Analysis
-
max time kernel
143s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 15:54
Static task
static1
Behavioral task
behavioral1
Sample
Bandicam v7.1/Bandicam_v7.1.1.2158.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Bandicam v7.1/Bandicam_v7.1.1.2158.exe
Resource
win10v2004-20240426-en
General
-
Target
Bandicam v7.1/Bandicam_v7.1.1.2158.exe
-
Size
32.7MB
-
MD5
4984e0c775ab5231a365b1a1c202a426
-
SHA1
738e02162caf70a354c6ae9a4509464e04c7359c
-
SHA256
0af3e262f17ec535175470767fa2133232bfe5c6cdb4decdae442282b68aa086
-
SHA512
c78d51f81968e4112a3ad2e6a14d37f4331504cedb156cdcc9610de13ada1405f326fdae850c75981ea22d33605d38619c9d23942a7f2b5b3f7e8609428fafcd
-
SSDEEP
786432:s205KPk4uyH7/DQKcGF5snXw2QYSpxrDtG6j+P7ZqsAPcF5:sbSbvQ0F5T2QYIr5vj+vAPG
Malware Config
Extracted
redline
YT-16.05.2024
45.140.147.183:12245
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/2596-701-0x0000000000090000-0x00000000000E2000-memory.dmp family_redline behavioral1/memory/2596-703-0x0000000000090000-0x00000000000E2000-memory.dmp family_redline behavioral1/memory/2596-704-0x0000000000090000-0x00000000000E2000-memory.dmp family_redline -
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
Processes:
Caused.pifdescription pid process target process PID 1652 created 1180 1652 Caused.pif Explorer.EXE -
Executes dropped EXE 6 IoCs
Processes:
Bandicam_v7.1.1.2158.tmpBandicam_v7.1.1.2158.exeDistinguishedListings.exeBandicam_v7.1.1.2158.tmpCaused.pifRegAsm.exepid process 2888 Bandicam_v7.1.1.2158.tmp 2704 Bandicam_v7.1.1.2158.exe 2752 DistinguishedListings.exe 2472 Bandicam_v7.1.1.2158.tmp 1652 Caused.pif 2596 RegAsm.exe -
Loads dropped DLL 12 IoCs
Processes:
Bandicam_v7.1.1.2158.exeBandicam_v7.1.1.2158.tmpBandicam_v7.1.1.2158.exeBandicam_v7.1.1.2158.tmpcmd.exeCaused.pifRegAsm.exepid process 2372 Bandicam_v7.1.1.2158.exe 2888 Bandicam_v7.1.1.2158.tmp 2888 Bandicam_v7.1.1.2158.tmp 2704 Bandicam_v7.1.1.2158.exe 2472 Bandicam_v7.1.1.2158.tmp 2472 Bandicam_v7.1.1.2158.tmp 2472 Bandicam_v7.1.1.2158.tmp 2472 Bandicam_v7.1.1.2158.tmp 2472 Bandicam_v7.1.1.2158.tmp 1240 cmd.exe 1652 Caused.pif 2596 RegAsm.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 2 IoCs
Processes:
Bandicam_v7.1.1.2158.tmpdescription ioc process File opened for modification C:\Program Files (x86)\StrLocalGate\Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp File created C:\Program Files (x86)\StrLocalGate\is-IFFE9.tmp Bandicam_v7.1.1.2158.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
Processes:
tasklist.exetasklist.exepid process 3008 tasklist.exe 1972 tasklist.exe -
Processes:
RegAsm.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 RegAsm.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 RegAsm.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
Bandicam_v7.1.1.2158.tmpCaused.pifRegAsm.exepid process 2888 Bandicam_v7.1.1.2158.tmp 2888 Bandicam_v7.1.1.2158.tmp 1652 Caused.pif 1652 Caused.pif 1652 Caused.pif 1652 Caused.pif 1652 Caused.pif 2596 RegAsm.exe 2596 RegAsm.exe 2596 RegAsm.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Bandicam_v7.1.1.2158.tmppid process 2472 Bandicam_v7.1.1.2158.tmp -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
tasklist.exetasklist.exeRegAsm.exedescription pid process Token: SeDebugPrivilege 3008 tasklist.exe Token: SeDebugPrivilege 1972 tasklist.exe Token: SeDebugPrivilege 2596 RegAsm.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
Processes:
Bandicam_v7.1.1.2158.tmpCaused.pifpid process 2888 Bandicam_v7.1.1.2158.tmp 1652 Caused.pif 1652 Caused.pif 1652 Caused.pif -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
Caused.pifpid process 1652 Caused.pif 1652 Caused.pif 1652 Caused.pif -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Bandicam_v7.1.1.2158.exeBandicam_v7.1.1.2158.tmpBandicam_v7.1.1.2158.exeDistinguishedListings.execmd.exeCaused.pifdescription pid process target process PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2372 wrote to memory of 2888 2372 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2888 wrote to memory of 2704 2888 Bandicam_v7.1.1.2158.tmp Bandicam_v7.1.1.2158.exe PID 2888 wrote to memory of 2704 2888 Bandicam_v7.1.1.2158.tmp Bandicam_v7.1.1.2158.exe PID 2888 wrote to memory of 2704 2888 Bandicam_v7.1.1.2158.tmp Bandicam_v7.1.1.2158.exe PID 2888 wrote to memory of 2704 2888 Bandicam_v7.1.1.2158.tmp Bandicam_v7.1.1.2158.exe PID 2888 wrote to memory of 2752 2888 Bandicam_v7.1.1.2158.tmp DistinguishedListings.exe PID 2888 wrote to memory of 2752 2888 Bandicam_v7.1.1.2158.tmp DistinguishedListings.exe PID 2888 wrote to memory of 2752 2888 Bandicam_v7.1.1.2158.tmp DistinguishedListings.exe PID 2888 wrote to memory of 2752 2888 Bandicam_v7.1.1.2158.tmp DistinguishedListings.exe PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2704 wrote to memory of 2472 2704 Bandicam_v7.1.1.2158.exe Bandicam_v7.1.1.2158.tmp PID 2752 wrote to memory of 1240 2752 DistinguishedListings.exe cmd.exe PID 2752 wrote to memory of 1240 2752 DistinguishedListings.exe cmd.exe PID 2752 wrote to memory of 1240 2752 DistinguishedListings.exe cmd.exe PID 2752 wrote to memory of 1240 2752 DistinguishedListings.exe cmd.exe PID 1240 wrote to memory of 3008 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 3008 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 3008 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 3008 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 2136 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 2136 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 2136 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 2136 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 1972 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 1972 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 1972 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 1972 1240 cmd.exe tasklist.exe PID 1240 wrote to memory of 816 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 816 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 816 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 816 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 2912 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 2912 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 2912 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 2912 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 328 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 328 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 328 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 328 1240 cmd.exe findstr.exe PID 1240 wrote to memory of 2404 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 2404 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 2404 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 2404 1240 cmd.exe cmd.exe PID 1240 wrote to memory of 1652 1240 cmd.exe Caused.pif PID 1240 wrote to memory of 1652 1240 cmd.exe Caused.pif PID 1240 wrote to memory of 1652 1240 cmd.exe Caused.pif PID 1240 wrote to memory of 1652 1240 cmd.exe Caused.pif PID 1240 wrote to memory of 1608 1240 cmd.exe PING.EXE PID 1240 wrote to memory of 1608 1240 cmd.exe PING.EXE PID 1240 wrote to memory of 1608 1240 cmd.exe PING.EXE PID 1240 wrote to memory of 1608 1240 cmd.exe PING.EXE PID 1652 wrote to memory of 2596 1652 Caused.pif RegAsm.exe PID 1652 wrote to memory of 2596 1652 Caused.pif RegAsm.exe
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\Bandicam v7.1\Bandicam_v7.1.1.2158.exe"C:\Users\Admin\AppData\Local\Temp\Bandicam v7.1\Bandicam_v7.1.1.2158.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-GCI01.tmp\Bandicam_v7.1.1.2158.tmp"C:\Users\Admin\AppData\Local\Temp\is-GCI01.tmp\Bandicam_v7.1.1.2158.tmp" /SL5="$40016,33493152,807424,C:\Users\Admin\AppData\Local\Temp\Bandicam v7.1\Bandicam_v7.1.1.2158.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\StrLocalGate\Bandicam_v7.1.1.2158.exe"C:\Program Files (x86)\StrLocalGate\Bandicam_v7.1.1.2158.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-5QMR3.tmp\Bandicam_v7.1.1.2158.tmp"C:\Users\Admin\AppData\Local\Temp\is-5QMR3.tmp\Bandicam_v7.1.1.2158.tmp" /SL5="$70120,31228973,185344,C:\Program Files (x86)\StrLocalGate\Bandicam_v7.1.1.2158.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\StrLocalGate\DistinguishedListings.exe"C:\StrLocalGate\DistinguishedListings.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k copy Usually Usually.cmd & Usually.cmd & exit5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\findstr.exefindstr /I "wrsa.exe opssvc.exe"6⤵
-
C:\Windows\SysWOW64\tasklist.exetasklist6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\findstr.exefindstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"6⤵
-
C:\Windows\SysWOW64\cmd.execmd /c md 678856⤵
-
C:\Windows\SysWOW64\findstr.exefindstr /V "trackinggardenczechquiz" Prague6⤵
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b Monica + Cdna + Athletics + Campaign + Ethical 67885\z6⤵
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\67885\Caused.pif67885\Caused.pif 67885\z6⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 5 127.0.0.16⤵
- Runs ping.exe
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\67885\RegAsm.exe"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\67885\RegAsm.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\StrLocalGate\DistinguishedListings.exeFilesize
901KB
MD5b53171a91419e701fc8b9d6f17b0d823
SHA1b98d619173f51464b55407e0a2fbed2d39405459
SHA256469c5003e27982fef60eee7c95b677aa2000c38c327761f253e174347c5a263c
SHA512e722ae4555c148d2720df8a0cef1ca579fb5d1278b76197fa98e5a4e5a2117ec1a4d5f8c08af3f91064688228c441dbc250ab8684eaa23e530222919f28214e0
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\67885\zFilesize
390KB
MD5769f028469f4187abcb2ef9d1c4ad148
SHA109c5eec3bc0bfe5184d6b6e89a0622508de51f69
SHA25688826b2cbc9ef6afdf8d414143e66bbc2de0d5f834d33362634a3b123062b21f
SHA5128ee339b3417b02ba8e71af88a7b68d2cc95e2f7e4797a18654dfa80fb27a1b6f226821ae74af4a9ec0f8c05068422cb36603b67bce3918b6749464a9dee14c47
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AgenciesFilesize
19KB
MD516c9e56cdab65773a62b71ea327daca6
SHA1cf13a7440701d4729fdc1fa41697a9be03445939
SHA256e4aec9c5f7f504ed6d431c2fa12b68dac9862edaa60f78c9596935b3665cb7e2
SHA5120c764e4062ba0f184761c67ee445b31ea0068b71a4c10946e70e5b58abf69e7a28e6a08c30549e17828bbe37e27229ad37bdb8e9a9787a2de1bf3074934c9733
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AlterFilesize
68KB
MD546523ea1ecfa6cbb2bc001ca2b280578
SHA170dd1636b5b82eb847e7fcc25fbdba098a6ee767
SHA2569418eb47a71f16228a63fc687ead372c432f21429635f0435e3252c4a8002508
SHA51284aa0698b47502e63fab5009d08d9e65f8d5e8461cd50f6d6a2fdf35c7eefa68a0024d3f212ca5e9849d29879e6ca4d403fddb4288898357b192bd3f1900266f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ApproximatelyFilesize
62KB
MD547faabcf30b475d0156e7477ec961407
SHA10ca0cef3ecd2cbe153d22aea537b4521653a2191
SHA256b13253f77551f61e70457a14867dd11c3a087bd9fbb1b62425c5ef12b143ee3c
SHA51234b2fe7a3b6cb1f4a976871518f9751366a16e8387fdba9713e578d76b1980cae0eb237e5edd87fd19dae8f533a5eb5a99aaf8219ee18b2af69e9aa2c754bc2e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AthleticsFilesize
125KB
MD50b0bf1e2325ccd0789c251ef098285ff
SHA1b00d983c3b4d27a094f49cbecc61de5d7cb430b8
SHA2563bd256d54241bbdcedc027838da70714e0d54a9c0c39e9a26a6a945bdab32055
SHA51268bad482c33c29f5bbdd3f44c120fab15b7516687860cd5172238850ac79f71048d3cb8d3ce91ee7f2c2a6bb67d1769e08e2baab74da7f811e6cf7e4815eaaeb
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\BelgiumFilesize
56KB
MD5f80233eb2b6daa9723b9a8c4ae51b35b
SHA1f08e14f4f246e16ee8674412d3361fb772ec8d20
SHA256fc7685bc2b8d104b2ca76d41e7180941938a936416a0bf6a9289d21c5783284f
SHA5124ef40c195992747c9d80da55320f012446d429df5b41b39e39d6bdfd37bb3ece50c92c6fdd3998adfd9d16d7cdb22d1a801f9f2a0cecb2adddb30a6fdf60140a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\BladesFilesize
40KB
MD5c009748ee2ef2cfb5a786967d9192842
SHA1dd165130a6a37f4313f3680121997a69866a055b
SHA2566101008df17b7bd21f4a0d3ffd6d1dbd8b0e89013b1f1b3aa6fc5bd8a685571b
SHA5121dd084b24f4ab84d3a6c8e9b737b2820f9393667652a76ab0381ed0bc9d9a6108801cefdd36ecbcbe12613e92ce35ebadb6c2be8fa5658b43d5a019cbd2b1c92
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\CampaignFilesize
60KB
MD500813ef7d503d316883997ca05182d82
SHA19d1b030488dc367220d95210fa82f8128f58071b
SHA2560ab466eebceeb4834758a79e50fee5d929ffdf4f0d5b82213ebaaec325f762e6
SHA512c1f5beb98dd8658f22ed73395977cd4910ec5a2a8b02c050e778f69780c1357b3ddf5985c0ffcb783ae275e138ae997dd5daba7905bf498fd33771b4566f1c00
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\CaptureFilesize
49KB
MD5fd7207599f1bf9d1faa5c1ecdf2ef5d3
SHA1f42c307c220842f9fa8bb3e5f0a985fb4aa74969
SHA256d530ca2475b1351ac146d3d8176746093234f1e627209a32adcaf614e8d480dd
SHA512437ea42114c716a084e4225687baa22ede1265be303343fc1b1ad7d8f9c6f34f2f70dd6615a609aaf983ef3c96309c7be1c872a8a5606b664150a28318259e8b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\CdnaFilesize
35KB
MD5a9cef18c2e44ac99770f0043f771ffa5
SHA1c15b5d40ba6d7cffa12e628cef838c47be6ee2f2
SHA256ee2e70d4c41d00ec27e439ee90e1beabe903a3774456215c4c311268dbd9fdd8
SHA51235dab83152bbf93a954ea62d03da6ae67edfefb56ee5d406006c959862d403698356fafb409aaf7c2ea527f490cd90ff9f9dcf7e1f71cd8289f330e483b4b995
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\CorrectFilesize
26KB
MD55deebb499de0765b2b73bbbfcaeeea65
SHA1cafa73bd311216a7566f2879c72475e032c2e6da
SHA256661b4bc09f0e4c65d82421aecb90faf5cca7fd7b3cd71949f3767da0c6e44ace
SHA512a3117cd533dc94cb38bc2d97e1a434853b2abf8d7a896d0974f624fbf12f322d6f9be3c53291c5a2b1875f3b1be0b9d8b9fb78a1e191bb91d21cb20b9d0c6531
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\DelhiFilesize
26KB
MD5980484c6ca7441854653018368542fd8
SHA1402277d88dac352d7da9c162c0ff90059cb914b3
SHA2561756ba79e34af55dee321edc65314da59434c82439c844d71af1ac1527c961aa
SHA5127097c19c848d3963f1c43a7ae358a980eeaa33c0a0495513568aafefbdb5e6a9d542e05e49f80c3d7a107c3a4282c714826a13de719af7264ce760263f61f5ee
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\EthicalFilesize
79KB
MD592166ad792080caedd3880d17880c0f4
SHA193c594993b7a31f8f46e1dcdab0fc3c3e2735927
SHA256bab311dc3f1ca85c303befb390fb0e9a44ece39950b4dea201acf53fd1aa4cfe
SHA512356cd441fda7dd3e31cebae47c875bce3b073d7a4dfa92fd9241268c62e891781f85232101ae3848e0052d2b43509b73e3a4977a6f962ccc52fbc1620dacab43
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\GroundwaterFilesize
62KB
MD5e9370ff3145b1d76fa099df8c00d265e
SHA172b2ef78a81d31ffbe8f6c4d58bf7a523c06a656
SHA256f7e918684019bcca45a0137259df805babbb0e4a2c00a42de5acb65a1ced96c4
SHA5128635a1fe315fbf600ae907e92d9317378a08f310e0cef2a45b0d8a8a6c21f28192db95a559ff5d7d21fa786c509c0a518e2b75c32cbe896e5fe081bf5ed517af
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\IndependenceFilesize
21KB
MD55ca8f14661f747021ae2f8ecea5e4d43
SHA150f4efe97afce86e6b1c06fde922b0d3f7668e78
SHA256d360a53faa5c9eeabdaa3be4b069f841b359596e48b16718b5a55bd66d390a1e
SHA512efdecd53e279362def66ebd7045a2e44b7e103f0341984e52c8d5c8a139e82c4075839fab778c131adf7f91fda41e3e4a02195b9a094a429a8862d9e9d89084d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\MonicaFilesize
91KB
MD533068d1484ace7d09b98b422d12af19a
SHA15bde2f9fe64b6a70898c653723477dfd84c4f8a8
SHA2569d64b095f6a5a7a90e2fd9cbaef0ec34c05a7655f0b60a5096e4f7e618ff96ac
SHA512a4a0634f824fced5636994834ecff0eb2a6052819b55659e122e4ec1a2ae2311eb16811856c9f8756f9349ec2ee95887c77906bd36d916561763669dec740f28
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\PermitFilesize
18KB
MD50775b30b3fab154c5213ddbedabb8be0
SHA15c1d305b21da05ddd5c3bfd486ddca81daf8f951
SHA256c24394708c35c14c14cc1e6533f0d9bc4987d75fd943f8bfd53eb4abf25733a4
SHA512c4e126ac98d067d5842e23712766a1dbebe593a6bb0f7ce5817113f44c681e4687a0f9cd0e7298237ca1154d9a7b55d6c19e47210f8144fe2bee2a162216cec5
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\PickingFilesize
49KB
MD559ed8d8e215bb76a0f0e4d3934656b2c
SHA1e8f90242d5a1ea6ec7141820ec3eaf0f2bb80f38
SHA256aac0fd2a26af5bc248a9f163dc3f0539368ed245411005181971219d891f30df
SHA512036fb199cb8f56caa82fd404c10a43bf896149ed69d9b4d4b0855a0e922fa30ad77d3cb66c7a63f3bd60ba33a94de7daa4a4d909ed1afe25d265acc79c7858ca
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\PragueFilesize
105B
MD50714e5a662cd0e909addcad4ced2ad3f
SHA138a018ebe31b0562cd2f95b45d950b33f1546801
SHA2566496648301e0c143429bd1ed94de5fbc40d2624b47463efb4a8f9da2d7771ab4
SHA5125401c6b959a3e5e9b149f63fb8acac3c5f09b7937fd8a11948306951bb7bd56ee6dea288d2e3e167479d9090c6af2d6d067bcfe7d7eb6634f6a4706e0e0f5b3e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\QuadFilesize
31KB
MD50196c8face0e36e26939e3287cb61212
SHA1fa40d9f1a7120208256102f3724f7e3e86c6f61b
SHA25641f65248d8075ed991d62e97ddb920d05b6cd84179f80b75ef308661a104e296
SHA512c7aa4db7d5c1ff51f29650f540a2c49f29108d0a3b3ef6f5ec9e00cc3b84f20a382bbc2f2c18eb77c79380040f16f8a0c3a0d1caf30317bf2ad10b7c678509d0
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\SacramentoFilesize
24KB
MD54727853c74f119c46981b61ac8eda367
SHA1c8c4994b04c5b5175c0960e3878d431212a2f4f3
SHA256ddf930d2a7841c75600191b5ac1ea2ce20e0847ffe4fe0150dea3c9c07d1c5b5
SHA51250529d94034bf1a9f8cd319a0d32eba16f08265a33a6a55c8bc80f95873f84057a377f0a47f0e56ab4d6ee0f6cc7f40d277f70ab596681e9c000d14d2bd675a6
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\SambaFilesize
37KB
MD597cd5dc2cc427848c8b8e1581ab4726c
SHA1cfd993d17608b9c670231dedbd17c820860dc269
SHA25644f2b252c7abf576669d113f366411cf125e4d41ec2050d8df99a51dfc99c8ae
SHA512dff07ea3197b44f19ceacc0d3efb33c8c88e062f11f2fcd2e0f80b75250f525720cc723ae2375e57df3c1367c564a06a5d21c4a1ab5cfb2a584b9438265c0e21
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\StainlessFilesize
28KB
MD5876b1ca94dc7115ab48e20e9f5ed1fe9
SHA169e5d1177ede52ab5600f05531b1299f64b3853d
SHA256cf0e1853b3be64646e13ad19d79452571bc87a0bf37cc5cb034b2ef13d5c42d6
SHA5127a317f0638e3f58320ca4ba4bd4210c51824897e2172113c6551f6d023df5a2d69a8f3c1d4a37d02a2ca712a4c710b14fb191444d11ba0c58a4684b24a2ef8e3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\StatewideFilesize
55KB
MD532cdf261eee852f00656bcc85c2e5910
SHA1fa8d288e01f53ab7793cdde48cee4a2dadbd447e
SHA2561f7d3a1dad50a0f44e3cd982cfe1b79facf3fab3264c9aa311485bf675ce4700
SHA512834a25f6b13f134637ace3867813cf824e2ce695ccb2efc0ee09a6d5bfc557be5dcc44bc547b2e68f2a883bdad40d9d096dcb6fb8a366672b2ddf92bb41346e0
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\StereoFilesize
67KB
MD510371d256f6b8e75346ad82e492780a8
SHA1125f88eaae5dc49717f896c17aadc7a053cd3871
SHA256a702a50d745a2e6053a53b56acebe61562f3d1f8779e4a015f5e67d1b2cc8f76
SHA512c45cacb4c5ccac0365ae9ea3030d2bf1b1b2afe4d5d20fe4528914ebb66e7b9957954edaca921af32639e267958b692701d7d09271686f7b141c62e0172a4b9c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\StreamsFilesize
33KB
MD5b23e9c03125330a27152fe8c30ae77af
SHA1836d7ecc0eb215eaebbda3a3052a4049315931c0
SHA256ff966cb96671942115c8d19e137edb42f65e0ca2c4cd3e96505d2fd52e407721
SHA5124e828c46db1e8bb06a83407696ed0c61466ec0d32bd91ef8b6ae78d8d31973480e9027f9a90ed9be17a8918672567d7d0c1eb658b3f6ac9a50325d7407884054
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\TaxFilesize
61KB
MD5ce5e43f9a497f1097c30b05fde4745a8
SHA18ab6d307a0b9eab7deebcd0edaee0b1487855173
SHA2568231f2ea6380f5d7a4a6ce923198b3e1b3b7bfa1b1fe062b3c703cd247ca9d1a
SHA512cd7a2a42c7f6681b12ec344d1029519dc57fee9f1241a448ee3816745b4a129e464ba22c99555a784c9fb76b1b30ebdaa936e332c8f4a7822288ac43e5ec4800
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\TiresFilesize
44KB
MD525e570b261dcf40f42b765eaf491cd20
SHA1daede71797167f0c49f37b402869946e96dabe2b
SHA256d13e3bf244cdb2d14087f57b8eeddcb158f623bb3a370d8555c5ac9f7c3f850a
SHA5121a1cbf40a5a84511b12d653a424cef86fd906f6988364ba8e5c8d47281b85c9bc403a9673d0ab9b15c43991bb34bb5471dc8b26e36f4fefc69eace1aaa77b938
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\UsuallyFilesize
24KB
MD53f5fa5969c85c7f644603b66750b23cf
SHA188d34ba91e2a8e8bc97ff20e1c8d16f575b0142a
SHA256468efb2bf6ec09abdd6eba42d585b03924a7c10921e7db4d8848b3d032e08fe8
SHA512c006dd181fc240c8e25aaf924dc7773f05171a736dfe2dd971e7fdebb19e2951ee61b56d85c202888f90d26e3f1932620e97d25419e41ef33827768bfc34187c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\VanFilesize
14KB
MD59b5d932f579fec083734b3b739ae0d8d
SHA154e5e2113006ecdd7fbceb7b043172e72a0ff50b
SHA2560b0948a698e3db925a2b18d5a75d922af0bdcc3bc5490797303285891a92f647
SHA512d760c12ed2477b57bce7d108fb135d017515bc8ec42102ac598f77b44a614da605d21948a6d38ff2692aaf96de69ab8a50178b701579b32c9ac15c63cf5eaf5a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\VillageFilesize
25KB
MD5f4542195b327688cc9065472f09bd5e2
SHA156de97a6209b480b18645c2cda6a74d5aec3316f
SHA256271c31aa2127308ef7c97ec951ea3aba0dfe42d712429944e72ce90fe354fa70
SHA512ffc70fe9435fc940fc9d6e71b55b0966d3d16a30bd806ef92b8e21b62401ff435e976f5e315bb914ff290c59bab8a508e614582ed8a618d565dd260fe025d2f2
-
C:\Users\Admin\AppData\Local\Temp\Tmp9B56.tmpFilesize
2KB
MD51420d30f964eac2c85b2ccfe968eebce
SHA1bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA5126fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8
-
C:\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\1.pngFilesize
23KB
MD51dd55302c74c0d48290a20e4472db1d6
SHA1c13e9e49e887b788ba20f9dee5d8eaf0f6b91a6f
SHA256edfd0a4ed2e6014b415aea57e9a8f3b87b781c09609aaf8d4f269f820706b61a
SHA512b2468db76eb88c5b1fd293ad27b7b4c2b260b6ddb965ba189997251c318a7a33357304178a16d5400fe21901f3c40a2879ac044b20476d53a5bebd9c48e479db
-
C:\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\Installer net.pngFilesize
11KB
MD51c5bfe3b17ae62449e5f9e42b762f33b
SHA147f77205abb1318baf5e3add0670b7ee9fbb8f24
SHA256567a2d3cea865f672b63e6ff44fc7091173a79fa840c9d20286ecd5429029823
SHA51207e8c8f38e4e8477248092656af2e6844e325e301647a84efd2435d9cf3e5876e17dc1baaf18435f7a90459a6ce35b47fee36f3098b74604e48c87072210cced
-
C:\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\Portable.pngFilesize
23KB
MD589475a0f65e50ee9c484967ebc348ab7
SHA106ba9bcdada628fc6b0a77437c8f700004ae4648
SHA2565f9ca566d37e1f25d19bbf5f885862808cb6b3d1a4dbcca5af812a58ae6fedf9
SHA512d062a31dc8cacc15159e96b18f8aaa01c4457cacc7e0f6cf78b78bc30600dadfc3d12932d6ba72b03197df7d3c2d86757c474774bca3c430d7d0c8710713b0c8
-
C:\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\eng.jpgFilesize
704B
MD54ad999118697c0735eed9b5437e2ddd9
SHA16f4c6026e3e31f8eaac4ab9ba633cdc64541a2c1
SHA256ee6d8d45a073ff7c69012cf34b1fa4dafed071e709f64143d57a42be5bb6e7f4
SHA512bf62bca3fa087cedf89c93a2a4952922e6ccf4c1ad356e68db33aae59bc10309fc37d778180ad20f48c8473a9c44fde3614a19c7e762c85588af0ca83c93ecaa
-
C:\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\port neaktiv.pngFilesize
11KB
MD5893aa141cf93c75adeeb0f4e7ec917bc
SHA136bb3105e25671d2aa0da41e6f906f5bc24119f9
SHA256f87de21bac4f7ee32d32f65c6754f57057bcb8b00376f13a9275e86b722c2fd9
SHA5120a630b83b4ad69ccd0a5d48999e8702e3d8e72208a50e0b3efaecaca87d71995b8bc55c1a19918cff75710ad086d552a57bd1e861e7db2303959dc3ba2e7fb87
-
C:\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\stac.pngFilesize
15KB
MD5eaec12cf0e741d23cbf1a100e7dee23e
SHA1d4e20ea202eccedb63c35ee138726fadf16abd9f
SHA256b38e0315691adf47090665ec21aee0c0cb5014246cfe0edf0c1f1ff36c45d2ac
SHA512344c5f14efc854f579e925928ff3b95e213f4cf325e1d80359d7ea756b11f11d756338a921a370f6308abe78981f8f5808f4941b4646d31c7ee1819bb8216c50
-
C:\Users\Admin\AppData\Local\Temp\is-5QMR3.tmp\Bandicam_v7.1.1.2158.tmpFilesize
1.5MB
MD522fdea6634bf03f8b7e6080bff43895b
SHA1761cc7eab102003d6d1583dd1cf33e67e34a9cc9
SHA2561316becab4026dc52126f0e1f82cf2822ce3eff5fa56507d39a5e3449bf182f4
SHA512acf4a57a1240e1657cacf9ca08c37b2413aa97e4e98147461e7d7f22228e184d7833b38e4e1579d62eb264a6daa5896f7d93c57fe230c9cf336c0f441b46c3d1
-
\Program Files (x86)\StrLocalGate\Bandicam_v7.1.1.2158.exeFilesize
30.3MB
MD5b8e04ea04a5e49c3cf1a4abcee368647
SHA1bc9870fe7c65dbb0aca3918c53534f97a3f86f49
SHA256c8e16032aade990ebf98ee2d7aa1c5306cf352a16386babcd859726a0ed67322
SHA512536b1f7a376df68b544be6c4d107c37783f79bf6c62fdf86aa925b74a0e29f7136fca5770b1b4d60ade728d8e00b8c628019fd56a0470c60c6dbd34704176e1b
-
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\67885\Caused.pifFilesize
915KB
MD5b06e67f9767e5023892d9698703ad098
SHA1acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA2568498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA5127972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943
-
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\67885\RegAsm.exeFilesize
63KB
MD5b58b926c3574d28d5b7fdd2ca3ec30d5
SHA1d260c4ffd603a9cfc057fcb83d678b1cecdf86f9
SHA2566e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3
SHA512b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab
-
\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\_isetup\_iscrypt.dllFilesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\_isetup\_shfoldr.dllFilesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\botva2.dllFilesize
41KB
MD5ef899fa243c07b7b82b3a45f6ec36771
SHA14a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe
SHA256da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77
SHA5123f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8
-
\Users\Admin\AppData\Local\Temp\is-0H80L.tmp\iswin7logo.dllFilesize
74KB
MD57363a2a5949c9f613cde458b89deecb5
SHA1fb25bad5d2625210c4cb47a9c24b853e63d52ae0
SHA256196390762f6393024e0c5d33b037d497c5a8cfdd6c406719c05b0081d7e45cb5
SHA512323f8eb42f355a0dc2df2b5b2d7711842c688f770e4ea8cb671228c60e8f2dbd92468e248a824822a08ee557075b7aaa8e42ca7b870f49c4385c6b2e9227a021
-
\Users\Admin\AppData\Local\Temp\is-GCI01.tmp\Bandicam_v7.1.1.2158.tmpFilesize
3.0MB
MD59885ab752261a129fd7da66832a655a0
SHA1510dfd3c2295fdc3dc96e5f53b73d2df8b9dbb69
SHA256d1d85d70f53b3a2df3c8ed47c0e1292344181eb120d2407c34fbf121eae95ef4
SHA5124caabf20a7696fd71b17834d4611d6610a782bcfda334e2015ac447cd73a1abf7df92a939ce7a50d4781b1ea2cdfa2b673c34e925bdcc9f57b53d9b84e4cd6da
-
memory/2372-76-0x0000000000400000-0x00000000004D2000-memory.dmpFilesize
840KB
-
memory/2372-2-0x0000000000401000-0x00000000004B7000-memory.dmpFilesize
728KB
-
memory/2372-0-0x0000000000400000-0x00000000004D2000-memory.dmpFilesize
840KB
-
memory/2472-84-0x0000000000730000-0x000000000073F000-memory.dmpFilesize
60KB
-
memory/2472-693-0x0000000000730000-0x000000000073F000-memory.dmpFilesize
60KB
-
memory/2472-692-0x0000000000400000-0x0000000000586000-memory.dmpFilesize
1.5MB
-
memory/2596-701-0x0000000000090000-0x00000000000E2000-memory.dmpFilesize
328KB
-
memory/2596-703-0x0000000000090000-0x00000000000E2000-memory.dmpFilesize
328KB
-
memory/2596-704-0x0000000000090000-0x00000000000E2000-memory.dmpFilesize
328KB
-
memory/2704-20-0x0000000000400000-0x0000000000437000-memory.dmpFilesize
220KB
-
memory/2704-691-0x0000000000400000-0x0000000000437000-memory.dmpFilesize
220KB
-
memory/2888-9-0x0000000000400000-0x000000000070E000-memory.dmpFilesize
3.1MB
-
memory/2888-32-0x0000000000400000-0x000000000070E000-memory.dmpFilesize
3.1MB