Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
21-04-2024 05:13
General
-
Target
4f47d84b03f5cfa3845d1b36df5e40df984756fc6ba2d98586eb39dced212628.exe
-
Size
3.3MB
-
MD5
b9882fe8bb7ab2a4d094f9ff5442df1c
-
SHA1
e17c146530a4371e0595c195c24863935a3dee8b
-
SHA256
4f47d84b03f5cfa3845d1b36df5e40df984756fc6ba2d98586eb39dced212628
-
SHA512
bee33d43deb43854975e6c7a57f27ab8c6519ea3e6df51297ca670ac62831f29f6a18eff0bb0af14f9e985ebf9e2169ed97582fa64998cfb33b1d8b61ec72db4
-
SSDEEP
49152:zUIbNigeVE2MD7ZDAgUf0dgF8bEOlf84L:JI3bg3J
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Signatures
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload 16 IoCs
-
Modifies firewall policy service 2 TTPs 1 IoCs
-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file 7 IoCs
-
Executes dropped EXE 21 IoCs
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 10 IoCs
Detects Themida, an advanced Windows software protection system.
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Manipulates WinMonFS driver. 1 IoCs
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory 12 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 2 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.
-
Drops file in Windows directory 5 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies system certificate store 2 TTPs 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 60 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f47d84b03f5cfa3845d1b36df5e40df984756fc6ba2d98586eb39dced212628.exe"C:\Users\Admin\AppData\Local\Temp\4f47d84b03f5cfa3845d1b36df5e40df984756fc6ba2d98586eb39dced212628.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"2⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Pictures\XFUHkOGTO7wQRuFr6kSjsTs8.exe"C:\Users\Admin\Pictures\XFUHkOGTO7wQRuFr6kSjsTs8.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Pictures\XFUHkOGTO7wQRuFr6kSjsTs8.exe"C:\Users\Admin\Pictures\XFUHkOGTO7wQRuFr6kSjsTs8.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
- Checks for VirtualBox DLLs, possible anti-VM trick
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile5⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes6⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile5⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile5⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\rss\csrss.exeC:\Windows\rss\csrss.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Manipulates WinMonFS driver.
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile6⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵
-
C:\Windows\SYSTEM32\schtasks.exeschtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F6⤵
- Creates scheduled task(s)
-
C:\Windows\SYSTEM32\schtasks.exeschtasks /delete /tn ScheduledUpdate /f6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile6⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile6⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exeC:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SYSTEM32\schtasks.exeschtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F6⤵
- Creates scheduled task(s)
-
C:\Windows\windefender.exe"C:\Windows\windefender.exe"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)8⤵
- Launches sc.exe
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Pictures\vkWT1RGD5lz0iEn9sAaCcAhM.exe"C:\Users\Admin\Pictures\vkWT1RGD5lz0iEn9sAaCcAhM.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ur4.0.exe"C:\Users\Admin\AppData\Local\Temp\ur4.0.exe"4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 10965⤵
- Program crash
-
C:\Users\Admin\Pictures\xVwdI8AkNJ9rRGGDXKQk03Ev.exe"C:\Users\Admin\Pictures\xVwdI8AkNJ9rRGGDXKQk03Ev.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Pictures\xVwdI8AkNJ9rRGGDXKQk03Ev.exe"C:\Users\Admin\Pictures\xVwdI8AkNJ9rRGGDXKQk03Ev.exe"4⤵
- Executes dropped EXE
- Checks for VirtualBox DLLs, possible anti-VM trick
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile5⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Pictures\hLaqxMPTtCi8TAPOi8Pcyp1b.exe"C:\Users\Admin\Pictures\hLaqxMPTtCi8TAPOi8Pcyp1b.exe"3⤵
- Modifies firewall policy service
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exe"C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exe" --silent --allusers=03⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
-
C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exeC:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x2c0,0x2c4,0x2c8,0x2a0,0x2cc,0x6f38e1d0,0x6f38e1dc,0x6f38e1e84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\2LqbapS3RfXJDR1x2hiP6UhU.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\2LqbapS3RfXJDR1x2hiP6UhU.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exe"C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2628 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240421051442" --session-guid=931c8f80-e126-4c96-af9c-eb4bd314afde --server-tracking-blob="Njg5MDIyZGNmYjhlMjM2NWMzMGFiY2FjZTY2OGM3ZWJlN2Q5YzMxY2ZlNDgwOTUwMTRmZGYzNTEwMDllZTlhNDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2N19fNDU2Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzEzNjc2Mzk5LjQwMDQiLCJ1dG0iOnsiY2FtcGFpZ24iOiI3NjdfXzQ1NiIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Im1rdCJ9LCJ1dWlkIjoiNWVhYmJhODMtNTI2NS00N2MzLTk4MDQtYzcyMmZiMzkzZjdjIn0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=30050000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
-
C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exeC:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x6e3ae1d0,0x6e3ae1dc,0x6e3ae1e85⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x1e6038,0x1e6044,0x1e60505⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Pictures\G4jM0hRRtZRx2hRx4yeD5cnJ.exe"C:\Users\Admin\Pictures\G4jM0hRRtZRx2hRx4yeD5cnJ.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7zS27D1.tmp\Install.exe.\Install.exe /nxdidQZJ "385118" /S4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates system info in registry
-
C:\Windows\SysWOW64\forfiles.exe"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"5⤵
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True8⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "bWycNackLSywaqkmgR" /SC once /ST 05:16:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\BMfnaDV.exe\" em /vmsite_idsbk 385118 /S" /V1 /F5⤵
- Drops file in Windows directory
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2052 -ip 20521⤵
-
C:\Windows\windefender.exeC:\Windows\windefender.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Virtualization/Sandbox Evasion
1Impair Defenses
1Disable or Modify System Firewall
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.logFilesize
2KB
MD54ae6bd79d510282e5a3327bd448dd0c4
SHA1a1d04654d36636c91ff27a6ea696fb6b43fdcdc0
SHA2560ebe50b1b1fad01fd593a3e8bbbaeea78d563709e6b9cd1164f8b96f7b4dbcc4
SHA512922f385cf4a2dcad32aaa6983b3808866867e2ccbb5cd1c270f7c85bd0bf5d0e375c47ee0583bafbca31d12eef6f3540d43c7fc1e4de4d68caa05f926b4e5584
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
20KB
MD5d62a702a3c1ac61683bc7fdcd737ea1a
SHA1962f0a3cc87ff7bbc4fac83fc6ecd0318a2ca8d4
SHA256f2d7aa1bb49be3caa17b8b7beab4ee032f551ad6eb2d6bb330290e3b096fcdf4
SHA51287b39f3773b74c0283c0fe1b994526e26c743d0a7c9c62c91f103c839d46734d91b77fcb43ec7a51e7a69e432f2d235effd5a66f6841f5baff43630fe282a5b8
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exeFilesize
2.5MB
MD515d8c8f36cef095a67d156969ecdb896
SHA1a1435deb5866cd341c09e56b65cdda33620fcc95
SHA2561521c69f478e9ced2f64b8714b9e19724e747cd8166e0f7ab5db1151a523dda8
SHA512d6f48180d4dcb5ba83a9c0166870ac00ea67b615e749edf5994bc50277bf97ca87f582ac6f374c5351df252db73ee1231c943b53432dbb7563e12bbaf5bb393a
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\assistant_installer.exeFilesize
1.9MB
MD5976bc8e5fe65f9bb56831e20f1747150
SHA1f9e7f5628aaaabed9939ef055540e24590a9ccfb
SHA256f53c916ccf3d24d6793227283de2db0f6cc98a2275413851807cc080643d21a0
SHA5122858e7e08418b170b21b599afb02236d0480d35a5605de142f10976489e01daf2ad80df0f09c2eb38bc5a971336d1f6aa9909c520bcdb18e9c9a8e903379dcd9
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\dbgcore.dllFilesize
166KB
MD59ebb919b96f6f94e1be4cdc6913ef629
SHA131e99ac4fba516f82b36bd81784e8d518b32f9df
SHA256fdae21127deb16eb8ba36f2493d2255f4cb8ab4c18e8bd8ba5e587f5a7ecd119
SHA512a1b42f7d2896da270bb3c80cf9b88c4b4f1491084e7aa7760eeea5533b26f041dc79b21d5ffd2bba2221fe118e0a8d912e170f24fd895c9315b1ee9c7adfe700
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\assistant\dbghelp.dllFilesize
1.7MB
MD5544255258f9d45b4608ccfd27a4ed1dd
SHA1571e30ceb9c977817b5bbac306366ae59f773497
SHA2563b02fc85602e83059f611c658e3cad6bc59c3c51214d4fe7e31f3ac31388dd68
SHA5122093da881fa90eec2b90d1ca6eaaff608fe16ac612571a7fd5ed94dd5f7ff7e5c1e8c862bab0a228850829527886473e3942abd23a81d10cab8f9baad2cc7664
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404210514421\opera_packageFilesize
103.8MB
MD55014156e9ffbb75d1a8d5fc09fabdc42
SHA16968d1b5cec3039e53bbbedeee22e2d43d94c771
SHA2567a01e11e1830ba3c154e5a6c383da15938b1e48f89a2fe4045cdd260924b6802
SHA512bfc5c44881d0fa7bcbccfd530d874fa624adec50e1a16063a72de12876d2db10ca5edd6fa841ea63e9deca3ff2adf54065f50719fe051d41de92bb68edba4016
-
C:\Users\Admin\AppData\Local\Temp\7zS27D1.tmp\Install.exeFilesize
6.8MB
MD5e77964e011d8880eae95422769249ca4
SHA18e15d7c4b7812a1da6c91738c7178adf0ff3200f
SHA256f200984380d291051fc4b342641cd34e7560cadf4af41b2e02b8778f14418f50
SHA5128feb3dc4432ec0a87416cbc75110d59efaf6504b4de43090fc90286bd37f98fc0a5fb12878bb33ac2f6cd83252e8dfd67dd96871b4a224199c1f595d33d4cade
-
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404210514427682628.dllFilesize
4.6MB
MD50415cb7be0361a74a039d5f31e72fa65
SHA146ae154436c8c059ee75cbc6a18ccda96bb2021d
SHA256bb38a8806705980ee3e9181c099e8d5c425e6c9505a88e5af538ca6a48951798
SHA512f71c2b9e1559aa4eb2d72f852ef9807c781d4a7b96b8e0c2c53b895885319146bd43aa6e4223d43159f3d40bc60704206404dc034500e47fca0a94e53b60239e
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ra5d5phh.yqw.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exeFilesize
281KB
MD5d98e33b66343e7c96158444127a117f6
SHA1bb716c5509a2bf345c6c1152f6e3e1452d39d50d
SHA2565de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1
SHA512705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5
-
C:\Users\Admin\AppData\Local\Temp\ur4.0.exeFilesize
323KB
MD51d4341aa0ca4aefcb043d19eb205d8ac
SHA1c6e7a063a22e6bad72b2c81017747ab31cb59579
SHA25642af762221074082dc3aa6e4efdc2b6439cc026d6e94d6eeae97fcfafda272b4
SHA5121bcc133000feb1ab7944295a14601ff1a66432dcbe117e9e60c9f98cb8aee5b28f0ddcbbc25e2b6d91b677ca67de32a8930a1317de9b8be17524a9bea43c73a7
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.datFilesize
40B
MD57c1ad3ed6b14bfa16c8f453989419252
SHA1213bc67aaea0661d9094f41fc2c9df5af0a8d268
SHA25603ca7b7410730711edebd65e729ffe67318f88cfec7f2deb378c232c71755921
SHA512a43d3db7ea02436d3e86640a5fc5f00bc15376b280119afdf5c1a614dd1057e30a40bf45e1b04bd776cc920343f7f9a7ff8049575bd265ab7cc33c85a95fd9c0
-
C:\Users\Admin\Pictures\2LqbapS3RfXJDR1x2hiP6UhU.exeFilesize
5.1MB
MD51977faedc058d84443bd77f4c38a6a10
SHA1f02ce490fd7e8e094552eddd1af794b939d1ac22
SHA256aad8c474f62651f5818cdf05877eafab404bb78878c50c6f7bd3be1a016fb484
SHA512ab2768982bf595fd657b74cc60330de0d53bd3b2b1f30c47a7ed3fad31e4349d2d72640a4c73f78803d325ba3f8a4095a015ef2e77ede10745709d3e2ba8443a
-
C:\Users\Admin\Pictures\5d1y8bKUraTuSSaiEXN8fghi.exeFilesize
7KB
MD55b423612b36cde7f2745455c5dd82577
SHA10187c7c80743b44e9e0c193e993294e3b969cc3d
SHA256e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09
SHA512c26a1e7e96dbd178d961c630abd8e564ef69532f386fb198eb20119a88ecab2fe885d71ac0c90687c18910ce00c445f352a5e8fbf5328f3403964f7c7802414c
-
C:\Users\Admin\Pictures\G4jM0hRRtZRx2hRx4yeD5cnJ.exeFilesize
6.4MB
MD5aaa56797070369ad346fbd9bb6cc5e8b
SHA1a1d01943f0a354d3a000628262671254ca6a91b8
SHA2569d7d08ac35f0113f7c814d257bf88b8222975aaa0a3fdeda88ac7185dbc50905
SHA512e69d25a158567c6bce6e9450de17d0814b9b9c11f4bb31e5dcc3e8b4378062cc7e31da625f6ba4a2280b393034a6c832a0fc0a1e16364dc7e8c8146de245b5be
-
C:\Users\Admin\Pictures\XFUHkOGTO7wQRuFr6kSjsTs8.exeFilesize
4.2MB
MD512c1251ddacc8c6651573aaae2a36711
SHA1aa4a4fc95f24a847f33a0fcc22d318fe947929d0
SHA256a018166a731757f43374b0b24baecfbf31b85cf9de793b9d11b186acf887bf22
SHA512e8e9723b210254504ae06f77ed86ff5c7da0ac1ba5134cb2ab99cd42b06744cdf2379835d5e8cbd413da69b1184a0d6297d29dc8393794d8959c5a2dc94f0a69
-
C:\Users\Admin\Pictures\hLaqxMPTtCi8TAPOi8Pcyp1b.exeFilesize
5.5MB
MD59f8b8a866575e821310f6203c5bdc044
SHA1f39bbd5eb2f736acdf565d6b56e560a60334dd0e
SHA256277677de19193a2297c88689312d1a294edf4f81b3ff4ba8202e2cbb9c6fbeea
SHA512b8222b6c8ec092ccc352676d4bf8c90a4ecb558a8346ab2628a41071d0747e87cc0c805c5c4efaf922a5e7ff18ad78bfa59a9180670df881085f6fab3b67f209
-
C:\Users\Admin\Pictures\vkWT1RGD5lz0iEn9sAaCcAhM.exeFilesize
445KB
MD5ddbb9a4caa78db40bb47ee413252f12f
SHA16153acfbb9773424f3d3ccfcca917c277b2500d5
SHA256f2c98424e2142ea86ef140dd1b0bdf1b3c7b8cc99ec6194c851ad2f0ed3b2e31
SHA5125afa0ee709e43f3445b9c9733ac8df92c04682d9b3e8b25441e5392cb17303c0c39e9c56c9d3bf27ea266815d571d659749dedc18af0506c987b056c6d9dbb60
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.logFilesize
2KB
MD5d0c46cad6c0778401e21910bd6b56b70
SHA17be418951ea96326aca445b8dfe449b2bfa0dca6
SHA2569600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02
SHA512057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
19KB
MD5defca98021f17581ab091f22649412e9
SHA1c6c211275387952abdba30325bc8b0c7933ddc68
SHA25645f723cf168bb0c2ec34572083aa4eae3dff72f50aca8fd9e43db0010a6d5a36
SHA5128030f4e18c8629563941d26b46f743290a8c74c679790561509823e8f974fcac71de10fb843db3ae1d95520557e61d97595c7e67e56fbb80faa41f6f21b0fac1
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
19KB
MD5174f65d56fbbe97eb2a8fd731be34ce0
SHA13643c7d1761f7f625683a40e75e0c3315fba8c6c
SHA256de3aec8a1eb30991b19503dcd582d07a7407ed1740f510e5f31d64329c41878e
SHA512ff7efe820dc3c788a5b14696469430cf46a9e86782bc2e6601fdaf8ad16a2b9e8c04cbf61879e00fbc34d1e1bcb15058e7cd15816e138df1e5167a0b0a030a88
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
19KB
MD5373105f1b0c3be5895a2897c81704f67
SHA14fd56c7ef6e1a007a9a11ac6213252cf06a83255
SHA2566c8960163888c0f0c1867a29bdbee02f95df8e852d9745115556dd2dc4f1ba0b
SHA5125823898313b41c8a77812a5a85120c8b917dc65da28811174b0ccc2eabb6449772d2e45160e0357b9a9f07a598e1854b167b1e4166b9713638eb1f654a7347ca
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
19KB
MD5e230c96c46b3ca3f3b208a1bae40fe14
SHA1504b7db8a59d0eab16cc8299e781dd6b329f7f2b
SHA2562d23990b44c3cfb3f9e0ad12a5ea2bf4b2da025031d39a0d4f92adbdf82d8462
SHA512edb154d02b06c25a3f44283986ce12bc1fcbd132b2541d31419d3f4299609ed3908d2c700b2245c05518b58369b9cc0e591e42fe286c4e6b20d3649c38977bcf
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
19KB
MD543b7a737ee19cadc754feed44f54eb22
SHA16e6d072e71ff9df5a9fa76207bd7e39425046672
SHA256fe28725788c2838df9581cdaccd8824630f5fb079fe24f8e7faf3724e2d0ec44
SHA51223ebf14657734d3b23ec252d4e068acc47ec4892c2553b424f01dae4fed7fdf7d1033bde9d3bf08416ffbad9342227e5fa193c36b1632d1c136cc7dfbd5fcb8e
-
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
19KB
MD5f6fc510e171c230004b33f87172afa36
SHA196123ecaaaf54ed1466e6cb49e0607c0c5b9123e
SHA256afd7d7c997f96c3e6051733abe149aab89e3470c31a03385fc67dd70d35a9bdc
SHA512424242c435a998adc116278cb4b703c4829d9b7e8e6569abd202419fb6859116bc0b631395a8116575ddd0f67a180a803964fa8576aa66e2130c1523e41827d4
-
C:\Windows\windefender.exeFilesize
2.0MB
MD58e67f58837092385dcf01e8a2b4f5783
SHA1012c49cfd8c5d06795a6f67ea2baf2a082cf8625
SHA256166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa
SHA51240d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec
-
memory/432-401-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/976-114-0x0000000000400000-0x0000000001A3A000-memory.dmpFilesize
22.2MB
-
memory/976-110-0x0000000001D00000-0x0000000001E00000-memory.dmpFilesize
1024KB
-
memory/976-112-0x00000000037A0000-0x000000000380E000-memory.dmpFilesize
440KB
-
memory/1012-66-0x00000000082A0000-0x000000000891A000-memory.dmpFilesize
6.5MB
-
memory/1012-46-0x00000000061A0000-0x0000000006206000-memory.dmpFilesize
408KB
-
memory/1012-71-0x0000000007D10000-0x0000000007D1E000-memory.dmpFilesize
56KB
-
memory/1012-72-0x0000000007D20000-0x0000000007D35000-memory.dmpFilesize
84KB
-
memory/1012-73-0x0000000007D70000-0x0000000007D8A000-memory.dmpFilesize
104KB
-
memory/1012-74-0x0000000007D60000-0x0000000007D68000-memory.dmpFilesize
32KB
-
memory/1012-77-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB
-
memory/1012-36-0x0000000005900000-0x0000000005922000-memory.dmpFilesize
136KB
-
memory/1012-33-0x0000000005A00000-0x000000000602A000-memory.dmpFilesize
6.2MB
-
memory/1012-65-0x0000000007B30000-0x0000000007BD4000-memory.dmpFilesize
656KB
-
memory/1012-34-0x00000000053C0000-0x00000000053D0000-memory.dmpFilesize
64KB
-
memory/1012-35-0x00000000053C0000-0x00000000053D0000-memory.dmpFilesize
64KB
-
memory/1012-32-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB
-
memory/1012-48-0x00000000066A0000-0x00000000066BE000-memory.dmpFilesize
120KB
-
memory/1012-31-0x00000000031D0000-0x0000000003206000-memory.dmpFilesize
216KB
-
memory/1012-69-0x0000000007DB0000-0x0000000007E46000-memory.dmpFilesize
600KB
-
memory/1012-68-0x0000000007CA0000-0x0000000007CAA000-memory.dmpFilesize
40KB
-
memory/1012-49-0x0000000006750000-0x000000000679C000-memory.dmpFilesize
304KB
-
memory/1012-67-0x0000000007C60000-0x0000000007C7A000-memory.dmpFilesize
104KB
-
memory/1012-47-0x0000000006210000-0x0000000006567000-memory.dmpFilesize
3.3MB
-
memory/1012-53-0x000000006F5D0000-0x000000006F61C000-memory.dmpFilesize
304KB
-
memory/1012-50-0x0000000006C30000-0x0000000006C76000-memory.dmpFilesize
280KB
-
memory/1012-52-0x0000000007AD0000-0x0000000007B04000-memory.dmpFilesize
208KB
-
memory/1012-54-0x000000006F620000-0x000000006F977000-memory.dmpFilesize
3.3MB
-
memory/1012-51-0x000000007F8A0000-0x000000007F8B0000-memory.dmpFilesize
64KB
-
memory/1012-63-0x0000000007B10000-0x0000000007B2E000-memory.dmpFilesize
120KB
-
memory/1012-70-0x0000000007CC0000-0x0000000007CD1000-memory.dmpFilesize
68KB
-
memory/1012-64-0x00000000053C0000-0x00000000053D0000-memory.dmpFilesize
64KB
-
memory/1012-42-0x0000000006130000-0x0000000006196000-memory.dmpFilesize
408KB
-
memory/1384-126-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/1384-30-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/1384-85-0x0000000003B80000-0x0000000003F79000-memory.dmpFilesize
4.0MB
-
memory/1384-29-0x0000000003F80000-0x000000000486B000-memory.dmpFilesize
8.9MB
-
memory/1384-28-0x0000000003B80000-0x0000000003F79000-memory.dmpFilesize
4.0MB
-
memory/1436-219-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/1436-83-0x0000000004090000-0x000000000497B000-memory.dmpFilesize
8.9MB
-
memory/1436-82-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/1436-81-0x0000000003C90000-0x000000000408D000-memory.dmpFilesize
4.0MB
-
memory/1468-316-0x0000000000400000-0x00000000008DF000-memory.dmpFilesize
4.9MB
-
memory/1600-86-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB
-
memory/1600-133-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB
-
memory/1600-130-0x0000000007930000-0x0000000007945000-memory.dmpFilesize
84KB
-
memory/1600-129-0x00000000078E0000-0x00000000078F1000-memory.dmpFilesize
68KB
-
memory/1600-128-0x0000000004FC0000-0x0000000004FD0000-memory.dmpFilesize
64KB
-
memory/1600-127-0x000000007F580000-0x000000007F590000-memory.dmpFilesize
64KB
-
memory/1600-125-0x0000000007590000-0x0000000007634000-memory.dmpFilesize
656KB
-
memory/1600-116-0x000000006F5C0000-0x000000006F917000-memory.dmpFilesize
3.3MB
-
memory/1600-115-0x000000006F570000-0x000000006F5BC000-memory.dmpFilesize
304KB
-
memory/1600-113-0x00000000063F0000-0x000000000643C000-memory.dmpFilesize
304KB
-
memory/1600-111-0x0000000005F10000-0x0000000006267000-memory.dmpFilesize
3.3MB
-
memory/1600-87-0x0000000004FC0000-0x0000000004FD0000-memory.dmpFilesize
64KB
-
memory/2052-163-0x0000000000400000-0x0000000001A1C000-memory.dmpFilesize
22.1MB
-
memory/2052-160-0x0000000001BD0000-0x0000000001CD0000-memory.dmpFilesize
1024KB
-
memory/2052-181-0x0000000000400000-0x0000000001A1C000-memory.dmpFilesize
22.1MB
-
memory/2052-161-0x0000000003720000-0x0000000003747000-memory.dmpFilesize
156KB
-
memory/2952-409-0x0000000000400000-0x00000000008DF000-memory.dmpFilesize
4.9MB
-
memory/3908-438-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-434-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-453-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-437-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-432-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-428-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-429-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-430-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/3908-433-0x00007FF769E20000-0x00007FF76A55A000-memory.dmpFilesize
7.2MB
-
memory/4132-449-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-398-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-411-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-332-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-405-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-596-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-456-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-307-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4132-525-0x0000000000400000-0x0000000001DF9000-memory.dmpFilesize
26.0MB
-
memory/4232-154-0x0000000006100000-0x0000000006457000-memory.dmpFilesize
3.3MB
-
memory/4232-155-0x00000000052C0000-0x00000000052D0000-memory.dmpFilesize
64KB
-
memory/4232-144-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB
-
memory/4232-145-0x00000000052C0000-0x00000000052D0000-memory.dmpFilesize
64KB
-
memory/4232-162-0x0000000006C10000-0x0000000006C5C000-memory.dmpFilesize
304KB
-
memory/4580-0-0x0000000000400000-0x0000000000408000-memory.dmpFilesize
32KB
-
memory/4580-84-0x0000000003100000-0x0000000003110000-memory.dmpFilesize
64KB
-
memory/4580-80-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB
-
memory/4580-2-0x0000000003100000-0x0000000003110000-memory.dmpFilesize
64KB
-
memory/4580-1-0x00000000748A0000-0x0000000075051000-memory.dmpFilesize
7.7MB