Analysis
-
max time kernel
1799s -
max time network
1800s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
25-04-2024 11:12
General
-
Target
Free_Candy_Optimizer.exe.00295d4b_0003b200.exe
-
Size
2.8MB
-
MD5
0563b0bea708ab80e00466511090cdf0
-
SHA1
b8c7f6c2961a0b8ac4dfdce79cd2d701f5db8b8d
-
SHA256
8f5b8b8dfd4db004a4ad3299203b87ea132cc6614aab9daadc286587d4e61d0f
-
SHA512
3f4bbc951b095bb591cdaf3b740296858f9baf739e1fea188d80b9164ee9a68d35ae8c40568952d422d6a0be206fb112fc078a8f6701ce322002a2e37dabc2a4
-
SSDEEP
49152:BXzhpDtKSK1cb8PGK+Tfuqmpc3elWo8GnQAsYZEV1R:BXzhW148Pd+Tf1mpcOldJQ3/Vb
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs
-
Checks BIOS information in registry 2 TTPs 12 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 6 IoCs
-
Themida packer 23 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Checks whether UAC is enabled 1 TTPs 6 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
-
Drops file in Windows directory 6 IoCs
-
Creates scheduled task(s) 1 TTPs 30 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 50 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Free_Candy_Optimizer.exe.00295d4b_0003b200.exe"C:\Users\Admin\AppData\Local\Temp\Free_Candy_Optimizer.exe.00295d4b_0003b200.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\users\admin\appdata\local\temp\free_candy_optimizer.exe.00295d4b_0003b200.exec:\users\admin\appdata\local\temp\free_candy_optimizer.exe.00295d4b_0003b200.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c "Free Candy Optimizer.bat"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
C:\Windows\system32\timeout.exetimeout 34⤵
- Delays execution with timeout.exe
-
C:\Windows\Resources\Themes\icsys.icn.exeC:\Windows\Resources\Themes\icsys.icn.exe2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\themes\explorer.exec:\windows\resources\themes\explorer.exe3⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe SE4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\svchost.exec:\windows\resources\svchost.exe5⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe PR6⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:15 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:16 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:17 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:18 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:19 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:20 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:21 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:22 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:23 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:24 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:25 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:26 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:27 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:28 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:29 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:30 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:31 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:32 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:33 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:34 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:35 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:36 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:37 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:38 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:39 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:40 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:41 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:42 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:43 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:44 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef72297782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1532 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2864 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3156 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3260 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4036 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1692 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1700 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1016,i,15253990879511248673,8328730831315771115,131072 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000eFilesize
51KB
MD5f61f0d4d0f968d5bba39a84c76277e1a
SHA1aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA25657147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA5126c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027Filesize
33KB
MD521e336700985d60904acef87d20534d9
SHA10714e32ce67c571fc026ab26e4a43119033293e7
SHA256ced9153b87c08ec1fadcd520e081e227e349b14a2cbde9b83ca6657ad23ec592
SHA512909372e63036417eb3733a9cabb0438963ff8392a7fecd9e27ccd01cb2db594544d9caf5b239f961c2b2f8e81640ca97766cc825db7a52d7f09e0d0a83c65eb8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002fFilesize
35KB
MD5e21a24c419e887f66d60d19f384f2615
SHA1bd9dcd300a286ca2c86d3531aa987852fb1f8253
SHA2566f565579c1fabd6433bf85fea6dafeca29fba02cdf4fa892f7941bc22f53dce1
SHA512e087e35b52f1d7d5d2cc8ddf5442d2f9e472f733281865052a800bf377017826e79328b890b2d923c40f1e686651beb384c1ac7e4bb864828ba310c6c90f679b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD587bf34fbc2c0062691b6f6fc675220d7
SHA14a14e132ce28513eb190692b9daf1e9c15cd558b
SHA25609c3f4b817d2882fe0f9b8d577a4f2bac3a78897e941f523a75453f9cbd776d7
SHA5124bb7735b8b591c6b69fb34a75a5c95a89ba9827015a4e9e53d91ec59b667e8b3c7b64be16b3a2ad5c1441152cce3729abe583eae1e52c2002d11d88e25a42f1b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5d0a13cfa116cf27e9d4c6b214346abfa
SHA135bbc79f99396aa56cce04931870685647552ee9
SHA256e4f38cb9be9cd4a1b59dfee1644a26c6f0722da67bf5a78b962d2749ec8094e3
SHA5126e8023ca1b22eeb6b1dbab4b5909e9ac8370be8096d14bc665086671d880a32de86213f21d833959d4b2ef2fd414d503d19995bb8d8b397afc45f07fb073cf32
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmpFilesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\000002.dbtmpFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\CURRENT~RFf7721a4.TMPFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\00cde2d7-4791-429d-b463-8505c09c2227.tmpFilesize
8KB
MD57d66e331e83570ee0213cac64e6bdfa1
SHA1080855f0dc0e90e84ec422fc323359245e975046
SHA2568b129bed3d4a8ae7f608172e0b6ff507c90a1e6033940b4f645e351fa23b4273
SHA51205a9a236944780e9abdd65a9f4107cc8115227d7215db1ad8604b421af892a01edb1d5d2ef84207cd48f76fc0fe0147311720347bd2ad24e3c0ec0111067dbcc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2dec8fa1-8b5e-4093-93df-e3be9b40d445.tmpFilesize
8KB
MD55bde54c52acdf6f3e1999c0e5367b371
SHA1bd143b4220ac79237a067ed129b73c201373da44
SHA2562c6c954c74d90f280f1cf149024792bbbd254faabeaa609d83ae661a6a81fbad
SHA512c2e67fccb02a350d833de8337a0107c916f1def4c27246d560d2b9d18e358709836d4adc9a9da12b66c1cba25e8c346e352022a59b782e1115ba695989f37d8b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
6KB
MD5b6cae5b5b6618a5494b7a0559833bb5d
SHA1a767bbdcab3d906c2221ff381ea80024b18bed3f
SHA256b1391230104f35222166ffec73fe658f7847b05c2e4c7bc26b1572fb40d4cc21
SHA5122a2803554d205b422dc513b9886a413ff4b5eae1840f44e8641b20f8a0f1836e0304ec9096fb1615024ef0e9b0e39d17d886a0c61371927bd3268dd0d429b040
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5ff80599f376a919c272ecd641c56a21b
SHA1c0b4956fe40ea6bf532ee33fdac39694fcd6bd55
SHA256af0ac8d1195938ee71a223865a1b12b569f32ef254a5b65c737489b430dab16e
SHA5122a2e4dcdd9b3bd9783c79816a6e5e136819dd5ad285fd62ee21bcc9425d4449bc5bc95d2cafffa8724bb7da92363baf96ab643ac97d977ca84c01953cd92ee31
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD50c4d802f85e5a135bebcf3107b44d44b
SHA150fdc62cd2df38d91e8d55c6e86b6fbd40cc0577
SHA256356f6cf3ebebc3ed7a4e2df976fe5f392bede7708cc2a422482fef368584005f
SHA512de05ef6452182ab4e4be21e779bc7a698b905a70e1a162e35c80e534e077c0c10fc6b444badbab2bc672e58294e3c633b647995f480b864617cbcf1b711ce573
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
526B
MD55c33905a7a33365f0884da3b0691edec
SHA19de11de6089400dd020e288941b2996c44bf96d3
SHA2565c2f09fc11cd2f52d1956e5a6c914a54a78f8032d6f71880211bbfd0cc352ab7
SHA512cca924404a28b0c51df864feaf5aef1e362f41218b7f0e200815e90763ffb0c759ce7331e47158c1ca9b3166d2fc4bbdaf6ec07a7bd313c884a9f775a444a2b2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
690B
MD5aa1caa0163bae40fde03f2219877851d
SHA1f601b23e5e8372487d30df149c6d3fb684bc571a
SHA256e6f550af25423b23c9a0f391ecc5b3413864b1d2b8a6635c089c6ccd8677290d
SHA51205105146542a905f9fc0da5496545b2234c5d78f8e93b723f2b37e5fcf1785c5796ebd9cede1d22feae5020ab3260768f7296e9267f7ff5d2d8af89da5062a35
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD581beae40ac580e70ba4bea3fad4f48a7
SHA173f4166238ce7909ad3d047bf8a03ec5bf041ed9
SHA256c3d2aaa7b3ab11c074a7f74d8ed057e4a989c32398a6014e4d3155424c19b5ed
SHA5124fa538410d53d80cce1c5ed4108b5e61439b1c71ba1de44d3d918ed8611479caf0a7dae8d0e0d4815794d63694562a208949c9901b373aac1adb67ae49cb8518
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD541ef7863eedfacdf9688c1124a36285f
SHA10da593fd215b0b99020118ac9b6dadc301aebb44
SHA256def486b96c5dc3acdf810c12a0bdd0117463d78968e8a3f0889413e71d90b8c8
SHA51273051fad14357c0fa65ae1c1da2afe6b969f5691e24bf2b804bdb8de8b10f90db126ac22404c61cba5bac40801d92a613c077580e279204aaf68904879774b44
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5ebb656a366a0a9a13de5a88639d329dc
SHA1ceca9c07c38141cb8a09623000c95c2f082682c3
SHA256ae9c009ced156d1ec219d215b6e7d4330a64461a093f001d0a4040f31cdd7ef6
SHA512a781852d84e2dcfec2e4b1e00bd6cffb02e5d49230ccb69074d1a727930b35777df1c9ed7821928ef245decc25390c5540f29bbcc01c55f258b7653a688207f7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD51f3f1f513aef0895ffa87cdf2eebc31e
SHA10abe9b68e41a12582b2bca3d601141f2ae9816aa
SHA256ce12664a6361e41ae19467109660ef74c9bba50d1df3813b60abe2cb50d364f6
SHA512f7d8b74ac499ab394e91bfe377b1796c4894cc8abcf96e538b315e558f84d0f77559d7648c8dc3e8da90f642bb8916635ebf934894d1a500ed031af1c4a9198b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5bebee7bb32e03d4f02f6183bb05f0fad
SHA1afa63496f3426d62e4c63b4ca0e04559f6512835
SHA256ab26f57081a9268de7bd33172e91bdac4b0d18ad47d5ae32934bcc602037ecef
SHA512f9acabf827bd8b31af557db8bc2d200f36f9265d06a1f825360b4367668ce2cd416de93607d8f7cee681fd2b17d85866a230cb8f54e1c80b1d086d2bd909844a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
363B
MD52a65d93aca5b0d70ee237e6e06ee7540
SHA1e2d9fd7546174ebf108c264d294ef56e0cd3fda5
SHA256ac3104b8a6b8055ca7e5a7c577e00abfba9439e373083c0b94ba26283b8c0bf2
SHA512df39dd96a7b7a6b3a6bc4a2baab82ed3a29c08f64667e5413915b80a42b77d5046ad2b2987f0e15a4ab16c453cbd2ceae5c0724ae9914016d8ba9b52bf5f18d1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5301236512db0bd648b676473fff3c1a0
SHA18ee6bbf0100a7d1e0b14efe498c96deb46eaa497
SHA2560b9d42e6612f4474fe9bb1cf70020450a5c2339d72dedd1c75efe283a11bcde8
SHA512307eb5e097212a6504f312c3850199db1f89991b083e803f4b1e965238890096ff0c99b139f289f27e681cc01a0070d961c2b87b8c9585083462e43889d50a88
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD59e1c7548f1e8b2373b7d0ff388fc6748
SHA1a65befdb8ca41027f47b055556865b1011caa904
SHA256bcdbc302443b6339b27319f0fc22bba271dc69394376a25f7f6a92e700f67c07
SHA51278787b0d4ba413512baf23e6e847afd887fc58bdd81eb2bf8521187ac49057f9da6d5b82593375aae61707431893c3435b3ab7e095e62588a4e15d9013b83f2e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD531ded2234624af1e08c0d05dcc407c57
SHA1521a6d60909bc1a704fcfd49092750e96f4d08c3
SHA2561c690426c97883fea3ec73f1ebe5e819f880a58ab0eaf677da4916125c113e1b
SHA5128e2458ac02a9d1c1736728b07afc1963c26b631324a89633c12d0b6872f99ed06a4ae4706b69ff233b7d00816a77079486b71596ae20ba23b4bd8102be6b1157
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD53d6ef365bdfe24ba973dbd9f2e641503
SHA1d047220e7a0e8c6784a98faa1b9bb0a4b0fc406d
SHA2562ad6bd9d35fc628da1f7745640e19acb97ebc421fd15160d76dd670c38f5dd92
SHA51226d73bc8df3180338bc72a53dc44412223c3f937ee53fd1b023a4489fa3211f24e7261a5144ce4c69a4578df003fc4741a62fb27264a7ab51330c1a2535ab26c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5e0b85fbb7b377cb9d00fc65e5641c80d
SHA1986351e0f5eec5f60bf9307ca48ab4b04c2a5c80
SHA256be3e7c4c5b5060a3172ab133313b73c09025f33da3d36c597806827bfcb31af4
SHA512036e68f65833e0887b423a98c69bfcd97aa959fe52a24f7424348bc95a0e965a6453d3e23eaa1b5dc360b2670a28a6c0e02d16f1b9a2f90fe8d979df3e4aa52f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5bfaa8b25114f3d4f9db28f7f9a7e2394
SHA15adc579d4d4fa44209e7fce1a8f66154c2dc95f1
SHA25612850151a7c605566eaa9304f8b48c139d18066785325a90fd51d7535864588a
SHA5124d3e1d7e4b7eac32c7c6738b130b8bb59de175de6e2833fa572a18a3d6e3aefa8682159cc9641c6972cd7436543be62888b47e7b9e54baa2aad3a64e97f4255b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD555f9f987b092e423be1abfc4e13d5ae8
SHA1d1a6f4317a8c5a850b1b37e6334d102c126ea9c3
SHA2564140b782aa95742e61b51afd5dc64dd29e65d89746bdde21c8f45d11e416e794
SHA51212fa01fdb56c1201a7ccac55e50ca9b86f148ef6c1e4f721bcf1ada06592af391906ef63d905a7a7bc830b87d1f1ada3a0adb3b8fe4d9314afe1b7cd6e776d63
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5ea48b444b329f12b0ec94a5675134bec
SHA13944b6f6d14974a800719bad9ce49e0f10f9c503
SHA25660acbf05b3c5216d75c3a36010e9aeb56a492c0fbee8fc186fe22ae2cb78aaef
SHA512339ba98d3a8e2415d33a44907677d89aa536aed5578871a326433f2ec9386d09201554eaeab8bebdeeaff9bc7a31ec18b5fb94f2152d18deeb1b238e129e2b52
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD520a3107b9aeba10942998e5e9f951d84
SHA1b06b2b16d6f67d65da44a71c234a025880adb3ae
SHA256294b4315dc2b6d4b7bd2b47fd31cdd93306b5e63beea45fdf8f89e11cd625246
SHA5121e6ae23f3eadf6d58ab99661ea3e3729cb8b4ec5b6d8720a64b79ed8a73fde48a1a5b6b48b9f55e1218358f7cea5bbb2a503f9d296443153c16d9e136e082b44
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5e539c781df35202c79e842fa56596f7f
SHA138d8b0dd42e96a9d4e7082a1b0c61134cf034ca1
SHA256cc1b9a7c7894053fc765b5c5de2779b099ea2cb2e0966e1f322b8e7c3972e93a
SHA51224fd7366ee04af679661486a035d186f465b88118cd5a0cf6b620da76df3e49e4c64976e0dd5725f154eb4959930591d408ebb30069f7050ad30d3b6c14d9c56
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmpFilesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\af6c5e61-8062-4302-849f-4065cf9d6d1a.tmpFilesize
8KB
MD562776e5c5e84155d19a3722822df845c
SHA1cbec3d580ce016266d86972d560d5170f09b6279
SHA25645536ed37ef1b8ddd9d5a1aef1cdfad6849c823970d4ddf17f58372f4f7a37a7
SHA512cc2f081275b9b82ddba036fa0a13b21314222c107446e8dede672cc1ed5ca807c1c5be57e90f06e124baff3e1360c26f3e4dcca3d18b8d3cec9a2672de72893c
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Free Candy Optimizer.batFilesize
98KB
MD5e86e31bbeb9493c361cfdc29d838f644
SHA1792d995da93083729d863e5fd48e873ac4052c3f
SHA2562bbf80db47959a275b23572b7cc7465ac29c6727fefbf6b9935d638589fc17ec
SHA51221ccce57366c2bf293423edcef79da82932847dae526b3c23536047465aed7b624c053c2a87dc322956e36a98291a128cd33e8149a92515bd80b8db087c66d91
-
C:\Windows\Resources\Themes\explorer.exeFilesize
2.6MB
MD521aca909bb5bff4adde712e07710573c
SHA16f3d07bcc6e3002847ef3b2c71f68d6aca214279
SHA256ef5adf716741cea8f007047abcde635664186b1b26e4cf09dae86b9ea9796dbf
SHA5126adbdbe48176a41ec60566b38cff7ff5cbca94d6f5932dbb246e0d8650b4b850d199991176b358e93c5cce62ece2df9e5465663c94c2467417ea7d68324a8214
-
C:\Windows\Resources\Themes\icsys.icn.exeFilesize
2.6MB
MD539e42e65a8dc5a6ac9bbcd3ac02e1b5c
SHA1b4dd52aacb1ece94a244a92da138667a8cffa66e
SHA25668520e531d03e0266db399a820c0cd3c6fdc53d7241b4807c57e226c308f8e80
SHA512202ea2e15494744612e06abadd83130cbf5479eb6a48c9d9666382fcfe835f0bdae9a2441a069cc47d5ac3b5ad9552d54f27d0343e99cc42ec098bbcd588c181
-
\??\pipe\crashpad_2964_MGGXQLVSIPLXAROHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\free_candy_optimizer.exe.00295d4b_0003b200.exeFilesize
236KB
MD5cd1fa5bcbc7b251dc0efdfd32d5fd6ee
SHA152908e931654115ddb0100ba7795295e31382844
SHA2569cb855726b752e515fbab26ef7e898f9ed19207d5aa0ee50b9481dd91c6386b6
SHA512ab93e24942581e5c5b8197c50bf7d0824dbe9f0a53a10e27908fe01a2e5c956f57c69d1cbc01136541195d8776984bf516ea4f1276bdae64ee1d514091f7064c
-
\Windows\Resources\spoolsv.exeFilesize
2.6MB
MD58b5f645e3511474b064eb37e9ec1a986
SHA1f1ebf0ac277f4bff8f157694a195b67ab2ea4406
SHA256ab34574bb8de21e0bffec06e2a4047f798033ccae7a575d1c83929e5369741d8
SHA51236d6f75e95b6f0c5209fa3bdc10f890472ebcc4fd16af1b78debf77a06f865757926cc2bafb80ea4e52c272d8fc3971fb4fd1b57fb13fd8f9e56700d60ce6c8e
-
\Windows\Resources\svchost.exeFilesize
2.6MB
MD5fddb5439a5342020aa407ad68993084d
SHA1dabceb6faadbfd426a7be1b85b747f4a8ed68488
SHA256086b18fed9da316ce370dad147267142b0ff811f39836a51cff48e2f95762f01
SHA512d367c77a3d19fba89edb325279d6b38b0b252400e823c406691b696e9197abb736983eba08c36196c2a5ab16a69115fe4066d9928f5975ce8390734521076a41
-
memory/2328-17-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2328-70-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2328-65-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2328-28-0x0000000003900000-0x0000000003F16000-memory.dmpFilesize
6.1MB
-
memory/2484-66-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2484-63-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2620-198-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2620-271-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2620-134-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2620-53-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2672-406-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2672-40-0x00000000036E0000-0x0000000003CF6000-memory.dmpFilesize
6.1MB
-
memory/2672-783-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2672-30-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2672-128-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2672-268-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2728-41-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2728-67-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/3028-52-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/3028-60-0x0000000003360000-0x0000000003976000-memory.dmpFilesize
6.1MB
-
memory/3028-71-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/3028-0-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/3028-1-0x0000000077BA0000-0x0000000077BA2000-memory.dmpFilesize
8KB