Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 23:30

General

  • Target

    2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe

  • Size

    6.8MB

  • MD5

    67b2a42e5719bae4aa2cdbda7aa533bb

  • SHA1

    32019709338b0b4edd4f9047a78ab1f7f39de3cd

  • SHA256

    335857898fccba036e634cddc73ee3812929ac3a0a76045127362d21fb91917d

  • SHA512

    3f6a84bcbce6d427d9b2e0b7df91694a79da3337872c9c250cd72537bd7bf366e5da5391ef3c0f0522d8774ed6f2ec86474cd29c2f2bf209f7c91c2156721382

  • SSDEEP

    196608:iEKDROWCMZncBmuAQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQy:iE8ROWCMZncx

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 26 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Users\Admin\AppData\Local\Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.38 --initial-client-data=0x2c0,0x2c4,0x2c8,0x2b4,0x2cc,0x7ffb0ab87c80,0x7ffb0ab87c8c,0x7ffb0ab87c98
      2⤵
      • Loads dropped DLL
      PID:4340
    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe" --version
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1424
    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
      2⤵
      • Executes dropped EXE
      PID:1648
    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\assistant_installer.exe" --version
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3528
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\assistant_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x680040,0x68004c,0x680058
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3492
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2836
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:216
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3632
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4128
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:760
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1108
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:4188
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4492
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:764
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:2396
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:1020
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:4480
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:1712
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:2456
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:1412
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:4656
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:752
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:4852
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2256
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:4804
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:5092
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3400
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:1772
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3572
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:2184
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 900
          2⤵
          • Modifies data under HKEY_USERS
          PID:832

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

        Filesize

        2.1MB

        MD5

        4831437bef5966334380c18e870ace88

        SHA1

        36b4d51a26ae54b5f103d85de19d48fb871392b4

        SHA256

        1fe7b52ae4290b55898d09eb4650f8a16a8991021bac634071b2cbe8c44e9dde

        SHA512

        c6015b7578a8cf267c0e3a7bca40feb2733379d12d946eb3c658b8c8e46cbe2ff40b74ddae0dd13c94d93afd68645495cbb62dae736d1e06eadbb3723edf63e0

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

        Filesize

        1.4MB

        MD5

        a6a7c43d4ee787b7ad001343c51d150a

        SHA1

        df3d92f3142512768ef3d61871f3eebb8bef354d

        SHA256

        21b226b8df3ab71bd7a168bd763be20816e35059e15bc0f376280ad852a652a3

        SHA512

        5ae1ca6537ff7fecc37aba9773aa014c4a2ae8a45ba87b9dcf444ad063c213f334d5e45cdfbeb58755481c1cfdb28749a5294d78898ecafd6446c3402c564079

      • C:\Program Files\7-Zip\7z.exe

        Filesize

        1.7MB

        MD5

        90485497fcee079dd7600134927d30b6

        SHA1

        7e0d43ec8936a689b10b87c0b533e14b3e9cb835

        SHA256

        f009e2e4c2aeb5ea5a91e5575c19c766b086d28a11e4b8f5ee495254fbcb7c7c

        SHA512

        56ec45fd4f3dc21ce07da448b501a2350aa5f8161a92bf68f740b62f014d2a9598c0fbe481fe302255a543fd654e2012cb2e2ad95c3d870426ade0b644b3e07b

      • C:\Program Files\7-Zip\7zFM.exe

        Filesize

        1.5MB

        MD5

        f296d9f9377d72d2621a2bf16089e053

        SHA1

        575e093831ace821589fd5641370bcb97f375545

        SHA256

        4e649ef4939fd3c071a4ab68aedf126bba5c107d9d5f8e882e959a8d01aed645

        SHA512

        eb73b21542db15431e824d4a1bf22297a424fc8da793e0769344473fc9288ab2fb345fd9e8caad2e0853a371f7869afb371984054fb9063cdf4e37f9d78c24b2

      • C:\Program Files\7-Zip\7zG.exe

        Filesize

        1.2MB

        MD5

        bb17a64d5b2613d8786158555c307bd7

        SHA1

        dd2ee38bcae90b4fb699757cd911e6c688eaf2d2

        SHA256

        4f2432ed4c8dc03c091cfa4949246a25bddecefdd7ae16231543d1655c61df01

        SHA512

        a897f0ad4379a2d7b156c93ca915158d61fc848652a97a3d0c3ad4c835472c3e4363c4514a578933f0036bb2c8277b0d0005f6808017e22d6340251199e52fa9

      • C:\Program Files\7-Zip\Uninstall.exe

        Filesize

        1.2MB

        MD5

        99ec59e4b2166b67e77f1ed3b1c80b6a

        SHA1

        6700f3e6e987c21c7a5a8a41f1a1ee1b0056884c

        SHA256

        e848951025e53de4a7766e3c1f7af697eb3d60a981c4eaaf08f12ca5a6e1fa67

        SHA512

        30b02dbf5ddadb04d96901dc89febe9f8ba668b6e76bece65d678ad4e5bb0663c77d051f88fba64e9e388ddc15406cabd2562f9bd6936c34be0593387241b15a

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

        Filesize

        1.4MB

        MD5

        9843926263e907b0742d2b0cd94f194e

        SHA1

        172bdeb97d07fb59b4d022f0ddd88a094b907903

        SHA256

        ba52e4124b4bb433c73d440d43c58b1d0b91cd27edbafe1631aef54ec9e9dac2

        SHA512

        1820dece28a9a4aaf8a16b05062685d8b260b32b91522d1c2ac5f63557dc67fb8e72b76063a7461b623490caafe02a9894afdb6360a7c2158aa68ad40405c0be

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

        Filesize

        4.6MB

        MD5

        da0c506b0256d49e4f46feaad6953d1f

        SHA1

        e4e951e56d23666254ceb7125d3f86f1e1d63cee

        SHA256

        08a510460b7d8b490b8cdf72ca16e19e0233165c559a5dcba5dd445c173445eb

        SHA512

        8fea841a21aedde46e2d3aa8692f8475e91cfa9bab499f3a28a00397ea6469d1b4bed89593d8d0b31f54d9f0fccc82d1951c81660b3c75b233a2bf238000479f

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

        Filesize

        1.5MB

        MD5

        51d0af6d9915937b6d11110cff563eb1

        SHA1

        e5ee08b7964cb430de775867f60e97e5a9b8dd79

        SHA256

        4c49d6d9b8690813a269291959dec0b1464d201581f6e5a996cb7078f0e17b25

        SHA512

        92d11200a65f15e3fd9c9d34af7eef08991af114fff94d8916df7292be011cc25146326ecca56fee595ee74ad308b67700a74e2cc12cb89757746d19572c1a83

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

        Filesize

        24.0MB

        MD5

        e2477df0bd81b6a7339d16992447b5c0

        SHA1

        0ca6516ab4681acd4a72945e53087890203bccdc

        SHA256

        ccaf7a20320eefb732564bcfbc94e62f4d20917adcd24f50465358ceb71e19d5

        SHA512

        e4106c3639f4cff7d8896b7d68d4a53572cb1c98732637bfb458cd69fd5b63e74d86cf151aac6e1e4ebd36d4c826959546d02e302aa637eea64dfb6137f6cda1

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

        Filesize

        2.7MB

        MD5

        df9cd84f4475675e638eb9b368733ee1

        SHA1

        6f6ea705cc245d25770265e87dfe7d6ddc3ef680

        SHA256

        9404769d1eb0acf1c56b77008544e38e3d3ba284e6bee98cb1ccc23bf6ef1f5b

        SHA512

        0d8dcff3006709695dfb486c48f32a8bd638f50cbfb81ddfa8d9eb8b94bf14129148e49b33dd8f597a3dda8025b6ca05c931f75a9335e5333d284b583e18e71c

      • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

        Filesize

        1.1MB

        MD5

        111960ec1144829b4be39f398efa0d72

        SHA1

        6180cc666bf8e65d1e159e8575c28431e48bfd76

        SHA256

        1c90b8d769f5a0fab54a99e3ed4bded92f0b5327c203b4390ebd678583d3808a

        SHA512

        1cf77af550e169bf53532d8cafd27439953a4b232de93f6491387c68b6892235ee3ce2dd18d67d3eb39f46fbf8a80467da1bf38e3afb45be63a2fd17446e3085

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

        Filesize

        1.4MB

        MD5

        9f0bff7ec74abad929fe1dfb40971af9

        SHA1

        67dd18f616335244c22ba1306a497caf77dd5297

        SHA256

        1345b98e7f87549339212f79ae7bbea0cd548f977e3157b72c71570dfa8b9a54

        SHA512

        44f148dc125fa2cfbb79ac7d4d34f2577912c58c39c43f563f5c521e09b32c84516944dcc698c8951ccf8997c8da75e93c6566e0fc599343820e2eb935593e16

      • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

        Filesize

        1.3MB

        MD5

        5fb26373f9ee2d3c14879b886480f9f2

        SHA1

        6c2a1db24eb758cf5f71bf4a0e861eba0d9c3c0b

        SHA256

        76a99420307e7816134ca3d837d90df9bb21f1d9738fa39e8855b346a36441dc

        SHA512

        775056fd180785ed78ab25cf0b0f90524dcc50ade938b5e657a067f14aa1e6701198eef447485b8d9173dc3761b4026e9cf793fc51ec9f74329ff36f34fcbcbb

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

        Filesize

        4.8MB

        MD5

        aca4da56c65e6abfdd372d6f3283df22

        SHA1

        1b6f2a88b87534474834ecdab2ad9d379690aafb

        SHA256

        173817d5d64515acb0aac8713dfa9530db60c0003d28ab0fc0ce0de05491dfb1

        SHA512

        e9ad1ce44b2959eb73404273ea1827e4f0c4aa64b63cb32c3b9c4a22d0e0f2dd1bef116c725464cbc4b099dcf22d35fe46cdf16d8b023adb744b1bf4e94f321c

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

        Filesize

        4.8MB

        MD5

        b4805f6d9e3c70c97a309e8ad7ff19bd

        SHA1

        cb7f3318b9d3fd2a6f29f0b671293b6f688ec8d5

        SHA256

        0e77bf552affe92a80900b314c7b74f3e56049651f818b2f9ec229535af77171

        SHA512

        e2ed03ec7e9eacf2b0009ad324580931d84c868061d5b4beb70842a7cb613c14808f418d9d84d9ee6d96ea12990fc1920e365307222dfce114920e2e54b097b6

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

        Filesize

        2.2MB

        MD5

        960a83040fc7f31797bf82df4b4bfaf0

        SHA1

        aed9a94882df2aba1b599d10e52531abedad058e

        SHA256

        90082d6fe257a99682185102b294f0f86db7554024bc9a3664b38ccea85466b4

        SHA512

        c063b8417eee5ff73d179a9f63d2847c9ef915f35eedec4b34e13f0692694e008476f37292d69c6e04348925ff077853d440f7a2180234959d77c6c1a139d91b

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

        Filesize

        2.1MB

        MD5

        8fbeda2d582f7203fa64c9adb93eab43

        SHA1

        46cd45617a6c114db6f53d4ef005d5167ac72218

        SHA256

        29e6e0570937250427af08e38b43eab83e974dd76929b9a9ddb327e49112f7fd

        SHA512

        5470839d3b51484b067d26ebbf60fdf530eed6471d53ecbd664fb7aa97c4db5c8129ec9388f87705da49e56756cae1b1f4a020171bc746e27be2c8c75cb56c0a

      • C:\Program Files\Windows Media Player\wmpnetwk.exe

        Filesize

        1.5MB

        MD5

        0211733eb6e09ff32d6c0ec85633dcdf

        SHA1

        a6f600fc5a7284f81e583eef6f0cf65f7beadbc2

        SHA256

        d44217b80e96efb080d7a9086cd76b54162756270ea5f8644711d1b0e82335c1

        SHA512

        e1bcab00b8232dfe0643d9bc3d0d8cb5c1c19e70140c2eaf89a9b90a06f81d0dcfe5ee92847639888e618d6a2ed0841cc14b6f59d6966a9d13b4d32c4a736751

      • C:\Program Files\dotnet\dotnet.exe

        Filesize

        1.3MB

        MD5

        ba63abf877af21475994095201baacd3

        SHA1

        d920fb4e5f3d764c7832942a26b123e988f893ce

        SHA256

        fa6189ed891c5ac84599318991d8465a719dae07c5a171dec0b068ab5758cd70

        SHA512

        0568d21991f5e8c6a4a49d526779ff2473b680b2e15fb9fe39e8ccd2792b1e252bdd0e27b288ff75fb3d3e02f65a1b403173f5a9a14cf1f0600fd4beaaa424c4

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\2024-04-07_67b2a42e5719bae4aa2cdbda7aa533bb_ryuk.exe

        Filesize

        6.8MB

        MD5

        67b2a42e5719bae4aa2cdbda7aa533bb

        SHA1

        32019709338b0b4edd4f9047a78ab1f7f39de3cd

        SHA256

        335857898fccba036e634cddc73ee3812929ac3a0a76045127362d21fb91917d

        SHA512

        3f6a84bcbce6d427d9b2e0b7df91694a79da3337872c9c250cd72537bd7bf366e5da5391ef3c0f0522d8774ed6f2ec86474cd29c2f2bf209f7c91c2156721382

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\additional_file0.tmp

        Filesize

        2.5MB

        MD5

        20d293b9bf23403179ca48086ba88867

        SHA1

        dedf311108f607a387d486d812514a2defbd1b9e

        SHA256

        fd996b95ae46014edfd630bfc2bf8bc9e626adf883a1da017a8c3973b68ec348

        SHA512

        5d575c6f0d914583f9bb54f7b884caf9182f26f850da9bdd962f4ed5ed7258316a46fafaf3828dccb6916baaadb681fe1d175a3f4ed59f56066dc7e32b66f7b6

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\assistant_installer.exe

        Filesize

        1.9MB

        MD5

        b3f05009b53af6435e86cfd939717e82

        SHA1

        770877e7c5f03e8d684984fe430bdfcc2cf41b26

        SHA256

        3ea8d40fcede1fc03e5603246d75d13e8d44d7229d4c390c39a55534053027f7

        SHA512

        d2dee80aaa79b19f1eb1db85079a05f621780e06bfea9e838b62d757ba29399f9090ec7c6ff553377c9b712f3ba8dd812cdff39f3e28829928e86746a8ac6b27

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\browser_assistant.exe

        Filesize

        4.4MB

        MD5

        e08001a17d420cde24580722d0cb7504

        SHA1

        795ee052fb424b55895a68fd5411769cd0b68446

        SHA256

        b8fec0b2731065076b3103c628a59a0f38b242aa7659bafa3bde57aa7fee7603

        SHA512

        7262709eed4fd5359af69c4058b37bdea980a52036a874d5ee196b8289f1cfcd382a1712f4510734fdadf4dbddef5627416cec130d679e4b25a351f4815e8bb4

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\dbgcore.dll

        Filesize

        166KB

        MD5

        8b6f64e5d3a608b434079e50a1277913

        SHA1

        03f431fabf1c99a48b449099455c1575893d9f32

        SHA256

        926d444ffca166e006920412677c4ed2ef159cf0efc0578cb45b824f428f5eb2

        SHA512

        c9aeac62ece564ac64a894300fb9d41d13f22951ead73421854c23c506760d984dff0af92bef2d80f3a66e782f0075832e9c24a50ae6110d27a25c14e065b41c

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\dbghelp.dll

        Filesize

        1.7MB

        MD5

        925ea07f594d3fce3f73ede370d92ef7

        SHA1

        f67ea921368c288a9d3728158c3f80213d89d7c2

        SHA256

        6d02ebd4ec9a6093f21cd8ccefb9445fa0ab7b1f69ac868a5cfc5d28ed8d2de9

        SHA512

        a809851da820d9fdd8fb860a8f549311dcc2579df2c6f6fba74f50d5d8bf94baa834b09fb5476ac248f18d1deb6b47d4fdd6d658889d5d45ca8774a9264483d2

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\assistant\launcher.exe

        Filesize

        2.3MB

        MD5

        6b4e7f64ad78b87801c683e80d9da951

        SHA1

        14ee0af80a1e63a7e2dee5448b26f07e6559dffb

        SHA256

        4bf13400e417ee0dcadabbe8c568b0e5de65976f31363a81dc1c075ef5826ed6

        SHA512

        87b77795875945fd155d0b69d5dd0e2068ad43cc422b00d6b1eb84240d145924eedc8bddf1bbab622caba4f1e28c2e5b423132df32fbde355ed00f23f3b0d9f6

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404072331001\opera_package

        Filesize

        103.9MB

        MD5

        f9172d1f7a8316c593bdddc47f403b06

        SHA1

        ed1e5a40b040af2c60ed6c2536b3bf7ee55e0e52

        SHA256

        473f0d4b886db8cd39b900b92bdc0625a3fcec8addd43f71179696bdf186ec3b

        SHA512

        f51ab2bdf29ca6839e4f7cf1fac1bdfc03ba2da4569a8f21e5d2ee13e6519097c3da40bf0b4ca7642286ed033d0126bbd14ef7842eb9f2db1d6e503849521b02

      • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404072330586624936.dll

        Filesize

        5.6MB

        MD5

        d7d32a284a6cbaac784ab2c8c144215b

        SHA1

        620bb04f32e90420aa5e43124cf366505587b2dc

        SHA256

        b00cd59787d9356f9a70d679dccba58b4b58713b69876ccdcef4bcf0724e7b41

        SHA512

        e35f7d034daa1dbbcbde0c0f2979d329ae8b9367a9241af726a761414ec85666756be3b698c8c0ec354b9f76d0bd06e6c9d232de9150510ed056898936f643c7

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

        Filesize

        40B

        MD5

        26dbf1cc6f1e1e758766cf725cfff5a6

        SHA1

        3310dbefdbb4e8d127e199a6947aa4f5cb9c1306

        SHA256

        59f7c4207e5715ff2614f3f88194c13bbd437780c86198056ef9f9b96149e97b

        SHA512

        ac7922c21738ebc09be4fa564723a133059a7ac2816019579c55b6b1b6acb3d3a73c83dded06183bb7205ae1fa6920b573aeecbc35ce35abdebfc9a8644a8ff1

      • C:\Windows\SysWOW64\perfhost.exe

        Filesize

        1.2MB

        MD5

        f03d63f5141bfc516ed06583681999b3

        SHA1

        3e84741d8f49d9882b279fd4792f856fc56099d1

        SHA256

        39f421c3043e8ce5f4f0366dda202524c670fd0bb27d789a230ce66094d0fd59

        SHA512

        20fdb240855947ceda4e71ab5cfd343c64adbd12e728c57a472b4f426a6481a50bf2cb7775d48eb5edae97ee118c8832ee5b57244f8eb5d0567977acaf9d7671

      • C:\Windows\System32\AgentService.exe

        Filesize

        1.7MB

        MD5

        0a8056809e4be1eab72fa307d2fe1aba

        SHA1

        e061a2d7053243b3979f1701e93109658b427df3

        SHA256

        ed83c762a5e575e6d592b9f935986f8db11171837f70b76ae54a9332deda7d39

        SHA512

        77419e4d3dface63a3ea3568729ea8afa436ea26126cdd4e8f258a56a02d3cd0788819e7a864b477c55f6ccd285f2fc1b914b8c2091f1b24988a8e48ddebcb02

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

        Filesize

        1.3MB

        MD5

        de1e71f4ca501d43c9acafb78af3d1df

        SHA1

        ae40766aa0a3727f0700daf3180ecf7de8c865f1

        SHA256

        315ca445d87e8d51375783ded5045757683ae4e8ccf72a426ec282368a267296

        SHA512

        164a60289616ba0eec12d4036f853dea933e54d0c2106af877ca1f0c75f5168403e4436c3a43c69b1caa2caf782dc678a8d88704d11051a96d5bc95349e9969d

      • C:\Windows\System32\FXSSVC.exe

        Filesize

        1.2MB

        MD5

        252bd8d874fa9008be65984c75a497d2

        SHA1

        da05a06c390a76522a2c24d37069d1e3530d82c4

        SHA256

        85b27c2afcd2a592ad3ea8867c4f33f91e09a620d2526ff9e96d93b6c140aa7f

        SHA512

        e6f032fbc5e888887f398fbb011f6d0a38fd72c99c53b18a9fcc3cbeecc1fcce5c867646d199e869fb51a747525cd6a62a532c0b34f8cd835f975f817a391530

      • C:\Windows\System32\Locator.exe

        Filesize

        1.2MB

        MD5

        b4370d312df642f768a1b68e921ca21b

        SHA1

        9f85a10cf76566f12d25dc7c561261774c85bbf6

        SHA256

        da745ee7ef21855d2f415538e108de88966a70424c17bf617fe99977c6aee823

        SHA512

        ff0f893b2a1cf333b87f0e110976982c6669ac4260dfe3a348d002bbd5ff7423d1f55eb2d6b57316a33c83584ac8046369194b91b796f5950e10de281fd9ccdb

      • C:\Windows\System32\OpenSSH\ssh-agent.exe

        Filesize

        1.5MB

        MD5

        95c43c2cc3a4f5b94c9bf28f3d127d9f

        SHA1

        922926d24b5c503d6422e5174fbb9144cc6b422f

        SHA256

        4898da28a4d7c9e21ee5fd67558f2a46ff0078314821520304b93ac71d60aa7e

        SHA512

        2f4604fa244376bbc1e6e7b6aa011bd7a2dd35cdb8c33be43100080026315d9ef377a2fcbab0ca56d33111d2e7460406dfde21c6f5cebc94adb79e69ddef6851

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

        Filesize

        1.3MB

        MD5

        407b6fa2d0f954147d02c26d5dedb657

        SHA1

        eec152bc13a10ebc156cf4b70703f6cefc7c0ded

        SHA256

        ede792d912bd1d7b193bc5a1cd0e1791c8f6125fd98957f646eebc3c381ba360

        SHA512

        a77c9a4831dcf4d667e607383d935d98b2926e6c4a2402cbefaf6d557f07da4a0d03e5ea19f1035c83214607d21c4a9bad2ce50ef0c3c4280af01dd0ce820353

      • C:\Windows\System32\SearchIndexer.exe

        Filesize

        1.4MB

        MD5

        0e1c10a59db3082c3d78e44c3d201036

        SHA1

        5b82d1bb7ebb4876cdfa29c9f6364399b794a697

        SHA256

        9ece7bfa22fafc2d0f9204b24cbd66a985de47415a8bf5318b9e9d0eaabe9a12

        SHA512

        2bc51158a1ed37e3e3d38f5c4b2c323cfc5befc1cf3f0b867b5da90ca1343f8dfb86c3369143f32ba03b1cea482bc4188a82fd5b4d7145680343180fef0f0551

      • C:\Windows\System32\SensorDataService.exe

        Filesize

        1.8MB

        MD5

        4a86f6778aeb577d7340953eddf59c66

        SHA1

        c2aa935a5b1b8ec918bac29ad88cef3fa5193838

        SHA256

        d92cff7b15c3303795a164108354b7d0b2032f586b7193306fdaa2beea432fa3

        SHA512

        cd58898bb47c7732010d08905c2aa827b387372fc522485b05390d25eb86c4f0c7c97e67c0ca2e59e4a02a9591bfba71601972500c964381e7080cb853c54848

      • C:\Windows\System32\Spectrum.exe

        Filesize

        1.4MB

        MD5

        be9e77328c180fdd88de227d6d9e7960

        SHA1

        37a4ca60a708148a18b00121931f6ebeaf682a93

        SHA256

        9f5d2f10a292c04e4791ce1aaf70d21034f4ee74d0435102bca0b35a2d3fdada

        SHA512

        717e5e11583d00cb704bc82f4a5d151c394ace8f67ede33723ab66ac97fdad2401e72d42381875c75980fda8d911dce72a78dd04c4a2bcc7a97398071e652031

      • C:\Windows\System32\TieringEngineService.exe

        Filesize

        1.5MB

        MD5

        1872b399e33ff8f7bfcbd5e0559afe0d

        SHA1

        2d07f42485333af73a90769530b2b7d08c23f8f2

        SHA256

        2591a1924b4d57ad09427667f8dc49cead81d7bb856da20605e2dcc7dfec6938

        SHA512

        2e3c5ed21d75d2e9b92c8b3588a2e5e96221f9027d12a64b107921d273abd041776beb2d23eb61f59a4491ee8ed9efd1765a84fd46cc1f98a368ef0cda768ead

      • C:\Windows\System32\VSSVC.exe

        Filesize

        2.0MB

        MD5

        420939406a640b9d297e6e1f9f8f3b82

        SHA1

        ff49b1fa00515f80a28f6a07cffcb91acabbdc61

        SHA256

        151fb9d877d2c63b26accc7f4c60edd4e51baa2a4c3bede235cb50424ccbe55e

        SHA512

        b8f40c34989409d7f80c52a87ea3ff15c7621acd47823864fcb1403e23166083ea1fa885fa03fefae59c0a52e051a8e6a0c3d3be59195dea05575ba0d7d17b5e

      • C:\Windows\System32\alg.exe

        Filesize

        1.3MB

        MD5

        e811bd116844984f881605214717ffcc

        SHA1

        9739ec732e0a808e84c691d0df55ad5cd078470b

        SHA256

        7272d29ef99eb4e0ff0577e9f5e3d98bfee5f9f9d31f5d8fbe3e577d36fbcc87

        SHA512

        75497f4234a24bf77cdc6cfdf11727d08938f7b8cb861bd1c609a4e8d67e9519ccf71e60e96f9bdab5f4cecb072e09e99654d8cd8234c8cbf4082c8cf8371f31

      • C:\Windows\System32\msdtc.exe

        Filesize

        1.3MB

        MD5

        c741e47ef58c68c1c7b87f5d266d2d7e

        SHA1

        ef490d0378453acaa666ee6f4b7bfbba5449a2fa

        SHA256

        1dfddbe7cbdc869bdda9d9c2067b1e12a774f4b7fbee20e4ca46a3700d89a96b

        SHA512

        7f905ed245ef2f7673a79a47a981c490dbbe1ad4300fed0d88ed8e3c5621d82826dacac523c8002dd8b8e4191f885e745a92bfd3df747448cbfcf13359975a7b

      • C:\Windows\System32\snmptrap.exe

        Filesize

        1.2MB

        MD5

        3223d663fbae607eed4b076fe39f6fd5

        SHA1

        82b8400fa5849a8da57a2bd72a6524461df2a44d

        SHA256

        cc6de0e152426e1b9e326cddaefd73ffe5cc66ca639c518ac11e9b8a87fb958d

        SHA512

        31710eb5197f5770783d59cad6ca828ac2372c70e9133bc4ca6fcf2201875ce1da572142805cb1245d8c222c746de41e6940c6cfdd2ba025c26b01970802134a

      • C:\Windows\System32\vds.exe

        Filesize

        1.3MB

        MD5

        2d6d2fec3256ee84344cd880c37bceb7

        SHA1

        23b32c2f3814aae0cadfabfaa680a3a150607899

        SHA256

        c5db62e4ad1c176a45994936be8f61723fd8cd78861e342b93bff574045b57cd

        SHA512

        f56c6e3ec9b6c94246b3eae43b70bfcacb6f8ae1dbfcc46bd7b36b117e65cd071aa2ccc3f65572694458b873914d489fe318f8933b4d6744c450fc8f47ccd36e

      • C:\Windows\System32\wbem\WmiApSrv.exe

        Filesize

        1.4MB

        MD5

        ad733b52a8cc7eb6efc603e2f88e26a8

        SHA1

        7682daf13bfd48f9f9fbba6f9c71d4163986a40c

        SHA256

        fba2bdf95acd008fc96e0b2d428d710a7071a1641be78e5081e676c051410b61

        SHA512

        367d784d3e122e38253181946a14cf4885c41867deb9eda88b43f55407547654480019611a9bacbea6ba9f075c6336df51a4acabcc1dd4a2cf40e44196752236

      • C:\Windows\System32\wbengine.exe

        Filesize

        2.1MB

        MD5

        a015f36a7e0865e4fb4a18605ded0065

        SHA1

        6af60465fd1255b3abe725135fc37e5a22f84c1b

        SHA256

        98d00c3030a2e81ac63810985adb73ed3b7aadf7b98c6f45f76cfdaccb334f33

        SHA512

        e52dcffbbacbe7765e907ac16d08c2e562f3d71f12eecf11080ac370f3258b1c3f3ca9b611ddb8f8e2549479bd3d8b294bd19ac99b292a178eafd66124cf54ab

      • C:\Windows\system32\AppVClient.exe

        Filesize

        1.3MB

        MD5

        5c4c3799569662e968af2a713bd7c9e4

        SHA1

        a3c237522d468f800249ef137bd3ef4ff42c4cd3

        SHA256

        ce276d0caa0d0919bb866aeb64dbedf3d6a79b9846a50305d8dff27c854280a7

        SHA512

        383037e0845b66eb0883a2eb93e90ddf35ff523f7e58d0c10322faa94cd94feccb39fcb6e664ddeeaa17eccc82de5948c4b938aab52c69df0ea4d3474f20aa79

      • C:\Windows\system32\SgrmBroker.exe

        Filesize

        1.5MB

        MD5

        446c1e8c922899ca3a2be611fc9ac2c6

        SHA1

        9dcf12a5e9f603672322617f68b41ef803e957a7

        SHA256

        f577b6b7f1ce1bbc9d5e83f8bf371661f603d77e79b321a465fa2b7c3fe044f7

        SHA512

        2eabc8b0ebb5c33d9503e7b18e05516657e2cef0b5195cd1ace2d8421e38a4ef2a7620a2e3b2513203c97b88ae83bc19eef2652db4cfb468716aacbcbd57367e

      • C:\Windows\system32\msiexec.exe

        Filesize

        1.2MB

        MD5

        fa2e14149f7aa427ae7b914b6fb9146f

        SHA1

        51a70833b32666b3ec692d0d54922a64954de822

        SHA256

        9c4cb4801c76c3061fa0dc69600986b1389d118b09a2a0f1c294a701f387b93a

        SHA512

        a0e777e463173fe7e5728d1766ed3b2408c439e6724c18d85b7ff82d15b8a095a725bcc6e930e1e67274470f2bed52c899919c2c779da3ce0b78164b47832191

      • C:\odt\office2016setup.exe

        Filesize

        5.6MB

        MD5

        95b7d74e6b8e6d4da5a79131ea7c69ad

        SHA1

        8a04a82addce4483a35dc2c96e6e905f34208a8e

        SHA256

        6140d494e2b320272396a0b0defaec124d0eedca86e4c41613cc36201f12da76

        SHA512

        d0d0ec2147072c4bf3c7f9bbd0ddf68b96ba685b4c81958b52f7a25a74845a7d03c00964e7979128978c551d7b30da041beaaf6cd5cd88544a295c4a8fc6f145

      • memory/216-37-0x0000000140000000-0x00000001401E8000-memory.dmp

        Filesize

        1.9MB

      • memory/216-50-0x0000000000690000-0x00000000006F0000-memory.dmp

        Filesize

        384KB

      • memory/216-35-0x0000000000690000-0x00000000006F0000-memory.dmp

        Filesize

        384KB

      • memory/216-120-0x0000000140000000-0x00000001401E8000-memory.dmp

        Filesize

        1.9MB

      • memory/760-86-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

      • memory/760-171-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

      • memory/760-87-0x0000000000740000-0x00000000007A0000-memory.dmp

        Filesize

        384KB

      • memory/760-94-0x0000000000740000-0x00000000007A0000-memory.dmp

        Filesize

        384KB

      • memory/764-160-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

      • memory/764-237-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

      • memory/764-155-0x0000000140000000-0x000000014020E000-memory.dmp

        Filesize

        2.1MB

      • memory/764-232-0x0000000140000000-0x000000014020E000-memory.dmp

        Filesize

        2.1MB

      • memory/1020-194-0x0000000000720000-0x0000000000787000-memory.dmp

        Filesize

        412KB

      • memory/1020-261-0x0000000000400000-0x00000000005D6000-memory.dmp

        Filesize

        1.8MB

      • memory/1020-187-0x0000000000400000-0x00000000005D6000-memory.dmp

        Filesize

        1.8MB

      • memory/1108-186-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

      • memory/1108-111-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

      • memory/1108-102-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

      • memory/1108-103-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

      • memory/1412-334-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

      • memory/1412-248-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

      • memory/1412-240-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

      • memory/1424-78-0x0000000000520000-0x0000000000580000-memory.dmp

        Filesize

        384KB

      • memory/1424-54-0x0000000000520000-0x0000000000580000-memory.dmp

        Filesize

        384KB

      • memory/1424-55-0x0000000140000000-0x00000001406D8000-memory.dmp

        Filesize

        6.8MB

      • memory/1424-82-0x0000000140000000-0x00000001406D8000-memory.dmp

        Filesize

        6.8MB

      • memory/1424-70-0x0000000000520000-0x0000000000580000-memory.dmp

        Filesize

        384KB

      • memory/1712-219-0x0000000000560000-0x00000000005C0000-memory.dmp

        Filesize

        384KB

      • memory/1712-213-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

      • memory/1712-286-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

      • memory/1772-336-0x0000000140000000-0x0000000140205000-memory.dmp

        Filesize

        2.0MB

      • memory/1772-341-0x00000000004C0000-0x0000000000520000-memory.dmp

        Filesize

        384KB

      • memory/2256-279-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

      • memory/2256-288-0x0000000000BB0000-0x0000000000C10000-memory.dmp

        Filesize

        384KB

      • memory/2256-292-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

      • memory/2256-293-0x0000000000BB0000-0x0000000000C10000-memory.dmp

        Filesize

        384KB

      • memory/2396-184-0x0000000000680000-0x00000000006E0000-memory.dmp

        Filesize

        384KB

      • memory/2396-173-0x0000000140000000-0x00000001401EA000-memory.dmp

        Filesize

        1.9MB

      • memory/2396-247-0x0000000140000000-0x00000001401EA000-memory.dmp

        Filesize

        1.9MB

      • memory/2456-234-0x0000000140000000-0x00000001401D5000-memory.dmp

        Filesize

        1.8MB

      • memory/2456-328-0x0000000140000000-0x00000001401D5000-memory.dmp

        Filesize

        1.8MB

      • memory/2456-235-0x0000000000550000-0x00000000005B0000-memory.dmp

        Filesize

        384KB

      • memory/2836-25-0x0000000000500000-0x0000000000560000-memory.dmp

        Filesize

        384KB

      • memory/2836-93-0x0000000140000000-0x00000001401E9000-memory.dmp

        Filesize

        1.9MB

      • memory/2836-15-0x0000000000500000-0x0000000000560000-memory.dmp

        Filesize

        384KB

      • memory/2836-16-0x0000000140000000-0x00000001401E9000-memory.dmp

        Filesize

        1.9MB

      • memory/3400-329-0x0000000000B70000-0x0000000000BD0000-memory.dmp

        Filesize

        384KB

      • memory/3400-326-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

      • memory/4128-98-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

      • memory/4128-60-0x0000000000EA0000-0x0000000000F00000-memory.dmp

        Filesize

        384KB

      • memory/4128-64-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

      • memory/4128-74-0x0000000000EA0000-0x0000000000F00000-memory.dmp

        Filesize

        384KB

      • memory/4128-96-0x0000000000EA0000-0x0000000000F00000-memory.dmp

        Filesize

        384KB

      • memory/4188-122-0x0000000140000000-0x0000000140209000-memory.dmp

        Filesize

        2.0MB

      • memory/4188-141-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

      • memory/4188-128-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

      • memory/4188-139-0x0000000140000000-0x0000000140209000-memory.dmp

        Filesize

        2.0MB

      • memory/4340-36-0x0000000001EF0000-0x0000000001F50000-memory.dmp

        Filesize

        384KB

      • memory/4340-101-0x0000000140000000-0x00000001406D8000-memory.dmp

        Filesize

        6.8MB

      • memory/4340-22-0x0000000001EF0000-0x0000000001F50000-memory.dmp

        Filesize

        384KB

      • memory/4340-20-0x0000000140000000-0x00000001406D8000-memory.dmp

        Filesize

        6.8MB

      • memory/4480-274-0x0000000140000000-0x00000001401D4000-memory.dmp

        Filesize

        1.8MB

      • memory/4480-207-0x0000000000710000-0x0000000000770000-memory.dmp

        Filesize

        384KB

      • memory/4480-199-0x0000000140000000-0x00000001401D4000-memory.dmp

        Filesize

        1.8MB

      • memory/4492-137-0x0000000140000000-0x00000001401F8000-memory.dmp

        Filesize

        2.0MB

      • memory/4492-211-0x0000000140000000-0x00000001401F8000-memory.dmp

        Filesize

        2.0MB

      • memory/4492-147-0x0000000000D80000-0x0000000000DE0000-memory.dmp

        Filesize

        384KB

      • memory/4656-262-0x0000000000D60000-0x0000000000DC0000-memory.dmp

        Filesize

        384KB

      • memory/4656-347-0x0000000140000000-0x0000000140241000-memory.dmp

        Filesize

        2.3MB

      • memory/4656-253-0x0000000140000000-0x0000000140241000-memory.dmp

        Filesize

        2.3MB

      • memory/4804-320-0x0000000000C20000-0x0000000000C80000-memory.dmp

        Filesize

        384KB

      • memory/4804-318-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

      • memory/4852-268-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

      • memory/4852-276-0x00000000007F0000-0x0000000000850000-memory.dmp

        Filesize

        384KB

      • memory/4936-0-0x0000000002080000-0x00000000020E0000-memory.dmp

        Filesize

        384KB

      • memory/4936-79-0x0000000140000000-0x00000001406D8000-memory.dmp

        Filesize

        6.8MB

      • memory/4936-7-0x0000000002080000-0x00000000020E0000-memory.dmp

        Filesize

        384KB

      • memory/4936-1-0x0000000140000000-0x00000001406D8000-memory.dmp

        Filesize

        6.8MB

      • memory/5092-324-0x00000000006F0000-0x0000000000750000-memory.dmp

        Filesize

        384KB

      • memory/5092-322-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB