d87fb22c89486107d5cc04946c640b92fd138eb3e6516339259da5e4cf47144e

Analysis

max time kernel
27s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
Size

2.1MB
MD5

ff0ea8051631219dbb762844ef80b508
SHA1

99dc0b73570e61d046f5d80b8ba8c0e560573078
SHA256

d87fb22c89486107d5cc04946c640b92fd138eb3e6516339259da5e4cf47144e
SHA512

5a522faf9b2faebf3fa29e4716adecd837cfdb9e206fb60e8081e3e96a2f7c9e6d71dfbe9d4cdef149e75276ee2e5690e47ae6b922e1d5d8fdd6857ce869257b
SSDEEP

49152:IXWtcDcoUYXPtSjeJgEjTmucjaB0zj0yjoB2:ISFYXPwtEjEuB2Yyjl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
464	Process not Found
2096	alg.exe
2128	aspnet_state.exe
3040	mscorsvw.exe
2604	mscorsvw.exe
2564	mscorsvw.exe
3020	mscorsvw.exe
388	dllhost.exe
472	ehRecvr.exe
1708	ehsched.exe
564	elevation_service.exe
436	mscorsvw.exe
684	IEEtwCollector.exe

Loads dropped DLL 6 IoCs

pid	Process
464	Process not Found
464	Process not Found
464	Process not Found
464	Process not Found
464	Process not Found
464	Process not Found

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d9de3c233f41c52b.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\system32\IEEtwCollector.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe

Drops file in Windows directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	mscorsvw.exe
File opened for modification	C:\Windows\ehome\ehRecvr.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log	mscorsvw.exe
File opened for modification	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9D5BC7B9-26C7-4A2E-AA6A-F0DF1790865F}.crmlog	dllhost.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\ehome\ehsched.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File created	C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenofflinequeuelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	mscorsvw.exe
File created	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9D5BC7B9-26C7-4A2E-AA6A-F0DF1790865F}.crmlog	dllhost.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenofflinequeuelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat	mscorsvw.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit	ehRecvr.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit\Version = "7"	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	ehRecvr.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2504	2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
Token: SeShutdownPrivilege	3020	mscorsvw.exe
Token: SeShutdownPrivilege	2564	mscorsvw.exe
Token: SeShutdownPrivilege	2564	mscorsvw.exe
Token: SeShutdownPrivilege	3020	mscorsvw.exe
Token: SeShutdownPrivilege	2564	mscorsvw.exe
Token: SeShutdownPrivilege	2564	mscorsvw.exe
Token: SeShutdownPrivilege	3020	mscorsvw.exe
Token: SeShutdownPrivilege	3020	mscorsvw.exe
Token: 33	2120	EhTray.exe
Token: SeIncBasePriorityPrivilege	2120	EhTray.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 436	3020	mscorsvw.exe	38
PID 3020 wrote to memory of 436	3020	mscorsvw.exe	38
PID 3020 wrote to memory of 436	3020	mscorsvw.exe	38

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-29_ff0ea8051631219dbb762844ef80b508_ryuk.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2504

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2096

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2128

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3040

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2564
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e4 -InterruptEvent 1cc -NGENProcess 1d4 -Pipe 1e0 -Comment "NGen Worker Process"
  2⤵
  PID:1636

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 1c4 -NGENProcess 1c8 -Pipe 1d4 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 248 -NGENProcess 230 -Pipe 244 -Comment "NGen Worker Process"
  2⤵
  PID:2640

C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:388

C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehRecvr.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:472

C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehsched.exe
1⤵
- Executes dropped EXE
PID:1708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:564

C:\Windows\system32\IEEtwCollector.exe
C:\Windows\system32\IEEtwCollector.exe /V
1⤵
- Executes dropped EXE
PID:684

C:\Windows\eHome\EhTray.exe
"C:\Windows\eHome\EhTray.exe" /nav:-2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2120

C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
1⤵
PID:1596

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
PID:1692

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
PID:1032

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:2728

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
PID:2648

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
1⤵
PID:2884

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
PID:1048

C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehRec.exe -Embedding
1⤵
PID:2960

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
PID:1624

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
PID:1804

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:1520

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1372

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:344

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2352

C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
1⤵
PID:2580

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:1784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
592KB

MD5
235e8904218bc2884b45f4fa258de7e3

SHA1
ae9ec3f9c0c907bfb6873cbdae4d96ea9d8aa3cf

SHA256
9e5228b3c6c05f7a04b4aac5416740d7dcd8161c7782804d11c7656fac4f1135

SHA512
53ebe7b6226f77ee31db9838c53af4ed79fb39ff283e079f2522b95ac62ac1857401b6d2ea95002e22f2fbfd05a07292b85308e7e47006504cc61ccbec111645

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

Filesize
1.1MB

MD5
99866e964c0d6b378628e4a6e3266ca3

SHA1
c6c2236560314dc0c86d15bea1af324c58274099

SHA256
c1be573c5d728482d24db87a5b535432a0b24ba56734ebc5ee1f6fed6c3fdc72

SHA512
461282bfe50e24c0f1093e8658f43f4533629e591d077c862650cded94fdebdcf16c51d1b291797ce1ee540f9b50596a01daeba676f89e013fefc2da8fc1afd0

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
896KB

MD5
9d2b2a700a23b45ae0b443b41dc81c70

SHA1
55df59a81f852c6193acda8db7c44048b4153912

SHA256
0d4cb9d4b5da01f730767d143574ca41c690163cb451da55778784dc93f023f0

SHA512
056b91f686ad9cf080caad9be65c1342257365d5f0e75e4a4b0f487db6957e6335ac62804f928d142aff1a39135e60cdda919847e7b607f4e534d77b71000b0c

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

Filesize
740KB

MD5
2862a24d4be748d1341fcb1d7b2c9688

SHA1
4375b6653f1adb1537b78d455159c964ab1d7e80

SHA256
796be2c1ea2d120f4b6ee507703bf4bd8c99b60860e6323f23e1359c3ec973c5

SHA512
d408394bacd63959a95708f657602e18f4c894a6f8e7665385209eda12038c4bdfd526b94cab8a7fd672bc30011058ca517c313db16c098af027fba22bc106ee

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
81d0b02a093a8276a1a00a3fe2415a67

SHA1
d91023144bcc086ed8a57598c48d5d0476a1fd24

SHA256
958411d9cbbb0da9c32d03415abf284fe02f192b4de25460541d32be5648be4a

SHA512
9869e23de42be1dabb59c7aa396304726160992e975bde395dc8f0fe7038d662779790cc7ace19a7c8f70b21f637379bfb240026d0e2fd34e4a6ad132b4de5f5

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.1MB

MD5
32f0873bd4cc37468730ae28d31d7569

SHA1
f780dbdc03607590fb36562cccaead4f8eac7f83

SHA256
7c167a0dc8eea144479dcc27c9e58a21c110593b94459d58556c0236600bc6f6

SHA512
6b641dbee07a0ba20cf6286bd9f65dd61fe137f007eb851a5b3be42d733e2344269ffd15e68b50dfa0a757671369d55679c7fbce77da4e0f19460c4187305fd8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log

Filesize
872KB

MD5
eafa70838d90e756bcad7d4054e4faba

SHA1
392bf27d1de9f53b76b95047b789e49a433f7622

SHA256
225387997cf653fae238a7ea2444c06a53d0c004d5f58b67ec855c793bba451e

SHA512
ccf0a177c818cec5653c01d52c3b9793be4f6771e0b1b0802fd1f99844ed53d8ded3dd5439de6b95aaf17fac42a5e258d9df7b2e271d0099a4cc112bf9a49e4d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
1024KB

MD5
d8e63cf7039857a5de3aa34ca9038eaa

SHA1
92200526f9149c11e74b93fa2a7118e623fe0f02

SHA256
9ed187fa1566c4c64f37424697052b8715218d6567c64dedca97c22606f6f808

SHA512
b423d4413d2b1381b6c19d659130836a5b66639bb3e0905040872ce950149ed8415c985485afabfe7c330ede92ad14ed2109060c91d0329a88e0202cc880e226

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
448KB

MD5
681b0be295eb287552e6fff2cdf63493

SHA1
fcd0d4458c0ba820824918b664589b1a968c24ec

SHA256
6a25644062f9a2470877cc9f3c497f1c39cae85c71b6c8d824a8bdb64a127023

SHA512
b68e8f9fabd0f0f3834488e4beb5d13cccfbc1eefc04cdde8607c38d8604a7989f06fafc0f08d61046731040bec6c0f9e713f4f31ab42a1bbf79c6eaa82c5635

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
1.6MB

MD5
1b351be8d3d9f6949621b81bbb660230

SHA1
08bae7f5bba40756972de0afbac0a5691b71bf34

SHA256
8e31730941c195775367be5b77f9ae46e34f13dcd33f7d78b2edfb8f4ec850aa

SHA512
9ae30354bb29bf85b583e19935f9d578f4471f6ecf64228e4d73b0bed194ce63c0370e056e646f53b6f2a1e7fa7d4757d6832829adecb7ed101c9e4020224952

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Filesize
1.5MB

MD5
aef3a9c75aca6c95ce12b2b795240eb4

SHA1
5957174d5203b987a06848ac6ded738f35d79a55

SHA256
a2cc03e6feed4d6479b1a686a89815dabf8b69ef387169a6bc1119e6b2f0f96a

SHA512
1022dc939675f95f0e1e4a31e31c095e89be53f2684b476af9a2b1f4bc44587ece6911d98bf3c8e8a34655584dcdf90681e184b3a6ed09d35e617500db16c353

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log

Filesize
1003KB

MD5
f72eaae93a49d9f148e263e8366eac3a

SHA1
dfe2f569ecebfe638f74a30a00c00e425b76b225

SHA256
cefbc27678e5e6f69e551dbe6c31810d621a73cad7a388ff20e386d8a7880780

SHA512
3c1a808f261db10d7ca51369c036be8dad9a757493f8efbc5e7a19c92a20def6aa4ac57c907bd6aba6ee0e9713b786b4cd1baec3854edf25910f38726c0bdddc

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
1.5MB

MD5
61705cf5c7fd56f1e93459692bc6a13c

SHA1
35a4fcecf393a32df89cdecffa43891e9d684e5e

SHA256
2538c86b765ca5082fa7b2cb73463e1ec9672f55692c434cde81b92f2166b607

SHA512
dc08d6a54fa9d2ff149ffaf84bc373c3fb9c439cdfa3c95a3dffe1fac73387f81abd644dbafde6f7527d20b1afef15992d70200068d17084012a37e96151be03

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
896KB

MD5
374d67a36872dc3e09c7d98f48d9af14

SHA1
0e246bb49889f0d8db5fd4ff9d8982ad6f314967

SHA256
6df7e0f284287c15f6401a292d510432559dba8a577cb7c1935481c1dcad2118

SHA512
c8c07ce38df5062ee29865bea9b912cb634011735b8841c0569b634113922a67bed21a0903cee6c1cb37d7b51c8f372f19799f9e42152b8cf56f348aedfc5f59

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
751KB

MD5
4d8435e01053804bd539b418f4892f7d

SHA1
54982ae98272ff7e6dc2fda92a389102d23a849c

SHA256
8607c086b029587d23a126f19b78e15cfc5012d045f9c0654588b762fd56ff7e

SHA512
d05da5dda7cacc4e510a482401b4b87f7d1625bb8a575b75af1b1e9dc08124a793bc0bce4fbda67feacf90c80b5fda8e8f7829943977a5cd46a566a6ebdfc866

Download Submit
C:\Windows\System32\Locator.exe

Filesize
403KB

MD5
5c5ed86060ef48322a23f006ef1ce6c2

SHA1
9164360b1b7ad8a28a7f653152aa63fce957281c

SHA256
b1472dfd41e9d2edba67fe6b1c10baee32d77a6d9dc988fa091c4164993434b9

SHA512
01d80707ba46e3c5e0fe4f5b7f18e590169454cba6e2698713566169ea3148e988b0c3bbee4795574c24198f42d7418c1370abf889747bd4409970ee6d381783

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.0MB

MD5
cb870b7758abdc0b30fbe2632e4202c1

SHA1
a3a1f62397dcdfcb93b94371754d9cd9eae723b9

SHA256
83f326e8ec709bed6e8d645487d40318461da7d3e9dfb068b9090119c71f3593

SHA512
55bc646a594b5c3590acf20c9524ef84cb8a7fa5941163c06ddb34430628f6974684e45b402999f298f240aa04839cba0496de545ff3e8f9b61047a647fdbd1c

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
1.6MB

MD5
c13fc8ec01f3cebb46b900c3a689c9f7

SHA1
fa5f3921c88977f5d360cbbdce26ddaee94f68e0

SHA256
2dc7e06f0cbc88f1aa306f75660b4d782bd4103ed756c4fc573bc6bc6d9566f3

SHA512
3ee40bffb3bace7741c47644a71fc28165e72246110c1708ce619f7bcc52c7583e8047b0b282b1631017c1dfebfa3149afe78b58f249aeba66c0c1e64f1e015c

Download Submit
C:\Windows\System32\alg.exe

Filesize
640KB

MD5
73be8fe16b4daac05e68d653b7cbd51b

SHA1
f9465e011b5beadaf94cbedad6e925299e097f56

SHA256
3fa32adb38de160459b254d26bcd8913b9d97c68ee26edb98351694e9aaabdbc

SHA512
94d07436596c0e39ebbbaa23728d3e0e41ad9de40f4d83a7bae5de374b87cf73f9dc35573f74f796e0b4313e6fc5e7c8b651362716b52fd89b153e13ab1bc643

Download Submit
C:\Windows\System32\dllhost.exe

Filesize
896KB

MD5
790af95788e7fc220443b6e23eaecd61

SHA1
c09a996c31c6edd42ffde942a3dc637d2c74f35c

SHA256
cf916edd7e9039a34562a49efb47cdc5a184db3387fdddf51b24e17485d44e46

SHA512
08bd96b323e596835979115ce0af1097084e83fdc0404c5afb1e9a8f281b609e08362283645db71a77ffae0412c2fb6b8fea976d16acefdedeb27a3051ceec73

Download Submit
C:\Windows\System32\ieetwcollector.exe

Filesize
1024KB

MD5
eb3e06bd0cde6f22e0cfae3c2bca1105

SHA1
c451dcee1e05ceecc64952ca53c3d83bb4942d3c

SHA256
cee343b9d0870bbf3966f14f956162f6817700affac644b0c1fb4396f3701c03

SHA512
e40ba3a043c0cab2839d1f4c9502b58a94821513d9cee5e9cbe82d674b80ab5ddd95a24a5e69ad2f742b0ab49e806c162dd06696ab92210b4a22073d7f55805c

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
91KB

MD5
b1098b80f814e5f8825f1eb623cce5e1

SHA1
39af0940efc5b51cd0b7dea24829b130a8bab397

SHA256
c21002ebf5c4938e19ab3a2d2033c79f7693958e3468ebbc8ed2bf3d8b683fdd

SHA512
81a9277d48cc496bfb5f898a40831c161e4065dfb5c383943cba36222dd12a8047f7498528825eeb4e8dec0d1c615eda168599caec412c86244c2171eb0a6f15

Download Submit
C:\Windows\System32\msiexec.exe

Filesize
1.3MB

MD5
916f05004fdd73700d8fd8663d8a224e

SHA1
5636eddc005fb0ddbd437d2a30e13c41440baa20

SHA256
73ed896c7dcec4aff98baf4e8bb38e906e11242e00493fc71e4228fd72a564c5

SHA512
9fb6cce3e6c71b78f26321fe02705e47b174d3aec85d55b24baf8909bb770340e253ea51f0a6402ad532922b0def54e803421b9deba64d185dc76b0b8b0b13ab

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1000KB

MD5
d0855793cbb3fa0928181d6203128c1f

SHA1
c1814b438f553d3d11eff2dcd3e38c20b7ff893a

SHA256
eb0ff3dd89f1f7f92e3fa4435d7666e436f5feb2e5f1344defbf60a3594cdc1c

SHA512
834232e93f67d86728bc631b72760f8c1fbdec2db247868078a7c0991da02aac525a094f44ab7d92828c9f4130b3e45b34443d4752a2876955a3f3daecf388c5

Download Submit
C:\Windows\System32\vds.exe

Filesize
986KB

MD5
4e3b6c2434982eb4e30d7ef6192744cc

SHA1
0dc229ade702a62d8a66862bd53efabb0f7c3713

SHA256
c8588a07c98c812d74e159b504b2d9760b322846710888cdf875e5784f413795

SHA512
d00ec010f61a7d741ceebaf3c7bb6541ec7cc02d7ba06b26c3df1d6ffa39b385ea618964e45bc282d358a046dfcd25ab7de19eb4d6b061a524b4071a126c7312

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
880KB

MD5
35e74f26b980ce74a5178e720c3206e5

SHA1
8538f70f3f69bba7bdcb0b75598eb3331ff08127

SHA256
1fe642587eb5e7de240f19107a48acf36417d3c6eb4f2af70a6111a8f6cfc93b

SHA512
cbfe2dfacab81634679a89e3b863f92e7e2ba52aa220ea00b7e6d601f55347d6b07651cb7efe05a56282e4c8c294b47403bfd15714a31b0b504bb287708b6382

Download Submit
C:\Windows\ehome\ehsched.exe

Filesize
1.1MB

MD5
3aaac55cc55b895c463f7f7ac328eed5

SHA1
3507381405d34061bd456fa9b1a8d67bd4d9a936

SHA256
c236e4aa6b80917d00ac3cb8cfde7df32481595042557d150b20ad7b066dbebb

SHA512
6dffe14ffc34915aee289aa362f9c74e88904177df055d8a1926328298a63536864fd12a82d5f1ef6df0350ee89090184a829f73b6a5f0e4e0a4a81fc9a779d5

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
232f4c701adce8f86c7b82a69f1a1c72

SHA1
f23c01e92b8626c078abe33296095d89b2055bf8

SHA256
5778bf3ecdfebbd1c5d561a2a517f6760a2935e529f0e8e36909af0d2915b93e

SHA512
497abd25a5f40af75c005d2e47b6356f27a4d50ed3772aa7fa17b486239380798c832a3a1d215bf9723342beccd4fb8108cb4831f22c39779ceb10666065e6af

Download Submit
\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
898KB

MD5
cf6078d4227f6f37a31fcf365e57fbe4

SHA1
d292eee173ef8656967abbe8fbccf669422a827a

SHA256
24e77ecefe9b8e27881dadfb3b605f61051dcf7e778f9f02aa02a60b3a8e822a

SHA512
f9a5a3d6629fcb48afaeffa4222dd2815294f1c406c677ad1efd94d62d607caf9a9e7b8209d0a2fcac664caf5372c196c63641f79643037bf23154d3838ae04e

Download Submit
\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.1MB

MD5
cc4310575471ba1a8436cfe5ebca3412

SHA1
899d5f3c17082e758600fdd5c27c3e5fedfa912a

SHA256
bd48b6eee2bfc08d8d84cc543d5e64553cb9b2a273b3d9fed1be829a702cc275

SHA512
bbc435746e7ced68321225c26f12f8d2da02849f32794de7416e2506bd15c6d53e170d80b2b06f5e1cf3cfc9dd6fece1616efde89b21bc460f31c31aa4807e54

Download Submit
\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
1.5MB

MD5
7a71f6db2ceccdf8c50cafb1123d65ca

SHA1
14440527ebe8210927bea7b91a90e8e6e5b32fc8

SHA256
7328184f8c55e9416bf6e3344cb7f065fdf452f19b5ba3172aefbab95f390805

SHA512
6473d6967138d93d113c8efc6c5315e56f557d9de2c1e2daaa30fe1844250d7751f68759039735f8a6842a35f4d14ea3b13489856e4c41b46d3881e5dbefcd6b

Download Submit
\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
1.5MB

MD5
7bffc3bcf7c223994808aca48de714ce

SHA1
6174aaab9a20a637bef724597864214664c7e851

SHA256
3530e8533a16b53cccf05f59d9e6357f501144057227fdabdbe26ff6fb23477b

SHA512
95f3deb8bd310b891639ed5a10557150db2d1945acc05986ec969051f93786b5b721201021dcbf23d171024f9808c1f12b727cc36757c1ac875f0b6fc3b39bd1

Download Submit
\Windows\System32\Locator.exe

Filesize
423KB

MD5
2933fdae30f774fdd416499f9c650f8f

SHA1
db8b5f552d3c4ba20af4176ebaa7003a3ca41ff5

SHA256
c4d37d7f24a5851faa81b25103364ee37c25d5abe299ea8d9d30aff530076a8e

SHA512
c24c10711cb94b59af4d86298bb662d0abb4fcd52a8174063e936ba2ee5599fa34b9868b29f580a4b848982b6ec196a0251312794d145de87bad2ff59b7d5390

Download Submit
\Windows\System32\alg.exe

Filesize
896KB

MD5
48b5585b81bde5078cce582492db59fa

SHA1
0cb623ae89ee6e15eb3203c0c18c914eba72fb7a

SHA256
4c45b0cb0c851500c707229ee3e3d21708c42af379fa9733001ccbe1010d366a

SHA512
3b5d9ac3018c0e6feb6a43822dcd3784d2ca4fc0e4db99e8455e1792e00a034cd998f9c874d850823c9ee95801d1f8c39b0236796eb2dd468f2dcffcb1154bc0

Download Submit
\Windows\System32\dllhost.exe

Filesize
1.1MB

MD5
6e34334eacab13c47d585198ef752fa0

SHA1
b24da9203a6d4e32b70b93d23ddfc86914f5932e

SHA256
b6294e6c85118b96b8a468cf062b35fcd4f45292f8774187cdb84726e92718a8

SHA512
24ccdb108657f46f665abb7ea880d2e8ced083a1c9a7689d8a1277f2ad64765e01570e7efaf066a93eea498d992c32fffc99d4cb170f3064b9090684117be854

Download Submit
\Windows\System32\ieetwcollector.exe

Filesize
1.2MB

MD5
6762e02fc3fc40dd86fab04f3f659ccd

SHA1
81f9bfc9b85fbb3866df7d9a3525104b1245cb9f

SHA256
6da9d0b56e6736ecec9138a79bd0f2cb4dd74b7858f02148fd67f6736cbaf647

SHA512
8bc85c5aee5dfff52f6f35a669ac7be4ccf43a4db3cc3b8fcb6b4288581628d32f0f797595533d612007243e79a61f08906cc7b7358017444ba7e8bdf4d20b87

Download Submit
\Windows\System32\msdtc.exe

Filesize
405KB

MD5
55ba92be9a0e2544ebeda226a5ba4ba0

SHA1
c55f1ff81b16106476fe32fb40a65b522e41bd83

SHA256
6ddd3b1d4d976411ef00f34f431bbdf6cd114b310268c084cb0bdcb49b9b47d1

SHA512
4268af24c4a09c6b7837d258fb3ec6ee8c457155b04f13d96c455970a5ffd7e0b48eacdca6270bae29f59087b24ded5a4a7f1a3fe31b13bae13ab90451a913d6

Download Submit
\Windows\System32\msiexec.exe

Filesize
1.6MB

MD5
e2a459b47446a219b63935a8783a0b84

SHA1
8754b7aaa52c57a658f56f88a01d5ba1a2e59ed1

SHA256
59af5a4d7a971c9feb657b718fcc3408379fcef5cd6e8ae123580af37e63e091

SHA512
390bfeb03258dd527358e5fbc9dfc139a70be1fb800a3cfbc84ff5135f48dc2b9d045280ec590ff4fe6d9ba84bff6a000b2bf11b4d010ed03edbca49551be291

Download Submit
\Windows\System32\msiexec.exe

Filesize
64KB

MD5
858ac7096e37b54a243e2830fad19375

SHA1
abb857b004718d79eeb8c9f33cbbafea3193ee35

SHA256
cdc910bafee187f52c774b15692a748ec256e2dca03513a4688a81b54d4380ba

SHA512
dcd36f9625ef85733cc83a0e63aacc5e537c58f9780b287e0f3e785164139ac741b756875494f4bb65001fcdbb085119ec069e3711e3bd6fa1cf316bea13fb28

Download Submit
\Windows\System32\snmptrap.exe

Filesize
949KB

MD5
badef6e7eece8dc4be3baef98d547bcc

SHA1
92af921ee86d959613f5c005d513f4f2ec3733ae

SHA256
246614b273643dc8d614fadb79b60e5a43740d468fca229b8b5d241fceba7fce

SHA512
866effdb2d19a460a602b9b6369a72509af3d465270552f3444cf305cb7b5ad589ac74231ef74d3f8deebf0dcbbe8d10d0dcb2c269a9d29416a93fd62637a8d3

Download Submit
\Windows\System32\wbem\WmiApSrv.exe

Filesize
33KB

MD5
3d9ca185d897be1f2b42bad2d8259588

SHA1
dc413ce94e1f8420a1f11a3c6fefc5ba72aa1d4e

SHA256
caa43a297c7d5144818a3f45fbd48bd8c85d8c9d63536e6586366aa44a4cdcf3

SHA512
f8d7b616bd64d99e64f375b8b4a85e3d1189abf59a6a95306793cf2ab74ede02bc12921aa382c3330e2b835dc1fd494b24abb838baf3436245747810892475ac

Download Submit
\Windows\System32\wbengine.exe

Filesize
1.0MB

MD5
8312103e9f7e3adf67ce4e1425300e60

SHA1
a4a167bf832f681456ed2e3dc64cd55c42b85455

SHA256
50209f95d43c1a037cdf0bc0aecbc2031330871e51a9edf68e674652b9d54e78

SHA512
f7bb9bc7d0c4da371f9f412e31fc6b353f7eb7674edf7b45f2b2e83c801ea0d862b067e547a4a61d858fbcec7ad72442a6e8c5990af48de5209ce88dd68596ca

Download Submit
\Windows\ehome\ehrecvr.exe

Filesize
1.2MB

MD5
72e4c3d14714393ff02ba366f9346e98

SHA1
d1ae9f98ebd971c9b84828ddd00e72acfab1c925

SHA256
f5cf72f63cd20d8c1bfea0617f3940a602a7ff9a462dd304d048de65aa8d9dc7

SHA512
8a0bb74c7f52c16fc04395a55e1d1a787778342f5789f57e118fcbc0f2d7485bf73f8250353bb5fecf908cf7143dbe7b43ff350350e4388df41c962242ab516b

Download Submit
\Windows\ehome\ehsched.exe

Filesize
1.1MB

MD5
ba51465594aa3dfe7f3cf2f92b18b30a

SHA1
668a696671f85e2128724452946e226812d8c9d9

SHA256
51ec44a98cbe60e8e95d598aafa3cc75ba5ae973fb6f1856f82dca91a230b669

SHA512
d961880ba45a2ca5479dfbc12bec6e9b00b14497733526942ada327d1f800042d227ec0ea990b306369b4be92a5b10911e85a0dd50df87791f541b6bd0155216

Download Submit
memory/388-92-0x0000000100000000-0x000000010017C000-memory.dmp

Filesize
1.5MB

Download
memory/388-89-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download
memory/388-162-0x0000000100000000-0x000000010017C000-memory.dmp

Filesize
1.5MB

Download
memory/388-98-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download
memory/388-97-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download
memory/436-210-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/436-165-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/436-148-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/472-176-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/472-104-0x0000000000870000-0x00000000008D0000-memory.dmp

Filesize
384KB

Download
memory/472-111-0x0000000000870000-0x00000000008D0000-memory.dmp

Filesize
384KB

Download
memory/472-212-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/472-153-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/472-106-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/564-200-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/564-145-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/564-141-0x00000000001F0000-0x0000000000250000-memory.dmp

Filesize
384KB

Download
memory/684-158-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/684-232-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/684-244-0x0000000000260000-0x00000000002C0000-memory.dmp

Filesize
384KB

Download
memory/684-169-0x0000000000260000-0x00000000002C0000-memory.dmp

Filesize
384KB

Download
memory/1032-273-0x0000000140000000-0x000000014019D000-memory.dmp

Filesize
1.6MB

Download
memory/1032-213-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/1032-203-0x0000000140000000-0x000000014019D000-memory.dmp

Filesize
1.6MB

Download
memory/1048-274-0x0000000000480000-0x00000000004E7000-memory.dmp

Filesize
412KB

Download
memory/1048-266-0x0000000001000000-0x000000000117D000-memory.dmp

Filesize
1.5MB

Download
memory/1520-359-0x0000000100000000-0x00000001001FB000-memory.dmp

Filesize
2.0MB

Download
memory/1520-360-0x0000000000850000-0x00000000008B0000-memory.dmp

Filesize
384KB

Download
memory/1596-183-0x0000000000AF0000-0x0000000000B57000-memory.dmp

Filesize
412KB

Download
memory/1596-247-0x000000002E000000-0x000000002FE1E000-memory.dmp

Filesize
30.1MB

Download
memory/1596-182-0x000000002E000000-0x000000002FE1E000-memory.dmp

Filesize
30.1MB

Download
memory/1624-280-0x0000000100000000-0x000000010017C000-memory.dmp

Filesize
1.5MB

Download
memory/1692-221-0x0000000000FE0000-0x0000000001040000-memory.dmp

Filesize
384KB

Download
memory/1692-195-0x0000000000FE0000-0x0000000001040000-memory.dmp

Filesize
384KB

Download
memory/1692-218-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/1692-191-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/1708-187-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1708-124-0x0000000000380000-0x00000000003E0000-memory.dmp

Filesize
384KB

Download
memory/1708-119-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1708-117-0x0000000000380000-0x00000000003E0000-memory.dmp

Filesize
384KB

Download
memory/1708-125-0x0000000000380000-0x00000000003E0000-memory.dmp

Filesize
384KB

Download
memory/1804-358-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2096-90-0x0000000100000000-0x000000010018B000-memory.dmp

Filesize
1.5MB

Download
memory/2096-13-0x0000000000170000-0x00000000001D0000-memory.dmp

Filesize
384KB

Download
memory/2096-20-0x0000000000170000-0x00000000001D0000-memory.dmp

Filesize
384KB

Download
memory/2096-14-0x0000000100000000-0x000000010018B000-memory.dmp

Filesize
1.5MB

Download
memory/2128-26-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download
memory/2128-103-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download
memory/2504-8-0x00000000002F0000-0x0000000000350000-memory.dmp

Filesize
384KB

Download
memory/2504-0-0x00000000002F0000-0x0000000000350000-memory.dmp

Filesize
384KB

Download
memory/2504-7-0x00000000002F0000-0x0000000000350000-memory.dmp

Filesize
384KB

Download
memory/2504-1-0x0000000140000000-0x0000000140222000-memory.dmp

Filesize
2.1MB

Download
memory/2504-70-0x0000000140000000-0x0000000140222000-memory.dmp

Filesize
2.1MB

Download
memory/2564-54-0x00000000002F0000-0x0000000000357000-memory.dmp

Filesize
412KB

Download
memory/2564-60-0x00000000002F0000-0x0000000000357000-memory.dmp

Filesize
412KB

Download
memory/2564-131-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/2564-55-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/2604-65-0x0000000010000000-0x000000001018E000-memory.dmp

Filesize
1.6MB

Download
memory/2604-43-0x0000000010000000-0x000000001018E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-238-0x000000002E000000-0x000000002E19C000-memory.dmp

Filesize
1.6MB

Download
memory/2648-250-0x00000000003C0000-0x0000000000427000-memory.dmp

Filesize
412KB

Download
memory/2728-285-0x0000000100000000-0x0000000100199000-memory.dmp

Filesize
1.6MB

Download
memory/2728-287-0x00000000005A0000-0x0000000000739000-memory.dmp

Filesize
1.6MB

Download
memory/2728-225-0x0000000100000000-0x0000000100199000-memory.dmp

Filesize
1.6MB

Download
memory/2728-227-0x00000000005A0000-0x0000000000739000-memory.dmp

Filesize
1.6MB

Download
memory/2728-233-0x0000000000410000-0x0000000000470000-memory.dmp

Filesize
384KB

Download
memory/2884-254-0x0000000100000000-0x0000000100542000-memory.dmp

Filesize
5.3MB

Download
memory/2884-261-0x0000000000160000-0x00000000001C0000-memory.dmp

Filesize
384KB

Download
memory/2884-263-0x0000000100000000-0x0000000100542000-memory.dmp

Filesize
5.3MB

Download
memory/2960-357-0x000007FEF43C0000-0x000007FEF4D5D000-memory.dmp

Filesize
9.6MB

Download
memory/2960-354-0x000007FEF43C0000-0x000007FEF4D5D000-memory.dmp

Filesize
9.6MB

Download
memory/2960-355-0x0000000000BC0000-0x0000000000C40000-memory.dmp

Filesize
512KB

Download
memory/3020-72-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/3020-77-0x00000000002E0000-0x0000000000340000-memory.dmp

Filesize
384KB

Download
memory/3020-69-0x00000000002E0000-0x0000000000340000-memory.dmp

Filesize
384KB

Download
memory/3020-150-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/3040-29-0x0000000010000000-0x0000000010186000-memory.dmp

Filesize
1.5MB

Download
memory/3040-30-0x0000000000A40000-0x0000000000AA7000-memory.dmp

Filesize
412KB

Download
memory/3040-35-0x0000000000A40000-0x0000000000AA7000-memory.dmp

Filesize
412KB

Download
memory/3040-112-0x0000000010000000-0x0000000010186000-memory.dmp

Filesize
1.5MB

Download