Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.8MB

  • MD5

    542ee57c01af5be82d6f8ce3d1d9330f

  • SHA1

    0219e3b1c42045f73a41e977b02625c528321826

  • SHA256

    d1b6e19a825bdeeef8425c5ff8b5872744155213f66d251d20d0bb4f4cca57ce

  • SHA512

    2b8c9d6b5f496c889bb517f556ca786b2c7325f2a669b2b59ace5fcf0e3cbdde38bbc223a92b7ca9af2388a43d97c392911e4a1d4d386f41295b19a935a29811

  • SSDEEP

    49152:HtFr02btiDdtfmHnzQz6084x/zk+2liU0up:H3rvUfmHzQe0r2liRup

Score
10/10
amadeylumma9c9aa5discoveryevasionexecutionpersistencespywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 9 IoCs
  • Identifies Wine through registry keys 2 TTPs 7 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 13 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • An obfuscated cmd.exe command-line is typically used to evade detection. 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe
        "C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1636
      • C:\Users\Admin\AppData\Local\Temp\1007251001\Potwierdzenie.exe
        "C:\Users\Admin\AppData\Local\Temp\1007251001\Potwierdzenie.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:888
        • C:\Users\Admin\AppData\Local\Temp\1007251001\Potwierdzenie.exe
          "C:\Users\Admin\AppData\Local\Temp\1007251001\Potwierdzenie.exe" -c "C:\Users\Admin\AppData\Local\Temp\1007251001\Data\php-cli.ini" "C:\Users\Admin\AppData\Local\Temp\1007251001\Data\v3lib.php"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2364
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /s /c "wmic path win32_videocontroller get caption"
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1620
            • C:\Windows\SysWOW64\Wbem\WMIC.exe
              wmic path win32_videocontroller get caption
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:2592
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /s /c "wmic os get Caption"
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2796
            • C:\Windows\SysWOW64\Wbem\WMIC.exe
              wmic os get Caption
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:3012
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /s /c "wmic os get Version"
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1804
            • C:\Windows\SysWOW64\Wbem\WMIC.exe
              wmic os get Version
              6⤵
              • System Location Discovery: System Language Discovery
              PID:2060
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /s /c "powershell.exe -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process; Add-Type -AssemblyName System.Security; $decryptedKey = [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,163,213,160,88,183,28,70,69,161,166,184,185,210,199,251,71,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,164,0,140,179,67,36,186,227,71,81,18,115,59,231,0,126,78,189,83,183,213,6,53,188,158,120,163,24,40,98,9,224,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,55,157,94,242,61,76,197,115,172,142,89,165,50,134,34,245,212,176,68,5,65,130,139,170,158,197,18,4,214,242,242,110,48,0,0,0,19,255,182,224,175,162,192,111,145,218,198,213,52,211,117,241,125,216,74,238,242,136,170,209,100,195,208,9,12,44,52,30,87,33,72,238,75,21,51,250,41,185,177,228,47,133,193,59,64,0,0,0,116,58,193,223,180,162,62,114,157,222,136,41,223,73,106,116,199,150,86,146,88,184,135,48,223,31,217,21,21,191,53,98,241,149,49,177,205,187,151,138,148,63,35,172,150,47,237,171,9,155,178,161,239,81,255,55,225,28,68,29,190,3,212,35), $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser); $decryptedKeyString = [System.BitConverter]::ToString($decryptedKey) -replace '-', ''; Write-Output $decryptedKeyString""
            5⤵
            • An obfuscated cmd.exe command-line is typically used to evade detection.
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:600
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell.exe -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process; Add-Type -AssemblyName System.Security; $decryptedKey = [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,163,213,160,88,183,28,70,69,161,166,184,185,210,199,251,71,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,164,0,140,179,67,36,186,227,71,81,18,115,59,231,0,126,78,189,83,183,213,6,53,188,158,120,163,24,40,98,9,224,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,55,157,94,242,61,76,197,115,172,142,89,165,50,134,34,245,212,176,68,5,65,130,139,170,158,197,18,4,214,242,242,110,48,0,0,0,19,255,182,224,175,162,192,111,145,218,198,213,52,211,117,241,125,216,74,238,242,136,170,209,100,195,208,9,12,44,52,30,87,33,72,238,75,21,51,250,41,185,177,228,47,133,193,59,64,0,0,0,116,58,193,223,180,162,62,114,157,222,136,41,223,73,106,116,199,150,86,146,88,184,135,48,223,31,217,21,21,191,53,98,241,149,49,177,205,187,151,138,148,63,35,172,150,47,237,171,9,155,178,161,239,81,255,55,225,28,68,29,190,3,212,35), $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser); $decryptedKeyString = [System.BitConverter]::ToString($decryptedKey) -replace '-', ''; Write-Output $decryptedKeyString"
              6⤵
              • Command and Scripting Interpreter: PowerShell
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:948
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /s /c "tasklist"
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1636
            • C:\Windows\SysWOW64\tasklist.exe
              tasklist
              6⤵
              • Enumerates processes with tasklist
              • System Location Discovery: System Language Discovery
              PID:2160
      • C:\Users\Admin\AppData\Local\Temp\1007265001\2a24896e08.exe
        "C:\Users\Admin\AppData\Local\Temp\1007265001\2a24896e08.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1632
      • C:\Users\Admin\AppData\Local\Temp\1007274001\263332392b.exe
        "C:\Users\Admin\AppData\Local\Temp\1007274001\263332392b.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        PID:2472
      • C:\Users\Admin\AppData\Local\Temp\1007275001\b77846490f.exe
        "C:\Users\Admin\AppData\Local\Temp\1007275001\b77846490f.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2232
      • C:\Users\Admin\AppData\Local\Temp\1007276001\972652e036.exe
        "C:\Users\Admin\AppData\Local\Temp\1007276001\972652e036.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2108
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2308
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2640
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2792
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2748
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1980
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
            PID:2756
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
              5⤵
              • Checks processor information in registry
              • Modifies registry class
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              PID:2600
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.0.1351192982\1525943773" -parentBuildID 20221007134813 -prefsHandle 1272 -prefMapHandle 1268 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {422748ae-2c3d-4c73-b69e-e7ba9f54281e} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 1364 107dba58 gpu
                6⤵
                  PID:2060
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.1.1918436674\490777159" -parentBuildID 20221007134813 -prefsHandle 1524 -prefMapHandle 1520 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d83da49c-d60e-4d0f-95d8-b7b4391ec20a} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 1552 e72458 socket
                  6⤵
                    PID:1292
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.2.1468580830\1423485356" -childID 1 -isForBrowser -prefsHandle 1940 -prefMapHandle 1900 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d0b1e8e-aa71-43c5-8043-2c73d4f98740} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 2132 1a393458 tab
                    6⤵
                      PID:2772
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.3.1001880869\508660911" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88e6450d-5f9f-4b2a-96ec-c444c3e17887} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 2940 1b9ea958 tab
                      6⤵
                        PID:1372
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.4.1933152683\292462015" -childID 3 -isForBrowser -prefsHandle 3848 -prefMapHandle 3788 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fedcdca-0f37-4879-bfc5-78315b9070e6} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 3860 21459c58 tab
                        6⤵
                          PID:2724
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.5.1513003901\308835391" -childID 4 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a83a19-89fe-4b1f-a0e6-5dd83577537b} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 3960 21458158 tab
                          6⤵
                            PID:1612
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.6.2021076302\1938558026" -childID 5 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14d98f47-3b46-4db9-8ff3-2875bd9b96b9} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4132 21459058 tab
                            6⤵
                              PID:1816
                      • C:\Users\Admin\AppData\Local\Temp\1007277001\01260045bf.exe
                        "C:\Users\Admin\AppData\Local\Temp\1007277001\01260045bf.exe"
                        3⤵
                        • Modifies Windows Defender Real-time Protection settings
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Windows security modification
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2316

                  Network

                  MITRE ATT&CK Enterprise v15

                  Reconnaissance

                  Resource Development

                  Initial Access

                  Execution

                  Command and Scripting Interpreter

                  1
                  T1059

                  PowerShell

                  1
                  T1059.001

                  Persistence

                  Boot or Logon Autostart Execution

                  1
                  T1547

                  Registry Run Keys / Startup Folder

                  1
                  T1547.001

                  Create or Modify System Process

                  1
                  T1543

                  Windows Service

                  1
                  T1543.003

                  Privilege Escalation

                  Boot or Logon Autostart Execution

                  1
                  T1547

                  Registry Run Keys / Startup Folder

                  1
                  T1547.001

                  Create or Modify System Process

                  1
                  T1543

                  Windows Service

                  1
                  T1543.003

                  Defense Evasion

                  Impair Defenses

                  2
                  T1562

                  Disable or Modify Tools

                  2
                  T1562.001

                  Modify Registry

                  4
                  T1112

                  Subvert Trust Controls

                  1
                  T1553

                  Install Root Certificate

                  1
                  T1553.004

                  Virtualization/Sandbox Evasion

                  2
                  T1497

                  Credential Access

                  Credentials from Password Stores

                  1
                  T1555

                  Credentials from Web Browsers

                  1
                  T1555.003

                  Unsecured Credentials

                  1
                  T1552

                  Credentials In Files

                  1
                  T1552.001

                  Discovery

                  Browser Information Discovery

                  1
                  T1217

                  Process Discovery

                  1
                  T1057

                  Query Registry

                  5
                  T1012

                  System Information Discovery

                  3
                  T1082

                  System Location Discovery

                  1
                  T1614

                  System Language Discovery

                  1
                  T1614.001

                  Virtualization/Sandbox Evasion

                  2
                  T1497

                  Lateral Movement

                  Collection

                  Data from Local System

                  1
                  T1005

                  Command and Control

                  Exfiltration

                  Impact

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Ailurophile\Autofills\Autofills.txt
                    Filesize

                    86B

                    MD5

                    6617faf8f3d5a4bab9ed7e6d6d81e9ac

                    SHA1

                    47c5d229c3d06a26d685b7c3357c9aa1951ed676

                    SHA256

                    3d87146ba69810e07cad4bd64c1731d41a2359e5d97e47115ca467784fcfc7eb

                    SHA512

                    452f926f36be843d2b76cdd7079b058986620419bb093b563ab17435b95b05d865b6903124723b2c9a60a04114ede43ca6deb2694ab7ccbce4bf831b590855fe

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    25KB

                    MD5

                    f54a04ab962e1fc54ad6fbfc7f032b84

                    SHA1

                    a37f10ec493d06031cb5ec8ec0a14448bbf7cc95

                    SHA256

                    c4ae3366a76cf9f05a63b30a43bf6ddc648b95b22e35840607109d40ca4ee9c8

                    SHA512

                    87b66edeb17775d4560638c2eda5ce52265c219397a6e4a98f13c7ff7b302845fdc0b61e996ae6fc90c69aa72a2edf9d895cb83b4c6773bc95f3f279dd3ac3ea

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                    Filesize

                    13KB

                    MD5

                    f99b4984bd93547ff4ab09d35b9ed6d5

                    SHA1

                    73bf4d313cb094bb6ead04460da9547106794007

                    SHA256

                    402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

                    SHA512

                    cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe
                    Filesize

                    1.8MB

                    MD5

                    83b2ddd34dedeaf68fdb35426c383b7b

                    SHA1

                    2d11d73ccff1a20c02904504819a823eaa129fff

                    SHA256

                    bdc039a14dc690c16138ed84b2dfc550532cb60b4c2e359ce129132ebdcb286c

                    SHA512

                    b2d49d115c84bcd23ae67496fad9f222cb3a0158ea91fa25e57ddd4b8db5cb72413cf03b253bb5f4046c1dad021f0bf7a12c650f6a0d9934783a463792a45c58

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1007251001\Potwierdzenie.exe
                    Filesize

                    35.9MB

                    MD5

                    bb1c7286c327eafc7cf6a21492cdfa0f

                    SHA1

                    953bbd989bddc742a0c3de4f4320d0b39e558aa5

                    SHA256

                    8ac63cd639f78b172efc3c4cfecbe7dae3cd7f3dc245d31476187b0517c1babd

                    SHA512

                    a4f0aeaf9327e63f00dc33ebf3fdd60d35c20ee5f3d3124fc994367ca25913784e1a9a063c7722ae38ef3c3b52c53c90d55da1dd9252c5da96a86c78fd97fcca

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1007265001\2a24896e08.exe
                    Filesize

                    4.2MB

                    MD5

                    e1aad757dfacc743077c8e5f4502f65c

                    SHA1

                    df995b733af7477c630e7e8026e676b83f0ca1a5

                    SHA256

                    3ad8c88d84d5321bbb6dd6f8fb5b2cff5b8a57dad4c93077270187b2e9ada8c2

                    SHA512

                    63066b1442208a12e102655a56165b6b66137521a2887245e7d1df4adf77b57a2c744c506d71d02fa476a7d807f9f653d3acafdf902ec878a85d7fabcdf78f1d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1007274001\263332392b.exe
                    Filesize

                    1.8MB

                    MD5

                    4ef4e5ce9d34e265e89d281844d05cb6

                    SHA1

                    897a84b329075f9acba25a93fcfa433c13406abb

                    SHA256

                    7bdddb6905b7382116d2d5c06bddc1b7e1a40456e212177ba113efda62c5c831

                    SHA512

                    8f0494107edcc88ae16440016b83320c559755655514347f6bec4aa2829c78eb7d0d4aedce054d1dbed5db5f28198675aa24c11f4c548eaabc85a3b9f69b44b5

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1007275001\b77846490f.exe
                    Filesize

                    1.7MB

                    MD5

                    85de022b435230944001f8a62983e321

                    SHA1

                    ee965e33549079d677a5a77e53f6e6809f614e57

                    SHA256

                    d8a50d07f528de1a2888c9f0f713a1f61ebdda5e1a3747df5306f9a6b59feeb0

                    SHA512

                    6b8f9ce5f820027439a89c3dcc53a53003416efa16339086e372f99ac1205c602692311abe1b10df4d5c1da29f5efb5298f714781d1ae573c0d3ef2e601b864b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1007276001\972652e036.exe
                    Filesize

                    900KB

                    MD5

                    016c4fb48ba8451e45562e05a9f972e5

                    SHA1

                    7b7638d6aeaea727d21e39597faa116569fc9d49

                    SHA256

                    d794430a712471cbc5d708a75a1d4d531f179daae98661600d14932f8e238ef6

                    SHA512

                    f2b62319b77e7ae73284deae1e73ef39d5cdb027163e071a7a651a545da9db0c70c25b6ceb2c3da31556d03f6350701f824aca481fabfdd903d0c617c7ffc45c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1007277001\01260045bf.exe
                    Filesize

                    2.7MB

                    MD5

                    ce95ae34c1e8e0697b888a5357adf7fb

                    SHA1

                    f20ac8415050a48a0ffe5607bdf854d532f39efd

                    SHA256

                    4277dfe0ff849c665a40ce3890cf70ea4eccdde53d5cf2a7b69fdae66c988d37

                    SHA512

                    f9ffd3865994d60b6a45194251bff7c8a4147adaa0fbe8e03028987f1c6a0c25435cf9a1a533ec546cdd00ecd24c20616c9b3808568e36caeae303be66d5c58a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Cab6FD5.tmp
                    Filesize

                    70KB

                    MD5

                    49aebf8cbd62d92ac215b2923fb1b9f5

                    SHA1

                    1723be06719828dda65ad804298d0431f6aff976

                    SHA256

                    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                    SHA512

                    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Tar7007.tmp
                    Filesize

                    181KB

                    MD5

                    4ea6026cf93ec6338144661bf1202cd1

                    SHA1

                    a1dec9044f750ad887935a01430bf49322fbdcb7

                    SHA256

                    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                    SHA512

                    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    9KB

                    MD5

                    08bb67ada0982260fe2b5b095ff37f11

                    SHA1

                    db3d022f3ec4172ffd943b09f3e290e40ccf3a64

                    SHA256

                    be7b8a2fdfc6214727b96a5f135e29d82e6d3e761394ab21424f1dec90693941

                    SHA512

                    177f9863e80788fb81b8ad5574c6d914c0d426878410b82e315af9a87391a9550a800b1fac7bf9c40d4719bd6c5a3591cb3f9cae9d403a440763738d5d966acf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\e281a13e-e0f4-44f7-9e28-53a4f62ad523
                    Filesize

                    733B

                    MD5

                    7c818c0b9bbb18bcdb9526298a212ffb

                    SHA1

                    4c23ac688fd7efc3800998afdf5076331c6f966c

                    SHA256

                    0ca433ab726db45b12580baf5e14e951045c381520f3d0898a81e6b6f9c02616

                    SHA512

                    6b911b243fd8a143eadc88f54bb6f0e77779ef170a9bf12497285c4249cc9bdbad7b19df07d2bc2eba12cc921dda8fb9d030984010d6ed0872fd0f30df3d0612

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    fee6e91808253c8b38443a1f4d572fa1

                    SHA1

                    74d1d39722a7db3777765c6d9abb4682df367754

                    SHA256

                    6624af3e7d1cb4cabdde066080fb3e522970ecfea85e7cf7f479adc2659cdf5c

                    SHA512

                    0acce2eb8c94a4e8b6ed3be6b349fe0c1162d8ec7c8c56dbb0507898f4e75a0f6f888159d2bd0b32844c3e2e1ed949f5aa343d7d3ebe06e73ae37fc9f91524a2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    28b698a34ef51e10ae7575110785f4c9

                    SHA1

                    f9bf908b0458c3738988d5a54c4c8b78b352b62e

                    SHA256

                    ff090e454f21146f1cdee5b5caa0c1413636ae6a411e5e72e2308b7cfd3fe82d

                    SHA512

                    0958eb8fd8df5938c1e677c158d097dbe5de2a061e5792652f0e3b4504712fc9b7f568190c8bdfd070780ea73b49c2cb7c726f183322f34cd12d7c1bf99ae4a3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    5741b59f4ee709b4a53daee234229008

                    SHA1

                    ea980dfc3aabb64d14169ee5c400291ff884d63e

                    SHA256

                    283ce6faa6948b59423282b757fba96e57fa449543d4f51f1dfd3830966b8801

                    SHA512

                    43991a67e4b46bf1cd45b778e71f51ba234ad6456111b6acc8fe179c143ceb4cbf3bd5ee171437c2e596be8572725aabf7e41d4fcd39f4d6134f2e5d9835d4fc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    6532eb512eac77bfdcfa46dde293e11f

                    SHA1

                    ff849d6af92cb8fa05c6ad15c526a8b64f99da73

                    SHA256

                    6c6d6be590fb02992945badacaecfbc086511d2a963a6490ef190b316bd09d54

                    SHA512

                    85135e88ff92c284f12b5a9ca45f54d1d3c5747161039f0066c5f78a2e98e0de913634a6c08b5b8886b85d6c8e6495fae4afc475a003d49961e95ba16fa54358

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    4KB

                    MD5

                    c5cc78ec1640fc6da03770eb9d100282

                    SHA1

                    d1d1de841e942a43bf480b07a79ff2f92e88ae00

                    SHA256

                    a7c9926be1b929e4a6ac236affdf15fe1da4a878cb532973770b209e837ea8b9

                    SHA512

                    4708023857508e50286082022e7d404b5225350abc537b66a9dcb787711be62f1f933f163d966d7611b9f3332981be48a7fe4ccb9717439e9b03d045d8d9df18

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    3dc733f51b6c47c0e57ae7035b9abacf

                    SHA1

                    d4c28a6f9d4bae9e297440a46726a2cb3e2504ba

                    SHA256

                    aafa700fb884f14becaf86a0eb9df79dfa15885b2ebe11cabe5f48a3a5d9e0e1

                    SHA512

                    e02670f6fa626a21ad150e0e0e589ba9f1f7a1fb921dc28f4117dc0a30a337b9c9b165dd0a30da864fe4dbdf130372e846648792a0bcf5aad4e8d28118101067

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                    Filesize

                    1.8MB

                    MD5

                    542ee57c01af5be82d6f8ce3d1d9330f

                    SHA1

                    0219e3b1c42045f73a41e977b02625c528321826

                    SHA256

                    d1b6e19a825bdeeef8425c5ff8b5872744155213f66d251d20d0bb4f4cca57ce

                    SHA512

                    2b8c9d6b5f496c889bb517f556ca786b2c7325f2a669b2b59ace5fcf0e3cbdde38bbc223a92b7ca9af2388a43d97c392911e4a1d4d386f41295b19a935a29811

                    Download Submit

                  • memory/888-124-0x0000000010000000-0x0000000010005000-memory.dmp

                    Filesize

                    20KB

                    Download

                  • memory/888-125-0x0000000010000000-0x0000000010005000-memory.dmp

                    Filesize

                    20KB

                    Download

                  • memory/888-1064-0x0000000000400000-0x00000000008FD000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/888-103-0x0000000000400000-0x00000000008FD000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/888-109-0x00000000002E0000-0x00000000002E1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/888-111-0x00000000002F0000-0x00000000002F1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/888-107-0x0000000000250000-0x0000000000251000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/888-113-0x0000000000300000-0x0000000000400000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/888-105-0x0000000000240000-0x0000000000241000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/888-104-0x0000000000240000-0x0000000000241000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/888-115-0x0000000000300000-0x0000000000400000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/888-114-0x0000000000300000-0x0000000000400000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/888-131-0x0000000010000000-0x0000000010005000-memory.dmp

                    Filesize

                    20KB

                    Download

                  • memory/888-129-0x0000000010000000-0x0000000010005000-memory.dmp

                    Filesize

                    20KB

                    Download

                  • memory/888-127-0x0000000010000000-0x0000000010005000-memory.dmp

                    Filesize

                    20KB

                    Download

                  • memory/888-145-0x0000000007C60000-0x000000000815D000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/1632-803-0x0000000001280000-0x0000000001E23000-memory.dmp

                    Filesize

                    11.6MB

                    Download

                  • memory/1632-392-0x0000000001280000-0x0000000001E23000-memory.dmp

                    Filesize

                    11.6MB

                    Download

                  • memory/1636-44-0x0000000000F20000-0x00000000013BB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/1636-50-0x0000000000F20000-0x00000000013BB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/1636-85-0x0000000000F20000-0x00000000013BB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/1636-49-0x0000000000F20000-0x00000000013BB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/2316-983-0x0000000000290000-0x000000000054C000-memory.dmp

                    Filesize

                    2.7MB

                    Download

                  • memory/2316-991-0x0000000000290000-0x000000000054C000-memory.dmp

                    Filesize

                    2.7MB

                    Download

                  • memory/2364-149-0x0000000010000000-0x0000000010100000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/2364-158-0x0000000010000000-0x0000000010100000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/2364-909-0x0000000000400000-0x00000000008FD000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/2364-148-0x0000000010000000-0x0000000010100000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/2364-147-0x0000000000400000-0x00000000008FD000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/2364-144-0x0000000010000000-0x0000000010100000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/2364-137-0x0000000010000000-0x0000000010100000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/2404-0-0x0000000000040000-0x0000000000505000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2404-14-0x0000000006C00000-0x00000000070C5000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2404-1-0x00000000774E0000-0x00000000774E2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2404-2-0x0000000000041000-0x000000000006F000-memory.dmp

                    Filesize

                    184KB

                    Download

                  • memory/2404-3-0x0000000000040000-0x0000000000505000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2404-4-0x0000000000040000-0x0000000000505000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2404-15-0x0000000000040000-0x0000000000505000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2472-781-0x0000000000FD0000-0x0000000001488000-memory.dmp

                    Filesize

                    4.7MB

                    Download

                  • memory/2472-817-0x0000000000FD0000-0x0000000001488000-memory.dmp

                    Filesize

                    4.7MB

                    Download

                  • memory/2832-26-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-22-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-47-0x0000000006830000-0x0000000006CCB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/2832-45-0x0000000006830000-0x0000000006CCB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/2832-43-0x0000000006830000-0x0000000006CCB000-memory.dmp

                    Filesize

                    4.6MB

                    Download

                  • memory/2832-87-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-135-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-88-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-780-0x0000000006830000-0x0000000006CE8000-memory.dmp

                    Filesize

                    4.7MB

                    Download

                  • memory/2832-25-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-24-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-101-0x0000000006830000-0x0000000006D2D000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/2832-23-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-390-0x0000000006830000-0x00000000073D3000-memory.dmp

                    Filesize

                    11.6MB

                    Download

                  • memory/2832-21-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-19-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-18-0x0000000000951000-0x000000000097F000-memory.dmp

                    Filesize

                    184KB

                    Download

                  • memory/2832-48-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-391-0x0000000006830000-0x00000000073D3000-memory.dmp

                    Filesize

                    11.6MB

                    Download

                  • memory/2832-17-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-863-0x0000000006830000-0x0000000006CE8000-memory.dmp

                    Filesize

                    4.7MB

                    Download

                  • memory/2832-825-0x0000000006830000-0x0000000006CE8000-memory.dmp

                    Filesize

                    4.7MB

                    Download

                  • memory/2832-86-0x0000000000950000-0x0000000000E15000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/2832-782-0x0000000006830000-0x0000000006CE8000-memory.dmp

                    Filesize

                    4.7MB

                    Download

                  • memory/2832-1187-0x0000000006830000-0x0000000006D2D000-memory.dmp

                    Filesize

                    5.0MB

                    Download