Analysis

  • max time kernel
    9s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2023 08:10

General

  • Target

    65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe

  • Size

    1.8MB

  • MD5

    7cd52c097c7bbc8407bfa165aeeffb0e

  • SHA1

    978c538d9066f90b113cce31de33f1b4ab330aca

  • SHA256

    65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f

  • SHA512

    7da7df70a57bf88919ef65691ed7ee357a498446448abdf1332d740c8ad070b2ee37cf56e376eeedbeb2e4fb0ab82e78b91004ca3dfee04ed42bae12e9c06419

  • SSDEEP

    49152:yKJ0WR7AFPyyiSruXKpk3WFDL9zxnSlHwn9/7sbN6uR:yKlBAFPydSS6W6X9lnBp7sbN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 20 IoCs
  • Modifies data under HKEY_USERS 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe
    "C:\Users\Admin\AppData\Local\Temp\65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1080
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:1624
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    1⤵
    • Executes dropped EXE
    PID:2300
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:1724
  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:2548
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2836
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e4 -Comment "NGen Worker Process"
      2⤵
        PID:1724
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e8 -Comment "NGen Worker Process"
        2⤵
          PID:1976
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
          C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 25c -NGENProcess 1ac -Pipe 258 -Comment "NGen Worker Process"
          2⤵
            PID:112
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 24c -NGENProcess 250 -Pipe 264 -Comment "NGen Worker Process"
            2⤵
              PID:872
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            1⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            PID:2800
          • C:\Windows\ehome\ehRecvr.exe
            C:\Windows\ehome\ehRecvr.exe
            1⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            PID:2432
          • C:\Windows\ehome\ehsched.exe
            C:\Windows\ehome\ehsched.exe
            1⤵
            • Executes dropped EXE
            PID:2412
          • C:\Windows\eHome\EhTray.exe
            "C:\Windows\eHome\EhTray.exe" /nav:-2
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:856
          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
            1⤵
            • Executes dropped EXE
            PID:2200
          • C:\Windows\system32\IEEtwCollector.exe
            C:\Windows\system32\IEEtwCollector.exe /V
            1⤵
              PID:792
            • C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
              "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
              1⤵
                PID:2740
              • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                1⤵
                  PID:768
                • C:\Windows\ehome\ehRec.exe
                  C:\Windows\ehome\ehRec.exe -Embedding
                  1⤵
                    PID:396
                  • C:\Windows\System32\msdtc.exe
                    C:\Windows\System32\msdtc.exe
                    1⤵
                      PID:2424
                    • C:\Windows\system32\msiexec.exe
                      C:\Windows\system32\msiexec.exe /V
                      1⤵
                        PID:2992
                      • C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                        "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                        1⤵
                          PID:2348
                        • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                          "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
                          1⤵
                            PID:2360
                          • C:\Windows\SysWow64\perfhost.exe
                            C:\Windows\SysWow64\perfhost.exe
                            1⤵
                              PID:2316
                            • C:\Windows\system32\locator.exe
                              C:\Windows\system32\locator.exe
                              1⤵
                                PID:1876
                              • C:\Windows\System32\snmptrap.exe
                                C:\Windows\System32\snmptrap.exe
                                1⤵
                                  PID:2964
                                • C:\Windows\System32\vds.exe
                                  C:\Windows\System32\vds.exe
                                  1⤵
                                    PID:2600
                                  • C:\Windows\system32\vssvc.exe
                                    C:\Windows\system32\vssvc.exe
                                    1⤵
                                      PID:2648
                                    • C:\Windows\system32\wbengine.exe
                                      "C:\Windows\system32\wbengine.exe"
                                      1⤵
                                        PID:2456
                                      • C:\Windows\system32\wbem\WmiApSrv.exe
                                        C:\Windows\system32\wbem\WmiApSrv.exe
                                        1⤵
                                          PID:1068
                                        • C:\Program Files\Windows Media Player\wmpnetwk.exe
                                          "C:\Program Files\Windows Media Player\wmpnetwk.exe"
                                          1⤵
                                            PID:2620
                                          • C:\Windows\system32\SearchIndexer.exe
                                            C:\Windows\system32\SearchIndexer.exe /Embedding
                                            1⤵
                                              PID:1168
                                              • C:\Windows\system32\SearchProtocolHost.exe
                                                "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2085049433-1067986815-1244098655-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2085049433-1067986815-1244098655-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
                                                2⤵
                                                  PID:2144
                                                • C:\Windows\system32\SearchFilterHost.exe
                                                  "C:\Windows\system32\SearchFilterHost.exe" 0 592 596 604 65536 600
                                                  2⤵
                                                    PID:2924
                                                  • C:\Windows\system32\SearchProtocolHost.exe
                                                    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                                    2⤵
                                                      PID:2760

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    05d7471b3bf00fea38caaccc263a9d31

                                                    SHA1

                                                    6b260c13196aa0eab6ec4afc682706ef0b725686

                                                    SHA256

                                                    03d4603a54071b99bc9f61dbc743fdb6d0a2a3503f8e96d1ae2b316fada7293b

                                                    SHA512

                                                    f8aa103eec3c547285ac4c1f614f67c9382a6095c21deaba2dc6ea378683458fa5ed50d559e675d92d2d227f7d8202a3210ad5530c0702a320bddd71db962daf

                                                  • C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

                                                    Filesize

                                                    30.1MB

                                                    MD5

                                                    66ff1ec8c73d08b998290319ef588ff0

                                                    SHA1

                                                    edc6b72140da8730d3b049684dfa8ce9e0f22891

                                                    SHA256

                                                    fa3650fde8277540c2d3e0f0b727d793d9bf86e847588e8ba114fdd479b6b357

                                                    SHA512

                                                    daeadfc1edcb8a608c0f6afe6d479c2b6355e675a3bdce8995ac2cd615f3184b6205a2e8bc5d549d9f5301011db2211646a119550bce10a5173a50810e02e5b0

                                                  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    f8c637e010603f7d9bb18f0cc08dd8b2

                                                    SHA1

                                                    4faf51a2ef5d76cee95d09024426b6d30e22fc29

                                                    SHA256

                                                    845c3d0deba70db6cbf1722f8a3ca7b055d9edcbf72c2b28363b7daed31b25ed

                                                    SHA512

                                                    666221cb4a6f33ee290d127be49066999379f3fd4f329cac7d6ae6f6d546ec51cd9029f5dcb2e83f29904466deaea48c6cdd39600859db70c598e10b19b40315

                                                  • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

                                                    Filesize

                                                    5.2MB

                                                    MD5

                                                    b1d461dd17fea3279058a6a5ea832d20

                                                    SHA1

                                                    9e1f2a7286312abcfe2bc37c5bb90c4bdb491619

                                                    SHA256

                                                    10152e4ea07fc5de008904456fce37e26530a9b6e1f07ea1fd4cf2fcd147d5a8

                                                    SHA512

                                                    f35379d4dca96423426f91c15b51829870a8c594f927340123fd5ef7ae315158acc2348e8c86fc0feb44ac5c37adcbcbde46d86f986f57a8a922d75364f2db22

                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

                                                    Filesize

                                                    2.1MB

                                                    MD5

                                                    f95731b41943ec2a83b3cfb398bc9066

                                                    SHA1

                                                    068c233348e2309fd11cd9d0745992452212e9f1

                                                    SHA256

                                                    b6ab92306d8299a9418a4ac5b1e3941051e2a3722b5c0bf88a85aea6a7bc04f0

                                                    SHA512

                                                    a8245bc73df417361b5904ff1ba5912e136b2ddf1b3a71d024f2acf35424fa5d967e9f9d26ab809898adbebeb2be970aea9a8ca040d723c700fce6eccbabd4b4

                                                  • C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    ce0080cd878f7dfa9bd6de54f0362f71

                                                    SHA1

                                                    cfa749e767b6faf6de59515940cb791285d53232

                                                    SHA256

                                                    e3b3ac75e880fe78de759e2f1176439465efa69d8dd8563c090aa6e9034186bb

                                                    SHA512

                                                    1ad4be41760a24ad6007d7c1dd42c574fc7186de977357e8aaa1e90ded9d42bff5f14a984cb26305bf2e4c1a64b85746856249690d775bcfee747d287f16ecbf

                                                  • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

                                                    Filesize

                                                    1024KB

                                                    MD5

                                                    0431dc83ba0a1f0461d0669a3c3fb3ce

                                                    SHA1

                                                    f90bfeed24c7e4f5efad08d715b9df3c8ca32504

                                                    SHA256

                                                    61523f68dec2ff38561f76e3edeb18d5c2e4eb432017a4e329058bf2d2042149

                                                    SHA512

                                                    074934dee0341c3e26c1b88f70a9d3bb9dae19560e66e8e1cd86c654fd084539f1bf280f95a1f93395abaa0abd896aa42311a5ce4790a8d273041ca2df16ae1c

                                                  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    1189965962cd0564b261ab214a99e02c

                                                    SHA1

                                                    f51d9455b2105a1430c72c1597e32e812b435eb8

                                                    SHA256

                                                    ce30874b62577b7d5f8be7f41828ed26a09879feeeef6addce52094e4e599bd3

                                                    SHA512

                                                    949bc0184ba3107edea819c60e272af3685627bf768de1ae1225c43d0fb2535183a9bb2e4b2567acf01a445849c44d819a72714615242c68852ee5d8f2e3e620

                                                  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    1189965962cd0564b261ab214a99e02c

                                                    SHA1

                                                    f51d9455b2105a1430c72c1597e32e812b435eb8

                                                    SHA256

                                                    ce30874b62577b7d5f8be7f41828ed26a09879feeeef6addce52094e4e599bd3

                                                    SHA512

                                                    949bc0184ba3107edea819c60e272af3685627bf768de1ae1225c43d0fb2535183a9bb2e4b2567acf01a445849c44d819a72714615242c68852ee5d8f2e3e620

                                                  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log

                                                    Filesize

                                                    872KB

                                                    MD5

                                                    07564d2f2f8bb2fb41402b0ea8c6f0aa

                                                    SHA1

                                                    5c9b21e8778a22c4f9744ee0fe43e7ec12021b62

                                                    SHA256

                                                    2ed61959d2bb8e5f5d9de8ea750a252562af447591b47ec018099f523416c4e4

                                                    SHA512

                                                    e979f6ece8cb9594d8c5f0584c274dd72e74de53e3bb0c284f134d47013e52438c4e30a4ddfbee68a27207c1bb9cd2797063cb3575bf206a37808c1fa0c64e68

                                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    ff26a4793ac59ff962e16935927797a9

                                                    SHA1

                                                    bce4fe16bf3bc74ded6c1303bccee4cdf8494186

                                                    SHA256

                                                    720ed057036cd4f84f267678334316c69f1c8395f70128c5d33d33869c243ba7

                                                    SHA512

                                                    b80f2a3ddc8ae3321823d0bf170de3b29af64f71017c9eb22e9a8023677bbdf8a7d05b58e3b8d0cfc3c7138bb17693ae006279e91fac39994336bdc38e723230

                                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    08b607d28f3250c293ef3271e51a64c7

                                                    SHA1

                                                    9a9737f9e4577d56285224cb7b7d0072e6a1c6b4

                                                    SHA256

                                                    57a9a1b111969de8b1b40227e6d15435972c474dd1a990b88e6a250d486c5dbb

                                                    SHA512

                                                    77589734508dc1db86eaa246ff230bcf8d7241abcb789db56ad94c74e0403894e36d1372dfc6b3c53800859f1361428707619e597941eca4399cfb6162736ca2

                                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    08b607d28f3250c293ef3271e51a64c7

                                                    SHA1

                                                    9a9737f9e4577d56285224cb7b7d0072e6a1c6b4

                                                    SHA256

                                                    57a9a1b111969de8b1b40227e6d15435972c474dd1a990b88e6a250d486c5dbb

                                                    SHA512

                                                    77589734508dc1db86eaa246ff230bcf8d7241abcb789db56ad94c74e0403894e36d1372dfc6b3c53800859f1361428707619e597941eca4399cfb6162736ca2

                                                  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    390ab84cdc063614052aa8665f19ca1d

                                                    SHA1

                                                    92670107fa48834fb7bf2baa58c7542449ff4d42

                                                    SHA256

                                                    cf79acac618a77f9ddc0afd4a4417ac5aa83ec36cfb7b5cd2eb7c50f96fc9c89

                                                    SHA512

                                                    ffa77741f694c44f30d6d6ee664402053ca664af025258f4a7aabb9aa59bf1853013fda3839a965917a44655010a5f4eb0563ecca7e887a2127744425b9c2572

                                                  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    390ab84cdc063614052aa8665f19ca1d

                                                    SHA1

                                                    92670107fa48834fb7bf2baa58c7542449ff4d42

                                                    SHA256

                                                    cf79acac618a77f9ddc0afd4a4417ac5aa83ec36cfb7b5cd2eb7c50f96fc9c89

                                                    SHA512

                                                    ffa77741f694c44f30d6d6ee664402053ca664af025258f4a7aabb9aa59bf1853013fda3839a965917a44655010a5f4eb0563ecca7e887a2127744425b9c2572

                                                  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log

                                                    Filesize

                                                    1003KB

                                                    MD5

                                                    89393ca03dc72cbb2a54a004450088a2

                                                    SHA1

                                                    e0a1899ef1165e29ee28a7c4c3273f71d73fe0f4

                                                    SHA256

                                                    619a9aa3347342e01ed28a4074780f5a366bbf6890d8da665d4c604ffe25bd23

                                                    SHA512

                                                    7cec8c13c1411362698ea6bf1761f290d0015a785c4ec66350895d0484473f1fb18cbcaf3402045df93fe50fe8333c1f6c0c7613a3bdef89b736e6b4b2f9d1bf

                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    959fc61852183c96a3942e9f1367e583

                                                    SHA1

                                                    f591366546ed6f9e15e17167bdbe63cf2262f5cf

                                                    SHA256

                                                    5038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee

                                                    SHA512

                                                    505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019

                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    959fc61852183c96a3942e9f1367e583

                                                    SHA1

                                                    f591366546ed6f9e15e17167bdbe63cf2262f5cf

                                                    SHA256

                                                    5038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee

                                                    SHA512

                                                    505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019

                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    959fc61852183c96a3942e9f1367e583

                                                    SHA1

                                                    f591366546ed6f9e15e17167bdbe63cf2262f5cf

                                                    SHA256

                                                    5038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee

                                                    SHA512

                                                    505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019

                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    959fc61852183c96a3942e9f1367e583

                                                    SHA1

                                                    f591366546ed6f9e15e17167bdbe63cf2262f5cf

                                                    SHA256

                                                    5038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee

                                                    SHA512

                                                    505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019

                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    959fc61852183c96a3942e9f1367e583

                                                    SHA1

                                                    f591366546ed6f9e15e17167bdbe63cf2262f5cf

                                                    SHA256

                                                    5038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee

                                                    SHA512

                                                    505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019

                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    959fc61852183c96a3942e9f1367e583

                                                    SHA1

                                                    f591366546ed6f9e15e17167bdbe63cf2262f5cf

                                                    SHA256

                                                    5038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee

                                                    SHA512

                                                    505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019

                                                  • C:\Windows\SysWOW64\perfhost.exe

                                                    Filesize

                                                    1.4MB

                                                    MD5

                                                    9161cabc4febf30b473db4d2796ef335

                                                    SHA1

                                                    0148c8d269fa19af02e1fbecbb4ee85ba107d36e

                                                    SHA256

                                                    cecf219c3bc23f39e49f8202f026b3fe035cc974b1094d2758ee4f3352eb10a4

                                                    SHA512

                                                    fb9b54c5d34e0c57c12d5b16e49c14f6aa133edcb204a5eef31257dc7a5528c5da668a07a4ba399db8e5e9ff5b27070ad9e8c0bd72d5fa2bfb1c2b69f9f68560

                                                  • C:\Windows\System32\Locator.exe

                                                    Filesize

                                                    1.4MB

                                                    MD5

                                                    4fbfff6f6fd7b6942e45cbdd203874e7

                                                    SHA1

                                                    984afb0abd71acaf4e92e5d50601e9b621a93519

                                                    SHA256

                                                    8f0eb247666e868b08910f63cfaae9a44df70ed0be6db43eeca801a8a7235a3e

                                                    SHA512

                                                    b813000c93eca62058011582d893537d39369f59427cdd95cc9d4649fddf439be37e92519ad811db05c9379037ef5c78ae00e943fd9d4e256a0e64407cb16947

                                                  • C:\Windows\System32\SearchIndexer.exe

                                                    Filesize

                                                    1.1MB

                                                    MD5

                                                    4327edf2a1cdd0286793fe23c77ceda1

                                                    SHA1

                                                    8224761d5481c23979ed7e5a4521e2c5ddb88bb9

                                                    SHA256

                                                    ecc9ced76b053226e73d4fc5f47da187907f2bab9ba529b4310313c62473536f

                                                    SHA512

                                                    1b2eb63a80cff81360d3f1fceda43f966373713ac084bd892d25f00c9c4c0e8343b2ec2b2975b7fefa4a5f3136dbbd67d863780f7e01517954951a85c19f2114

                                                  • C:\Windows\System32\VSSVC.exe

                                                    Filesize

                                                    2.1MB

                                                    MD5

                                                    f12d8277dfb683acc80e8876e773ee8f

                                                    SHA1

                                                    f2431a13896424589791a25c329bb8f212c697ac

                                                    SHA256

                                                    a5d8184c1d4a5a0175e9fd6134b32cd34deda9c305fba2fc12aea5ec1777d511

                                                    SHA512

                                                    38f389b41e7f414e243692554cacacc945c8d8838639794c66f9b264934012e1bf819888d15a622444b4e5d08af83ddb0edd4c6a6a9bea872887617bca9034ce

                                                  • C:\Windows\System32\alg.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    2b01e9f09569d6e2744345a00a423baf

                                                    SHA1

                                                    32db6bd0cccb091be1898728a23f022840358fc2

                                                    SHA256

                                                    071f003df218016e485cd8238d77c21e7fa8de6db55db16139f704338f7e7eac

                                                    SHA512

                                                    cbdc604afc12cdd1c934c53e185330cdfd7d82628f59d81c61e232e71e6af66e8e0b966b1b043a2ced1547caf534842be996cfbe9727d31558afa1d4742de7c7

                                                  • C:\Windows\System32\ieetwcollector.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    94f1f173075ba3140f7642e05a51a29b

                                                    SHA1

                                                    52b78da0c6137d8096ff35b7eab3a2e926bf374e

                                                    SHA256

                                                    2e83f71c93a4a896256600f2887756c21a3be46c7656d49fe46dcc31fc677c39

                                                    SHA512

                                                    e00ad4a98d38b141f8ca1531d410ecf19d7ff9c339310147d577335ae5e903f51d8679476d1a4ffd95f1d898cc2b0c37ff24771004f83ccdf0305568d52e9ad1

                                                  • C:\Windows\System32\msdtc.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    3ee569f35686c1cd1f0977e9bb9333dc

                                                    SHA1

                                                    6ca45478e33e13b4b8b0b494793f3109b32443fb

                                                    SHA256

                                                    2ef3081770414a30bae3f2bc030793c36490d7da4f25f04fc6ddb10f2af6756d

                                                    SHA512

                                                    b4a7c398066c3d33fea2b346b6e4589cf4c2c61b0d04e5cb57fa7237848d60dd8ce42127bd4737b1d5413943adfd29cd79f01622875918eda40d2a002a02148c

                                                  • C:\Windows\System32\msiexec.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    5f8a704c9630d1c04b372435cd90f06c

                                                    SHA1

                                                    2b67d245a0a2906f07ec2dabdb7c30820466a4e5

                                                    SHA256

                                                    be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9

                                                    SHA512

                                                    e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509

                                                  • C:\Windows\System32\snmptrap.exe

                                                    Filesize

                                                    1.4MB

                                                    MD5

                                                    bd316554a066f8717949948131f0e23d

                                                    SHA1

                                                    39afe8152e84eef0a191f6bbb004bfbc329c0fdc

                                                    SHA256

                                                    b7bb666eb1b6653950b10b06e3df0d500173d019261c35a668bc9dd967f09160

                                                    SHA512

                                                    9aeac7d771e302f88ccee2c49f93668476b04271a75f7cc393b033a2c0f49a0d1b17d926eddc2077aa3928f5128a75ac57978165a93d59432c73aa9fcd3138de

                                                  • C:\Windows\System32\vds.exe

                                                    Filesize

                                                    1.9MB

                                                    MD5

                                                    d829fca5e25975be81d5e568ed439651

                                                    SHA1

                                                    b5e7b8324515f63ebaf63bd285f00565d6cd0b19

                                                    SHA256

                                                    dadd0641c8ddfb4f06c0fee0e5596c5a05b73fbceef82a4f8e9c8cfc5ce32119

                                                    SHA512

                                                    16dc1586aced5a1585d0174388ab285959ab550d1b1eaa47094ec40ebe0c0b2c6aa46f36be5652ac9a89f265a5fd38fc8e8459652d631645e515e172b0dad6a2

                                                  • C:\Windows\System32\wbem\WmiApSrv.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    e26dc1c0f26b30383722d33ed5d66e66

                                                    SHA1

                                                    5eb18b4f8204a56d56ddaaac1d948d32f711b581

                                                    SHA256

                                                    ada9cd19e93c58292b0dd8ff75c8b7663a43b24308fdf455eb3ec683a888db4b

                                                    SHA512

                                                    13799a5d4735101cdfd8850c5915e330743182a4d53dd7b8b04708151501ac4890573d1f80aca01c82a28313fca508317730f7e2097195eccf62bd9b1a4142b9

                                                  • C:\Windows\System32\wbengine.exe

                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    44847945c5e01ce866bf636c8b4672ce

                                                    SHA1

                                                    79d427f05c965e857dc2a0dcd2fb4bc06a12dec2

                                                    SHA256

                                                    89d4da1c32d8a6a7b1e759f2b664a15835e115c967f71288e4b235828c483ce8

                                                    SHA512

                                                    43670bea90191d9455f913ef6a2276062dfac9d1a10df6a681a58a469933738c97f1759be1df107121d017b29cf924851b7fb0bc8a945cd1255e108afe048a3d

                                                  • C:\Windows\ehome\ehrecvr.exe

                                                    Filesize

                                                    1.2MB

                                                    MD5

                                                    627e754f550e99e232da3c36f851a405

                                                    SHA1

                                                    63af1d32472e22d10b4b0c7738ff174013d410f5

                                                    SHA256

                                                    226bc4feaaccc571825524e1576763e18a5575414fded5766e72a2023c75fb69

                                                    SHA512

                                                    2733931fa692fdb412789656740e4cecfe44b0dc5da33207f97629718ca4313f80c839cf1daf7b53d887f283253907ebb8139ea2cf4fa7e137664065314746dc

                                                  • C:\Windows\ehome\ehsched.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    e7a841471fbd3419da5e37e68a6b8d72

                                                    SHA1

                                                    20f32810ec080231125df7bd272ac878a1546241

                                                    SHA256

                                                    9db2453f1eeefce1cb878262fe69df4527cc898c7bb8a096cb92e83513dc84e6

                                                    SHA512

                                                    d5243e25fc1d8b98f47aca72d532691173f130fa9c72863cc300f7ae90ccb96d1743155d49b9898c6249d0284b7f95a6b8440784b7e18e36b6b269b56943202d

                                                  • C:\Windows\system32\msiexec.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    5f8a704c9630d1c04b372435cd90f06c

                                                    SHA1

                                                    2b67d245a0a2906f07ec2dabdb7c30820466a4e5

                                                    SHA256

                                                    be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9

                                                    SHA512

                                                    e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509

                                                  • \Program Files\Windows Media Player\wmpnetwk.exe

                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    ce0080cd878f7dfa9bd6de54f0362f71

                                                    SHA1

                                                    cfa749e767b6faf6de59515940cb791285d53232

                                                    SHA256

                                                    e3b3ac75e880fe78de759e2f1176439465efa69d8dd8563c090aa6e9034186bb

                                                    SHA512

                                                    1ad4be41760a24ad6007d7c1dd42c574fc7186de977357e8aaa1e90ded9d42bff5f14a984cb26305bf2e4c1a64b85746856249690d775bcfee747d287f16ecbf

                                                  • \Program Files\Windows Media Player\wmpnetwk.exe

                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    ce0080cd878f7dfa9bd6de54f0362f71

                                                    SHA1

                                                    cfa749e767b6faf6de59515940cb791285d53232

                                                    SHA256

                                                    e3b3ac75e880fe78de759e2f1176439465efa69d8dd8563c090aa6e9034186bb

                                                    SHA512

                                                    1ad4be41760a24ad6007d7c1dd42c574fc7186de977357e8aaa1e90ded9d42bff5f14a984cb26305bf2e4c1a64b85746856249690d775bcfee747d287f16ecbf

                                                  • \Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    1189965962cd0564b261ab214a99e02c

                                                    SHA1

                                                    f51d9455b2105a1430c72c1597e32e812b435eb8

                                                    SHA256

                                                    ce30874b62577b7d5f8be7f41828ed26a09879feeeef6addce52094e4e599bd3

                                                    SHA512

                                                    949bc0184ba3107edea819c60e272af3685627bf768de1ae1225c43d0fb2535183a9bb2e4b2567acf01a445849c44d819a72714615242c68852ee5d8f2e3e620

                                                  • \Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    ff26a4793ac59ff962e16935927797a9

                                                    SHA1

                                                    bce4fe16bf3bc74ded6c1303bccee4cdf8494186

                                                    SHA256

                                                    720ed057036cd4f84f267678334316c69f1c8395f70128c5d33d33869c243ba7

                                                    SHA512

                                                    b80f2a3ddc8ae3321823d0bf170de3b29af64f71017c9eb22e9a8023677bbdf8a7d05b58e3b8d0cfc3c7138bb17693ae006279e91fac39994336bdc38e723230

                                                  • \Windows\System32\Locator.exe

                                                    Filesize

                                                    1.4MB

                                                    MD5

                                                    4fbfff6f6fd7b6942e45cbdd203874e7

                                                    SHA1

                                                    984afb0abd71acaf4e92e5d50601e9b621a93519

                                                    SHA256

                                                    8f0eb247666e868b08910f63cfaae9a44df70ed0be6db43eeca801a8a7235a3e

                                                    SHA512

                                                    b813000c93eca62058011582d893537d39369f59427cdd95cc9d4649fddf439be37e92519ad811db05c9379037ef5c78ae00e943fd9d4e256a0e64407cb16947

                                                  • \Windows\System32\alg.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    2b01e9f09569d6e2744345a00a423baf

                                                    SHA1

                                                    32db6bd0cccb091be1898728a23f022840358fc2

                                                    SHA256

                                                    071f003df218016e485cd8238d77c21e7fa8de6db55db16139f704338f7e7eac

                                                    SHA512

                                                    cbdc604afc12cdd1c934c53e185330cdfd7d82628f59d81c61e232e71e6af66e8e0b966b1b043a2ced1547caf534842be996cfbe9727d31558afa1d4742de7c7

                                                  • \Windows\System32\ieetwcollector.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    94f1f173075ba3140f7642e05a51a29b

                                                    SHA1

                                                    52b78da0c6137d8096ff35b7eab3a2e926bf374e

                                                    SHA256

                                                    2e83f71c93a4a896256600f2887756c21a3be46c7656d49fe46dcc31fc677c39

                                                    SHA512

                                                    e00ad4a98d38b141f8ca1531d410ecf19d7ff9c339310147d577335ae5e903f51d8679476d1a4ffd95f1d898cc2b0c37ff24771004f83ccdf0305568d52e9ad1

                                                  • \Windows\System32\msdtc.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    3ee569f35686c1cd1f0977e9bb9333dc

                                                    SHA1

                                                    6ca45478e33e13b4b8b0b494793f3109b32443fb

                                                    SHA256

                                                    2ef3081770414a30bae3f2bc030793c36490d7da4f25f04fc6ddb10f2af6756d

                                                    SHA512

                                                    b4a7c398066c3d33fea2b346b6e4589cf4c2c61b0d04e5cb57fa7237848d60dd8ce42127bd4737b1d5413943adfd29cd79f01622875918eda40d2a002a02148c

                                                  • \Windows\System32\msiexec.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    5f8a704c9630d1c04b372435cd90f06c

                                                    SHA1

                                                    2b67d245a0a2906f07ec2dabdb7c30820466a4e5

                                                    SHA256

                                                    be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9

                                                    SHA512

                                                    e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509

                                                  • \Windows\System32\msiexec.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    5f8a704c9630d1c04b372435cd90f06c

                                                    SHA1

                                                    2b67d245a0a2906f07ec2dabdb7c30820466a4e5

                                                    SHA256

                                                    be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9

                                                    SHA512

                                                    e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509

                                                  • \Windows\System32\snmptrap.exe

                                                    Filesize

                                                    1.4MB

                                                    MD5

                                                    bd316554a066f8717949948131f0e23d

                                                    SHA1

                                                    39afe8152e84eef0a191f6bbb004bfbc329c0fdc

                                                    SHA256

                                                    b7bb666eb1b6653950b10b06e3df0d500173d019261c35a668bc9dd967f09160

                                                    SHA512

                                                    9aeac7d771e302f88ccee2c49f93668476b04271a75f7cc393b033a2c0f49a0d1b17d926eddc2077aa3928f5128a75ac57978165a93d59432c73aa9fcd3138de

                                                  • \Windows\System32\wbem\WmiApSrv.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    e26dc1c0f26b30383722d33ed5d66e66

                                                    SHA1

                                                    5eb18b4f8204a56d56ddaaac1d948d32f711b581

                                                    SHA256

                                                    ada9cd19e93c58292b0dd8ff75c8b7663a43b24308fdf455eb3ec683a888db4b

                                                    SHA512

                                                    13799a5d4735101cdfd8850c5915e330743182a4d53dd7b8b04708151501ac4890573d1f80aca01c82a28313fca508317730f7e2097195eccf62bd9b1a4142b9

                                                  • \Windows\System32\wbengine.exe

                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    44847945c5e01ce866bf636c8b4672ce

                                                    SHA1

                                                    79d427f05c965e857dc2a0dcd2fb4bc06a12dec2

                                                    SHA256

                                                    89d4da1c32d8a6a7b1e759f2b664a15835e115c967f71288e4b235828c483ce8

                                                    SHA512

                                                    43670bea90191d9455f913ef6a2276062dfac9d1a10df6a681a58a469933738c97f1759be1df107121d017b29cf924851b7fb0bc8a945cd1255e108afe048a3d

                                                  • \Windows\ehome\ehrecvr.exe

                                                    Filesize

                                                    1.2MB

                                                    MD5

                                                    627e754f550e99e232da3c36f851a405

                                                    SHA1

                                                    63af1d32472e22d10b4b0c7738ff174013d410f5

                                                    SHA256

                                                    226bc4feaaccc571825524e1576763e18a5575414fded5766e72a2023c75fb69

                                                    SHA512

                                                    2733931fa692fdb412789656740e4cecfe44b0dc5da33207f97629718ca4313f80c839cf1daf7b53d887f283253907ebb8139ea2cf4fa7e137664065314746dc

                                                  • \Windows\ehome\ehsched.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    e7a841471fbd3419da5e37e68a6b8d72

                                                    SHA1

                                                    20f32810ec080231125df7bd272ac878a1546241

                                                    SHA256

                                                    9db2453f1eeefce1cb878262fe69df4527cc898c7bb8a096cb92e83513dc84e6

                                                    SHA512

                                                    d5243e25fc1d8b98f47aca72d532691173f130fa9c72863cc300f7ae90ccb96d1743155d49b9898c6249d0284b7f95a6b8440784b7e18e36b6b269b56943202d

                                                  • memory/112-562-0x0000000000400000-0x0000000000588000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/768-134-0x0000000000FF0000-0x0000000001050000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/768-158-0x0000000000FF0000-0x0000000001050000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/768-157-0x0000000140000000-0x00000001401AA000-memory.dmp

                                                    Filesize

                                                    1.7MB

                                                  • memory/792-119-0x0000000000160000-0x00000000001C0000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/792-420-0x0000000140000000-0x000000014018E000-memory.dmp

                                                    Filesize

                                                    1.6MB

                                                  • memory/792-421-0x0000000000160000-0x00000000001C0000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/792-113-0x0000000000160000-0x00000000001C0000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/1080-69-0x0000000000400000-0x00000000005DB000-memory.dmp

                                                    Filesize

                                                    1.9MB

                                                  • memory/1080-6-0x0000000001E10000-0x0000000001E77000-memory.dmp

                                                    Filesize

                                                    412KB

                                                  • memory/1080-1-0x0000000001E10000-0x0000000001E77000-memory.dmp

                                                    Filesize

                                                    412KB

                                                  • memory/1080-0-0x0000000000400000-0x00000000005DB000-memory.dmp

                                                    Filesize

                                                    1.9MB

                                                  • memory/1624-11-0x00000000003A0000-0x0000000000400000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/1624-13-0x0000000100000000-0x0000000100184000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/1624-18-0x00000000003A0000-0x0000000000400000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/1624-84-0x0000000100000000-0x0000000100184000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/1724-56-0x0000000010000000-0x000000001017F000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/1724-546-0x0000000000230000-0x0000000000297000-memory.dmp

                                                    Filesize

                                                    412KB

                                                  • memory/1724-531-0x00000000742A0000-0x000000007498E000-memory.dmp

                                                    Filesize

                                                    6.9MB

                                                  • memory/1724-27-0x0000000010000000-0x000000001017F000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/1724-541-0x0000000000400000-0x0000000000588000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/2200-108-0x00000000001E0000-0x0000000000240000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2200-100-0x00000000001E0000-0x0000000000240000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2200-101-0x0000000140000000-0x0000000140237000-memory.dmp

                                                    Filesize

                                                    2.2MB

                                                  • memory/2300-24-0x0000000140000000-0x000000014017D000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/2300-97-0x0000000140000000-0x000000014017D000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/2412-86-0x0000000140000000-0x0000000140192000-memory.dmp

                                                    Filesize

                                                    1.6MB

                                                  • memory/2412-91-0x0000000000820000-0x0000000000880000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2412-479-0x0000000000820000-0x0000000000880000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2412-478-0x0000000140000000-0x0000000140192000-memory.dmp

                                                    Filesize

                                                    1.6MB

                                                  • memory/2432-77-0x0000000000820000-0x0000000000880000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2432-530-0x0000000140000000-0x000000014013C000-memory.dmp

                                                    Filesize

                                                    1.2MB

                                                  • memory/2432-98-0x0000000001430000-0x0000000001431000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/2432-96-0x0000000001390000-0x00000000013A0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                  • memory/2432-70-0x0000000000820000-0x0000000000880000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2432-72-0x0000000140000000-0x000000014013C000-memory.dmp

                                                    Filesize

                                                    1.2MB

                                                  • memory/2432-532-0x0000000000820000-0x0000000000880000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2432-94-0x0000000001380000-0x0000000001390000-memory.dmp

                                                    Filesize

                                                    64KB

                                                  • memory/2548-36-0x0000000010000000-0x0000000010187000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/2548-63-0x0000000010000000-0x0000000010187000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/2740-130-0x0000000000920000-0x0000000000987000-memory.dmp

                                                    Filesize

                                                    412KB

                                                  • memory/2740-125-0x0000000000920000-0x0000000000987000-memory.dmp

                                                    Filesize

                                                    412KB

                                                  • memory/2800-60-0x0000000140000000-0x000000014018E000-memory.dmp

                                                    Filesize

                                                    1.6MB

                                                  • memory/2836-49-0x0000000000230000-0x0000000000297000-memory.dmp

                                                    Filesize

                                                    412KB

                                                  • memory/2836-43-0x0000000000400000-0x0000000000588000-memory.dmp

                                                    Filesize

                                                    1.5MB

                                                  • memory/2836-44-0x0000000000230000-0x0000000000297000-memory.dmp

                                                    Filesize

                                                    412KB