Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 23:25

General

  • Target

    2024-05-30_f184d87eec99f6424cfd690e65ebe119_ryuk.exe

  • Size

    5.5MB

  • MD5

    f184d87eec99f6424cfd690e65ebe119

  • SHA1

    d5270da8d20b1f173d22fde48c05783c0294ea11

  • SHA256

    fa78d1d10c7c6657ca3fc6a4fc464d81c29c3cd3d08d3c1d10ae0d7caea60fc3

  • SHA512

    2114ca27ef7d44aca54f6dae95f1fddc9b61ecf45914a666ac9e1e2414b15b7de92ef26b5ad989d87d59362d5b5046711622642c9becdde7e8cf86c9f9bfcd2c

  • SSDEEP

    49152:nEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1bn9tJEUxDG0BYYrLA50IHLGfj:zAI5pAdV9n9tbnR1VgBVm0TjYvH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 26 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 24 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_f184d87eec99f6424cfd690e65ebe119_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_f184d87eec99f6424cfd690e65ebe119_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Users\Admin\AppData\Local\Temp\2024-05-30_f184d87eec99f6424cfd690e65ebe119_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-05-30_f184d87eec99f6424cfd690e65ebe119_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x140462478
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2812
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1312
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fffadb3ab58,0x7fffadb3ab68,0x7fffadb3ab78
        3⤵
          PID:4364
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:2
          3⤵
            PID:2492
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
            3⤵
              PID:1804
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2068 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
              3⤵
                PID:2612
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:1
                3⤵
                  PID:4724
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:1
                  3⤵
                    PID:5028
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:1
                    3⤵
                      PID:5572
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
                      3⤵
                        PID:5620
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
                        3⤵
                          PID:5688
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
                          3⤵
                            PID:5344
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
                            3⤵
                              PID:5524
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                              3⤵
                              • Executes dropped EXE
                              PID:5736
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x274,0x298,0x14044ae48,0x14044ae58,0x14044ae68
                                4⤵
                                • Executes dropped EXE
                                PID:5676
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                4⤵
                                • Executes dropped EXE
                                • Modifies registry class
                                • Suspicious use of FindShellTrayWindow
                                PID:5924
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae68
                                  5⤵
                                  • Executes dropped EXE
                                  PID:6024
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:8
                              3⤵
                                PID:4344
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,12765980083916815624,6203168726487961937,131072 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5220
                          • C:\Windows\System32\alg.exe
                            C:\Windows\System32\alg.exe
                            1⤵
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            PID:4520
                          • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                            C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                            1⤵
                            • Executes dropped EXE
                            PID:908
                          • C:\Windows\System32\svchost.exe
                            C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                            1⤵
                              PID:540
                            • C:\Windows\system32\fxssvc.exe
                              C:\Windows\system32\fxssvc.exe
                              1⤵
                              • Executes dropped EXE
                              • Modifies data under HKEY_USERS
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2340
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                              • Executes dropped EXE
                              PID:3140
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                              1⤵
                              • Executes dropped EXE
                              PID:1640
                            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                              "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                              1⤵
                              • Executes dropped EXE
                              PID:2212
                            • C:\Windows\System32\msdtc.exe
                              C:\Windows\System32\msdtc.exe
                              1⤵
                              • Executes dropped EXE
                              • Drops file in System32 directory
                              • Drops file in Windows directory
                              PID:3232
                            • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                              "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                              1⤵
                              • Executes dropped EXE
                              PID:4400
                            • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                              C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                              1⤵
                              • Executes dropped EXE
                              PID:1964
                            • C:\Windows\SysWow64\perfhost.exe
                              C:\Windows\SysWow64\perfhost.exe
                              1⤵
                              • Executes dropped EXE
                              PID:3708
                            • C:\Windows\system32\locator.exe
                              C:\Windows\system32\locator.exe
                              1⤵
                              • Executes dropped EXE
                              PID:740
                            • C:\Windows\System32\SensorDataService.exe
                              C:\Windows\System32\SensorDataService.exe
                              1⤵
                              • Executes dropped EXE
                              • Checks SCSI registry key(s)
                              PID:3472
                            • C:\Windows\System32\snmptrap.exe
                              C:\Windows\System32\snmptrap.exe
                              1⤵
                              • Executes dropped EXE
                              PID:3908
                            • C:\Windows\system32\spectrum.exe
                              C:\Windows\system32\spectrum.exe
                              1⤵
                              • Executes dropped EXE
                              • Checks SCSI registry key(s)
                              PID:680
                            • C:\Windows\System32\OpenSSH\ssh-agent.exe
                              C:\Windows\System32\OpenSSH\ssh-agent.exe
                              1⤵
                              • Executes dropped EXE
                              PID:3344
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                              1⤵
                                PID:2824
                              • C:\Windows\system32\TieringEngineService.exe
                                C:\Windows\system32\TieringEngineService.exe
                                1⤵
                                • Executes dropped EXE
                                • Checks processor information in registry
                                • Suspicious use of AdjustPrivilegeToken
                                PID:388
                              • C:\Windows\system32\AgentService.exe
                                C:\Windows\system32\AgentService.exe
                                1⤵
                                • Executes dropped EXE
                                • Suspicious use of AdjustPrivilegeToken
                                PID:3084
                              • C:\Windows\System32\vds.exe
                                C:\Windows\System32\vds.exe
                                1⤵
                                • Executes dropped EXE
                                PID:2252
                              • C:\Windows\system32\vssvc.exe
                                C:\Windows\system32\vssvc.exe
                                1⤵
                                • Executes dropped EXE
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2188
                              • C:\Windows\system32\wbengine.exe
                                "C:\Windows\system32\wbengine.exe"
                                1⤵
                                • Executes dropped EXE
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4136
                              • C:\Windows\system32\wbem\WmiApSrv.exe
                                C:\Windows\system32\wbem\WmiApSrv.exe
                                1⤵
                                • Executes dropped EXE
                                PID:4372
                              • C:\Windows\system32\SearchIndexer.exe
                                C:\Windows\system32\SearchIndexer.exe /Embedding
                                1⤵
                                • Executes dropped EXE
                                • Modifies data under HKEY_USERS
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4548
                                • C:\Windows\system32\SearchProtocolHost.exe
                                  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                  2⤵
                                  • Modifies data under HKEY_USERS
                                  PID:6044
                                • C:\Windows\system32\SearchFilterHost.exe
                                  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                                  2⤵
                                  • Modifies data under HKEY_USERS
                                  PID:444

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

                                      Filesize

                                      2.1MB

                                      MD5

                                      bc822f5c88aa298886c4f5f0a56475ce

                                      SHA1

                                      3cef98315e82a9e3c4b0511bb1332727311599d5

                                      SHA256

                                      ddbeffc17e63bb594e0079416a2ae754b23279b5a128a38fc516e510ec13c46a

                                      SHA512

                                      b37baf50bce8ded59b8f5014ee90889d2322727cda5a7117edae22654dde3f69cf2bc3e03b474902b22961001b57e6920ca79e39bf7b1761fa5b462ef3679b09

                                    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                      Filesize

                                      1.4MB

                                      MD5

                                      b19e9e76667ae93c6cbe6000c2f76e95

                                      SHA1

                                      db716fe26b050042b24f0fe6bd8c0dc9e871dd9b

                                      SHA256

                                      bc99fd82573f59ba954cabae607550cb7bca1add5e174ca5e24e341e72ae83f6

                                      SHA512

                                      103b28c9dfb8c4e0776143244aa40379e0512ebea34236a754b1c9518b97899b82333783e19210baede5326a497cb236bfcba7608eb07743ec0f664c904bc44b

                                    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

                                      Filesize

                                      1.4MB

                                      MD5

                                      2aca61391b45fa2421c8826639e1f074

                                      SHA1

                                      70d8fbaeb96c345f2d95202c84f41f1751d0d266

                                      SHA256

                                      9cb1e8bb12aab958719821a13b94eb70a0d50600105b7313fc40a8c22c5a8c3b

                                      SHA512

                                      8bfedd9ef4e1032141937b1ffc25c680297c5f2d34f23a089b46ad620af31b6f92064cc586b54d96f8bbb40936d30dc3f62feaee4c5ec9ec2818674dce263bf0

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

                                      Filesize

                                      5.4MB

                                      MD5

                                      7790eebba01aa38f985a8de877ddd223

                                      SHA1

                                      2895b95898ccca952b60e59704d94ed8e7b80088

                                      SHA256

                                      34244364620f09b1ce8716e11e310ba609eeaae80112d96218290a454c1ec23a

                                      SHA512

                                      05f5466b6a93bc9c826ce9fa2f31323e432c15ea14755d1c0e29129ee837c7ea9f6447748ad763f0a990555bc53637051748fe70c21caa95e1f1b6fd4b0526b5

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

                                      Filesize

                                      2.2MB

                                      MD5

                                      e667085e1e8cd856c4d7655563092648

                                      SHA1

                                      3096475a1031368643dd968df482df867a397576

                                      SHA256

                                      987da4b49c88e3aa51b52c38105f37c5887aba16f1658332f2cf7277641c694c

                                      SHA512

                                      4fa01cef1274c3813cd8f744c05eaaa9f3fe7f0250be2dcb3fa99d400f97a584dfd1207ccfb42a0faaba1f8eea01ccc33e7d636b1ca490c3b77bfd0423f0de19

                                    • C:\Program Files\Google\Chrome\Application\SetupMetrics\15c47165-86bf-4d91-9795-7a6f2c00ce16.tmp

                                      Filesize

                                      488B

                                      MD5

                                      6d971ce11af4a6a93a4311841da1a178

                                      SHA1

                                      cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                      SHA256

                                      338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                      SHA512

                                      c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                      Filesize

                                      40B

                                      MD5

                                      23e6ef5a90e33c22bae14f76f2684f3a

                                      SHA1

                                      77c72b67f257c2dde499789fd62a0dc0503f3f21

                                      SHA256

                                      62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790

                                      SHA512

                                      23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                      Filesize

                                      193KB

                                      MD5

                                      ef36a84ad2bc23f79d171c604b56de29

                                      SHA1

                                      38d6569cd30d096140e752db5d98d53cf304a8fc

                                      SHA256

                                      e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                                      SHA512

                                      dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      11fe6c5b61822f5f96f723af38bd1ece

                                      SHA1

                                      3b88fc4c26baf6125ec6cb38b51f56cebe5a901e

                                      SHA256

                                      1f9438db413e435c16c098cd7cf056f3d9978959394594b818ed8257966acb9e

                                      SHA512

                                      bc322660bfb14254795464df0bbd6343c228b0c44ccbda52d224925bfd76843468f5d669f78614fac7110f1dd942fb13b952c2a14ad51dfdb8bcc4fc7bc2ffe9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      354B

                                      MD5

                                      5cfde5a28427862bb9eee808cc84154c

                                      SHA1

                                      85343cb4a7f94d7e4b9438296b04d3655996d886

                                      SHA256

                                      5cbed3a394cc94b07882a3d90df5f15d0d587af6da320bd41bb109e784fe6a85

                                      SHA512

                                      ccf486f1233f701d4e99f7dc3e302a6ad53f73203e184e11b6642f715f690d4c86c737975a8377a14ed68697323014fd476ba32afe4294e6e29033f8401e39f3

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      aed51c49eb60990eac2f2a2bc76c5b13

                                      SHA1

                                      9d82a98ad5f9b12530a107ac342f31b879309e0f

                                      SHA256

                                      21b99ced9d17c6cfaf84d4f952489b82ce7ae1bfca282d38a95dfc184b665e73

                                      SHA512

                                      98d52427264701e851a1399a86c2530957242ddc4dee173c3f3f883b052071ae5d56d7c9b47b1ef62f830029ad0a53a4054d9de8e2c074897fdb0687857f3ca0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe57800d.TMP

                                      Filesize

                                      2KB

                                      MD5

                                      8441fa327ce1f6c12f371a1535e655be

                                      SHA1

                                      7ccca62179f1eb9a2d47c3886ad8ad4bf5b15071

                                      SHA256

                                      975c8308bab1dce91143c9ad18effdd216bc367fccb3195ec2d4fd50177d2158

                                      SHA512

                                      986088d4595dc5a9e166ecc0b439a878a24d512f236b2756e377050c0cc7423143d3aaa3033ba5163b28fe8551313ff985d6df2ab109117186e878ca4a98d0a4

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                      Filesize

                                      16KB

                                      MD5

                                      aafeb15d2660545105424bd2a212ea06

                                      SHA1

                                      fd6ad7ca058023e13ea153c0c2e0ff1693af195a

                                      SHA256

                                      f50b9bbd29a3a923c531a6c423d53fd3960ed58bad0caafa828f0e56dabd9408

                                      SHA512

                                      e19863d44587f69a1e38970642163c81c625b734d01a5e3ab44f40f936edbaebc1f4e7f66c01b288f1d533c337fa126a703ca290a440bba3dfa306ed958f3a3b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      261KB

                                      MD5

                                      93e1292155b2dd2d4564278a2c8738e5

                                      SHA1

                                      6ce47aacc145813c4035e19f42cd8b19f32b9605

                                      SHA256

                                      0361f03a75746c2c4b1e7f422e6f3e9107d6e1b0df43b3ff9c4107a1f22320a3

                                      SHA512

                                      a01eee862a38bcc7b210f07dbf8002fb462b43b42ccae34b0ae631d6b38869dc6eca995975f2145f3fda13f86d5968c74c69ba387540a3c70ce9c2ffb15d4276

                                    • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                      Filesize

                                      7KB

                                      MD5

                                      6e46645538ed251d8c9408b95909f9dd

                                      SHA1

                                      741dceb55aa6e4ecddb9223b3f9c9fec495212c1

                                      SHA256

                                      5fad6f2610b2bd02b378fa9ed76ac16871268572be92b8bcfb9aae70c0ce463a

                                      SHA512

                                      e4198437b4c555cf421d6329e9d7a12197d480d880d663da4db9b00a77644db1aba4c59ff874a7ae0113405a6e0f23e02af9da5cbf11219116d22c4196f370a6

                                    • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                      Filesize

                                      8KB

                                      MD5

                                      c01459438cc79a7021f2796053d7d188

                                      SHA1

                                      3d6635e8820ecf8aa7cdbab0154cdd66dfa3cb37

                                      SHA256

                                      4bce21a33b06635a152503b8b4bfc0e06953c21dd3ef442181143265f3f36d73

                                      SHA512

                                      6311986491eb12face3bd33092b78713dc2c05c769dec5a87196572d2fd6e33721640c0f94cedb6a7957142c2c6a2e8a98fad522423c7b9f4eedf9407eadabcb

                                    • C:\Users\Admin\AppData\Roaming\4eb6a0a1293b476c.bin

                                      Filesize

                                      12KB

                                      MD5

                                      a9059095ca5aa56ec078ec28ddaace7e

                                      SHA1

                                      02b57ef1cdbeb9776f93f0cca55c318fe0e89568

                                      SHA256

                                      7621d7c4aa404394e8bdfbb19dda7530306df4306f77e7736bf21504b017ba78

                                      SHA512

                                      a9de1234793feec1b38b83ffec4c81661f0fe7d35db3ae54ac68eebeaf04836cfa7213bc85f211654910343e63189a2fc9a6c5ff8f88c4a45dab0245adcbb769

                                    • C:\Windows\SysWOW64\perfhost.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      7ea349de09b5d41171900c82930149b8

                                      SHA1

                                      27bfc04e851dc45f32974309422cf8530aa1b170

                                      SHA256

                                      03c87376e8ae81a6afd2b5e25b554251584ea613619f9a11215c17649cd86194

                                      SHA512

                                      e45c9dab48f36ffa41584181733cee7f057f7231d8e9f8e3a98e4b4801dcc47a8f889531cd872124be159f24c0469058dd1853a6b56caa68b535b9008f37a2f3

                                    • C:\Windows\System32\AgentService.exe

                                      Filesize

                                      1.7MB

                                      MD5

                                      01f53854bbe3c32fab8595913a52f832

                                      SHA1

                                      8f971523a57daa11e6fb75f9e7ded0662a471d4e

                                      SHA256

                                      7c78b23a4371f1c064e1f25ee0cd16bb2a167e599fc9458494a8950fe5f5b828

                                      SHA512

                                      7628048eb2d5284613c889ee77533115312e8648cc53389885f17e8068966aca9bb8836af0789306866420d69cc460462215e6b79c1ff756e6eeef0f3a2b06d4

                                    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      56f6c718e3b7271ca13ba15140eac406

                                      SHA1

                                      631ccabc45195824c59d156952f271f0820009a6

                                      SHA256

                                      df8a5115949df055ee9178d9679b186571d33a230c66008dfe6e75f567bfb46d

                                      SHA512

                                      da014871a339e85bfa6e1432886583785160fcf40fffea4e6cf66327b19460a28b014d37509393d93c2b5db6bcd0eba189af399a6ae8acea49d8c1c40e5cbb17

                                    • C:\Windows\System32\FXSSVC.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      c38aced33a20952e7775f997cb4ea856

                                      SHA1

                                      4d130a46afcdbc315e8460158c35aa971cc04b3b

                                      SHA256

                                      79225084fc1f941905444a5e700756e21cf4cd68328e0ef86959216b05e14998

                                      SHA512

                                      e13e44de7a6321bd98a29cce2967c8ce9f8caa8782d0dddbe2dc00304e57e42d2ca44248be4f946a67bc9fccf3911a7d36d9ca23d83b930e8fc7c39070eda3ec

                                    • C:\Windows\System32\Locator.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      d100442e1977bf3ef7aa92aa78e16477

                                      SHA1

                                      06828ecf3671cd4dbd375252648966cb82319b1b

                                      SHA256

                                      4947121ada114408430eea30985ee2b401c677554b9e06a6febe36810c069afa

                                      SHA512

                                      02cdcbebfffac30d7d2fd8d78e11406e400de14a4db483c39241b37f645df1e04f214dc0e55a66078954b814f2fa2c4b3def9bbb3453b67cf76baea749b2fbdb

                                    • C:\Windows\System32\OpenSSH\ssh-agent.exe

                                      Filesize

                                      1.5MB

                                      MD5

                                      067c4438ba418db02a739367ce4ccd41

                                      SHA1

                                      d784d9b4a81f0422c5e1158ef3accb901b63d02d

                                      SHA256

                                      0488767b70c255839fb403545db095f7dc3a6a7d698f299d02046dac9bb54a66

                                      SHA512

                                      a36ef19ccb4fe05f2c2c9b77185ee96556a5b7e76c12bab3d964997cbc57dd9bc7162df043a7221c2e0e62332eb7096bb50555b6c799e214f06a11aeb097e550

                                    • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      0bcf6ad977b5826c14a477f2015c952b

                                      SHA1

                                      b61dac4496f7d7ec8336bcc735902cc9d83eed31

                                      SHA256

                                      6820152a5508c867ecbbd9260ac6c77794a23f1497b13f9031f42ecb048cb307

                                      SHA512

                                      4679c287bcd5a530f1e75350924af7fafd7f92ad95c784749dfa583deabd4f1851f56d831b7f458b6cbfbb3dc9956d9c83805aef0171571ba3b48fa97860d73b

                                    • C:\Windows\System32\SearchIndexer.exe

                                      Filesize

                                      1.4MB

                                      MD5

                                      39ce9ce81088671efe82a6972d9d6c5b

                                      SHA1

                                      bc85c9ad9b503f20b48816a9bba6e2b16277ddca

                                      SHA256

                                      e4b5e64f95bfe9a2b9b349a11d5704540f71212538c0989dc383f24fa4817cfb

                                      SHA512

                                      b6d20af55b4db46f3d53a66833ffe2b4666353d61d10879b0f38f63c170321c2fb9febbafe195cc40161a081fae74f0fc91beaee550c5fb80193559e89e1963d

                                    • C:\Windows\System32\SensorDataService.exe

                                      Filesize

                                      1.8MB

                                      MD5

                                      1385535772d68c0cc94ec8d6b74ad1ef

                                      SHA1

                                      dbc40c0567b7a0daefa2c838d21e08743e62a1e3

                                      SHA256

                                      ece0de60a8f1cb082b811a91b2024d9d443dda4e7f7b8b1c333841bf20a4825a

                                      SHA512

                                      71efa9b666f35915a0dd507676297a899cbbdae25f0ebf1736c8924b620c8d5fe34029ccc13b01cad386341aff4970d1edbb8dca3e78fa04c072a5f24a447386

                                    • C:\Windows\System32\Spectrum.exe

                                      Filesize

                                      1.4MB

                                      MD5

                                      152253fe1a84ff715839ec7be21a7e08

                                      SHA1

                                      c039f9f5584bfd109f7c476cf2036bc54bcd2077

                                      SHA256

                                      1cd33bea168835e8ffac2632814d6ee2e23c522c821ac3dfc55ec90519ce0ed1

                                      SHA512

                                      bf8a8240906d55776be15acce048cc74e66ba1327a645a67a7bb90014536306366588bac6e2807df3b74af87ba46d48e0545ff1632192b9bc31df7643bc8ce56

                                    • C:\Windows\System32\TieringEngineService.exe

                                      Filesize

                                      1.5MB

                                      MD5

                                      83fd0749c8aa7269f2d65d21e2841a73

                                      SHA1

                                      57b79dc9a2aeebeb602c9835fb5fd3c82f8c9b6b

                                      SHA256

                                      db6db9e4c74af2ae95f6f328a64c3a1c10f67f0e38e65e730a189228c7ea9d04

                                      SHA512

                                      f995b4a86df120cd5fe1b193ef68cd366ef2aafcc9be0f4ea643fe63883adfb0ad2d6d5d8ec6a47bc32eef979e4bafc8f554e0d5010e1e7e3f032c5136283684

                                    • C:\Windows\System32\VSSVC.exe

                                      Filesize

                                      2.0MB

                                      MD5

                                      a63b2d7be26400e3e3e7f606d8a04882

                                      SHA1

                                      ea71908c282eaf6d04c58fdac977372a24a1760c

                                      SHA256

                                      5f5e18666846cd8d9ed910f47e50a95c74d52b77c18dd9bd50cc6a698a8c8abe

                                      SHA512

                                      0ce3534152b2fcf8ac9ebf22d7f10552a7bd0be0e68ff18f1e1f791f32d3a7657915a5e66305ea382cd6321fd0c279e7c0c5060c31e0f6cf38e6194f849d81a1

                                    • C:\Windows\System32\alg.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      7891795625d224cd35fe9fadb3ace8e2

                                      SHA1

                                      c960617286cb42522b2746f7262a5cbd16966b9d

                                      SHA256

                                      17b62a1bccfe17cd2d4e577b6b0b123a52e5075737427088978a15938109b8d1

                                      SHA512

                                      90661aa2e99f848413ef4a4de7b04939d68bec5f73b29736a2a2e95ea0f4ae73e5b251e817d41e0ae02dd1d49ca2c42ed712b22ef00773f1f46a348d4f494d88

                                    • C:\Windows\System32\msdtc.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      0c77be11ca46ab40a4c994d61a35265d

                                      SHA1

                                      f8d232bdef63c05c468131bc458807f8d0a47331

                                      SHA256

                                      c4fccac0350ff14dcb9f29e3e24d453d415b7df9ab054e21de276ff948bebf18

                                      SHA512

                                      4f8deb08f38a90a95b3a5813564425ec751a6ca884f862a3e5a0f3b74e8441972651d12ea7ea375794c69291a6c730ffd9b13e73580cb49cca456b8725d89b3d

                                    • C:\Windows\System32\snmptrap.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      fca81cd35f7338bec66a3643844b7b19

                                      SHA1

                                      d73fc08096deb0438c6e7383c2dd0a9941d3ed38

                                      SHA256

                                      9c5ae7897422d4ed8184aef08b98c7598d1fdd42a49be4edb6cdfea02eaa4b7d

                                      SHA512

                                      d9aaaa830a84d71acebd123a5a98cf2ef04ff5b8ed8d8a4179c267f7039019c5b244a8dd00db65fb11e3842d4e8de48b2f62405cd4df4ab1de708cf2b09ba1d4

                                    • C:\Windows\System32\vds.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      949833228aab2e0d633adc107bc43123

                                      SHA1

                                      7bcf354fe199aa0e9b453104681480731618f737

                                      SHA256

                                      20c261686f12ce4fb3b6cdd502ac84ca5f4325e894e9f785c3c16048eeb8c826

                                      SHA512

                                      bd38adc26efe409b9ac1e63aec75d22bd113fe2a378f076ea1ad32ca2410c627c8ff21be481a6f4b801fe084345622c25e3b02296ebec610ee47239643a73cff

                                    • C:\Windows\System32\wbem\WmiApSrv.exe

                                      Filesize

                                      1.4MB

                                      MD5

                                      37d32b029bec31d0f50dc6923cc515be

                                      SHA1

                                      023afc5fb3c2ba13eee80491e69e4e374e3a73cf

                                      SHA256

                                      dc5dc4c58fc4434f688e7ead47131eaff950074106e52e7292102491bf5b00ee

                                      SHA512

                                      0a827625574fd234c960e6a952c41db412e9f0bc550715c8f92d41dd52817981ad66bcd8d487c9e2f3495e835fd25ae319745b499d8e03ae9f1e93f03c68ae5f

                                    • C:\Windows\System32\wbengine.exe

                                      Filesize

                                      2.1MB

                                      MD5

                                      383f5b3029cf68beebbea57aa8be01ee

                                      SHA1

                                      0170f06a70a5f334e95453317be541b59a708a82

                                      SHA256

                                      c50862f016d8e979de2420577ba123711e60dc6a5c827b8c78029b7a6b360230

                                      SHA512

                                      3bc0437da270bec46c6038be448189409067e5b088ac335adefd9a43ca0f5a79cb01ab39506dd770997535abbe407238ea671bb755eff0f54383c05317f2cb2a

                                    • C:\Windows\TEMP\Crashpad\settings.dat

                                      Filesize

                                      40B

                                      MD5

                                      440112092893b01f78caecd30d754c2c

                                      SHA1

                                      f91512acaa9b371b541b1d6cd789dff5f6501dd3

                                      SHA256

                                      fdf37f8111f0fabb5be766202a1a0b5a294818c4c448af0fec9003242123e3e6

                                      SHA512

                                      194c7b90414a57eb8f5ba0fc504e585ab26b2830ed0aae29cf126d5a6c4888d508c22984aeedec651c8644fb1f874fa558b2090488516b33165fe7985d2815ea

                                    • memory/388-321-0x0000000140000000-0x0000000140221000-memory.dmp

                                      Filesize

                                      2.1MB

                                    • memory/680-318-0x0000000140000000-0x0000000140169000-memory.dmp

                                      Filesize

                                      1.4MB

                                    • memory/740-315-0x0000000140000000-0x00000001401D4000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/908-44-0x0000000000690000-0x00000000006F0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/908-52-0x0000000140000000-0x00000001401E8000-memory.dmp

                                      Filesize

                                      1.9MB

                                    • memory/908-50-0x0000000000690000-0x00000000006F0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/1640-307-0x0000000140000000-0x000000014022B000-memory.dmp

                                      Filesize

                                      2.2MB

                                    • memory/1640-628-0x0000000140000000-0x000000014022B000-memory.dmp

                                      Filesize

                                      2.2MB

                                    • memory/1640-78-0x00000000001A0000-0x0000000000200000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/1640-84-0x00000000001A0000-0x0000000000200000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/1964-313-0x0000000140000000-0x00000001401EA000-memory.dmp

                                      Filesize

                                      1.9MB

                                    • memory/2188-323-0x0000000140000000-0x00000001401FC000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/2212-100-0x0000000140000000-0x000000014020E000-memory.dmp

                                      Filesize

                                      2.1MB

                                    • memory/2212-88-0x0000000001A50000-0x0000000001AB0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2252-322-0x0000000140000000-0x0000000140147000-memory.dmp

                                      Filesize

                                      1.3MB

                                    • memory/2340-76-0x0000000140000000-0x0000000140135000-memory.dmp

                                      Filesize

                                      1.2MB

                                    • memory/2340-74-0x0000000000E90000-0x0000000000EF0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2340-61-0x0000000000E90000-0x0000000000EF0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2340-55-0x0000000000E90000-0x0000000000EF0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2812-567-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/2812-17-0x0000000000510000-0x0000000000570000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2812-23-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/2812-11-0x0000000000510000-0x0000000000570000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/3084-211-0x0000000140000000-0x00000001401C0000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/3140-71-0x0000000000C60000-0x0000000000CC0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/3140-427-0x0000000140000000-0x000000014024B000-memory.dmp

                                      Filesize

                                      2.3MB

                                    • memory/3140-308-0x0000000140000000-0x000000014024B000-memory.dmp

                                      Filesize

                                      2.3MB

                                    • memory/3140-65-0x0000000000C60000-0x0000000000CC0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/3232-310-0x0000000140000000-0x00000001401F8000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/3344-319-0x0000000140000000-0x0000000140241000-memory.dmp

                                      Filesize

                                      2.3MB

                                    • memory/3472-316-0x0000000140000000-0x00000001401D7000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/3472-572-0x0000000140000000-0x00000001401D7000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/3708-314-0x0000000000400000-0x00000000005D6000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/3908-317-0x0000000140000000-0x00000001401D5000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/4136-324-0x0000000140000000-0x0000000140216000-memory.dmp

                                      Filesize

                                      2.1MB

                                    • memory/4372-325-0x0000000140000000-0x0000000140205000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/4372-629-0x0000000140000000-0x0000000140205000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/4400-311-0x0000000140000000-0x000000014020E000-memory.dmp

                                      Filesize

                                      2.1MB

                                    • memory/4520-39-0x0000000000630000-0x0000000000690000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4520-28-0x0000000000630000-0x0000000000690000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4520-625-0x0000000140000000-0x00000001401E9000-memory.dmp

                                      Filesize

                                      1.9MB

                                    • memory/4520-38-0x0000000140000000-0x00000001401E9000-memory.dmp

                                      Filesize

                                      1.9MB

                                    • memory/4544-20-0x0000000001FE0000-0x0000000002040000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4544-0-0x0000000001FE0000-0x0000000002040000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4544-6-0x0000000001FE0000-0x0000000002040000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4544-26-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/4544-8-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/4548-630-0x0000000140000000-0x0000000140179000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/4548-326-0x0000000140000000-0x0000000140179000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/5676-544-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/5676-663-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/5736-541-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/5736-596-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/5924-552-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/5924-585-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/6024-573-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/6024-730-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB