4baa02a333a3c22094460cfcbc2a634ea476d5a5c0dfabacee23939f771ef21a

Analysis

max time kernel
12s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
Size

4.1MB
MD5

69392000ead768a46a50bf2f82f0ece0
SHA1

48b3dda2e8065467a1ecc97540b5889cb41880af
SHA256

4baa02a333a3c22094460cfcbc2a634ea476d5a5c0dfabacee23939f771ef21a
SHA512

4193155d989693e60366ad94a4d950fda1f526f7ff5918e03975486505d80ac0f09f2c047580c87dac939d28cbb95f2024562cbb30e9c504b6c2366793e3a946
SSDEEP

49152:05Viqwo4KxghcyJLBaSbvviqMjfBVrTFZ1bBzP7n1Y8/17MVfw1QSXm+RFvTCr9r:0BfrrTFFqRlw6a+wEnW6at

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 11 IoCs

pid	Process
464	Process not Found
2832	alg.exe
2744	aspnet_state.exe
2296	mscorsvw.exe
1396	mscorsvw.exe
2996	mscorsvw.exe
2168	mscorsvw.exe
2856	dllhost.exe
1500	ehRecvr.exe
1896	ehsched.exe
1808	elevation_service.exe

Loads dropped DLL 5 IoCs

pid	Process
464	Process not Found
464	Process not Found
464	Process not Found
464	Process not Found
464	Process not Found

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\f8799fce93c0dc56.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe

Drops file in Windows directory 22 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log	mscorsvw.exe
File opened for modification	C:\Windows\ehome\ehsched.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E88FAB5C-2A2C-45C2-9B68-093044139946}.crmlog	dllhost.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log	mscorsvw.exe
File created	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E88FAB5C-2A2C-45C2-9B68-093044139946}.crmlog	dllhost.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	mscorsvw.exe
File opened for modification	C:\Windows\ehome\ehRecvr.exe	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit	ehRecvr.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit\Version = "7"	ehRecvr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2232	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
Token: SeShutdownPrivilege	2996	mscorsvw.exe
Token: SeShutdownPrivilege	2168	mscorsvw.exe
Token: 33	3068	EhTray.exe
Token: SeIncBasePriorityPrivilege	3068	EhTray.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2360	2232	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe	28
PID 2232 wrote to memory of 2360	2232	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe	28
PID 2232 wrote to memory of 2360	2232	2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe	28

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe
  C:\Users\Admin\AppData\Local\Temp\2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\2024-02-21_69392000ead768a46a50bf2f82f0ece0_ryuk.exe --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.73 --initial-client-data=0x164,0x140,0x168,0xdc,0x16c,0x140315460,0x140315470,0x140315480
  2⤵
  PID:2360

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2832

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2744

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2296

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2996
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 1d8 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"
  2⤵
  PID:2776
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 1d8 -NGENProcess 1dc -Pipe 1ec -Comment "NGen Worker Process"
  2⤵
  PID:2816
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 260 -NGENProcess 250 -Pipe 24c -Comment "NGen Worker Process"
  2⤵
  PID:2660

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2856

C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehRecvr.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:1500

C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehsched.exe
1⤵
- Executes dropped EXE
PID:1896

C:\Windows\eHome\EhTray.exe
"C:\Windows\eHome\EhTray.exe" /nav:-2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1808

C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehRec.exe -Embedding
1⤵
PID:1536

C:\Windows\system32\IEEtwCollector.exe
C:\Windows\system32\IEEtwCollector.exe /V
1⤵
PID:1812

C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
1⤵
PID:912

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
PID:344

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
PID:2172

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:2912

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
PID:2704

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
1⤵
PID:2680

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
PID:1976

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
PID:1940

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
PID:2444

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:1164

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2284

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:2156

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2384

C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
1⤵
PID:2848

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:2580
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1268429524-3929314613-1992311491-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1268429524-3929314613-1992311491-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
  2⤵
  PID:1696
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 588 592 600 65536 596
  2⤵
  PID:1016
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
704KB

MD5
dd970d720b545947bab1b87baf854191

SHA1
9f8b94bc45557a76899c0159abb82d568bce67cb

SHA256
294a86d43983e6dd7e613a5028a881a6e8dde2ace077553eb09c2099b85fe54c

SHA512
7948cbc437c2cfe388059f30a21c1a6c3480652eaf9251ccd0fbd074f4623d41314015dca169f9870dcce57661ea0e8cfa4bdd43caa3ae910b9c4c8a677325e4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

Filesize
1.6MB

MD5
443713a92e59d1dafc37afef6d37fdde

SHA1
e757bfa7db71752f91d6b8a8bc9a9114e5d844b8

SHA256
fd9bee83420ef7fb3afe8895c1c4ed9d4dab22708f90b410fc0cff60611da86c

SHA512
23f8bd3ed47e7545e1f4b04301aa28774e675d2e5ac00e32b0a1e4d712d2429eec8a7b8c505bfc82413f9cf277dca9da577c724bad745b34447824b209b73320

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
1.3MB

MD5
e5c4fb56ff06293fc3d4b3b16a3a9804

SHA1
30445be2623c2f4399248fe0cc6e6489d6b92da9

SHA256
cae5bb462dde3ee7e5c191bb5105f9c60761b82005886824ed7b75a30dd5c41f

SHA512
2e46c443811f917347f861aa2db447ae94d9053d626ce86d9070ad55451ef88203fda118502c3f9ebfe0ffe2ec3d7b121322e65224715831bab5f58820e11eba

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe

Filesize
1.9MB

MD5
405ff04265ff72783df1e177580f962a

SHA1
d3ab439c166f6a6a4567f1b577a4d0c47c82a926

SHA256
8b8bc59c2b3a1a2427f025b909541c77ed21ccb2df960800177af9e5b0ff3eab

SHA512
59a692787587e2d911daf4ccb5c7e0cd53dfc8e17c78e90334b0b5a73a6f457fdb5875b40c21fdbf82bb099e27ed41accd020bc54e23c05f12b4d32a2af753f7

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.6MB

MD5
426b2e43405792bda14b70d29dcc3396

SHA1
32c688f03983c6a1ac96787ed5e4f96a8e108700

SHA256
dc24d0d91a6068b3d2a98eb47e2c00bc80a5d8368446f7f50d8ce1156657fce2

SHA512
7d313762b7fa5976884a42e7da67395d1ecd43d455750c2f67d839ccd562d97fec4c737677d82393610c39db61ad51e38bbd829f8855c2dacf13f9bf2e068e51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

Filesize
7.4MB

MD5
58115fa199d22cd0d69594485bc203f0

SHA1
cf20dfe17a6840c6f7df994938553ec792c2fb73

SHA256
32f03d87d14ef183ecc14095eecbeec88c157a293575870cc4f075cffedb7c37

SHA512
b358850fd03bbfc1bacdcee0cb7e4d28e202eec49a96779620692b79c2839954f2293916bdfc7d5f5863ff23d7a22f1c15317791efad3b4176ef162e0b57c9b8

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.7MB

MD5
28ab2adde755de6ea07ecfa4646d803a

SHA1
2ca4d54f3685acb0c530bbe3bd4e45853efa88c3

SHA256
0cccec97b5ec6dca3921a2af4669316a23ff77e28d00c8033af08a2e52d5a16c

SHA512
521ec122f6fdcabc2b4c3a6c2edd0c347206444c09ccf57e4bbacc8eb78cbc7ae8c2bbcfbf8c6fb75d3d61cce94727ef70d82d6181f8deae6ba7591d044efb73

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
94ce0ec1b8674acc98a17d24a3058419

SHA1
78bae910061b5dff0ea822474e3918da7b176c10

SHA256
e4985c39cc4b39a39ec89dfc69c22e45d1fe0cecd2e80f413d014dcb65b74ebb

SHA512
85ce23e5b3d03636472b09707a2a85294aeecf6395abf9576853cbb1e0c52c6c7335dccf55dd63496185db9c30429a41813342093a02700f93034e5f007b048f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
78387ebad880ce37356d31b1ebf1fef3

SHA1
eaa6bedc7dae257cc808fdcd28f6d02b95ad370c

SHA256
ac056810651776768c3fc02bd1056dadf53811c35cf725bc8adcd3601168bed1

SHA512
29eb0018bb6b20e17ee3c53e99a078453b7b204947146d3fb5f93acf2fc2f543a6852729a11ce9b2e8a03b64c193abe1a5601167cb795fd5f3dc2181619dcbe1

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
956247a6e73617586e1ebe842087909a

SHA1
aaec3dee9dc363bc087fb76f3c4ec092b54bf2ee

SHA256
f14e2946c66385b76e77b52380fe118c7c8904d491c420ba214c3a5261fb7277

SHA512
91fbf08cd2a9ee585bb143afa0f112a8bc4c07335e77dec32aea48962a39c85ce1b91c09ecb6403263cecec3f94763f3d1d40478345679e930ca4228fda5f6f0

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
f10031902a577c9f51dc851340ee71d3

SHA1
4f0335b8c899b9de66a30d78b2fed34ce1858854

SHA256
91f5444b3300800924f1d92f956701dfeb42ae4b277750222e3d18e6ae959599

SHA512
58b0067e8d23e4a36802ba241f6f07ecd8fb9e81d510e7812ee375284a4ca85d198abc45f7435dc08dad200374deae1dd12f60cfcf5c2242c0869dc6f82f2d12

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.5MB

MD5
427f40f0742b701662095436b1801c83

SHA1
8008a90eaecab9cc3be48ca582941c7302c89cb7

SHA256
0002033def3248c48869921cebc36186e4e3577b42f4507d10916e277d19bc7c

SHA512
2fe93501ebe278f67339baa652cf9dc81b0cdb5aa765f1c0f5d81f610661a3cf1762ac94371b621f17bbb5b763fe1b5d920d14d95ca3b4c88beb82409a8d6eff

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

Filesize
128KB

MD5
a023fe9c0675655134abb8fde0ec383b

SHA1
60884bb66b09aeda5639938a80e9af81c21d3b85

SHA256
69ccdbf7b93585765517eaac380eea456a82dc895a1fc1f6c3f56351cadada6a

SHA512
878bdd881a35ffce8078b1bea979b4eab88e836f8724de046d4918a94a64e11bbe347a89888f04184bd628ba6c8af2524de1b818ec045a1fbe24ff2346cb236d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
feb685cd8451297aea82815cdbad4b8d

SHA1
3f26aedac63b0d414a9a1a9123ac06071b7d39e7

SHA256
74365171a16ce7bc565730377867465312b97f8d27514880bcb0abaf9edfda21

SHA512
c43b0dcaaa131eea35b39af805a081e3bf6f61bbef6b0e069f12aa8b905fa0a78ff6cb59715524d29512c7e9107c8ce261ef89f463e59a488468c65fba130009

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
3.9MB

MD5
1960f35493a7ebbabe83aa595b59f134

SHA1
e973e0b50df3f195187d28dae1f7dd9ba510438c

SHA256
d180e240a1fa6635a5e184f4d86b20b30179aa5412b264cb145193abb9480e83

SHA512
b1e19670a6f7e2bd292c2add87bae14025b862e3b591aa4fff51d4fb7b4b3ac584c7e336d81a4f29898602853abfabec843f44081a995a83abddd2f95fa12bd4

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
19ccda2d83a8386f9031dc751800b4d8

SHA1
3c06ea646693a8cfff70258b6e28816ff03138ca

SHA256
3fc7c8215ec4015ee40099771256934c882d80d08f66e3344047e60702d6fcda

SHA512
a5f19b5fb1769be3cd197d2e732efc52e346db5476679c748a83c03c4081cd5756db8d6abb2510c882e40a45c4471bc13957f522fbf6003355f5f54251a68055

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
204487b75224f31f108e13b865e86575

SHA1
15b388805d6e7a11a14794a00334f60c7a9a4b37

SHA256
3a0f7ae363503b3879eb12190d8ef0d8608a96a1dd0706f78023eb318f30b693

SHA512
5f7978276495bc8373b964578dad99f8a4303270deaa0666c287123c198d9ba89c1ed651f54e2ae97865c5abb1fb5411e7603dbcf4638e06e5c75f8d7286170a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
76d72bad9cb6da846b870f015eff9a75

SHA1
208bdc45fa155d6cd6e75059ddb5d48a84e5e8a0

SHA256
b85b59f17681df4581be579b887e6ceca3ac3c5a5ce886d9e3c076f44b71f49e

SHA512
e98d5aef9787559beb7ee051e2dafc511e197a453c443caf4df0e82366de97e8a17c9a4925dc1e4776ea2e593be8c776c036e17dce27d965b0a186eb4a95e8ae

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
957KB

MD5
558cfe6d02854d63a315d59ba7a0d769

SHA1
64b7258327a1705c5588c2704726dc0faf8baab0

SHA256
b7f1bad7df531f328fbe00e45a3deddacb2707f37953a6bdfbc22f1331b179cb

SHA512
e95035367e6f31ab66d092ccff5b7c3e0da05dd5aca6763afbc43105cef36a02601983dc121870145ae83c7762a0b84f6480850b9c1ba36c484f03797e85662c

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

Filesize
1024KB

MD5
930040effd395b3dc7208cc627b4727c

SHA1
3b16e3f489c2cfdeaffcb6a0a9bb509189619fb0

SHA256
6754a4e18dca65d1669c46e0b0e045ed0aa1a2bcf7314f2bf20f1f6b9880b007

SHA512
54c4ac8f9ab994cc0f59cc30197c1a81e21a7c6fa006ba160fed1d9f9bb9194856a6023140fa3aea38c2c237a35f2aa4a0dc473cb1418c9fab09410e50642f23

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log

Filesize
872KB

MD5
7b455ecc6b49e65a70abeacdc0761bee

SHA1
894077ce12a86105b0024d00824bf84c8ae16a56

SHA256
19f8d9629fc32846dfa5412be5b7e722cd358f5d8067d3dc19ba5c4718cc10bf

SHA512
ba1469bd3fda73a4b4633c04d542ea5413cc18d9157516bdc0a54be7dabd2fd6e4627ec690c623b7dd8c615bae8a8c6cea706a4ecc07b609d55d530b0c361d06

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
1.6MB

MD5
73415c763ae5f305c7f227414348ac34

SHA1
3e5302fed306b8186f54c4fb4b81275f9be9a721

SHA256
956fe8376778397eec3fe693293dcaa9a2b9fc8bc43571ad2372bb0c1790da57

SHA512
7ad56f076410ddbc02da542213544e933c7bfff0bf37b05c442ea487cf7611fd672b73faf9f450cf04dfb8b68a9397e5a672811b59aacf675fba234daed31807

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
960KB

MD5
7f7225da010bdf3ca5fa97c020a4d62b

SHA1
d0bd6e6b1a756e333fb29bdcef8b23427a84f7b4

SHA256
d16864aea70b86e2e1e7e1a071a9e31fe8102f3a8dced65bc716ec782df74c6f

SHA512
560f12093718cdb1f8c7a8416adccf7d102c1fb79ce4219c2103b08207a0613bf2e839994367a3da81d7005217d9916945b9909520a9e894defb358229d4d783

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Filesize
1.5MB

MD5
c525670ffd0e4784a61afdd1de851e0d

SHA1
feff8a7304cd5b34c454256e5709974510e34938

SHA256
9856f80c4f08df190074dc268c12545e73a9b751bb5e9873aa34d3d67eae6b70

SHA512
5ad7c102fbee62506517ad10ffd57c1ce9a88479fd2b6624092d3ec38e76ceecf73c9b5548b6e8566a6604a567027cfba810b0a7c20b5aced0a08d92377d6955

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log

Filesize
1003KB

MD5
1d9d08effca17fae65f893ed95414baf

SHA1
23a109e3977154525bb53e55d85142a14e60ebfa

SHA256
df28e6177697c82ac22a7d8da2f14da2566394af59b855e036251cc802d72ee9

SHA512
4eb93020c1cfefd28890c6d5b973be5b8ee20118d27e04cc1f847dd87cb39e8b4f669957d8585fba1bc478aa9d277aba82df3b9b53187d232d4af4f2370b1e1b

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
1.4MB

MD5
da0cadcfff59424e8102654e4be2666a

SHA1
b68272676f7bcf68adb2a5920f63b4814a2c09c7

SHA256
ac07a405991f8e4ea639c2ec1a658d20b621e90fb9b752cdecc87e1d3fb3d222

SHA512
b6c832c56f4539a2300831c19acef441a9c3a47d56c817557d50f3c414a4c2e6bcd04ea14572117c61a1eff1fe49921477853bde47e5ed662830cdbd4751653b

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
768KB

MD5
2e56e94307dfe2d69edcf5fac3841f1c

SHA1
1ee3c2d51a7cb65c5a5667de15b0cb3e97066a24

SHA256
3dea837727802f10eccb3254462ea6aefc8a04e8dcd3ea34f1804d2aa4ec8341

SHA512
2ecb0811d5e0fb726b93c0bd81dbd185193606d40f6421b9ba254353f997033636301a1bb88912a5a2327d7ee8f6d7a5671feccbec32fa0142fb50520839d30e

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
1.5MB

MD5
6fb2bc57edb0b2c29f55629394378a79

SHA1
38221fd79a40cae1c0896a9f79258d243988de21

SHA256
c9bfd165b447c4ab29d6181e3bafa8ae491aa6064f572d31698ccd343b1f694a

SHA512
12f13efcb517d322e34458ecc460f20d328cfb10a56590684f6b61db9a752018e5ce9ee254c74360f088aaa8ea5d649e785dab24bcfaee639a72b279adfbb833

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.5MB

MD5
8f2a6bf670b708edb3db04d0ccb45ca0

SHA1
14ecd14bf9c53db0de4dd29d6691256e4a8fd184

SHA256
473aea733fd7f60524e795366c41b867f788e250a48c0bc1f456a0d8608472e1

SHA512
d5ff1b2a0add780475289efc17164794152c5f1d08fb3b18ab12e057759b6baff48c1fdcb8bb5a3b0666161c57554af15cd9a6bfd36d79860b0bd762418ef199

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
f77b729feed8f8affb04d4178c0acf86

SHA1
316accbd746bbea0c0e04d7c61626fd9081c63fb

SHA256
0ee4ba942fe53042b031ffa63acdb1c031a84f863b043efed2285786e58d43ae

SHA512
80a82a1fbb8062b868a631f6569e8d9da1970a23c1a5d12cb03ef58f9c7f09dcc9af8bcbe87c7731abf92d5a7c9ec7e593ede6a25f9613997871e81bc6995950

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
1.8MB

MD5
91180c043873553650d29bd269fac537

SHA1
2acf446574a0a23e6fdf2d6c8017e87a8edb3c8f

SHA256
c3090328cd2a7466657edb954fb52466eb9432a254f12601dbc04f8341ede77f

SHA512
42627c5a69b99bb0c90298a8c79fa6daa90eae9f8952029c64a926a9a9a61db0185744f35f6cd2e7ac39a59df67c9f410f63ae6cb9b8039bff12ad43917e2ad5

Download Submit
C:\Windows\System32\ieetwcollector.exe

Filesize
1.6MB

MD5
36dec224078f2935aa4411a5e7e32405

SHA1
4e29a7431464ede8796159890eadcc3d2567d564

SHA256
c8b466ccad9f0db7afefd1aa78d1842de82140af1d691e76b533a6cc29c55d08

SHA512
72a83cf794e4adb381988775cce4a58576dbbd2e2c5a59bdda461334adffd53950e7459c34ea946916c66fce451f71d52aa82a95bfed719900a25a512e54f424

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.4MB

MD5
0f9aeb920c5135292ccb538532ae4e0b

SHA1
76296b0be92582b6160db97a69f6c4b36b56246c

SHA256
53e90a5074e7498d001c783a1599839875862f5126b86c93b6e0a96a3d9a9fab

SHA512
c694bbdae5980e864fefaeecb26feb61371039d1f7317849f336d4a6fcb1b99d41f1e2263e039e62f635fb586469e83a810b74b258af27ec5e1fa0f8aaf6840b

Download Submit
C:\Windows\System32\vds.exe

Filesize
2.0MB

MD5
9217cb3fc88cfbef16b620ce6fd1f7af

SHA1
7de0cd149c664f2d24dc803bdf8e5e859292063e

SHA256
48978274d7803f70a5c61fcf972ce8d4facb584e7a6622dd8278db1ddd849205

SHA512
ea5f10f45b333bbe97f11eb1bc4f1bdaac7f4b9facbd7fcb7fab982eeb3b5db8018e5fe63b01703ec554024e3a7fa118dc4fcbe2f62e97d133dab4d4c2f6ccb1

Download Submit
C:\Windows\ehome\ehsched.exe

Filesize
1.4MB

MD5
152915bfff9234761a003d5beef9c501

SHA1
1cfdfb081014953345d2729b47a8fc3633f027de

SHA256
201d086560796abb5a7f96b78102db9b960018d6d3b55a7252a873f4dbc53c6d

SHA512
dc53fcc1f2e0999368a6f139a7d32190e391354a9237ea39d69cb5c5c79f5ee872e9c68d863faacb8130477adc164ca1dcbbffde63f827cce0e92f448f570563

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.1MB

MD5
b2e76a6a9d9ceee7e297777bc5ccc6ab

SHA1
cb1cc6d5b5c46876356ff3b947ced03f7eb5c91f

SHA256
8599cd4fae0e8da1e5e603637d2ab1383634959d98b85f580e3cd4c4e49863bd

SHA512
76025cc6de5b50b7a6e48ed3dfce4803df18affc7ac76164ce5df102621c3af3473a2f75645f555ad41a85ee0907913d52db97e36e55bd2dc1fa4e3f3c412df6

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
be680b95001920fc52ae6af9a9b6fb46

SHA1
a90c81c278933cb7640742cf46a490b36077fa3f

SHA256
2a2e9eddfeb24fe5834084e5be17606e8423b1dd0254a3bdb92d6bc3dc6bef77

SHA512
a711b4154873d4d96269ea5c5c56b0aad6daaaeaaeed01431b01e78f9da1c000ea4fc9862b777dbf7d4165b2720206784c5440a2e7a78e9447f43de7453ee841

Download Submit
\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
960KB

MD5
0f8259dce3cf9c7677499c46dc48f176

SHA1
2a54f44641345029bd745366624686e3ffefd59b

SHA256
71e2d2d18c3ec43beb1007ee1eae94c45852d6bd4a1e6128ddf6d4584735f7fd

SHA512
c44359c4f70120d0eec76281426bed80b7eec117f2f5ef3f5b937ff2b71b5097e41f19641454cdd9fbd73b0315029f38b7b7bd8df53cf02ea6eb3fb4caea1afb

Download Submit
\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.9MB

MD5
21e5b1042e04f162780160c52a7b5400

SHA1
30d61864cc24612dce84db110f910f67156678fa

SHA256
8f483c1735997258ed52638ee31161aedc0a6dd25e9f1d00aa733113a9018c4c

SHA512
6648f2699a560e7712b5b65aa0e2d51b1125f8bda2080253d30a543fb1b57b3147e9602652d57b9e741429066d8ef5f54fc7b0bfd409e9d5ad47bb12d32953cf

Download Submit
\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
1.5MB

MD5
1b7c6fc898127221882163e58d1eff2a

SHA1
f527385e03ffce1b89a23fae685508240bd6b0e6

SHA256
00974c5fdc03acc249cf68e45b381752942eebbe3bb2b6abd0ff5ee05a46f413

SHA512
c14f18796ea9631bcbc93d965b50f0ced6c10051e2b34628b8a1243de8f35eb26125c961839e6ddad5978616e96e492bff8c2ea2f25dc3cf593af89e1b9aa1dc

Download Submit
\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
1.5MB

MD5
98ef73e2ab719bd40d91a0e859146509

SHA1
bfcddfe13a2263571c7d420b67528977b65d19a6

SHA256
b21f457c58cce0667aa63eea23f414c8afe00789251f1fac7d2772473a3cd3aa

SHA512
56a267ff6a0fdcb7eeb2f232907071d0d77c64dc4eb4373dd39aa40e3f460261cf998f03119ee2ec1bbf3f2c6101a2c160f4d3b0d149f19b15b50a4655d96a45

Download Submit
\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
c6a816630f99364dd695e14fab6aa24b

SHA1
a08351e1c9218f938f4d9176ef3cc29184bf8307

SHA256
7634fa83eca237efffadb151e70359eff6eceac6f2e1b3c1ddd98cc6f818d7cf

SHA512
020aa4d903282f7460303341f22b69ad90e4f25fc7868aefeb10e8f042b6d6931cdc8b26dd994e5c8b86886bbff56c5face9faf5a6be160e96a9507f406822e5

Download Submit
\Windows\System32\alg.exe

Filesize
1.5MB

MD5
3ce43f14ce5bfec74d9129f7a2ca364c

SHA1
dd3c2f7c4448dfeed7daa9da98f417d7b2ca1d23

SHA256
a6845a5a5a9cf84f53e9d11e222a4ac7470c3d8574fe237374fac016edc299b2

SHA512
5e43285ec5486f2b48b325a0a73f2dd6fa498270471e168fcf61de6b3a78ddb6c2073e6c063a556ca9d836e80d937495b7984302527c6b3ea09ffea18123281d

Download Submit
\Windows\System32\dllhost.exe

Filesize
1.5MB

MD5
b69a275b890a7ab6fb04a7462f9302aa

SHA1
024a7cc252ba8747251919b3d99889c0848b58a1

SHA256
04ed30bc1221be3266c6414e0265084a9cb7b93113b0286e9267e09ccc0a7201

SHA512
47421a3916f0e1953806cb280c90c8577cd199d605c4ef85dd00817ccc7b379a2f20c7da312e0f67903c58af8d4b57751d83f1cd81bef556b3fce3fc7ff25cc5

Download Submit
\Windows\System32\ieetwcollector.exe

Filesize
1.4MB

MD5
d6bed552d5760ffa16942a439833158e

SHA1
9f12a96f0a2c1a087bf065cc58c85e54adb527fc

SHA256
61d9bb44d600337183aa6fc22b23eb81825bc9707924186f38a735f99e529f0f

SHA512
6918b9e7091cefa69b39d4580dcde7a5e4244dd91a9ef96bb5de7713624180921862e4b96d3f853fac4ea7ead8420f4a34931809cd02ec13a41bd1d7acc64d41

Download Submit
\Windows\System32\msdtc.exe

Filesize
1.5MB

MD5
161204e26847c9550d579f0c8d9e1445

SHA1
814330cb826f8e4ab61e81c37ea3ed2c5f4680eb

SHA256
e1f6a85f8d41b16162ada5057ee301d3b0a5c1719c4b7630bd3f734748b8571f

SHA512
20ee2d1ac191f6524e952831c6059ff5291ed01aea32b3269dab401af9553883abe5fb559a7d99e36e671fd58ad143c8dda5a8d22927ee2f3c8a65e77f4d3a17

Download Submit
\Windows\System32\msiexec.exe

Filesize
1.6MB

MD5
9a002b4ab5449ceaa2f37af9ee0e3816

SHA1
43f66989d13d5e355e12299bece59c9af4d2d80d

SHA256
3bb6676d59a85b35b8d8c956181298baa211d53905d2567e8f51c3973a40e12f

SHA512
d053a863016ef803bc087b4f873ba96e77de80ae2d426ddad79b6478fe29a9052e07360bf270a90a37452896fe1a27cd66f939035e581e57562ca8d35d83daef

Download Submit
\Windows\System32\snmptrap.exe

Filesize
1.5MB

MD5
b3281e2b8296b475c60bb77d0c3c895f

SHA1
447287a16c986ab20fed822d46841a61e69feb28

SHA256
317921316e3f356c1d47608a73d1e1c11a26cf021142501912ac0575e47e8e6a

SHA512
134f1c9d40dfb34d31b9b4cffff53f4c9ca19f3dcd36d9c883994fba63133a06c181b3f5aacbd22fcfc9cc472ed2a5629633b8051989643433d2b13a3db32487

Download Submit
\Windows\System32\wbengine.exe

Filesize
1.2MB

MD5
9f55e4fcd5380118ee281a36e1ff6762

SHA1
f2ecbd1ed0b98954673d638d8d5af97f54c7daaa

SHA256
97c4fe7e88a9b19a2f5cbdaf3b79d6b02becbf2be91b4a947730ff1791ff0a08

SHA512
62df2d6c988361505da0f9c19193d70d78fbde3dce803080a50ccee5308014355c6facef0edbbd551ad240e2d902f3aaffe616ee304f5141658ced28ad810b2a

Download Submit
\Windows\ehome\ehrecvr.exe

Filesize
1.2MB

MD5
240321c614b46d630b16ca154f281874

SHA1
5064b27615abf5e1cabadcab655fa33ece8ca2f0

SHA256
a1047ae27dbfea5f70f959259ce1d8ab3e3a2f1317426392fa103faedb69f1cd

SHA512
a573e56ea6c9befbda73b039e770d359375d9f1da0e025e70face0c49346b23aa28b167e6e64dec5fa293258bb4d000a53c1242fb304e22fd35221d6b9a99da5

Download Submit
\Windows\ehome\ehsched.exe

Filesize
1.6MB

MD5
c0e61314e81a8e4ad1b6acbd78bc199f

SHA1
d1610351379bf1b62fad494ea8cdc2fa21e5d40f

SHA256
0cfe8480d0bb589d4f45d37a76af84d06e1848c99e70df720360e39d3be83ade

SHA512
fef519c24d1071a7c9466f1ae547d5878d5f08104d5dcda96bd0cc7bb39037f83ab83290fbce722021377b3bd78217dd6b6d73042bb249bf4a3dc9b53ff1e42d

Download Submit
memory/344-200-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/344-202-0x0000000000FA0000-0x0000000001000000-memory.dmp

Filesize
384KB

Download
memory/344-216-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/344-222-0x0000000000FA0000-0x0000000001000000-memory.dmp

Filesize
384KB

Download
memory/912-195-0x000000002E000000-0x000000002FE1E000-memory.dmp

Filesize
30.1MB

Download
memory/912-197-0x0000000000670000-0x00000000006D7000-memory.dmp

Filesize
412KB

Download
memory/1396-52-0x0000000010000000-0x000000001018E000-memory.dmp

Filesize
1.6MB

Download
memory/1500-127-0x0000000001380000-0x0000000001390000-memory.dmp

Filesize
64KB

Download
memory/1500-219-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/1500-130-0x0000000001390000-0x00000000013A0000-memory.dmp

Filesize
64KB

Download
memory/1500-117-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/1500-115-0x0000000000860000-0x00000000008C0000-memory.dmp

Filesize
384KB

Download
memory/1500-236-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/1500-136-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/1500-122-0x0000000000860000-0x00000000008C0000-memory.dmp

Filesize
384KB

Download
memory/1500-123-0x0000000000860000-0x00000000008C0000-memory.dmp

Filesize
384KB

Download
memory/1536-190-0x000007FEF4BC0000-0x000007FEF555D000-memory.dmp

Filesize
9.6MB

Download
memory/1536-272-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download
memory/1536-191-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download
memory/1536-266-0x000007FEF4BC0000-0x000007FEF555D000-memory.dmp

Filesize
9.6MB

Download
memory/1536-206-0x000007FEF4BC0000-0x000007FEF555D000-memory.dmp

Filesize
9.6MB

Download
memory/1808-149-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1808-254-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1808-155-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/1812-209-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/1812-192-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download
memory/1896-231-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1896-141-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/1896-129-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/1896-132-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1940-300-0x0000000100000000-0x000000010017C000-memory.dmp

Filesize
1.5MB

Download
memory/1940-301-0x0000000000410000-0x0000000000470000-memory.dmp

Filesize
384KB

Download
memory/1976-299-0x0000000000450000-0x00000000004B7000-memory.dmp

Filesize
412KB

Download
memory/1976-302-0x0000000001000000-0x000000000117D000-memory.dmp

Filesize
1.5MB

Download
memory/2168-88-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2168-83-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/2168-154-0x0000000140000000-0x0000000140195000-memory.dmp

Filesize
1.6MB

Download
memory/2168-81-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2172-276-0x0000000140000000-0x000000014019D000-memory.dmp

Filesize
1.6MB

Download
memory/2172-212-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/2172-210-0x0000000140000000-0x000000014019D000-memory.dmp

Filesize
1.6MB

Download
memory/2232-89-0x0000000002740000-0x0000000002B71000-memory.dmp

Filesize
4.2MB

Download
memory/2232-0-0x00000000003E0000-0x0000000000440000-memory.dmp

Filesize
384KB

Download
memory/2232-2-0x0000000140000000-0x0000000140431000-memory.dmp

Filesize
4.2MB

Download
memory/2232-7-0x00000000003E0000-0x0000000000440000-memory.dmp

Filesize
384KB

Download
memory/2232-8-0x00000000003E0000-0x0000000000440000-memory.dmp

Filesize
384KB

Download
memory/2232-15-0x0000000002740000-0x0000000002B71000-memory.dmp

Filesize
4.2MB

Download
memory/2232-72-0x0000000140000000-0x0000000140431000-memory.dmp

Filesize
4.2MB

Download
memory/2296-38-0x0000000010000000-0x0000000010186000-memory.dmp

Filesize
1.5MB

Download
memory/2296-39-0x00000000006D0000-0x0000000000737000-memory.dmp

Filesize
412KB

Download
memory/2296-44-0x00000000006D0000-0x0000000000737000-memory.dmp

Filesize
412KB

Download
memory/2296-76-0x0000000010000000-0x0000000010186000-memory.dmp

Filesize
1.5MB

Download
memory/2360-91-0x0000000140000000-0x0000000140431000-memory.dmp

Filesize
4.2MB

Download
memory/2360-17-0x0000000140000000-0x0000000140431000-memory.dmp

Filesize
4.2MB

Download
memory/2360-12-0x00000000004D0000-0x0000000000530000-memory.dmp

Filesize
384KB

Download
memory/2680-271-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/2680-259-0x0000000100000000-0x0000000100542000-memory.dmp

Filesize
5.3MB

Download
memory/2680-274-0x0000000100000000-0x0000000100542000-memory.dmp

Filesize
5.3MB

Download
memory/2704-244-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/2704-240-0x000000002E000000-0x000000002E19C000-memory.dmp

Filesize
1.6MB

Download
memory/2744-114-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download
memory/2744-35-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download
memory/2776-273-0x0000000000590000-0x00000000005F7000-memory.dmp

Filesize
412KB

Download
memory/2776-297-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2776-262-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/2832-22-0x0000000100000000-0x000000010018B000-memory.dmp

Filesize
1.5MB

Download
memory/2832-21-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download
memory/2832-29-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download
memory/2832-100-0x0000000100000000-0x000000010018B000-memory.dmp

Filesize
1.5MB

Download
memory/2856-99-0x0000000000320000-0x0000000000380000-memory.dmp

Filesize
384KB

Download
memory/2856-207-0x0000000100000000-0x000000010017C000-memory.dmp

Filesize
1.5MB

Download
memory/2856-102-0x0000000100000000-0x000000010017C000-memory.dmp

Filesize
1.5MB

Download
memory/2856-108-0x0000000000320000-0x0000000000380000-memory.dmp

Filesize
384KB

Download
memory/2912-232-0x0000000000390000-0x00000000003F0000-memory.dmp

Filesize
384KB

Download
memory/2912-225-0x00000000005B0000-0x0000000000749000-memory.dmp

Filesize
1.6MB

Download
memory/2912-223-0x0000000100000000-0x0000000100199000-memory.dmp

Filesize
1.6MB

Download
memory/2996-64-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/2996-65-0x0000000000590000-0x00000000005F7000-memory.dmp

Filesize
412KB

Download
memory/2996-70-0x0000000000590000-0x00000000005F7000-memory.dmp

Filesize
412KB

Download
memory/2996-140-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download