SHA1

                        81be618514bdb88161333386f326cfcac2075517

                        SHA256

                        e65cc17886b8632c1ff12ff8a97128d3ca379a6b9ad2c0300788f43958c458be

                        SHA512

                        b2aefcf3a2f3e4da57c3507f7b419d229985cee88c782232dd90a96a6e9dbe46c18a7a58c7c4d1a3fe4b8b4b187f884fa09ac9e9a70d179e941704d7cbfddb30

                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

                        Filesize

                        1.2MB

                        MD5

                        a266e0ae1001da0023f9664afbcaee99

                        SHA1

                        f943c180e5221a5943039c21b21f394dd99cbe14

                        SHA256

                        819b9a02a788445ad6c4d8f38e05abe911e289e71e4d2c2e37923c9f66f576cf

                        SHA512

                        525b8473b17732ba94942df63b0e43b26ee0157b137a1a39f52034b04ce686097e92ec8d9ea422acf02edc4385863c0179a6af73af01dfcfc1cb6d7c9dad1e7c

                      • C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

                        Filesize

                        5KB

                        MD5

                        515c45d9da4c615f7aa931fe67941121

                        SHA1

                        71582470022487dc37cbcae8395bf9614ee8b365

                        SHA256

                        251c6dcbaff7129aba535ab84bba4e4828f2eacee8172d6b07acb4db2714c6c9

                        SHA512

                        587c416a401848ee7306a26c8a3100f778e71ccf1cbccdb04be9b405f85201120c2a1aac7551d6d119153d52b464eace7bf78fd4b0a81b8952700d30cb44f06f

                      • C:\Users\Admin\AppData\Local\Temp\jds259465012.tmp\jre-windows.exe

                        Filesize

                        64.0MB

                        MD5

                        96d622d62567def49ad8999324a66709

                        SHA1

                        5a4749631631d97e9db816f5cca2392e69d0b7d9

                        SHA256

                        953b06705f72bfffac774c41ceb359fe1d3f8a0c5d6a44f93597ce9c39399994

                        SHA512

                        c2d350895f47c5164138d2e3befbeb0acda8097a7904a28d9ad9db70ea0aabb3ec54a476dcb2746a41308fb79616d810305c53f7e23a4856a3f9eb656896de0d

                      • C:\Users\Admin\AppData\Local\Temp\jusched.log

                        Filesize

                        1KB

                        MD5

                        c20a1ee91c78f451efe1da0b6627382e

                        SHA1

                        f8d0269859040248aeeab520997c3edfdbf2d243

                        SHA256

                        1eee7b45c889dbfc2b4fb0f820cc167d8b78c8177998430d6e0a6468af3ab4ac

                        SHA512

                        98d0d3cffefe63bb8610c30cc6a5192bdafc6606ee01d43cf817e4c0771694980eb83382be1cb805cda867d2c7adce6d1ce21e8a88a5d5d313dffedee02eda6a

                      • C:\Users\Admin\AppData\Local\Temp\jusched.log

                        Filesize

                        5KB

                        MD5

                        17907360f8f509a51a84d069fb040f10

                        SHA1

                        43a157a5a29ddee44e977e2af46c191c4c0195fd

                        SHA256

                        e8056603ec71a307ed9c9bc89e4d4b988d582b1799b179efef777a21db1d152f

                        SHA512

                        6b7679023cc90e4b0fcf84f3c30b9eec94d92a0436f8c7fb23b4a4bf3c66cb3c7aaac4a237dea543e3374bbdc120f8b4d8212cf2e366734ed87257a7388ae77b

                      • C:\Users\Admin\AppData\Local\Temp\jusched.log

                        Filesize

                        20KB

                        MD5

                        b776dc5a83a4bee8eda4285854f9e324

                        SHA1

                        53fe4c838a3b833c4c28a52b0e91287106a3c052

                        SHA256

                        46d39e78cc79f6276552b2025fcaff9df6b207af71c362cc51220bd2cb4479f5

                        SHA512

                        c56d47d0293fabc44502baf999b10b4d50a51bf34545a545c8f07a8490bf69029dbe8ded23deec9a73e0b87d21d436b877b7ff1c49bbb1ace0501274eb171a46

                      • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

                        Filesize

                        741B

                        MD5

                        1178db51754a0e1eecb82c0df50b222b

                        SHA1

                        287e191b8f90d2c88671de39098df3e450c5d309

                        SHA256

                        9cbd0658b652f21ebacf6e81dd033b7921bf3309d1e01cdc52a5351b8b630097

                        SHA512

                        2f21d43d97ce002447bf4278deba1399983e3244f0f3383be252f03be92b3adad2a062ff006aa736bd9ba3c9c679ae900c3b3fe350e0d91cea0767c4cf69387d

                      • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

                        Filesize

                        9.1MB

                        MD5

                        4f7fa4dee62924a4fd3b726cc150c256

                        SHA1

                        684319e7c90f8101980c88e9b327eaf3e00c3aa1

                        SHA256

                        16ee6b2cb0ad4b9e862bc8511dc916c6fcfa3e1898e4f8d96ee3ce98a1e84401

                        SHA512

                        a3a38b96e7376d083edeef681a5eec21baee2e736547840ed6e41397f85c917e25c57d9201df9fdc9c0140a7fac4cf775d7af2d218646cd921d5b468b21a1c66

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

                        Filesize

                        45KB

                        MD5

                        300bf5341502ba7eee93c2b16c63af7a

                        SHA1

                        c0b30be839455dfe2f514c07c52dd085392bb022

                        SHA256

                        046d24487296987dd7126d52df2bcf36040bb573f8fa695018e255b48200f7b2

                        SHA512

                        7720d9e1b94bcd4480100d430bb103d332214b7062212a33e066e60457659645251b86c1e331b1afd872ac5cae1835b826c94f9400c56bc40fd43ba1c4daa6a7

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

                        Filesize

                        206B

                        MD5

                        e5d58eadbf836dd10e686eebc3a5be5c

                        SHA1

                        d1ca91793d766019ddb08e92e8734b0dcc866c46

                        SHA256

                        1d55e1a2619072c43fde1846479bdf096de360fe157939569965e75bebd1a4b2

                        SHA512

                        c52187077ef449bcd85424cd629390752998e4fc492dbe22ad3a9ec1b757e68d2901d491dffdfaed1269f8c8022adafa3987c4c2b55428262d0dc9052b6ce60d

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

                        Filesize

                        41KB

                        MD5

                        44b7f88f828cb198ef4d3bb74c491da9

                        SHA1

                        e152b950eae01d9f8a3255bfc1576f63239d73ea

                        SHA256

                        4f0d9bddf74090d9deaf5fa332e93ce98ab673ca9d4a7ae722a8641bfb572c2f

                        SHA512

                        9d97e8d8e93112f93d21428fbb8170d699973bcb28604b49541c0f20d6b0b803fcc9bb4ce0c55f03912675c08963d33490c0dabc9bba9524f2d6bc224e95ec78

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

                        Filesize

                        475B

                        MD5

                        ff54bcac65743e803865f43f041284b2

                        SHA1

                        4ab743a7d2a0a9a5237c1d503f134339e4d31f7a

                        SHA256

                        c0506574d1b5b01f7906fd8c6baf99e9631f6a204d1ab5b8c5bd8f6bbd907743

                        SHA512

                        3b21c743ffdec316597c143cd293bb98fb58da911ba9af5c1df8e602082b75b131ec3d8bb3b07d89bbe589f3e062fbe1bb70e57176ee1de10bfc5f30b76f63c6

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

                        Filesize

                        368B

                        MD5

                        9a922807c184a7f18f808735ac851f3b

                        SHA1

                        142c5e76464e31ce99795f0126e284c25d11040c

                        SHA256

                        a576357ae47d4bb1aa07fb6a503c1f88e55467c97275e85f48792c0351f7e408

                        SHA512

                        38f2c9c5881ba07fccebcef28c5a7b75b72fea8d30e7049b62142868c803be6e01409d8bd6e371c5bb6188eef505e268274894a9a8ebd65053f35f8d53f1ed3a

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                        Filesize

                        18KB

                        MD5

                        adb1415d071ab651d8e7b7eb93cd3b27

                        SHA1

                        99366cdc54035572f39e9bb5428a5cf0aaccda51

                        SHA256

                        f8360d8b995d10869bf6e8517a238a23cc23eb87306c753d5db3ebf9d0d7cd87

                        SHA512

                        251f7d6cdb6e8bdc095595345860e25678ebab18b25e4082c0b141168bb8a313f87f85410f8f0d2d28817a2c2313ceddb2d95839ee255078aea694f0f0b9da7c

                      • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                        Filesize

                        4KB

                        MD5

                        797d44585917c2718110366ca9e14031

                        SHA1

                        96e9bb5902460023ba88600c287d6a9d75ec632e

                        SHA256

                        e89ea690a865a67ed38e2ea7b5ac65239e0cf05f87ee51bf81f0f23be570406b

                        SHA512

                        d6ea6c70d084b41f32624a370f3be53ffffeb0b9412d56e210ac05ec4ad1d77944598bcd6886597bb0808f2c8878a713dd92544e3faa439fb866c809a8da923c

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HVBL74G9.txt

                        Filesize

                        867B

                        MD5

                        15f2bb42cda18e7b06f1fdf8bd95b667

                        SHA1

                        c0942aad4379959ea59643d496c809f9c04351ee

                        SHA256

                        2d1cab99129617edf48046a12a29ccf85b76ee702928f9a4401c6b93487913a3

                        SHA512

                        3323f90941a914b166234bf43acf1ba9a9f6108dd1f72d6d09f64cca1a96fee6bb67a42b3d547b29e9a90c9e4a731a4eeb93a43987931cca6f7114126edf3d9d

                      • C:\Windows\Installer\MSI751E.tmp

                        Filesize

                        953KB

                        MD5

                        64a261a6056e5d2396e3eb6651134bee

                        SHA1

                        32a34baf051b514f12b3e3733f70e608083500f9

                        SHA256

                        15c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0

                        SHA512

                        d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8

                      • C:\Windows\Installer\MSIBDD4.tmp

                        Filesize

                        235KB

                        MD5

                        16cae7c3dce97c9ab1c1519383109141

                        SHA1

                        10e29384e2df609caea7a3ce9f63724b1c248479

                        SHA256

                        8acd0117c92da6b67baf5c1ae8a81adf47e5db4c2f58d3e197850a81a555d2c2

                        SHA512

                        5b8b803ddabbb46a8ae5f012f3b5adbbd8eb7d7edbd324095011e385e1e94b2c5e20a28f6c0b8dd89b8789106c02d41916e70e090fbc63edd845d75c6f210e69

                      • \Program Files\Java\jre7\bin\deploy.dll

                        Filesize

                        481KB

                        MD5

                        2b652299b9967a6d7f9c321b04cd9c5b

                        SHA1

                        f26f9e22a1ba45fc5fd68b975889a1a637781056

                        SHA256

                        26b9a76128153429f3f5d668b134fe3c14b8b8430ae0e671191033bdda296097

                        SHA512

                        4e0bd2a70b6f82eb2ab80d5992d65455defb3b38021231e3d7cafa63e82634661bf9aa9eaee3b3e26d03c60fdc6666a59bdeee8c0bab0ef12740de6727366c2b

                      • \Program Files\Java\jre7\bin\wsdetect.dll

                        Filesize

                        187KB

                        MD5

                        a06336b79db4da78f4af955e26f7c0c6

                        SHA1

                        3c24fb0f8bf38999ccffc75a0f5710878bc40fc1

                        SHA256

                        2d96fc7ddb77288f05b78340cf6ac85dd604a2e5d53d6fcb825eead1a9b008d8

                        SHA512

                        c664e9259db49075cedd933f64ab4247384a117c5be609958e440a44cf2bfba13a10ade36f7c8bcacdec063c3ca63b3c70c5392e5b7d2ea02fd5be06a62c180a

                      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

                        Filesize

                        1.7MB

                        MD5

                        dabd469bae99f6f2ada08cd2dd3139c3

                        SHA1

                        6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

                        SHA256

                        89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

                        SHA512

                        9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

                      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

                        Filesize

                        97KB

                        MD5

                        da1d0cd400e0b6ad6415fd4d90f69666

                        SHA1

                        de9083d2902906cacf57259cf581b1466400b799

                        SHA256

                        7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                        SHA512

                        f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

                        Filesize

                        1.2MB

                        MD5

                        85772cc6142fd068e316f5bcdfb9fa18

                        SHA1

                        2b6169f71860685189abef7c46a271b43a6af36b

                        SHA256

                        b5e561a9e6aa55cdde55a182aa753b726dd9ce299d1734824ea4ef4f0a1775a8

                        SHA512

                        0f03c69813b366ee352c5fc0209fe4a7dc257230f82afdda75d97d7676ff1abf30bc09cb900ce28916e9ee07e5b9f850c4f3ec803c0d23cd572ffee928d0418d

                      • \Users\Admin\AppData\Local\Temp\jre-windows.exe

                        Filesize

                        64.4MB

                        MD5

                        af1d24091758f1e02d51dc5f5297c932

                        SHA1

                        dc3f98dded6c1f1e363db6752c512e01ac9433f3

                        SHA256

                        e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6dddd

                        SHA512

                        8d4264a6b17f7bbfd533b11ec30d7754a960a9f2fbef10c9977b620051c5538d8eb6080ea78e070904c7c52a6ce998736fad2037f6389ad4c5c0ce3f1d09e756

                      • \Windows\Installer\MSID617.tmp

                        Filesize

                        309KB

                        MD5

                        8b285b5164ac3dbd6f6c97c81c77fb59

                        SHA1

                        2d846f00f4a1533d93d9f7fcf797cf406b7a79e5

                        SHA256

                        7c932b844dd505281a0eb1e3cb3c1b27be9ca47866655cc3bfd6ae660d4f6b2c

                        SHA512

                        2669938f68238a5e68accdd2c3f7dcdbafacd58e00418f32769bd452580e4a4fa0169b001652801ec3ec0ec67f093997a87f1bb80bd83c20cbf1145d3249e2b8

                      • memory/1240-2140-0x0000000001F30000-0x0000000001F31000-memory.dmp

                        Filesize

                        4KB

                      • memory/1240-2139-0x0000000002440000-0x0000000003440000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/1528-2621-0x00000000026E0000-0x00000000036E0000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2064-761-0x0000000003290000-0x0000000003679000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2064-753-0x0000000003290000-0x0000000003679000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2064-752-0x0000000003290000-0x0000000003679000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2404-2312-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2322-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2373-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2320-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2338-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2327-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2329-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2297-0x0000000002840000-0x0000000003840000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2404-2569-0x00000000027A0000-0x00000000037A0000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2404-2350-0x0000000002840000-0x0000000003840000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2404-2315-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2372-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2404-2311-0x0000000000340000-0x0000000000341000-memory.dmp

                        Filesize

                        4KB

                      • memory/2476-14-0x00000000033C0000-0x00000000037A9000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2692-754-0x0000000000B60000-0x0000000000F49000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2692-818-0x0000000000B60000-0x0000000000F49000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2836-2382-0x0000000002720000-0x0000000003720000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2836-2386-0x0000000000240000-0x0000000000241000-memory.dmp

                        Filesize

                        4KB

                      • memory/2836-2394-0x0000000000240000-0x0000000000241000-memory.dmp

                        Filesize

                        4KB

                      • memory/2836-2404-0x0000000000240000-0x0000000000241000-memory.dmp

                        Filesize

                        4KB

                      • memory/2836-2427-0x0000000002720000-0x0000000003720000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2836-2459-0x00000000029E0000-0x00000000029F0000-memory.dmp

                        Filesize

                        64KB

                      • memory/2836-2602-0x0000000002720000-0x0000000003720000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/2968-719-0x00000000027F0000-0x0000000002800000-memory.dmp

                        Filesize

                        64KB

                      • memory/2968-751-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-819-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-1460-0x0000000010000000-0x0000000010051000-memory.dmp

                        Filesize

                        324KB

                      • memory/2968-2302-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-597-0x0000000000650000-0x0000000000653000-memory.dmp

                        Filesize

                        12KB

                      • memory/2968-679-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-680-0x0000000010000000-0x0000000010051000-memory.dmp

                        Filesize

                        324KB

                      • memory/2968-826-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-1600-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-1459-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-596-0x0000000010000000-0x0000000010051000-memory.dmp

                        Filesize

                        324KB

                      • memory/2968-898-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-821-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/2968-820-0x0000000010000000-0x0000000010051000-memory.dmp

                        Filesize

                        324KB

                      • memory/2968-18-0x0000000000DA0000-0x0000000001189000-memory.dmp

                        Filesize

                        3.9MB

                      • memory/3008-2587-0x0000000002540000-0x0000000003540000-memory.dmp

                        Filesize

                        16.0MB

                      • memory/3008-2622-0x0000000002540000-0x0000000003540000-memory.dmp

                        Filesize

                        16.0MB