Resubmissions
03-07-2024 22:59
240703-2yn7wszhlp 1003-07-2024 16:13
240703-tn93lsyglf 1003-07-2024 16:11
240703-tm84xsyfma 1010-05-2024 16:25
240510-tw1h5shh47 1024-08-2023 11:16
230824-nda8msdf8z 1005-08-2023 22:52
230805-2tn2bsfa82 10Analysis
-
max time kernel
1794s -
max time network
1698s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
03-07-2024 16:13
General
-
Target
Archive.zip__ccacaxs2tbz2t6ob3e.exe
-
Size
430KB
-
MD5
a3cab1a43ff58b41f61f8ea32319386b
-
SHA1
94689e1a9e1503f1082b23e6d5984d4587f3b9ec
-
SHA256
005d3b2b78fa134092a43e53112e5c8518f14cf66e57e6a3cc723219120baba6
-
SHA512
8f084a866c608833c3bf95b528927d9c05e8d4afcd8a52c3434d45c8ba8220c25d2f09e00aade708bbbc83b4edea60baf826750c529e8e9e05b1242c56d0198d
-
SSDEEP
6144:vU9Q9tD5WuDQa4t3BMgLkzvCOnYxcEaSAOPou8BWinO8DR:8Q9tD5WyQlBBVAnYxRhr8DR
Malware Config
Signatures
-
Creates new service(s) 2 TTPs
-
Downloads MZ/PE file
-
Drops file in Drivers directory 3 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 6 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
Launches sc.exe 6 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies data under HKEY_USERS 46 IoCs
-
Modifies registry class 1 IoCs
-
Modifies system certificate store 2 TTPs 5 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Archive.zip__ccacaxs2tbz2t6ob3e.exe"C:\Users\Admin\AppData\Local\Temp\Archive.zip__ccacaxs2tbz2t6ob3e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\615A.tmp.exeC:\Users\Admin\AppData\Local\Temp\615A.tmp.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Temp\WCInstaller.exeC:\Users\Admin\AppData\Local\Temp\Temp\WCInstaller.exe --silent --partner=AE190201 --homepage=11 --search=7 --campaign=2922⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS0B3B1F1A\WebCompanionInstaller.exe.\WebCompanionInstaller.exe --partner=AE190201 --campaign=292 --version=8.9.0.992 --silent --partner=AE190201 --homepage=11 --search=7 --campaign=2923⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exe"sc.exe" Create "WCAssistantService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto4⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exe"sc.exe" failure WCAssistantService reset= 30 actions= restart/600004⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exe"sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"4⤵
- Launches sc.exe
-
C:\Windows\system32\RunDLL32.Exe"C:\Windows\sysnative\RunDLL32.Exe" syssetup,SetupInfObjectInstallAction BootInstall 128 C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf4⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\runonce.exe"C:\Windows\system32\runonce.exe" -r5⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\grpconv.exe"C:\Windows\System32\grpconv.exe" -o6⤵
-
C:\Windows\system32\net.exe"C:\Windows\sysnative\net.exe" start bddci4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start bddci5⤵
-
C:\Windows\SysWOW64\sc.exe"sc.exe" Create "DCIService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe" DisplayName= "DCIService" start= auto4⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exe"sc.exe" description "DCIService" "Webprotection Bridge service"4⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc start DCIService5⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh http add urlacl url=http://+:9007/ user=Everyone5⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dl87jmsy.cmdline"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDDE1.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDDE0.tmp"6⤵
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --afterinstall4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fxebem4f.cmdline"5⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF4B5.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCF4B4.tmp"6⤵
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Search.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Search.exe" --searchConfigPath="C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\SearchMetadata.txt" --eventConfigPath="C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\EventMetadata.txt"5⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\netsh.exenetsh http add urlacl url=http://+:9007/ user=Everyone3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PROGRA~2\Lavasoft\WEBCOM~1\Service\x64\bddci.sysFilesize
781KB
MD52a241af18d9f0466aff6cd77c1561f9b
SHA12c6bfc8e583ed026fdf9ec01265d99e22d39305a
SHA256528804013487cdb1da617e512d1de68060602887bcc8a7822bdb1346a2995ffd
SHA5126779667bb57c87fdbf4dee57682e7851b5ad5bea39deb09fcb596ae48eb571317749ff59e825f91bd57527dab7477deac5b24bdbd86471844fad36876c08dd28
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exeFilesize
8.8MB
MD52c178ebc4ac7466f63236e00d9e77b54
SHA16a5152b6c1fa9d5856c0ab2deed4c9912d05d9a6
SHA25655b1802b3cae0d58ef5d88b3b9a61f6635d8d568dab2bee7f2aed392a91ab0f1
SHA512ffc647865e75bb5b54b9bad5d218121c38ab8c7abc8b8770a18956a9443766c45820f19c4dc56008792f27951176449c637ca37998310efec44a644509bf4237
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe.configFilesize
18KB
MD5feed0f743db90fbc95e33f081b50acb0
SHA1a2cc752167b06ed562c6ec00a4f994d8a59ad7f4
SHA256a1f55fb8a5e389b7727a683b2265c678d903a4f9cb08272afbd922f41f18d7d2
SHA5125d627768db6ce3d1a100a6a72e40ca477687e9785efa9f78c23d375889ca8c748e432f5c25323d22f600768490da25e7803e804b5b62d2f89696a5c1db972241
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dllFilesize
316KB
MD51a1d345ebcb496b35ae1b181c68279a6
SHA1d093b3eb5dbbed216e5e520cb711826529b0f80a
SHA2565b154b0e14e94c3d2d338e997e9cec60e67b99c0ba70e0a52fd5c09af6935c24
SHA512d9c7a4ad4dd9b4acf2b5ebed6e6207a2ec0c216d6eb29bc791746306f1f5a7aa1bbb43e74fbe886eaa1c6137c1e28b91d8a02cff636e85ec8e92d2f0c66f8229
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exeFilesize
3.3MB
MD53827ca1c0ec114a29bb576bef431f070
SHA11189dd380f160046de9f5f2f1d74459958f31a4b
SHA256dd45886108aa85350feaa6d9fcc6c922b0874dfa18bbfe23111cc8edcb37fcb1
SHA512480b6a1fc02fdec7fc2316f01b239bce98a6d8152770d329ddc4bfb37e2e00a7987a702900523ccc0380caabbee38a404683dbb20fe9c9b9456083559afb8218
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.infFilesize
4KB
MD5e8b58a307f96dc9ce1eb2729f86e13b0
SHA15cee60f070930dc971e4d35d48e30364f623aad2
SHA2562c9a7118ef74c3b168663c8ec6f3a7b27653896e193129ed0bc5e9aa55a0afbb
SHA5127cd9fe7bcc8c8ec1466acc1adc7ab8c9ab6bdaf7c7c27dcc6c0cb43bab741f2519a88647ce43f74d7e9caf4ae39ae172dc639ed1b2027b9e8f15f35353613d91
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci_core.dllFilesize
1.5MB
MD513efc649989e224c8346c52ae3cc9a93
SHA1bf907fee6fce0745601219f3faa89bc2c08434b0
SHA256f994e407e9f78d521f335f25b7a4217fdcc4a5e6dc050fdf90d7870fda1e0ef7
SHA5127c6f65858e3803ab9abe075c2e257e322594b875bd6001be5a6c6bde0ab271844ccd7f869394666a2ce9b535abb46e0332697d2c19836f886241881a60697ce0
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddcihttp.dllFilesize
2.6MB
MD553f6774df73cc44d29f354aecbdef948
SHA1894158c553f39f8000c858c84ad772714e215d75
SHA256d1130318e699b81f1918f468a8b49c9be7b8b4293c1078da4a17dac6ad999ec6
SHA5125151804071c371fe2458c2fc67441441b01602a529582bed48b0e0226e051f933981dce1f84e3ac0f2ebe608b463fe1e9c226d058edd3bf6c5b35be9e8a9e234
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bittorrent.dllFilesize
106KB
MD574d7799c00c804296c0f1b99324b513f
SHA1527380e0e44c9fd8ca5f73d103e8e9f56eb13142
SHA25666c0b9d01afab9db8f87164c747dc6bdd05ffae25092ab4627a8a47857118ab0
SHA5123140d32d4199cc246fddb292400ec31bcc098e18349d9991828fc1462f7cd6aa3a0666037e569511b37b1cb6baf34c94be2fdc70a9685125a72fdd44e427cdac
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmdFilesize
49B
MD595e8c6cd0a911f1ab4969c06b8cf77a2
SHA1be1b1f8abd0420f59ecab7bcf8120cdc2ce34195
SHA256de795f6d8591577054813bee79e7c5b4ee13360039d29aa73971c6b985d26ebd
SHA512e5eefaf761be7bf3cea207e22e98398093fa0a9d3b459af7df22bfbf07755816737a7b8b261acf01aec8b10b5d8f0d90132a4ecdd83c242b2cde883039fac1ff
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ftp.dllFilesize
121KB
MD5b7c081f03a50c391f5b22a0ee16b8a1e
SHA12fa63728dddb2e25f69adf0e02cbd75d053a9965
SHA25642ccb6c597d0952042c3d3fdc0027634c3e9d118706a286277a32a7f6af6bd30
SHA5128590e537d7df9523f934cd4bb18c7515d89e74fc8b3e8e35ce70b368c9a99659bf59dedb020fb470cf8577248f607ed271d52107015cdffc8a0a9f7e8ac2880b
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\http.dllFilesize
189KB
MD5c0d7a16ba0340ffaeadedb5fd82f6984
SHA163ac374a7322e4ecb9b8fed7e67ffcf01b71fc75
SHA256e07a6f752e45e3240c95cbb890b22a154b1cca571c17fb57f11ef0b86108a7bb
SHA5123e50f009b7a43d2fb58f28f0eaab4555d9fc68ed72af970f6a6bd875dab30b5ad32300e95ac570ddf0d925499e709457ea8757033580493f4bbae14a20d06c42
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\lsa.dllFilesize
106KB
MD5f89b978400b6c035f975efc6ab7303a8
SHA1173f9f2bc814b19870c7b98057c948b0292340f9
SHA256ca621b67c0aa1fe669c99abc0ee1a52807321f5be4092bad7c49d4291c194b7c
SHA512d0fc9d302ee3b8be6c65ccb2a2d387a1a914ed9a453ce0cad6734f2c9d59a0ea8694e39b81382ee7b6f6c61b96db81f7ad1c227727b65a5a61c0471a35c39e33
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\msvcp140.dllFilesize
576KB
MD5e74caf5d94aa08d046a44ed6ed84a3c5
SHA1ed9f696fa0902a7c16b257da9b22fb605b72b12e
SHA2563dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8
SHA512d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\pop3.dllFilesize
108KB
MD54617113b1fa666e743f899d3781483d8
SHA10a1dadb7051c5a5ed9d108f78f83ac2b21419a84
SHA25630af0cec58983ef5ccf2b30f074faad6ac348cd5fc88461c0b06977839a2c651
SHA51292d0cd9e51de702a04bc2948e2966219b16c1bef93dadddccf801c58c2da1dd22ac5b9651583868957098959beeca2cfdd7465edece1120e364935ff65184675
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\rpc.dllFilesize
107KB
MD5fd8770a4368acd38c18ccb0298dcf587
SHA1867772d872b84988bd7e9ea2271e470dd443874e
SHA256e039a7e9bdecaf697bd73a47da557e5582fbffacc53f9a185790299156c85584
SHA512e1123fa8cf304d082324cfaa5534ea34103226242cef1d6e1640bd2b343d19ae3bcec2302c3a6167c57f8196415190d86050fb55e2e6ba0d90aef189d5ca18c7
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\sav.dllFilesize
726KB
MD547b40a1348a6eda7087a6241858ef9e1
SHA1ca8ce0ba789baafc75b593fd8a98d4cf8afa4956
SHA256cd83b1612c2823488ea267e88fe91a2aedf6b278bafdd39ff673bed3add39d6b
SHA512dd43a1a08e0dd9386c0c4aa47c2e1a71a6ccd07dec1d70129c43845c5c32ec038efb617bec35320a467bbac77bad6abefd176c747b2a9113190d3e98d1b50130
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\smb.dllFilesize
192KB
MD5b4a0352a49d7661e64693765707a0a1a
SHA1888f7e14cc08ef0ff4f6557bc8ec3a4ac36d18f3
SHA2564295bbc2ce2ccb68b17df07b2364ef90b3bb802fc2f44c710b13c1477f424caa
SHA5128647121a5cfc25fb7ff46308cebe3c261927bac40d2fafe89c01945346993e31ff6b0369e2a686f9f4a16cc61b74c887ed670f30a1a21252e04cd1ba781bb712
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\smtp.dllFilesize
121KB
MD52b8265dfa5b53b61e875f7a83dde8680
SHA1fa3c87c02750700ac0d20d21b88a90b8122be8e1
SHA256748bac0cddaa20c4967f6f495db6b58f88fb675790c2039e211e42468afbe2eb
SHA5129011bc9b204db910f7a06f89928986f03df234df39309b183b3fe226677eb0c435f0b8c3efaad9689a5fa44bee034ec99b7af2c6fc3a2056bc0a4c0d4d9d5de2
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ssl.dllFilesize
178KB
MD59592f5912b31b62193656497e67a2d9b
SHA1b8a92656880a7016edcba43b1e206d83fe3847e0
SHA2565978dd53996bc3856d01010e4ddc41215dc9d7fe046961feabec419972ce94bd
SHA512ffab48be1db5cc30f61d88b3bc02e2ea30c8dcd44bfe9bed786bb7cd699dac8c456c1d390925c9a9ff2994a54cf98eee0e76984eba318792ec9838db1954b98d
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140.dllFilesize
99KB
MD58697c106593e93c11adc34faa483c4a0
SHA1cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140_1.dllFilesize
43KB
MD521ae0d0cfe9ab13f266ad7cd683296be
SHA1f13878738f2932c56e07aa3c6325e4e19d64ae9f
SHA2567b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7
SHA5126b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c
-
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.logFilesize
4KB
MD5e8e7ca9149f849cd92ae8d06f56632ac
SHA11805f2dc77f19d890dc58e0acc864f2dc9e67691
SHA2563afb372df31d88ed8b0acb3b0b8be28403ce3e5c965fba8f5eb21bad075c1894
SHA512a798c7aa955b5c71ef84a42fd1ec1c8ad8bb2cdc7b1d2480dcf9b1bd6954a211adc6819d6240b8a92bf20ff98937cbe887af38faac3917b32d375dd4cfe6032f
-
C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zipFilesize
17KB
MD580e1acb2c9fd443f4298bce8af7ccc25
SHA10caed9af7e3e11395246eb697b35532c6d752013
SHA2568fdb29858290d88f953e7eabbbbf6ef7362a54fc50108e9b148cdadc35ed3ac3
SHA512cb89672e2f7b5a596a9d1eb9df1a405c763e24a65d2c5def0ecf9671c5f22b207a48aa44c7e06179b93ecb564df4ed0f5edd26873e47985d99939bcbe034502d
-
C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txtFilesize
186B
MD53a84b19d25312c32acdb7e8a309d6ae7
SHA14055f1efcaf4b1dda8c00ee4b56ec76d2c392e06
SHA2569542929d61ed464e5f315efdc0cd471d4070c925b15eafe646c1e14577d4b989
SHA51280a1b4f1efcf7e230baa519204667c71cb55288904c69b17c38450ad9e5fe779d1c0f5dc3d68c81a23446fe0686d0bcbeba88f1d491314ec12e23eb935cb8861
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FFFilesize
812B
MD5c930736f83fb0cd4c01787bb61d2a04b
SHA1d27c3ff1a3aa66e33fec1ce6fa4f67f58946637c
SHA256643eda261db1c399eb61f8b90246037604ab319118ee648d06be862be2677859
SHA51212c640e68d15bf49924454fa147876d41500aabbbc4ab02f975b8f521c637ad2212c07263d9048f7d38bae3468865a485015f09921293a424aa9902208fa7abf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43DFilesize
1KB
MD5ee23d51d6c5d53d827eb79f4bf8032c3
SHA1a631c3d30797eb3145b468a452eab2bc1336249d
SHA2563f1be40de3b2194e90d11c585147a1da3e730bb76fa36e4ea3e1783c231eb426
SHA51276b98fe0bc2bc360fd8e4aa00393194f251bd3dc538cd86a550ecde0d43ecc8444bc32733f8b4143fa1015b5e4ba54256decab2a68f306816d3a0f22f72de965
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_684EE07DA693FF51901FCCD35B88A7C0Filesize
806B
MD5dc2daf7d2070aff0373fd30cdb89c910
SHA14a0bfff63b322c4d1e3f6a7245281bb613772ac7
SHA2563d38c256e312f9d5628e15822e927753aab0b3e99e369d933c4edfaf47c074fd
SHA5129240b5f9b5b95fb09576d7c481e37ed13f6d64c1279b9a639c3b2eadac701245fbf2a512e7ee20ab7519e936b61b4d823c28ad0cbf9a7a00a18416009bde8e82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FFFilesize
540B
MD545e77d0fd02621fad1e0e122f737a9b4
SHA18264ddb79eafe5dcba83abd3b83a299b98ff2ba8
SHA2566e3c26a6a5fb876b2f27a9654f594f8a029b5d9f8c26f130bb6e44d124df0373
SHA512d045be2ce6953161fce7a73bb8115366e79c9a7e1c01faacfb8ec3e02b89fca0131b420f957382bbae5d95ceca00c99f25466c067dbc6f4ef5366be49fc7932f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43DFilesize
528B
MD50cbf38c57faa3c18ff05a59fbf3eee85
SHA1d10319e322a74df67e05962ebc51354c86e69ed4
SHA256b1507b1ffd28a5c9b0dea1aad7aa34f56ba8e3a5b194f825f4390ffc44ca995c
SHA5125ed9fcac0033b894b528063cacc9d17e3fa9890eb3ae760fa8fc700b84be759b956fa437b35d656f50d2f0a0b0bbddb38fb2d4e562e82cdc8cdeb8b7cbcddace
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_684EE07DA693FF51901FCCD35B88A7C0Filesize
540B
MD5868f554da75335d81ab0a23ea177782a
SHA16f0eae4dcef04ce3da1347f6655cefcec77de681
SHA256f34b1995485e4b4ad2873e479eb6563b725a72bb35d4e817d871dd198c5b63f9
SHA512a5df72fa69dbf325eeaf35f756ed863146b0c468752d0b28b668f2754f68a36f5532c02da0337e53343b2ec14e3898b0129c3ef7549ad0a92fab86d5d30e041d
-
C:\Users\Admin\AppData\Local\Lavasoft\Search\Logs\search.logFilesize
4KB
MD5ccf088c702dd60488e586db236d64c36
SHA17cfd7d3cea257e897306cb5a523feb61d4571e89
SHA25606d5e9da40f5ea0d07bf89c6e3e18efe0a803953600d1076bff4670d6102ea84
SHA51283a79b7526727e2980f00fc25cf07c60de4d7df9b02e71edc99127523884acd94db67f1149aee2f51b06975b4cadf5cc2d3262273a55d55912f93bdbf26c4af4
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\4ozw1dmc.newcfgFilesize
4KB
MD54e64b1264254b12e2c2617579d03095f
SHA12160148fc64085a2276a45e511b4cdceaaa0bc7b
SHA25637773898593fead05fe40e6964ea73472f333ed3fd0ea6e343e52bedba893d41
SHA51278f981986afd97df2e65c8d796d66cc0ba08d8b75ff98ede5501d8cafd377e7e11b963c75010af45b9a196355712ac8d3612a26578c6bc037d4839d04377be64
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\aixko9ar.newcfgFilesize
2KB
MD56c15347458c318ed60377c88eb2db718
SHA1c1a02db2eadb19e4ff489818037f56626b599a88
SHA256ae3e90cf9a2b00d7510cc83fb4f1d8a4810af13eefe7556240e749e5a849f5da
SHA512df679c8d98da443c756caad864f8499e92591a3a6503f2cb6c97b20c63c9e228692736de12fff1100f5d26fb1076c89897fa235a55926b5c5c402e2a3eadff84
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\c9bwzfb3.newcfgFilesize
2KB
MD5f0872e1ce6ba3ab5fc6738a8119bdde6
SHA10b47ac39f7aa40318eeb94295b6674d0e4871649
SHA256c44fbf5c231c32b63719d924863faaec8154d192d9dc18a4731d78e629c3b069
SHA5128ef5a5a3fcbcdcdd41fc91572ce5e6c71d13e5e2819fa9a267d017244bfdc17647dfad6732d1018b499050c4eeb820d324a8583678a2faa851bd6660554916b4
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\crcxk-wq.newcfgFilesize
2KB
MD533e68e1b64cb1ea9a476cc6bbe9626d8
SHA1add499993f5155cb6541b6256b6a0d188a1ed528
SHA25693e462f0aba85cb832ec0df612cd4403133d722b0c2b2cbdbedec3b98b07be96
SHA5129505c058550a8483a463a10b8cedf2688b68505e0311f06b78a4f72c5d9eaac7f5c09e3220705cbcb124be8402af6b45228daea8d36137834b1c0aa9e2e562d8
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\digk47pj.newcfgFilesize
4KB
MD55b2b3aa131cd5411222474783589a9d8
SHA1ec602a97f3f9f75255b279f42d9349061e382a75
SHA256f2fe4a4cab7b836f8308d852babb88eddaf2ae1714d844c2da268f590fd91bfe
SHA512364d2a30175ad36bcdf63b2965e481932b6b6d319a10efece04fd979003b5eabf6fd25ed32a6d2d7c708c0e340a4ccff2b2ffec720445a9e393f37710eeaae34
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\okxoa1cd.newcfgFilesize
4KB
MD58ce1a7bc52ff85650776fbc1639aafe3
SHA18e18d4bb1676f63eca421184429f1d6122ca5141
SHA2564c41ffd85781cdd5a23e314813b47804e17108f5d630ecd6ae1e0dca149a3f7e
SHA512fa7404e8638aac282fa613e0cf99e32523eab9e5ee1ac3d870d03d2dcac96f361e4851955b0ed47a320ee6dd1285c22b95557bee4937679e4d0eec4e7374ad59
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\s_qsoyra.newcfgFilesize
3KB
MD5a8e2d137726b4b5c06ec79af479a1a7a
SHA12fdf660b0e813a207934f9bfdaad4c0ebc5bcbcc
SHA2568262304018ff90edf102893353eca97e3ea00ab21e3c9bfee570e75fd1aab161
SHA512401e733c80ef297ad3a8ac5348e41577ba9e58c4fb3647ca9c08c2d09072e7a7786afbeb3dfeb40779f31d3687a435fdf421b807783612973d4240cb38a26f04
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\shop2mbh.newcfgFilesize
4KB
MD5ae54abf4755f8a58c42cd573f53a388e
SHA11c890d42562e90e01e66a7b116b0af13f90fc1ef
SHA2563860bc523a1d9d880696d2d18cca7f0eb239bcfba40c583c2e2879a483bd75e8
SHA512269623447b45b33cb21200062c4b94c35e8cabed2ba37147611c94af35f57ea2fcef3b6ef850ecb3a72aca8eabb7f691a677987a6db51fdd5c5e7dc0e9dfb38a
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\sjwjmyp3.newcfgFilesize
4KB
MD5f4fdac836dce561fbf7b2a4a4ef4e4c4
SHA11a2ae6748c3e5c5962f25238591aa602d9d7fff4
SHA2569ae271650dee149bde836ebcb3f0ee29f26f6ec4ff5610c3eb812461b31a6836
SHA512bf9ab4eb082b83071d51dadf68b2b2a2da56b6796228ceebf38e90de4ef1b35185516d834a7b7ebe551069747864350058d6a3d025aa7594ad632f1080bc1f0b
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\user.configFilesize
338B
MD50a35fbae99f45bc0dccdb777ecfd0436
SHA165e295fde91f90d55b107680e060895654fe66e4
SHA25619af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550
SHA512db3a0973a373c039603c750f0f196cbf65553cddb83739f1942402eaacbe178a775be87c4b034feb706830ae69d20158c3e3ecad8d5d3febc45146b487c3c42c
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\user.configFilesize
1KB
MD5e4308a22084be6f951aa99648cdbe1c2
SHA1dbef8d6b73e101397816c3ade09d4f156987a53b
SHA256f96bacba602816427d078505dea2b0423bd391313950e8b60258471d7372b446
SHA5128d1aa1380a5623d247fea0d8e0178cc1dbb61141c7dc45c095930a420a904efbf7f80f3febb5411cb8a152ee12e5e667f6466cf33de58dcdf89e0199fd959867
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\user.configFilesize
3KB
MD5827106b7d7ad422640e82068b60e4aff
SHA1afe46334743260aa2f570efae161b1b1cefc3430
SHA2561e4d247a9809d10bd751bdf470332ad4c7dd39d7a236df1a793f066295cd2fc6
SHA512f64dad918387aef552fd2e386f38c5de30a0165f7d891cb9ac91f51c8febbb459405928820ebfb2698f73920db078e683ce6528c8e82963191fd7c1f8d03f19f
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\wask9jj8.newcfgFilesize
2KB
MD50f52567ff36ee6655a32219f21b54887
SHA14fb341e09eaf176bc4e2d97f37a9de5d0c30872e
SHA25689deccb3a952f09d39de0a9644cf37fd83afdb4ab97b52d9e0a9935f8a6ed152
SHA512c44616767f441448cb32e40c3ae9c0f7836a726989424fa9d37c0f40af8779d8bb0f035b6763e7280063c3baa500dac59a3edf002195960cb85f53c2c9aa8c48
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\ybrij_3h.newcfgFilesize
2KB
MD5d6c1b6a9a7ab50210d072d26f95dd620
SHA174f555ea90e0fa763a5009ffade0746352785411
SHA256497e4f6f7473367230a882e094b8754cf403eb4cc6cd02babe9b6d24ea93dc55
SHA512b98dd04d165370c4f520eb6bcf3782feeca158a66236de4df26c5f7dc6131a06306dded9d9925bdb29597808cdab130ac0e70d711667f6a4f6acb7ffa913fdca
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.992\yzs-38gz.newcfgFilesize
2KB
MD596adaec59f57471887c44becadac0aae
SHA1f55c3fd9b55bb8525587edd7b2f17a96bffae0f6
SHA2563d066abde0d9cc5891b3b24f0e4f6117d759837a0bc3fb34bce89501c0549f1b
SHA512734db5a7d4eb544aef1748285e15bdcda3d4690b0725a81ed8e304f3bb05d14916cfca98b32283c97c9c9698156cf80ff042394b25a80a5024220039e6f4fd92
-
C:\Users\Admin\AppData\Local\Temp\615A.tmp.exeFilesize
149KB
MD5060404f288040959694844afbd102966
SHA1e0525e9ef6713fd7f269a669335ce3ddaab4b6a1
SHA25640517e822f3442a2f389a50e905f40a6a2c4930077c865e3ea7b1929405f760a
SHA512ddf8c53e1e1888084fa5422f297cc3ba9d97f7576c36f6b633ce67ca789127f7e259e9fb374fcbced66f883dadde0717d81ecce9776770bf07d8cf3b94b1a43f
-
C:\Users\Admin\AppData\Local\Temp\7zS0B3B1F1A\ICSharpCode.SharpZipLib.dllFilesize
208KB
MD5b4ecb8001f71894c1a17860476981441
SHA172d28f2aa50082a152cb6b3e25895855188fe9b8
SHA256e6133baa62122e214ab9c114e9fff73bf25956518907a88577a85c8fb88c561f
SHA512930e1b8181048790fffc1a5bd7f9dde91eeb757f1f8f35e01373f9414794963a53c03239b4ccc60b5c38049aba9e4db0ef5c166e278751c15c136a331ae495b0
-
C:\Users\Admin\AppData\Local\Temp\7zS0B3B1F1A\Newtonsoft.Json.dllFilesize
428KB
MD5eb259a0e2377f4c0bfb8712b773456fe
SHA1d9123b055df58e33aa2ab2f242b30fc6a37f1cad
SHA2564f9d1e187920dadd4e7693897f8240621e498ffd1709915c3b8394aaa1a34b43
SHA5121f6e7c2233307a90dda68eaaa4ac08848b0499b464d3a307390a4b95ec1751d00b923572f92588b55f049ae6f4282d4126d2425e5caf8a95c8260f7600dc574a
-
C:\Users\Admin\AppData\Local\Temp\7zS0B3B1F1A\WebCompanionInstaller.exeFilesize
456KB
MD5994672c2aa0d63930a0d8614bafeac09
SHA194dc5848fd00f05589707fece3f60b8840aed26a
SHA256c5a088842a698f1938c22f6314a141251282e32f263d99a6854c2d58fdee9272
SHA51247a0d7bf14b46cddc90cc1dab0add345e40621fcd11d97786b3947a04bf9acf1cd4cc304562a51c1f83b7b8422302bdf7f8dd23dd949ee6847850f5e911d6e4e
-
C:\Users\Admin\AppData\Local\Temp\7zS0B3B1F1A\WebCompanionInstaller.exe.configFilesize
2KB
MD58faad08d58b1207cff53b7dc1a35af91
SHA1e74f806a6cfea16c2e5c6c90ff6a66111b61cea8
SHA256091d2aae6d9f4a9b403e45ebc578e0cf27a08d16e9b8784e614c8710080f2cca
SHA512dc0cfe69c6a3f715875f1badbf44eb90aeb97ebb5fc7b9f3dd4b4f4561de4c403b086709730f4f11de0815828f212591bf63b0fc591e8445ba7a320c574ea2ea
-
C:\Users\Admin\AppData\Local\Temp\Temp\WCInstaller.exeFilesize
552KB
MD5bc4c25ffc19286961d5cc54dd79a6d2d
SHA1d1ca4a578a51946d38b0ceaf63a3a75c4b8fff5a
SHA256409960971e9e9e31121d10d5033f27ec07ac228e52c32873292f2ee8567a8eaa
SHA5120c4fc53d6d5fe5fa478f436616022a3c509d70a2d99714badfb945d88c6da9e005961b2d3409a124abdf5b5858001a0e385c58169c822f3b0d4cbd70327044a1
-
C:\Users\Admin\AppData\Roaming\Lavasoft\Search\ProfileInfo.txtFilesize
78B
MD57cb869443c6a671a4a21588155150475
SHA1fb8c43f47ed26b251354cab7be011974adc7b436
SHA25650560e7b3e0481bdfa9809006c92aa190844867a51454ad81ea2a06b216aa7cf
SHA512f167d08ef9699881bbcd067c135b8da27958e6fb4ffb0730e13480fa9e25a6630ea00ef7945f205322eb3f4a060e7cdd8ca1aed434258b932cb2d96b8584f094
-
C:\Users\Admin\AppData\Roaming\Lavasoft\Search\searchenginetemplate.xmlFilesize
1KB
MD5b3c45cbea8dd3685f189db517db7992b
SHA1e950121e65a194d735925fd9f8b6619acd735082
SHA2566b391592ade248e6dfbc9711cc78c3e91090999e131c620de3dedb3f83202f75
SHA512a3e2a6903c7a3daaeace184b1e54dad1b3896a62c3d613dac2b9d68bec12d9ed4af852835d1bc1432fddeff3fac1eaf567b2d8d4ea57a0986e647cea30f75b74
-
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\b_search.jsonFilesize
882B
MD5ae507c49cd5c982bcbdf9d5ac604edf6
SHA129f61ca09f1cc50c44b8fdff12d835a8ae991fae
SHA256e25d71abac19c752318230bcb03abe6f94c06bb1d84a41bc79f92e7987e4b6a1
SHA5120147818489acd0e0cc044cb8c0b537e61e7e4e8873f41f11d44f8bf764fd5382844f0f69660b39f559c7d0c5c4f31f4383b7daa267ce416180e7b0280902d97c
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.newFilesize
466B
MD579754ec8ba75bc34225fad54ef4b4156
SHA1e1af24dad9f76041215578830b59eca0568c4980
SHA256da1c5ca1e69fea379a72ddb7b3bee35dac2e18012c6a8ea7366fcea1eb4d3cd9
SHA512fe9efadde9b2b8a60a8fbc3a174688ec058b02cf091b91de2a2b961dae4bf30ef824ea19dde1994941f68316446368c3d965caf0c83205046415dfe6e5749c9f
-
memory/1432-883-0x00000000701C0000-0x00000000701D2000-memory.dmpFilesize
72KB
-
memory/1432-882-0x0000000011640000-0x0000000011652000-memory.dmpFilesize
72KB
-
memory/1432-1046-0x00000000661C0000-0x00000000661E2000-memory.dmpFilesize
136KB
-
memory/2096-824-0x000000001AA60000-0x000000001AE34000-memory.dmpFilesize
3.8MB
-
memory/2096-825-0x000000001B150000-0x000000001B286000-memory.dmpFilesize
1.2MB
-
memory/3728-529-0x0000000000CC0000-0x0000000000CE0000-memory.dmpFilesize
128KB
-
memory/3728-531-0x000000001A310000-0x000000001A360000-memory.dmpFilesize
320KB
-
memory/3728-553-0x000000001D030000-0x000000001D0AE000-memory.dmpFilesize
504KB
-
memory/3728-552-0x000000001CF40000-0x000000001CFB0000-memory.dmpFilesize
448KB
-
memory/3728-549-0x000000001CA30000-0x000000001CF3E000-memory.dmpFilesize
5.1MB
-
memory/3728-530-0x000000001A2B0000-0x000000001A2B8000-memory.dmpFilesize
32KB
-
memory/3728-554-0x000000001D140000-0x000000001D1CE000-memory.dmpFilesize
568KB
-
memory/3728-548-0x000000001C430000-0x000000001C520000-memory.dmpFilesize
960KB
-
memory/3728-547-0x000000001C3E0000-0x000000001C429000-memory.dmpFilesize
292KB
-
memory/3728-542-0x000000001BE60000-0x000000001BE7E000-memory.dmpFilesize
120KB
-
memory/3728-543-0x000000001BED0000-0x000000001BF32000-memory.dmpFilesize
392KB
-
memory/3728-538-0x000000001A9A0000-0x000000001A9B0000-memory.dmpFilesize
64KB
-
memory/3728-537-0x000000001B7A0000-0x000000001BD5A000-memory.dmpFilesize
5.7MB
-
memory/3884-698-0x0000000073400000-0x00000000739B1000-memory.dmpFilesize
5.7MB
-
memory/3884-349-0x0000000073402000-0x0000000073403000-memory.dmpFilesize
4KB
-
memory/3884-73-0x0000000073400000-0x00000000739B1000-memory.dmpFilesize
5.7MB
-
memory/3884-72-0x0000000073400000-0x00000000739B1000-memory.dmpFilesize
5.7MB
-
memory/3884-70-0x0000000073402000-0x0000000073403000-memory.dmpFilesize
4KB
-
memory/3884-350-0x0000000073400000-0x00000000739B1000-memory.dmpFilesize
5.7MB
-
memory/4284-1026-0x000000001C1B0000-0x000000001C4BE000-memory.dmpFilesize
3.1MB
-
memory/4284-1028-0x000000001C6E0000-0x000000001C6F0000-memory.dmpFilesize
64KB
-
memory/4284-1025-0x000000001C180000-0x000000001C1A6000-memory.dmpFilesize
152KB
-
memory/4284-1024-0x000000001BA60000-0x000000001BA72000-memory.dmpFilesize
72KB
-
memory/4284-1022-0x000000001BF00000-0x000000001BF6E000-memory.dmpFilesize
440KB
-
memory/4284-1020-0x000000001B900000-0x000000001B96C000-memory.dmpFilesize
432KB
-
memory/4680-510-0x0000000070DD0000-0x0000000070DE2000-memory.dmpFilesize
72KB
-
memory/4680-509-0x000000000DB20000-0x000000000DB32000-memory.dmpFilesize
72KB
-
memory/4680-684-0x00000000661C0000-0x00000000661E2000-memory.dmpFilesize
136KB