Analysis

  • max time kernel
    41s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/04/2024, 18:35

General

  • Target

    2024-04-03_3f28151e194a2cc7864d423bb3ec331f_ryuk.exe

  • Size

    5.5MB

  • MD5

    3f28151e194a2cc7864d423bb3ec331f

  • SHA1

    d6a93fdc040ad8d4ec00435df0f54be78d1154fc

  • SHA256

    17020d36302682ea80022bfe8a3f3d4cdf618cd46b8ca620c244cbd70c3fad4d

  • SHA512

    adb7a77d663b2daeae08a1a9e29d317c1905a485f75caacbb5e7b79843b6f22da892a8158ee921bc275932d3a6edb805c1cdaf4665d8f0a17206ca54e8ef020c

  • SSDEEP

    98304:mAI5pAdVJn9tbnR1VgBVmxU7dG1yfpVBlH:mAsCh7XYkUoiPBx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 24 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-03_3f28151e194a2cc7864d423bb3ec331f_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-03_3f28151e194a2cc7864d423bb3ec331f_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Local\Temp\2024-04-03_3f28151e194a2cc7864d423bb3ec331f_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-04-03_3f28151e194a2cc7864d423bb3ec331f_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2a8,0x2a0,0x2a4,0x29c,0x2f0,0x140462458,0x140462468,0x140462478
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1612
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4104
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f209758,0x7ffa3f209768,0x7ffa3f209778
        3⤵
          PID:1552
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:2
          3⤵
            PID:4284
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:8
            3⤵
              PID:4744
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:8
              3⤵
                PID:2776
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:1
                3⤵
                  PID:4932
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:1
                  3⤵
                    PID:4648
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:1
                    3⤵
                      PID:1100
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:8
                      3⤵
                        PID:2080
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:8
                        3⤵
                          PID:3232
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                          3⤵
                            PID:3748
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff65c527688,0x7ff65c527698,0x7ff65c5276a8
                              4⤵
                                PID:5140
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                4⤵
                                  PID:5212
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff65c527688,0x7ff65c527698,0x7ff65c5276a8
                                    5⤵
                                      PID:5256
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1628,i,15376624773238480337,1914156623818709845,131072 /prefetch:8
                                  3⤵
                                    PID:4764
                              • C:\Windows\System32\alg.exe
                                C:\Windows\System32\alg.exe
                                1⤵
                                • Executes dropped EXE
                                • Drops file in System32 directory
                                PID:3940
                              • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                                C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                                1⤵
                                • Executes dropped EXE
                                PID:3328
                              • C:\Windows\System32\svchost.exe
                                C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                1⤵
                                  PID:1884
                                • C:\Windows\system32\fxssvc.exe
                                  C:\Windows\system32\fxssvc.exe
                                  1⤵
                                  • Executes dropped EXE
                                  • Modifies data under HKEY_USERS
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:1728
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  PID:1688
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  PID:444
                                • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                  "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  PID:1296
                                • C:\Windows\System32\msdtc.exe
                                  C:\Windows\System32\msdtc.exe
                                  1⤵
                                  • Executes dropped EXE
                                  • Drops file in System32 directory
                                  • Drops file in Windows directory
                                  PID:2028
                                • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                                  "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                                  1⤵
                                  • Executes dropped EXE
                                  PID:4080
                                • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                  C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:1656
                                • C:\Windows\SysWow64\perfhost.exe
                                  C:\Windows\SysWow64\perfhost.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:3124
                                • C:\Windows\system32\locator.exe
                                  C:\Windows\system32\locator.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:2980
                                • C:\Windows\System32\SensorDataService.exe
                                  C:\Windows\System32\SensorDataService.exe
                                  1⤵
                                  • Executes dropped EXE
                                  • Checks SCSI registry key(s)
                                  PID:4780
                                • C:\Windows\System32\snmptrap.exe
                                  C:\Windows\System32\snmptrap.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:1208
                                • C:\Windows\system32\spectrum.exe
                                  C:\Windows\system32\spectrum.exe
                                  1⤵
                                  • Executes dropped EXE
                                  • Checks SCSI registry key(s)
                                  PID:1296
                                • C:\Windows\System32\OpenSSH\ssh-agent.exe
                                  C:\Windows\System32\OpenSSH\ssh-agent.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:5328
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                                  1⤵
                                    PID:5396
                                  • C:\Windows\system32\TieringEngineService.exe
                                    C:\Windows\system32\TieringEngineService.exe
                                    1⤵
                                    • Executes dropped EXE
                                    • Checks processor information in registry
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5556
                                  • C:\Windows\system32\AgentService.exe
                                    C:\Windows\system32\AgentService.exe
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5704
                                  • C:\Windows\System32\vds.exe
                                    C:\Windows\System32\vds.exe
                                    1⤵
                                    • Executes dropped EXE
                                    PID:5804
                                  • C:\Windows\system32\vssvc.exe
                                    C:\Windows\system32\vssvc.exe
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5920
                                  • C:\Windows\system32\wbengine.exe
                                    "C:\Windows\system32\wbengine.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:6064
                                  • C:\Windows\system32\wbem\WmiApSrv.exe
                                    C:\Windows\system32\wbem\WmiApSrv.exe
                                    1⤵
                                    • Executes dropped EXE
                                    PID:5340
                                  • C:\Windows\system32\SearchIndexer.exe
                                    C:\Windows\system32\SearchIndexer.exe /Embedding
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5576
                                    • C:\Windows\system32\SearchProtocolHost.exe
                                      "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                      2⤵
                                      • Modifies data under HKEY_USERS
                                      PID:5732
                                    • C:\Windows\system32\SearchFilterHost.exe
                                      "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                                      2⤵
                                      • Modifies data under HKEY_USERS
                                      PID:5704

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

                                          Filesize

                                          2.1MB

                                          MD5

                                          517762db25ad70c0aaa5c4755d9c3a37

                                          SHA1

                                          674cbbcda4f3b813c7184b35e95d7fe3a604ffb4

                                          SHA256

                                          f1b2818c0172af5d17239329092529618814e19f84173d89ccca141e4e6dcd71

                                          SHA512

                                          fccae91e53d9e98aab47a7b7875b4a0af60c7cd162e38331168a8dd3769285040ccd22a73e0220faa819ab9a861a85653b6848a98f2cd4d5b15274412dbf09ca

                                        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                          Filesize

                                          781KB

                                          MD5

                                          7b206066490e94147681def9d08f5dbf

                                          SHA1

                                          6f82ce44f17ff4653c8d3fe0fc744dbba3b73fd3

                                          SHA256

                                          86f40f0528319fb502e099e1683650136f8d86248914f8be99aa13d9e07c2a18

                                          SHA512

                                          3ce475c37a188dbfd362a1339061f3b10c9e0c5d814e1085ff61dc890d6a4ddd82dc207ebaaf66d50eefebef8b84ecf6c87bc053c63b7bd4c5c1a13e067d8f64

                                        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

                                          Filesize

                                          805KB

                                          MD5

                                          1c1b1c1f6fc905ba5969bf294c082a22

                                          SHA1

                                          596810c5c1ce6c722c89d80272160fa08e549351

                                          SHA256

                                          429fdd29d4b550b5789f37b9f9be2fc2db023159673238053f40182ce69b879f

                                          SHA512

                                          b8763c1ba809ac3b5c657ee2e3b63df3c02aa82107353f12c2066ed44d3d8c608ff67de2a1e34a0f952bf9b79e22212da4b0e5e118df251c802331511e4d5055

                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

                                          Filesize

                                          2.1MB

                                          MD5

                                          d2ca8a94714501a325313aa12e44825d

                                          SHA1

                                          558bbb032e099367328739232bbcb469c62e40d7

                                          SHA256

                                          df3d5027e1ff31145bdf3ac03672604d65d2237c0545d7ddfd071eb44e1b18b9

                                          SHA512

                                          0ebbdacc406a51da5c9f743a627cb47951534124f273267fcb80086c89fe8b5f1e5ba24b24e7c19039e12ebfbd47b201b23d4419dda2a584838fd0fdd6a47aa0

                                        • C:\Program Files\Google\Chrome\Application\SetupMetrics\c6fc76aa-0a0c-4a7d-aaba-0d3043f0e0a5.tmp

                                          Filesize

                                          488B

                                          MD5

                                          6d971ce11af4a6a93a4311841da1a178

                                          SHA1

                                          cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                          SHA256

                                          338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                          SHA512

                                          c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                          Filesize

                                          40B

                                          MD5

                                          b605879e08d2c37a89e0a7cf9cebb008

                                          SHA1

                                          547075286a6e5e6a304912cef29adf2a5379458d

                                          SHA256

                                          2a7688cdba662e4017878b44e559b7bf4889f2b32ff1c6ed70e020a2738e662a

                                          SHA512

                                          f18fb8e2df93b18cb2359c651e1dbbaf73225ff16912cec7dda24ef3e82d921690aa0690ca493375536159d8aa9ab660e45e2abe4cdbeaaa368f6f69bc090fe0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                          Filesize

                                          193KB

                                          MD5

                                          ef36a84ad2bc23f79d171c604b56de29

                                          SHA1

                                          38d6569cd30d096140e752db5d98d53cf304a8fc

                                          SHA256

                                          e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                                          SHA512

                                          dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          371B

                                          MD5

                                          54492875107eb25977c5fd4de9de01f3

                                          SHA1

                                          f469abedb43a3fc616065c7b274799418fdf6198

                                          SHA256

                                          419047b193a03e4c0d8a363b88d3a153fab0ac38d224b913f25c42ef7b494079

                                          SHA512

                                          4884da9a36eccfa0d186a0ee58792d541057fdb11a92196002b0748b867a2a37fd74e1ee2483b6da3c6c28b9a8d20af688acd70249d826949fa9ac5234f8fa98

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          4KB

                                          MD5

                                          c9658b0d1ab8acb84815491fcc3e0701

                                          SHA1

                                          da5ca76602800b6b58c1931744ba021dd75d8b6d

                                          SHA256

                                          eb42767a8293477418dea0121575212b5db1a7b943c09feaf654ea58939b8cc9

                                          SHA512

                                          b116e1de1c9e99eeccf29242a2e92572bf190dc679e3e482b665236ad18d7c1b475726fb8ea035bab58bd74ab6670cd5e2d526bda2224255cc7fb32df674622d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          4KB

                                          MD5

                                          a29ceb5d51879b655ed3eb21fc4e598c

                                          SHA1

                                          5167c242c590c78101b99d28b4f2d4279fd26f66

                                          SHA256

                                          272836eb8fa39385ebd2128314ed66b631967680301945945d44167d545aebff

                                          SHA512

                                          cfd4fafecc0576e961d7f0f692f837b83d092cbbaff98c0770010786094071f46902ac1da5d4b2ad9e81bce8c56e68a67a0970f6957fc651195f2607686b48d7

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe57a6cf.TMP

                                          Filesize

                                          2KB

                                          MD5

                                          ef3aac392c0d75f931c89cbb67985e0f

                                          SHA1

                                          ce61a9a0890645f7551e4188f0dc09b324f56b63

                                          SHA256

                                          474bd435e067162d7364e95374e0fc4f6be9ea3202017cdb1eb05a7876f254ec

                                          SHA512

                                          22f026e8146699fdd24911bff6f5cfc0ea1cc131bd378e973e8fca5fc479c8eda9764b7a3a1acd9bbcf6f6cfab8763c04fe6c9a56e1b8e9ffd6316ed11c34703

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          15KB

                                          MD5

                                          874505a4bd0b3c7a251b29dec266272c

                                          SHA1

                                          11eb4ce3cdb07c62035a5b772620996e7c5f6c14

                                          SHA256

                                          e5dcf9efdacc54c43e1997e42d20b11f27dae8989017d7202b9fcb37b944c867

                                          SHA512

                                          2c1ae425610a25505c2e3c5bce2301fc5aeb472e875af1693a9edfd2ee7f4ac1af4166f1620371ba48a2fc4c0a016648af687d2f2496ca50b27eb182915cbef0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          260KB

                                          MD5

                                          b4b584ba2b7c47812482fba2a6298b8e

                                          SHA1

                                          ac492b7ded8ec347f5e14b9dd1f3cfe32031a76a

                                          SHA256

                                          a7723aa8a0a0b741636d8d988d0fb8357499e89e2b389aeec31b224929f420e5

                                          SHA512

                                          6cafd8d9556ff5a52d346537d1a5559b7f8884c437fd246bf8a516b36f5ebecf1e4a6616617abc2ab755b634267a28086c28665dd79740ef51274fe57a25e9a7

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                          Filesize

                                          2B

                                          MD5

                                          99914b932bd37a50b983c5e7c90ae93b

                                          SHA1

                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                          SHA256

                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                          SHA512

                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                          Filesize

                                          7KB

                                          MD5

                                          1d2c4d485ced7955b711091163b4f6b1

                                          SHA1

                                          fd6ceba5e7bc75ac8576ca11b217463f0115a48a

                                          SHA256

                                          221973be64ffa5df3bd7da8391c34cfc57c4ed1c4185b8a2f1522172e14f1a0d

                                          SHA512

                                          905685e9988113587d70d516a8d1c7a7f1924b0f508581e14b94dbf9aa836b3e74d34fbd098094e387a1bd79cab7a76d39719416840cc2a60da0b38be5103d37

                                        • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                          Filesize

                                          8KB

                                          MD5

                                          722ffae32ff2db00d33960bcdd16bc06

                                          SHA1

                                          c31db83e7f45cf5b34264bc54a3b4a2dd7273af0

                                          SHA256

                                          16988ae868443f33c1a113afa2e77fc841eb5963ea35bb5bac6fff4192c973bb

                                          SHA512

                                          866be0efd9f300c05af70b898ede5f9538cce8f026947f5cb0330a965190cfcb88df1b0fd6cc0e53d16bf7a97b08e6fd310be5b1bb66fe8428da3e08457cde41

                                        • C:\Users\Admin\AppData\Roaming\5cc5d3a62a644d7f.bin

                                          Filesize

                                          12KB

                                          MD5

                                          4038b2933dde6b6b78b2f99b5ac715f4

                                          SHA1

                                          36800ba91627159b5d117f9adc779ab5751e6697

                                          SHA256

                                          bdda059be64a4b620c1492a50af07c653cd03d6e62235b7fd3e7b906b2a98c71

                                          SHA512

                                          1c1c9f0c53ad758607ba826356f628f0ca6f68f2412a787350a9375daa3b0f4dbabf857f06a6073f66f9641b0a95de6bcb242b056cc1bb66df70b5c211031796

                                        • C:\Windows\SysWOW64\perfhost.exe

                                          Filesize

                                          588KB

                                          MD5

                                          a291886ae27e3780fcbeaa90c1b76355

                                          SHA1

                                          a6b727a070a5fc1f93fec77544b0ae71b0806fb4

                                          SHA256

                                          70f4460184acd12de8330397e0eda3da9efabae0d99bdf544a17ca77f08d69b5

                                          SHA512

                                          468684d859caf82adb8dd13ee34ab7661437a5eab52dab25c30a7d9f287c9bcd920cefd335bc9a8dec793909a3d5da650a625953b8d47c22311ff2200b083b3f

                                        • C:\Windows\System32\AgentService.exe

                                          Filesize

                                          1.7MB

                                          MD5

                                          65a52de0f9a7429939f81bfb6b26e2b1

                                          SHA1

                                          2dfaca36a73fa7687babc03a4955d987803a2571

                                          SHA256

                                          817818040db2914eb5c3681207161632f7f0072f48fc313e007d8b5c34216c8e

                                          SHA512

                                          a16c21500b9efad5c9100af9fb537a8ed89930b0dcb4dfd6cdde93900db1c19c14f8982567cc0af317cf2666a986c43c46b42d97ec066d4c78831f8dad4d3268

                                        • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                          Filesize

                                          659KB

                                          MD5

                                          69ab6d7d61e50f5f6199070d59c5c42d

                                          SHA1

                                          a3d89c37662f34ea1714e10e99d9ba427aa27f53

                                          SHA256

                                          5f60df782084fa7dc65ae7dd47e94034941fd50cf9bf5a25668b0af44db120d8

                                          SHA512

                                          bdf94af8ba3d6c3cb236546a3fc3758b21006500cb9c1e8ee3480655e9cadbbef9557d954d379205f25fc861ae2324bd93d932cf964758ef035cbff745e24905

                                        • C:\Windows\System32\FXSSVC.exe

                                          Filesize

                                          1.2MB

                                          MD5

                                          472ab2fbb28005489a8e564f0cfcd69b

                                          SHA1

                                          efd348cd5382f8ce5f1a903fb6d961dfb3c4dd8b

                                          SHA256

                                          0575ff010bf4dca1df8f0f07ed6cd716151ca3a8d135fbc44b53b82b465477a3

                                          SHA512

                                          a1d7ec09b427610a49b65702f14cd64b2be5ff95d8d8b043504dd6d6a975e49f735c3902d26edb1c0cfd5dab05d715b8d3732c11b785aacbc9edab1b00449b33

                                        • C:\Windows\System32\Locator.exe

                                          Filesize

                                          578KB

                                          MD5

                                          e103e184cb0b2f2ecf936e0a2e0664aa

                                          SHA1

                                          135fad0443b7c98374a28e5ff951be51a0899c4e

                                          SHA256

                                          ed4a16942d82d6deb714a5cde29fa568ead96603c86413394cdff5f027a77e80

                                          SHA512

                                          f1162a05d6d3d979efba8b57fa5e84fe39b18963ac7116a0fdd89a3cf9ff49c683b6f7525ef1aecbe0bce5d153b77431ac8ae659ada53dc008938b384b411508

                                        • C:\Windows\System32\OpenSSH\ssh-agent.exe

                                          Filesize

                                          940KB

                                          MD5

                                          5da973abbe03d942e53cfac58f43dfbb

                                          SHA1

                                          1abba40e1f2d1aa74411e6a7ded43025132f01ae

                                          SHA256

                                          e052b6dcff5b3082477ff9fc12f98180a6021a548bf03110d732567f73c232a6

                                          SHA512

                                          20fb8144a17b8ad50604acacf79fb85b1306b87c268323330f4e50cf3a7d1e0578261bfa75b3e245c4e8c35149578db157756f9db181e7870f1ac9cf095aa5f4

                                        • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                          Filesize

                                          671KB

                                          MD5

                                          39c976d26d44b56ef0e7926c5392c0f1

                                          SHA1

                                          714c9d25231ab9408127154ae49b68ec57ca8d01

                                          SHA256

                                          ec74c1c78c7f19a8b873264fd66f0dae440e39daaf68cc966011ccd81636f5c2

                                          SHA512

                                          af041d7d07142f89ef8f569b57f4f96d2da9a1bc77e6b53a97b1a6cdd9992f402bef97e3c70860197e7fc16ea029fd3a8c66f8185cab8487563b6a28d70c3ba2

                                        • C:\Windows\System32\SearchIndexer.exe

                                          Filesize

                                          1.4MB

                                          MD5

                                          26ecdcbef6b4df0de753ba441173fafe

                                          SHA1

                                          b9f05c699bc3f9c9b9cdd4d7179d8144cdce3c0e

                                          SHA256

                                          67aa0371717eab1b5491693cf2688310a5762e3a8da0db2abee9af1fbd9a5beb

                                          SHA512

                                          341aebb16a787bec38750ac958ad2ecb7d22a8157c1ffbc420d09784db5467b5d8e4b31786c45ef02d6347e606ff9e203e63a981fa5495166ec212f5d7646cbf

                                        • C:\Windows\System32\SensorDataService.exe

                                          Filesize

                                          1.8MB

                                          MD5

                                          cbaedf0a9546145fc92734cadef4560f

                                          SHA1

                                          4c26b2412b92e093ff50fa295a68091b710f759a

                                          SHA256

                                          878f2c3fd871697666ed7b6c12e56a27c5aa93a71c60ca94a5104ef8bcb4aca3

                                          SHA512

                                          baf35f9729c421e980d17686a967b73b8ab46710e497b662afcfbe80a8512e101a36f6f3b5ea5a8f415e815f7b21200c92bd370f8d7976724970ec5e2f00a1aa

                                        • C:\Windows\System32\Spectrum.exe

                                          Filesize

                                          1.4MB

                                          MD5

                                          af10440d9abe68b72e3607eb42a448a1

                                          SHA1

                                          207f783780d08cf571091b309769ad7411551290

                                          SHA256

                                          b3dcb30767ae7c72c1a90e387251a7454a1936ca9a857a1b48e5322314c62013

                                          SHA512

                                          8d93ac034ed9e1f727853fa666171bb5fda970f13f8be82237856d64155d506be25da367093b5ae01e79a20eb8b37297a96a3f5a24f9913802160ddd7a334ba7

                                        • C:\Windows\System32\TieringEngineService.exe

                                          Filesize

                                          885KB

                                          MD5

                                          888e8291c5ba8d5309706904f397dcfc

                                          SHA1

                                          f6d3c43a40cf0346d895e02770a956272e068e0e

                                          SHA256

                                          d322aeefa5251b9373c120275ad6b5f6ada3eff66a5f86c63196f185b8dbfcc5

                                          SHA512

                                          fb13d796bf935e10af7c5cf5066ccaf9458318f306fde3023d9300a203b587fac49f8c4c78b33cefd2582c3eb70fa2f42394848be9f36e58abbaf4183d736c84

                                        • C:\Windows\System32\VSSVC.exe

                                          Filesize

                                          2.0MB

                                          MD5

                                          1d6ccf586d8e5efacb335630428cd5cf

                                          SHA1

                                          480b92862b20745f0be54926bc5c1384b3cd2990

                                          SHA256

                                          55dc4b0a3c2df2586e9aaf16dbfe04ec38690780ba6aa8de016d594a6150b4d9

                                          SHA512

                                          fc05cc69bc9cdf719669bab4f2648529a1ecba8d1647a12d14c30d45e9e398e901b88407594304a39bcbf56ad7180681248005c478e5f9c6db77112896c7c8c7

                                        • C:\Windows\System32\alg.exe

                                          Filesize

                                          661KB

                                          MD5

                                          6956f18f798bcea24f5dbaadd813233c

                                          SHA1

                                          52a15fd4b7a7b9c03238dea64026c3908e0a21a4

                                          SHA256

                                          55266722326fb22f4292b1d4531e880d022c2fb9bbe2fc29bd75a6f3ac3e8605

                                          SHA512

                                          c6812c55a459d35f5530e888a0f119a788d3cecd74657e45c8238490939fc6c687e0adc64079f7fdc506bce7a520f9b7570444ab6e0c05d72f441256b1ee53e7

                                        • C:\Windows\System32\msdtc.exe

                                          Filesize

                                          712KB

                                          MD5

                                          15ac5ac9af23dd385c31c4f6d064eac4

                                          SHA1

                                          6badf584e7cd6253f1f451ac171a3c6e9091686f

                                          SHA256

                                          df2bbd48ffb68b305f763c7be9d4dd5e1dcac0ec1c56c5e53649266597582007

                                          SHA512

                                          461fc6497ad080fd87e9617248d026c268193e1192bcc4dc2965aebe1910db441bc01701e5313a096f1aa66f2e6af84c30ccbb97987fbd0aa9f5ca16e6404a76

                                        • C:\Windows\System32\snmptrap.exe

                                          Filesize

                                          584KB

                                          MD5

                                          c36b49c779f1762c310bd293e455d866

                                          SHA1

                                          96c566db82b6f38f8c968dd6fdacb4b39982b99a

                                          SHA256

                                          7094abbc11020df0cd3b91f0c86c1d23c6fbf18b4910ebf45f3490d3f4d64bf0

                                          SHA512

                                          14dedeb7733a990c11f7e0e16152a7ba15108c827ad2c884232167557c99eb29c2da75be022c414ba95d5720a4659f5b3844c1e1536cd24749b02922a885ffb8

                                        • C:\Windows\System32\vds.exe

                                          Filesize

                                          1.3MB

                                          MD5

                                          483fc72ddae4ca018c51dd2f3a41ac11

                                          SHA1

                                          2d334b9c3aefde6d55738ba447ef2a34fcf62df3

                                          SHA256

                                          61197bc6924347427b8ee718ffcfebe820fedc3f38bf503b53769b584ef549eb

                                          SHA512

                                          4017bec5ff43fcf1c35f1e527ed3e5092a876be980ad3b6487eaf63b5a1fd4dd349ee250015b3c9a413bcea70e663730fd5c7acb2daa567eae62f0121c755b43

                                        • C:\Windows\System32\wbem\WmiApSrv.exe

                                          Filesize

                                          772KB

                                          MD5

                                          1d313e7741e971adce466bca766db5f5

                                          SHA1

                                          9ac7cf95c43b3616933268404532a993a95c2b99

                                          SHA256

                                          9e9fce9ce1aeb8ffd486283714165c5aba5c8a4414c4e6ba4713d782db4d7a46

                                          SHA512

                                          bc7330fc20c81cfa75d6588e0a07dfc44b944afa01f275a9de38ef966e93344bc538ac07e6b7f31d5c094e15c4c5049c77fceddbc6e6359cdf17b6a51d405b03

                                        • C:\Windows\System32\wbengine.exe

                                          Filesize

                                          2.1MB

                                          MD5

                                          8821a0103c7a1d2ed2ca7d58cdaa4db0

                                          SHA1

                                          39bae8b4692ac040bd7ce8f9ddbdb1d69bc2bdb6

                                          SHA256

                                          6d416a3c051bf0e4af47ec11b78d7be39d016d1f7cb0d2017b3347d9108d58b8

                                          SHA512

                                          73006fb349ec3896ef06fa02b6604c9273d9059e8ca7ec2f7d080f60bce216c2404810b9764b6fd8da3ffb5c2639289863a67664dd7335615c3efdf37e83aeee

                                        • C:\Windows\TEMP\Crashpad\settings.dat

                                          Filesize

                                          40B

                                          MD5

                                          7806f070ee1bf48d945790a0c2a61355

                                          SHA1

                                          cd3804e5db65628f5a3c0a8accbcb6d10544280c

                                          SHA256

                                          6520df12afb6e96315f15e8777e8deeb8b25d5ac72136065c7d5accda00cd895

                                          SHA512

                                          c1c368d258f84828a08885a6c25894d96da5f1bdb66ae2828bf764213827289c4df027188338fede003a59c8bcdf64ab3eaceb0d20e62c8ec8620c921901c7bc

                                        • memory/444-172-0x0000000140000000-0x000000014022B000-memory.dmp

                                          Filesize

                                          2.2MB

                                        • memory/444-107-0x00000000001A0000-0x0000000000200000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/444-106-0x00000000001A0000-0x0000000000200000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/444-99-0x0000000140000000-0x000000014022B000-memory.dmp

                                          Filesize

                                          2.2MB

                                        • memory/444-98-0x00000000001A0000-0x0000000000200000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1208-227-0x0000000000720000-0x0000000000780000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1208-221-0x0000000140000000-0x0000000140096000-memory.dmp

                                          Filesize

                                          600KB

                                        • memory/1208-308-0x0000000140000000-0x0000000140096000-memory.dmp

                                          Filesize

                                          600KB

                                        • memory/1296-115-0x0000000140000000-0x00000001400CA000-memory.dmp

                                          Filesize

                                          808KB

                                        • memory/1296-234-0x0000000140000000-0x0000000140169000-memory.dmp

                                          Filesize

                                          1.4MB

                                        • memory/1296-129-0x0000000001A50000-0x0000000001AB0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1296-242-0x0000000000740000-0x00000000007A0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1296-128-0x0000000140000000-0x00000001400CA000-memory.dmp

                                          Filesize

                                          808KB

                                        • memory/1296-121-0x0000000001A50000-0x0000000001AB0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1296-322-0x0000000140000000-0x0000000140169000-memory.dmp

                                          Filesize

                                          1.4MB

                                        • memory/1296-114-0x0000000001A50000-0x0000000001AB0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1612-96-0x0000000140000000-0x0000000140592000-memory.dmp

                                          Filesize

                                          5.6MB

                                        • memory/1612-14-0x0000000140000000-0x0000000140592000-memory.dmp

                                          Filesize

                                          5.6MB

                                        • memory/1612-22-0x0000000000750000-0x00000000007B0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1612-11-0x0000000000750000-0x00000000007B0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1656-231-0x0000000140000000-0x00000001400AB000-memory.dmp

                                          Filesize

                                          684KB

                                        • memory/1656-160-0x0000000140000000-0x00000001400AB000-memory.dmp

                                          Filesize

                                          684KB

                                        • memory/1656-169-0x0000000000BC0000-0x0000000000C20000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1688-68-0x0000000000440000-0x00000000004A0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1688-75-0x0000000000440000-0x00000000004A0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1688-67-0x0000000140000000-0x0000000140237000-memory.dmp

                                          Filesize

                                          2.2MB

                                        • memory/1688-109-0x0000000000440000-0x00000000004A0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1688-113-0x0000000140000000-0x0000000140237000-memory.dmp

                                          Filesize

                                          2.2MB

                                        • memory/1728-84-0x0000000000E60000-0x0000000000EC0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1728-93-0x0000000140000000-0x0000000140135000-memory.dmp

                                          Filesize

                                          1.2MB

                                        • memory/1728-63-0x0000000000E60000-0x0000000000EC0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1728-57-0x0000000000E60000-0x0000000000EC0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/1728-56-0x0000000140000000-0x0000000140135000-memory.dmp

                                          Filesize

                                          1.2MB

                                        • memory/2028-140-0x0000000000D50000-0x0000000000DB0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/2028-204-0x0000000140000000-0x00000001400B9000-memory.dmp

                                          Filesize

                                          740KB

                                        • memory/2028-135-0x0000000140000000-0x00000001400B9000-memory.dmp

                                          Filesize

                                          740KB

                                        • memory/2312-38-0x0000000140000000-0x0000000140592000-memory.dmp

                                          Filesize

                                          5.6MB

                                        • memory/2312-28-0x0000000001FC0000-0x0000000002020000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/2312-0-0x0000000001FC0000-0x0000000002020000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/2312-7-0x0000000001FC0000-0x0000000002020000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/2312-2-0x0000000140000000-0x0000000140592000-memory.dmp

                                          Filesize

                                          5.6MB

                                        • memory/2980-201-0x0000000000680000-0x00000000006E0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/2980-192-0x0000000140000000-0x0000000140095000-memory.dmp

                                          Filesize

                                          596KB

                                        • memory/2980-278-0x0000000140000000-0x0000000140095000-memory.dmp

                                          Filesize

                                          596KB

                                        • memory/3124-173-0x0000000000400000-0x0000000000497000-memory.dmp

                                          Filesize

                                          604KB

                                        • memory/3124-251-0x0000000000400000-0x0000000000497000-memory.dmp

                                          Filesize

                                          604KB

                                        • memory/3124-180-0x0000000000760000-0x00000000007C7000-memory.dmp

                                          Filesize

                                          412KB

                                        • memory/3124-273-0x0000000000760000-0x00000000007C7000-memory.dmp

                                          Filesize

                                          412KB

                                        • memory/3328-133-0x0000000140000000-0x00000001400A9000-memory.dmp

                                          Filesize

                                          676KB

                                        • memory/3328-50-0x00000000006B0000-0x0000000000710000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/3328-44-0x00000000006B0000-0x0000000000710000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/3328-43-0x0000000140000000-0x00000001400A9000-memory.dmp

                                          Filesize

                                          676KB

                                        • memory/3940-32-0x0000000000700000-0x0000000000760000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/3940-105-0x0000000140000000-0x00000001400AA000-memory.dmp

                                          Filesize

                                          680KB

                                        • memory/3940-18-0x0000000000700000-0x0000000000760000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/3940-20-0x0000000140000000-0x00000001400AA000-memory.dmp

                                          Filesize

                                          680KB

                                        • memory/4080-219-0x0000000140000000-0x00000001400CF000-memory.dmp

                                          Filesize

                                          828KB

                                        • memory/4080-154-0x0000000000810000-0x0000000000870000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/4080-146-0x0000000140000000-0x00000001400CF000-memory.dmp

                                          Filesize

                                          828KB

                                        • memory/4780-207-0x0000000140000000-0x00000001401D7000-memory.dmp

                                          Filesize

                                          1.8MB

                                        • memory/4780-213-0x0000000000770000-0x00000000007D0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/4780-291-0x0000000140000000-0x00000001401D7000-memory.dmp

                                          Filesize

                                          1.8MB

                                        • memory/5328-335-0x0000000140000000-0x0000000140102000-memory.dmp

                                          Filesize

                                          1.0MB

                                        • memory/5328-256-0x0000000140000000-0x0000000140102000-memory.dmp

                                          Filesize

                                          1.0MB

                                        • memory/5328-275-0x0000000000DC0000-0x0000000000E20000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5340-357-0x0000000140000000-0x00000001400C6000-memory.dmp

                                          Filesize

                                          792KB

                                        • memory/5340-361-0x00000000006A0000-0x0000000000700000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5556-288-0x00000000008B0000-0x0000000000910000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5556-279-0x0000000140000000-0x00000001400E2000-memory.dmp

                                          Filesize

                                          904KB

                                        • memory/5556-355-0x0000000140000000-0x00000001400E2000-memory.dmp

                                          Filesize

                                          904KB

                                        • memory/5576-377-0x0000000140000000-0x0000000140179000-memory.dmp

                                          Filesize

                                          1.5MB

                                        • memory/5704-301-0x0000000000500000-0x0000000000560000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5704-306-0x0000000000500000-0x0000000000560000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5704-305-0x0000000140000000-0x00000001401C0000-memory.dmp

                                          Filesize

                                          1.8MB

                                        • memory/5704-294-0x0000000140000000-0x00000001401C0000-memory.dmp

                                          Filesize

                                          1.8MB

                                        • memory/5804-317-0x0000000000BC0000-0x0000000000C20000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5804-311-0x0000000140000000-0x0000000140147000-memory.dmp

                                          Filesize

                                          1.3MB

                                        • memory/5920-330-0x0000000000750000-0x00000000007B0000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/5920-323-0x0000000140000000-0x00000001401FC000-memory.dmp

                                          Filesize

                                          2.0MB

                                        • memory/6064-349-0x0000000000BE0000-0x0000000000C40000-memory.dmp

                                          Filesize

                                          384KB

                                        • memory/6064-339-0x0000000140000000-0x0000000140216000-memory.dmp

                                          Filesize

                                          2.1MB