Overview

overview

10

Static

static

10

138b5cc8e7...18.exe

windows7-x64

8

138b5cc8e7...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2024 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118.exe

  • Size

    9.2MB

  • MD5

    138b5cc8e7dcd60fbdb99898982ed606

  • SHA1

    8157e5c44df485d4ab29e637e0a4783c1d07c154

  • SHA256

    237de1196f556a7b8f6d0c908025e1be7b5561cd9f7533f29d57076aec9176c2

  • SHA512

    97999514d2e1b259c729dc2aed6cf8d0e962ffae2b92d1cd028e34a104e50cf1e8faf22d73939ec4974129dbe5bea5326169028a69979b839b76eab52c4ab411

  • SSDEEP

    196608:Wegi7jbmj9kCADU91h+RXhKpBRGvMZU7nK2r2eTcuYH6TL:A+bG9ZADU91h+byRAMPOSPi

Score
8/10
adwarediscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Signatures

  • Blocklisted process makes network request 7 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 40 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3168
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM msiexec.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2012
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi /quiet
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:4564
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 914B1BB1EE44C0E27AA90E65AC85E278
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4580
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIC3BD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240632984 2 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationStart
        3⤵
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1468
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tm92mnmx.cmdline"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2168
          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
            C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCA08.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCA07.tmp"
            5⤵
            • System Location Discovery: System Language Discovery
            PID:3188
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSICB9F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240634796 6 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationRemoveFiles
        3⤵
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3888
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSID787.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240637906 52 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationComplete
        3⤵
        • Blocklisted process makes network request
        • Checks computer location settings
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Modifies system certificate store
          PID:2664
        • C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
          "C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
          4⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          PID:2324
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
          4⤵
          • Installs/modifies Browser Helper Object
          • System Location Discovery: System Language Discovery
          PID:4684
        • C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
          "C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
          4⤵
          • Installs/modifies Browser Helper Object
          PID:2616
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:3608
        • C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
          "C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"
          4⤵
          • Modifies registry class
          PID:1608
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:1584
        • C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
          "C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"
          4⤵
            PID:4180
          • C:\Users\Admin\AppData\Local\Smartbar\Application\SnapDo.exe
            "C:\Users\Admin\AppData\Local\Smartbar\Application\SnapDo.exe"
            4⤵
            • Executes dropped EXE
            • Drops desktop.ini file(s)
            • Enumerates connected drives
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of WriteProcessMemory
            PID:2720
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i_ztedq3.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2196
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA6E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFA6D.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:2008
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\93pmxgv4.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2528
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFBB6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFBB5.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:3632
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hc9ybqll.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:3612
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC62.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFC61.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:2588
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cw_fkh4-.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4052
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFCDF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFCDE.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:4532
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\a34moo9a.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1644
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE56.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFE55.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:2244
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\be7idgpe.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2828
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFED3.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFED2.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:4328
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ntekjefm.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2384
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFF6F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFF6E.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:4168
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\odlemulb.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4016
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3A.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:3888
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0ju4kzfl.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4708
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES135.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC134.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:3280
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zu-dpmml.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:3552
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E4.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3D3.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:2168
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\6m1lk6q1.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1624
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5B9.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5B8.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:5084
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5w5vbn9w.cmdline"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4956
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES73F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC73E.tmp"
                6⤵
                • System Location Discovery: System Language Discovery
                PID:5012
          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
            "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ccvgn499.cmdline"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1184
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
              C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF6B5.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCF6B4.tmp"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4776

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Browser Extensions

    1
    T1176

    Event Triggered Execution

    1
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Event Triggered Execution

    1
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Defense Evasion

    Modify Registry

    4
    T1112

    Subvert Trust Controls

    1
    T1553

    Install Root Certificate

    1
    T1553.004

    Credential Access

    Credentials from Password Stores

    1
    T1555

    Credentials from Web Browsers

    1
    T1555.003

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Peripheral Device Discovery

    1
    T1120

    Query Registry

    3
    T1012

    System Information Discovery

    4
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57bf1d.rbs
      Filesize

      112KB

      MD5

      223949cb87d61940057332fe8dac5a4e

      SHA1

      31b08cd58232c530489704ba50b24f03f6d2a7fe

      SHA256

      540ed694cb416e05cc0d6a84f4222d669a5bf9b842c971aa6bc42820c70c4f72

      SHA512

      ed34ea3c36f34eb3d8e31488fc1016c39c5d6460a59aebc10f7f53dffcd5cd02a5bcdee8ce45fb0007b9ba2d0ca1f7b8c60b2c545a65a0b42ab9a8189e1556b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_9B88354DFF3A5C91206CAE61594DE60D
      Filesize

      5B

      MD5

      5bfa51f3a417b98e7443eca90fc94703

      SHA1

      8c015d80b8a23f780bdd215dc842b0f5551f63bd

      SHA256

      bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

      SHA512

      4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
      Filesize

      398B

      MD5

      e482b01b9191f7608f67b1bf80a850dd

      SHA1

      8a112288f85dd781479356fb089d59875d9cf863

      SHA256

      0a1c997224fdcea7cd06ea80ecacaa2dbedeae6deb1f7fab99f36448ff0baaf7

      SHA512

      0b0a00e52bd0798e3cfa5db2e451fd24783eabb733e397762dd162ad4997984b845d37fc6558255aea5031ccf06b5b7c04dbae9b4895df08bfce2441ca5c0787

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp
      Filesize

      114KB

      MD5

      242b4242b3c1119f1fb55afbbdd24105

      SHA1

      e1d9c1ed860b67b926fe18206038cd10f77b9c55

      SHA256

      2d0e57c642cc32f10e77a73015075c2d03276dd58689944b01139b2bde8a62a1

      SHA512

      7d1e08dc0cf5e241bcfe3be058a7879b530646726c018bc51cc4821a7a41121bcda6fbfdeeca563e3b6b5e7035bdd717781169c3fdbd2c74933390aa9450c684

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rundll32.exe.log
      Filesize

      491B

      MD5

      8e28079704db4d073e6c39636eadc0e0

      SHA1

      210a60b4d7139f1779c41babc4c7e7c6b71f26cb

      SHA256

      34462d5da310b13b1000c3ab514350bc17395de96f9bbe4ec161128ca1171b84

      SHA512

      a6bf25f6440d549e2547016f01dd16345fa04655d36b225e87a96bce43195f80d82a1664f001c5ed2db2cd155681ab8cd913834d96e9459ff342012857deff91

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\Application\jy8wz5uo.newcfg
      Filesize

      12KB

      MD5

      d67161fe4e747820c6190cd377b2a722

      SHA1

      f6ca2cc8a7a1aa2c837d469e8c350f8cf3bb196b

      SHA256

      f14497334e47dde9f5293043392d60d1acb06c2a6953a715f6e3bcc6d985bb90

      SHA512

      45863186089f07172233d8572f41a5271df77ed5488069c327771134d109f6b360160cd63078f8acceb7bd85501c20926a4ac4ff97c977678b5ae6095d1e1678

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\Common\icons\30DFF8F0-BA79-4360-A3EA-51B6D006133CPress.png
      Filesize

      4KB

      MD5

      5719ee7f6521ae142f0557f0706cded1

      SHA1

      a1d5694197827967aea5b3ccc88e2f91d465c283

      SHA256

      0a2ae8f3e9aa552748cfeadaec055778487602e7f6d4a6c2a221fe1fd496bfaf

      SHA512

      cde76dada9e798a746d7ae23ee189940a6b7660805267a9221501c5c911a89b298005f111622fae7c886e810e23f83b77d47fa75793d19441246eb775a2f2bf6

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\Common\icons\3C610B86-19DE-4757-B46A-871C9C27FF0APress.png
      Filesize

      4KB

      MD5

      2768222689e3585d609b5a2afc1ba52c

      SHA1

      ee522df6b2e365857bf6be58ac7150cbc71cfc9c

      SHA256

      21ee471e79b0a646735e132bc1f0c48f464677127b105426e00b160a554de6b0

      SHA512

      56527749dca471af92eb4166b2bb6f1ca4cbf07c8d7e1a201378467f1d08efe5fd913715bb995d35c7d511b2cbdc9469d79baae7ee4bab619e4e11753c3505e4

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCBpress.png
      Filesize

      4KB

      MD5

      e6ab030a2d47b1306ad071cb3e011c1d

      SHA1

      ed5f9a6503c39832e8b1339d5b16464c5d5a3f03

      SHA256

      054e94c94e34cef7c2fad7a0f3129c4666d07f439bfec39523dca7441a49bd7c

      SHA512

      4cbb002cc2d593bafd2e804cb6f1379187a9cae7d6cc45068fda6d178746420cc90bcd72ba40fc5b8b744170e64df2b296f2a45c8640819aa8b3c775e6120163

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\PublisherSettings.xml
      Filesize

      15KB

      MD5

      842c4fe0b4d3e0604eb996029e8b4b97

      SHA1

      30cd87837950dde8328ac5f6be7a40e8b47b85be

      SHA256

      a22004d015dffb215c1420f06f74c270d595d7eb1a2078d1a19b02479041fe1d

      SHA512

      400d3710c3f118b2ace7e0950f98dd564946e0fd0e31d6b34876caf8e7b5d3554a66024d2d25234fb389673bef4a987baf7eadccf1d3b82a0a8262c016c29f3f

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xml
      Filesize

      2KB

      MD5

      1b0915c9eb2b2e96c24f9d3d96a755d3

      SHA1

      16bdf6791b13bafb184f972ac1af83f0f4219eb0

      SHA256

      2fa60b06a33e4353002624ca51fdb767d47069c6025a4c17a907bd594fc00902

      SHA512

      fd3eecdfdfb0af5c06c837a316c9846ec45d5ee4d8f5c851e05647104c7bf67262413dfc2e1468eb470e5bb22bb68b1b949a318b28b21a0883c2cf4d14a8129f

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.830\hb6idyee.newcfg
      Filesize

      600B

      MD5

      76412c38d15231f6c6b2471109d0caab

      SHA1

      578ddb998112979692bbf3bc70231880da0f07ea

      SHA256

      0c3969e23f21679787757b79b788c3487fbde3c3d604729ac46dcf7352c50d0f

      SHA512

      d8eea5d55609fefa5c52daff705d117eec919e5197f743049e3e8750c2a7edf3c31bfaa5ad997c18f95e9af8d6793a56c2ff2c29e12d2eb6383016c333360871

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.830\user.config
      Filesize

      471B

      MD5

      295825c64304a385d2addff578a49c2c

      SHA1

      87f5b1f16bffb39847e7ba4e34c55181696d71dc

      SHA256

      a95a1c1972efd52d8e6e4fd0e207a23bdd0de1c51ee72612bb0c23ae0dbd2384

      SHA512

      d9eba9f15082667b33167de60adec45597c331ff827448e5b628ed7238d813ced90a53a0aae27d4bf718802b0d2e8488489e84b3abedc2280cf4f564cb9ebe3e

      Download Submit

    • C:\Users\Admin\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.830\uzgrozol.newcfg
      Filesize

      535B

      MD5

      e18e27f1329a3bdbf9a0f4e91102e3cf

      SHA1

      34795301c403b7129c3bdb340a1c05efae915c3d

      SHA256

      e7c20ebc29abdad615677a34679f04b7a3435dab6f8379b0d9cb929138c42985

      SHA512

      ae111503f8bf5f66dd256a567a395468b0e6a598a029770069888dbd118c0fd316066d39a875c618b85d3774bf4294133fd1ae4cff70359c242510d0e6255598

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RESCA08.tmp
      Filesize

      1KB

      MD5

      cdc04b6f8b3ed7f75f9093a127b93d49

      SHA1

      23f6ec1f3c50b7a209489d34d0fe1af9f0a0106e

      SHA256

      ba6c897db1a0b9f52a87820199d884621d707fb372eb5014d58c2db0f4769218

      SHA512

      c69f0ccdd39f6ebcbfb1f4e3ba81abd3c185e2b4dc7dc037a58f9649556d5d5e59bf5516a9cf5e42392421fc32eb7c37f34725b4dd85a3f45a96c05df7b85b05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\smartbar\HistoryWrapperService.dll
      Filesize

      383KB

      MD5

      4693e209db87ea689c2dfae2ebcc371d

      SHA1

      ab0b0901cf45426d05262cc8e1e9b9418f4a0159

      SHA256

      338ecd0d1af2bb3edd27a49663a30fe9eca74aa99cfe078e0622304d1cef6fa4

      SHA512

      0ce991bddb2074f0246d957a6f2d7452918c88ed00b7ffb687c0bd54e8e3ec99606c5b87a20e49522203dfa296bdf89322afd2514f49aeb9f1d5abbb413bc437

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi
      Filesize

      8.1MB

      MD5

      7c0a5c2c273f7266369c6cb5ad305314

      SHA1

      c0316dbf07385f033f51758b1700089e06201eb9

      SHA256

      43944a61c24f4c3178856707054a4e25d52ccdf30aae5b8f9494497e34d26e9c

      SHA512

      d4eae25fe4e9638b0590bf9b4e34e58ad42f43fe1344408ba5811dc17aea1a6fa8bf2b940d03df33da8c26849fb87c11fc1698c490ee9e77ecf8c39cb2ad2acb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tm92mnmx.dll
      Filesize

      88KB

      MD5

      f2127a870bc24818d3bfcb91c53060b0

      SHA1

      79aa279fba79d78d00688decdc7f90e9d66e8aae

      SHA256

      5584b089cd4e1db31926ca6d523bab9ef3af9b883fb86bf88b675aac2b677abe

      SHA512

      e1649c36df400d76a13fb6cb13a48aa8bec2047dc0b40939cfaaf6157845486fbae613505fb221493c68f590d5c2d6f483e7ba1716e33ca5cb21b7807def5b4a

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp
      Filesize

      1.5MB

      MD5

      f4dac8512f2767c89b6ade353fe7296b

      SHA1

      9b591a77b0d7f53590a5143eb9c39be65a41b06d

      SHA256

      ae9d1e49f652e1132a7122399e792d7ebad1b550f65ea114eff89a8c8368548f

      SHA512

      43e81639da7c8135030a0667ed66e9c0acc9e8c7f6bf0c29ef4ebb6cd35b7540d527866af2cce59c0cee0c610b90f4d0fd4040ef2d9d738ebe7be019c07bde48

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Microsoft.Deployment.WindowsInstaller.dll
      Filesize

      172KB

      MD5

      34d4a23cab5f23c300e965aa56ad3843

      SHA1

      68c62a2834f9d8c59ff395ec4ef405678d564ade

      SHA256

      27cf8a37f749692ab4c7a834f14b52a6e0b92102e34b85ffcb2c4ee323df6b9c

      SHA512

      7853f1bc1e40c67808da736e30011b3f8a5c19ddf4c6e29b3e0eb458bea2e056fe0b12023ceac7145c948a6635395e466e47bdd6f0cfa1bd7f6a840e31e4694c

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
      Filesize

      77KB

      MD5

      7868ed46c34a1b36bea10560f453598f

      SHA1

      72330dac6f8aed0b8fde9d7f58f04192a0303d6b

      SHA256

      5c17864f1572acec1f93cf6355cfd362c1e96236dcba790234985a3f108d8176

      SHA512

      0cc913337e3334ff0653bc1fad044d9df60a8728c233dcc2c7f6139f14608740b70b57c25a9d2d895cbc4d59508779f342a72406e623d30365ae89fb2a3607ba

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Smartbar.Infrastructure.Utilities.dll
      Filesize

      12KB

      MD5

      89160109632ca3459a07c0eebd067021

      SHA1

      124a6315565903806b187d21b9f9d8db32eba3a7

      SHA256

      fa2e4147d3ff0e79a8cb2ce0fc965b7ccf97840d20325438488324fab5bc0f8b

      SHA512

      0d6ddd1a02601a41c2d158d00272258c76315d589ab115d656167af3d1c5f9251368c9e85f9a36ed9d2ddad39d73e541ecfc9425163342094d0ef72d02f6d33c

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Smartbar.Installer.CustomActions.dll
      Filesize

      140KB

      MD5

      5c579c4e45c6f515c06cece15b0e7a56

      SHA1

      c92a26439fb04afd860f74bed2cc4faac261c627

      SHA256

      f1323e4b76c0b423859d5263b3541241bb93b693ca5f7e71786664c93c22d600

      SHA512

      ddb219f3e6ebaed41242d03136ee8131c014332bf48233b64f1b9a62adc90ac99aa0d52c3172b6e4f6c8ea5da0e055ddae1bf30670f084c6be659ed98dbf3557

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Smartbar.Resources.BrowserHelperUtils.dll
      Filesize

      7KB

      MD5

      873932eeab6826a9a8a300cd9fc160b4

      SHA1

      ac82e4ea8c202419c07bedb5cd89a3f49398398d

      SHA256

      396a7855cafef41132972cbabe38f9d72707392cf9f2824b1be43cf4fdda22ac

      SHA512

      cb2c32ba6afd1bbff06aba92d85af78585236e080648c255734bf7edee937eb613ac848f059aa2a03d58cadfa1d509925b650d8576dd96843bd511988481e849

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll
      Filesize

      88KB

      MD5

      f91a5d59970d8b984b422c9b69346615

      SHA1

      124fad0d27bad34b2757a1353e1213fe25bcbd29

      SHA256

      51185b0e127a3284ed9c4104dd010f38e77ba2f5ead77bcecdab2020c4861579

      SHA512

      7840abe0e117803de0752c22f8dd47034dab6d47684e7784d0b2137e877b1dc5986cddd57afb4f27a5dfec855a7ca70cab5ff61daccd9a8eae335aa88a5396e5

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll
      Filesize

      103KB

      MD5

      f0d0c318daca7e1ff3abde442a79d25a

      SHA1

      da007f339272e1670d5d95f407f1cd23d4150375

      SHA256

      5fb6269aa8de327693ad6ad67b9eb3e996a896416597bb117585a57f7a0f9f58

      SHA512

      71bbff848461fe217e8ae814208dbe686dbb3532a6f8a2a6c43e7eb272377cc651ca6b6a13787ec6fd4b41848cb928f55c7f159735c0ebc2fbe01670c04209f6

      Download Submit

    • C:\Windows\Installer\MSIC3BD.tmp-\Smartbar.Resources.SetBrowsersSettings.dll
      Filesize

      154KB

      MD5

      d99745d1f4d8013efacb9c65527904d1

      SHA1

      8db5756bcc2ef4d1d1205910b9aa0ca5c907f0f5

      SHA256

      cbb016f9021e57cb1842e376e1e1d1024df53aa429d1cb9db9eb7a138f37ff12

      SHA512

      5a410d42de0ae9cb65bace93c42e2d42109cc5d8e2ed7403541b258d6ca1f3d56d2f2c61f7a8c3f39cfeb4c487f08f269642b068bd2d33e9b629d43c71fedac3

      Download Submit

    • C:\Windows\Installer\MSICB9F.tmp-\CustomAction.config
      Filesize

      806B

      MD5

      796621b6895449a5f70ca6b78e62f318

      SHA1

      2423c3e71fe5fa55fd71c00ae4e42063f4476bca

      SHA256

      09be5df7a85545fd93d9fd3cd1d6c04c6bfe6e233c68da6f81c49e7a35fcbb84

      SHA512

      081cf1dadb3a0e50f0a31ab03e2b08e80298c06070cd6f9b2806c08d400c07134623f7229a6c99910c6243dfa53c6e2c05d09a497aae1e701bc34b660cf9e4c9

      Download Submit

    • C:\Windows\Installer\MSID787.tmp-\Interop.NetFwTypeLib.dll
      Filesize

      32KB

      MD5

      5f999c68e7770881a9a6e045855c7995

      SHA1

      03d58c17cebf5075b9cb6091a286f414489b4f0b

      SHA256

      0ee85b7498d7ac0acfcfa9d65c7eec6e2c2191c21cda2d0047df395eee0471ce

      SHA512

      97f08f783a2473652fee4a3d22023e6ac9bccacf10e13a4aef1500cc0a4aeee19787d49f109f993ec0a643a9c7d7109de8a21e309319935c673208c617b73ab1

      Download Submit

    • C:\Windows\Installer\MSID787.tmp-\Smartbar.Resources.ProductsRemovalLibary.dll
      Filesize

      17KB

      MD5

      e1bbfdee0a3dc9c963c53443a5cf8963

      SHA1

      55753d0a7b1e49f3c09184623f674e60d7d10245

      SHA256

      0a6598e12d49debe47ea678e9a721e27b417e9af50e18093d48290aa679cd978

      SHA512

      d53c569eab2e313de3f723f84a7dd89f6876bbd8aacb467dcad74d3057f778473413f8efe8217a0a8373db54da55230481ce4ad84bee414d22c73fd62c217d20

      Download Submit

    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
      Filesize

      416B

      MD5

      5f1feba0665dbe67a16307270f85e959

      SHA1

      ab21b178f388588f1cd21f312836964504038bc6

      SHA256

      a54d4059b0d46f0e62cc23799af53552e52228960217872bd4c5ccf7446039f6

      SHA512

      4dd8863528b65eccf750adbec749abc99c323268bae9f1cd6b901e0e2d5c94ada9da9bfe26625333a31352d11c6c9235d688421b6d2f850264f4d43fd7fc3f4d

      Download Submit

    • C:\Windows\assembly\tmp\IVH9XWT1\System.Data.SQLite.dll
      Filesize

      890KB

      MD5

      0cad9f17eab4f29719b2defc90e42f27

      SHA1

      a2750221ccf7fb4d2c14744b073e84f4ab0e6831

      SHA256

      794cd3e7f0ec56d554936aa3d9f22753a605ed1130bf0c9e2c3c57f3e298f703

      SHA512

      c49a6b1296bfe1a578b52475ab124a96c0ef14dba0ffae680c5482881b68b83d728c58cd69429dadf3f0546785992e35fd26d20f2ff027ed5af4a34c9e055454

      Download Submit

    • C:\Windows\assembly\tmp\UPKSG7FX\Interop.SHDocVw.dll
      Filesize

      143KB

      MD5

      7155bca191991224bcbba5b5aa64b302

      SHA1

      b3d7c5b1d40d82d0000d4b82a1b8b6ed3fb60261

      SHA256

      7242f575e2414031cebbdae0b3f557300c4b6a521da63772b81d5f96661cc2ff

      SHA512

      2f72a0ab4914da0233ab180c57bc36c180fab6b66dff6592eddd02301eca2f54cadbaebc0c1a3140f41b4ec9a588ce4c450edd80b747b3bdc73a2d9531e4bfc5

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\CSCCA07.tmp
      Filesize

      652B

      MD5

      fd9164db1def9d8177ccef6b00d73c06

      SHA1

      d312f02022561b0eecce442fb303c039117ee0d3

      SHA256

      802d10fd60a08be6a7f3a16d0e3d0e48ef68834ed8bdef1eaeb939ebed9375a3

      SHA512

      a8497c3ef18723e9ddd8a9f2c8f6f0f80761c10be402531cff267cf89daa7ff835e0c7b3a7befe1a225bcf32d0106cedb1296c9bcb7b41d07cd68cd0bf34da28

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\tm92mnmx.0.cs
      Filesize

      187KB

      MD5

      144d5d043b00d613d6ae0215b79fc4f1

      SHA1

      456386473ffd3cf917a4a67adab5a1ff962c617e

      SHA256

      c870040596d07812d93905c698e503263aec04dc4dca0d8a214e03040086ed88

      SHA512

      de998ec94a07c7220449132e0ae4ffbec7b4dc2d6061071ac0cecedbb2089cb8c7e5261147719152ba3e3e8c4fd7041e345060bf2730c9d77c603b090bea7657

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\tm92mnmx.cmdline
      Filesize

      614B

      MD5

      94a713b669b873b60f2e2d146fc4a675

      SHA1

      95d70b25693e4217ca49e926168d74d2b0459446

      SHA256

      ffcf856756c11195533b163cce8c3048e98d0a55ef43cf641e28c00c786a610c

      SHA512

      dedd4cc0a69585cc167f094bfea5690b79e14ae2e6367b018704ea5606d0494c15c5798fe54209621c59399448f316f8182bed463c4354302417d8ce7b1d8215

      Download Submit

    • memory/1608-1131-0x000000001DCD0000-0x000000001E476000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/1608-1132-0x000000001E480000-0x000000001EC26000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/2324-1114-0x000000001E3B0000-0x000000001E44C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2324-1113-0x000000001F7E0000-0x000000001FCAE000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/2324-1105-0x000000001D1A0000-0x000000001D1B8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2616-1123-0x000000001D460000-0x000000001D486000-memory.dmp

      Filesize

      152KB

      Download

    • memory/4180-1140-0x000000001D060000-0x000000001D086000-memory.dmp

      Filesize

      152KB

      Download

    • memory/4884-872-0x0000024CF10F0000-0x0000024CF1116000-memory.dmp

      Filesize

      152KB

      Download

    • memory/4884-898-0x0000024CF1120000-0x0000024CF1140000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4884-984-0x00000000007F0000-0x00000000008D3000-memory.dmp

      Filesize

      908KB

      Download