Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 21:41

General

  • Target

    2024-11-09_943d8eb8eb32fc187ad237abdf02e76a_bkransomware.exe

  • Size

    1.3MB

  • MD5

    943d8eb8eb32fc187ad237abdf02e76a

  • SHA1

    59c5ef6ac7a0271112ac9870ce0bc147e7cc63d7

  • SHA256

    aaeb6a9ba4d5654a8043380de601dbf6c188d32ce22530d6180ed87739954942

  • SHA512

    4dec5d057cdbde7e569f219b51e41c22624e15369c3d7c455a86096f3c302aee669abd59e58f5ba8213bb8093fec7aa0d8a1beea75213549a349b49bfffeeebe

  • SSDEEP

    12288:ktOw6BayoMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:66B3SkQ/7Gb8NLEbeZ

Malware Config

Signatures

  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-09_943d8eb8eb32fc187ad237abdf02e76a_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-09_943d8eb8eb32fc187ad237abdf02e76a_bkransomware.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2072
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1428
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4080
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4260
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:1844
    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4256
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2028
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:4624
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3692
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2284
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:1360
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2628
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:4128
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:1312
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:792
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:692
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:3460
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:432
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1836
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1520
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:2272
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:5040
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2632
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:3428
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1168
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:2312
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:440

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

        Filesize

        2.1MB

        MD5

        11a72e2809c144508200837a866709a3

        SHA1

        5c3a07256a08f07a4c01d531a9e96b1488c86935

        SHA256

        665d57cbd536c37f69199b2486a557a7eee9ee339336845fe5c743b14c5b81cc

        SHA512

        54d68910b6ae316d6a9273e4b818afb894870bd4742c2692e2518c0cc4165571d2ff714d77d761e2e0ccfc5df7692d3a7626a476bf02968ed92ee3f6cfb70d59

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

        Filesize

        1.4MB

        MD5

        083edd1ea94b3c5d819fe4e481f82898

        SHA1

        36637796ac14658f38affce705a8e2021177b125

        SHA256

        7387fc5f2ef042a59ef789b170db2199fd70923aa05d07470a396d15a4add58d

        SHA512

        a0d43a3e905a8a110016c785a09c4b1ab7254babe556168667022a614be9cc8e7dc4688e156c1458d16dbb75fdaec6699e3e61bb35438098027578db559aa8ba

      • C:\Program Files\7-Zip\7z.exe

        Filesize

        1.7MB

        MD5

        17cbff25ae77bff4eb405b52685b0011

        SHA1

        825aebc8c4db9ee42f72c7ad17fe1898b4c35d29

        SHA256

        5dccb79119e8c55cc418ac15a10505e5d8338b22a23d4c9f1b1f678fd4c9b7e0

        SHA512

        6323f8a25997bf29ea8cb0825faa0631541432c329e2a61ae80243504a1675886da9e1222f702844016b635f73b511a1d50f47fedeaf757fac7e946475247d57

      • C:\Program Files\7-Zip\7zFM.exe

        Filesize

        1.5MB

        MD5

        c7192c95306ca61d73dd409ee08cb0d4

        SHA1

        5987706d1d4a26cc9965338dcf5481c9c9e5f27a

        SHA256

        fc85c60f3e64d03453ed538d01cf6ef48b11e8d55a5c69ca544439db7b5ea008

        SHA512

        346d6b009ee3ea6b20a0dd90df431c1ac948082b18003802e74b7249e1d36681a26edce2ae0b4d7da748f692079a36dd9d1152c02b0f5f11621df8dfc152ebe0

      • C:\Program Files\7-Zip\7zG.exe

        Filesize

        1.2MB

        MD5

        d748b9ada9ec1fb266f02c5221763cc6

        SHA1

        4db7fae331a8309c73c4debfccef94ae8c5a89ec

        SHA256

        ba8e7bee9bdb5fa9a265a8ca71a01151cb50306fe9d81d8831ed17b001735c7e

        SHA512

        b0c47a6f37fa8319ac5f3667f6b402419b2cc108cceacd899dedab15f8c013ffaac91dd122f9c1b1a0f0910512d099b3bcd9bc166483cff90bed3ee7cd0bc6d6

      • C:\Program Files\7-Zip\Uninstall.exe

        Filesize

        1.2MB

        MD5

        c1eb922d84dd23745dfca76a97a5dd41

        SHA1

        ecf9e90e7325a31d428e95cf2a6fae1be70ff27f

        SHA256

        00c2d044238386ceb408747856c6360860fc200f13eedba86fb93581649abde1

        SHA512

        1ee4537cf57757053ee10291f851fcb0985bd42b6475c9464210910a48245c6ed445f3433e824055bf9214ec672b0b50bb3f71922965ecf10dc19473fc7ad4ca

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

        Filesize

        1.4MB

        MD5

        501f3627a672264e4abd0a7a2cdcc07e

        SHA1

        4dc32e25e9c971372c4c9c94f322ca71cb0787e2

        SHA256

        2ea7763024e0d0d299b1128817d136009da9b7b447c7b7f8cd7faeb39912cf9c

        SHA512

        638f20a7093c3ca74bc4a125fb190617fef262ae23c716f622dfba96c2fb0e53ae26ea5aeb1a3763befb1565e7f336ce65f4e7a8fd9945eda2398f17de0f6f3d

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

        Filesize

        4.6MB

        MD5

        d839f153b27659ff0b525d3dcf505b51

        SHA1

        2d0d5be640f51579a3ad06023831b0e888405d39

        SHA256

        4861c4a30bd770204a1c09c4efd9f7108ef5156d4ee9daf06015428630f2218d

        SHA512

        580548de5b0677dcae0ba8c960855f85aacecad5b33b38d189b067b74832766d5b21ae3371953f3975287a1ef917d010f88d72372d8b1c80161fcf992fcc3870

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

        Filesize

        1.5MB

        MD5

        632cc9f3a76a4c68e8560740c5a99d25

        SHA1

        0fb690a0f36830de2f63d1487b8551e1a9708133

        SHA256

        8a41c3557234063a468f63eb27d7452d9013cce8bce6b89ed6179a7eb42d8e41

        SHA512

        2c34884dfb63f06837b153edbf74dc2bdb5f4e3819da4ba90f585dcab40395b454403dea32387450dbe4ac300fcec4c456ec32fda34756d00b7d7a571035d6fe

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

        Filesize

        24.0MB

        MD5

        b985d9219c3181a06fe0e972f24932c3

        SHA1

        4cd22e9e07d7c06d9ef6e86ff50893dd81527cc2

        SHA256

        ba09073310923262701e33917fb534e3e3a158ad70e5aeccd1264dd32f5595cb

        SHA512

        9fff74c708e5a1fe3e513cbfb9c155c28f4ac65242f36244dee8b277816e01e642f27edc632aa28a04f76143cf54d574f81dcfe3be4cb1c6476b91af45142d0b

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

        Filesize

        2.7MB

        MD5

        5670623ec47c223aa01a3a8948cb7925

        SHA1

        125e9da17b13017e24bd8b1e78e77fe6df946f65

        SHA256

        020d0e685e1e4713159e9ba4b0c924a579342505c096da0cc1620f273069c1cc

        SHA512

        bf422969883520a10283f0973916c38a520c57909db941b131a5051b23f8352963057bb2ed99ea4020d55cee614c3a4285350ad04cc8db08cf13a76405a7204c

      • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

        Filesize

        1.1MB

        MD5

        09ff7d6c78adc22dcbebc43063181974

        SHA1

        614f601733af3fd8eba22d397cde352050c7c14c

        SHA256

        1124282a20f38412c193702c8f354e016edbbb1073e4034704b29da30c2a4b10

        SHA512

        bca6d12cf4a2f9722f42c1c090672d82a43a8d33c0ff1cc3bbcee485b1a897bdd993d2bb13b908a2fb040316554b6be6076a8bb7f19577f5aba4b2b30c5b3c4d

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

        Filesize

        1.4MB

        MD5

        2b29b1bce8d34100a83382d6d2ccf5e9

        SHA1

        3a14dda257bee629c3f8a4d7c4ff83204c453acb

        SHA256

        dbc2d51b3c738c055c1785304ac7b71347adfb6b9342ecd890120995e144909c

        SHA512

        1168ce71fe40cc97f32512de275320f02c6731012f573fbc85f28d164ba03208afa37e0a37198d25094ee5e2180f8f9c5e847a62415c5051efdd1693b9c7a602

      • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

        Filesize

        1.2MB

        MD5

        d2da32c6a2a6c9e4bae71f2d505b6fdc

        SHA1

        0737a3cac5253fa1b66c174f28e61c03fb1dbc36

        SHA256

        6f6b588776ca17e92a0374ccb0a68036efd807e5d8a45e364e769fc3d14d87b5

        SHA512

        d3292f8e796413873f1f9307ff140945a0759565879efb74e07d0803c1e4e82b807afa28ab96d178bb085d6c68c29afc9906b5055adfcbbe4b1091d18b58eec1

      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

        Filesize

        4.6MB

        MD5

        988e4276300f27fb10e95592b489d224

        SHA1

        f366534fd2e86cbfd7951436dc16f25311155a16

        SHA256

        0a92a7f4244a23d0a52e0fae345f34cf1ef2aa83eadf8ad5ccfd5a58b80acaad

        SHA512

        c717637779ea721def85921b3a46c6f23a62b1af46092bad4edb92b7189b12b972b08a922e3a3301b3a41984d23a74996954af2b9d133156414dc9b10c78bfa3

      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

        Filesize

        4.6MB

        MD5

        eaeb2f2e7d83090efb0d9ec891a47c26

        SHA1

        cde199821533ae7d19f38225115821270d59de11

        SHA256

        b0c60e7582ee3c054733653040861e9fdb1dd082bed9188788971ad5038b23b6

        SHA512

        73ed710c92b5fc4dceeac52ec6b4a84c316f6171f8d2fdd587b1f16477e98b9e5e64ba76270772f038d8d9cad7849d06862d9b100473de490f653b4fc6fa9e84

      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

        Filesize

        1.9MB

        MD5

        be650853880543ef3a8fd8b1d1311902

        SHA1

        bc0d31615c2e88c0397a8bce280b9dc5ac7973cf

        SHA256

        6480fd1accdf914ba51bcbf88aa6891817a42bde540603efed7dfabc3be1a3d7

        SHA512

        404499e13766d03e424aa3a06f356df827f3204abed22121f1d074307ebaefc08f4b47098e75ce99e72dc45fb1136abf12effa4b57f2683454b3fc5c9aeafded

      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

        Filesize

        2.1MB

        MD5

        37b32dcf606d920676b3fcf044a6d23c

        SHA1

        68568686f6f4dce4a781960e8c7bb8f7d31f4669

        SHA256

        4f4e7764a6aaeaa212085edc4e4df3b4e762459e83b866c5dc9cd941335b1ba3

        SHA512

        05e57e82501fd6c5dd9499235b0cc84f766836171699b5e02ddfe8728d7f2e95587bf8de6ab8a46b4f996e49b49c7a34db3eb61fc4af094c6d2904467430327c

      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

        Filesize

        1.8MB

        MD5

        29021be972a7f794724eecd05d301af5

        SHA1

        af2c259218e9d1d874b7662754e2b9ad9f5407ab

        SHA256

        dedf34c8129f5e6be015857a1c0b069e949aefabb650baa5455e6fd2065efc52

        SHA512

        af98dc3962d5bd9fb1de600079c1473240babf68e5a2e89aa43d86e8dd167f44c19588f791b988e53fbe2d0a88fe52034675dadcec8683c7e89f91e0a987b5aa

      • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

        Filesize

        1.6MB

        MD5

        0c54a14431b49b88d9a8c1ee08302515

        SHA1

        f554f38ea879f202bc3397b41b8894a697d1360e

        SHA256

        aba170769944cddef7f4f7a6180506843d8d718a35e9ebfa2d38f269e2426f4c

        SHA512

        c7f375ca8628a8f828d474d9878e7490a02cccd5a01c7261e55d298f4b6e2b10d56ab7765540fa19467040fe99942f924f7c562de495278a2e39c40dc45f8577

      • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

        Filesize

        1.2MB

        MD5

        acaf2ea5ca307d4b8ba47d4bc1fc9637

        SHA1

        20d156911b3faba8585ad75a653b4802305ffdb4

        SHA256

        e071f121e5ac87f4a3681c4391d931194e16acd51b3e4476b63e9d5ada5a1eb2

        SHA512

        d586d4a684547252d653788e94f66f2d71b5be9fa783437eae918e662990f786c9a2d7eb4e939b5ec28d1b83f9f0a797539a84adf72a7975df89de3f09269776

      • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

        Filesize

        1.2MB

        MD5

        536c330e80ca925452535c0e72e5664c

        SHA1

        3619405b67d72e571baff233b8cdf027c7d4841d

        SHA256

        b65ffe50ada05eb6094ce1710d8c448d7fb001513594f7b74ec7da48788b3267

        SHA512

        cfda2c6d9eb227a77a383f1dd8c52b61b7599b8b1fc535417477d9aba1766820d8f7e57f643b78d82c7edc77976a5e0a8b41479c01798ff1e6efa23b5efa77e2

      • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

        Filesize

        1.2MB

        MD5

        c44f7fea1f5df519ee2799d7f3b31dd6

        SHA1

        c6d75cf2f55b3c1fd5b64a6204bcaa76fd05cd7e

        SHA256

        4c032d6c5d6b9aeef56b061d53410f60c9c30bf1c187a453452dabf854ae1b75

        SHA512

        37129ce26d339022e03540ec691fe78217bed3b5d6a9c666ebe956117b9339b48daa3e50374fb3347fa25cd6b3668b3c087ecec4ef988fed990d09e00c638685

      • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

        Filesize

        1.2MB

        MD5

        f059691d43bab6554c40e5d476091766

        SHA1

        d996ce44c9f81d1e9f21c3806a6f348cf6c4b3a3

        SHA256

        2a4a24c3f57f24df8106eb95a8d32da4d8a2d6dacb7dcd1b3c70470a5c868037

        SHA512

        b90d915b2bd3de74f158c8580d53c80361901d2275e75835b4a2dd1528a2f37e7ef46464ea759f9f6761309d999c10c9fb063fb1adbf5ff27b253ca7e5c1bdf6

      • C:\Program Files\Java\jdk-1.8\bin\jar.exe

        Filesize

        1.2MB

        MD5

        5a12346fcc1bc27c45a3d85ca8dc9c55

        SHA1

        c67048b0db4d98533694081e0e642148828671b4

        SHA256

        a1900d13279c4306f3013afdb155564f77e35d1d8c8c0e514344b024afd9230c

        SHA512

        e9ed4bb05c69b41c3dde1169e8b7f96a490e8506a61c9bb063b1d19b91392ee7f82fac761c8068d6b426c3dea8f84bbcb4c0a8d7f62bc006a63b9e812560e131

      • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

        Filesize

        1.2MB

        MD5

        e4104b48213df9861ab90a9ca6cf5a92

        SHA1

        029d8ba17d12e0185995560016e3399a083c783a

        SHA256

        63bd0c414606f49b6d0487f48c668136e08037572fcc935e0e2d47eb42220741

        SHA512

        b28fe349213121423df6e4f807327d241d5e7ae43a7036923bc349357c64e57e89f04a908a1621e00f51089bc2d23cab1f7666e12537eb06d54d1fdb5800a5c5

      • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

        Filesize

        1.2MB

        MD5

        34baba417d5e1f8dbe6eb83487483d6a

        SHA1

        22fbf11b7cc6e85126307ed1663de73b61bb09f4

        SHA256

        81cae2efbcf89f38e5a371e4a6b6e6413da1a61bcf279bb2fb70cd08079d1768

        SHA512

        25e11e907f24e93946372cc29fc1e49a159f5c5260aa7e5403ab93185c393fe3d8412f3ce4299d43011a709dcf657e851ea7cf59d9b5e3c49a79ba320bcfbeac

      • C:\Program Files\Java\jdk-1.8\bin\java.exe

        Filesize

        1.4MB

        MD5

        747259362364d12efcf8aaea934f2969

        SHA1

        23776af47774bbf054c0f34d2e2f896a18139ca4

        SHA256

        70c242f93a504015d0024baa13000394011f2105afe0e4b29ceed5e86f454d56

        SHA512

        c45b1f86762f627eeaa9cc5feb667d83b2f908c94e978bf22f0a3f229652670acfc1f132093f536375d22dd241fe63084dc6be04314336c36a4a2e66b0734414

      • C:\Program Files\Java\jdk-1.8\bin\javac.exe

        Filesize

        1.2MB

        MD5

        f171122cd809e7fb94d25aac7318028a

        SHA1

        65df5f840e55fa5f8ec71b6d0f67b5751611055a

        SHA256

        d1ab27b950945f45f0d1eb15db1f8213d38af8a2c6297f2f57b029369c311f6b

        SHA512

        de8fa8363a2711f5c31dd0b26c7b3c14d6a8ab908722301fe631b844fbc273655d22173a224f0105dd815645c737ee1449bed333734c9b2eada292de8807c558

      • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

        Filesize

        1.2MB

        MD5

        e4d4ccd7ecb6cb49cafd080d75ff0f08

        SHA1

        e55983e680ae24bdb1f93eaad749595dbb793f5b

        SHA256

        eba1759bf2611990430ada54e569708e9b611319cc261e5792cd19793510cf7f

        SHA512

        4dbbf8acd71a5b966121a51dd4b238d86426996d38ae243fda748e927da90596741aaedc805eb3df1a3c7693d8ed0441482432c5284bf628aafea45b01822526

      • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

        Filesize

        1.3MB

        MD5

        dd309e56a1f811d1206b6aa862c428e9

        SHA1

        32412656c74264ccd98e3e52549e5c62acf27820

        SHA256

        ec581b1e842467e58570c579bf9b359d110ec17cc67462016e22b3a512c7e051

        SHA512

        538a0cb03723d2b964d7a6b8f99e81085ea839fd29410ecf9a297a1fb38a5145cb83ae253b41543b00935825a9da97fdf9c6ed11d945808da234dc547ffdfbf2

      • C:\Program Files\Java\jdk-1.8\bin\javah.exe

        Filesize

        1.2MB

        MD5

        b7966fb8d67896109adf5263d0b491d3

        SHA1

        2b5575dedd903764cc83469a9e8a0cfe194909d8

        SHA256

        706726ac26b49017cc9628afad34a3dea369fd12bd79fe32e68bbd8f236996d4

        SHA512

        901bf9c842e22d59fa4ffaf20972ef24545e2640c313941076896fe60376b55f07e1d259eb2c74e8420a803a4c7ef40d9b84514eed86e011cc7e418be4192344

      • C:\Program Files\Java\jdk-1.8\bin\javap.exe

        Filesize

        1.2MB

        MD5

        46a26dd9d9428ed38ea37b75337504ec

        SHA1

        4e88386f565dd91cc643a4867c8e1e37b392ba25

        SHA256

        43461ec0455927f8e7c7902442422845d917b3ce741568aa6386430d61e9c256

        SHA512

        8989fc31537e675bf8a33f5b1f1c46983cb1f642217835481f6def1b2e4a6fd163e0fdc91a6785d2b1eea88df65a843b7578ba8468b313a3c59a6914e0f173f3

      • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

        Filesize

        1.3MB

        MD5

        aa35158a54191d3408b890f14a18fd39

        SHA1

        2350d19374a84fa1b8f294f93e3061752a0cb140

        SHA256

        3f676c71342e4618ee3c331daeb337b7387cbefd107f1c76e44ab411065c73d4

        SHA512

        7e9abf4e55cfcc1de01b9895dde98dbeabab4c125f0997868ece4b881d4248ba814c14d9a81e768dfb856d22fa5c58cfe1a28e5cb1afecf3125778013a40e8e9

      • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

        Filesize

        1.4MB

        MD5

        0cc5893fe37d8cde4dc3011d56affc51

        SHA1

        8e300c9b53dba8be3f60e0162f1f7cd51c71e74b

        SHA256

        7f2c3dfb51b579f5fd9bf191931508c496f60cd2e381e9075bdb95e8fce85949

        SHA512

        8f2ad95d6a51c6e89259f89e3f5243ce2218ff27650440d46591718c6af0785ca72d3c1e24e750db2d33b0eda4ac55437cfc9373f86578f45307b8ed92b7506c

      • C:\Program Files\Java\jdk-1.8\bin\javaws.exe

        Filesize

        1.6MB

        MD5

        2393e4deddf3babfe11ff91a21548a4d

        SHA1

        2c899d13c59291416e2b57fcada1dc5b1a28abf7

        SHA256

        6cba5b522e6b5a2e84b2391dde36ef7b37ed535ce6ea661b15cda7330886034a

        SHA512

        6686d7bb4b2a259473a7b02eb750feb787e57dc8fcd458689312f2e7585a31bc6658b4c806f840ec5fe95b4a7d7ea8272cbf51dd1e7ddc50cdaaa5ac85b47235

      • C:\Program Files\Windows Media Player\wmpnetwk.exe

        Filesize

        1.5MB

        MD5

        8b036913e84e4f1eb8489ccc082800fc

        SHA1

        57e784159054c1e92dd9224b6e76056bca1b2334

        SHA256

        2a83ef339ce7d510184acde553f9254a27d5357a2dcd4f7213ed98686254dc07

        SHA512

        1e4522dea397cf24135431928ba56235e4b4c696e2fd6547edfc7094ecdc09c1213f47b1139d6187fc2349af28d23b22bde9230fa16e8c3e25bfadac931392c8

      • C:\Program Files\dotnet\dotnet.exe

        Filesize

        1.3MB

        MD5

        72b5719fcb5da5f1422cdfdb3a7ba57b

        SHA1

        2f1df402752f47c85466174acfba79ed83717f89

        SHA256

        0b7c73935d969679a4abf0075ca2005d0e8c4e5bebe719b9d6946a4aa62c3f1f

        SHA512

        d10b33bd7a8bb219e52d74530ad6b70aac85921fdae154583f961df89f9892be41a6c8de74ef164a0c749e8b933178ddad6e62b2ef7ddbf56dcc5113036827f0

      • C:\Windows\SysWOW64\perfhost.exe

        Filesize

        1.2MB

        MD5

        a34dd4ccfdee151657ae20966cafa388

        SHA1

        af2b6c33fd80d547987c7887808d67991f9d2d1d

        SHA256

        cada0c360494eda33dd03e48b0cffed27d3d3ebcd34166ec04dceeede0990ced

        SHA512

        76b83cb792a8fe2b3c88c8c098eb252634df48de7b20e3608e53de3bd27778af7b9153465721b41a1df79d1ada8d102667c196d191f95eae94139def9cda6a40

      • C:\Windows\System32\AgentService.exe

        Filesize

        1.7MB

        MD5

        66309c2e51670877031d2971a25e9452

        SHA1

        87f99cb8321ded16d7ea389419d97c4e993b2595

        SHA256

        34f689baa3778550940c65239c5ae9bfc9bdf4fd234836774bcc74ccab27b45a

        SHA512

        6b9f9b75313fa105e7cada27ae9f55e80dc5022ce4a12dc436e7b53ee9ecd3cbb54861916291732162b6b892f66bdd7a7830bd01419c8bbd3d630987516e3b08

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

        Filesize

        1.2MB

        MD5

        2462eaa9a2185d5e78a91860dd2f0b3e

        SHA1

        bdb2de692867b9a946b58002092c8d7a02c7dc3f

        SHA256

        a7d739257e1f8b40d582efea904d4d45d8778deb2f612794ba538981843c5ed7

        SHA512

        145c9029e7c49afb6ebadc2e7b00bde9886c2bfe3bb74fb6ae6829ec46b80275fc61e0f9eec7f5bd48dd001936eef3056b8cac21f8e53d3cd1cab32986364739

      • C:\Windows\System32\FXSSVC.exe

        Filesize

        1.2MB

        MD5

        ce5390e82338e1e9d098f3719f4c79b6

        SHA1

        6112fceadde6040edfb2a8f8e9fe73a7431625d1

        SHA256

        b7f268aafb6c20c1a5b2acd662bc554a32fe2e33e41c47a2f91312f7f07cc007

        SHA512

        4feaa1bfe91c563b3c18eddf92801ea5f7bbc67fb249bfa6ae5e6d0577ab112e9da50f266abde033636d6cfc7dfe79affa090ef9e0d9f10ff2fe7bd60ff40762

      • C:\Windows\System32\Locator.exe

        Filesize

        1.2MB

        MD5

        bf302e79f3792e99c32ae26dbf0859b0

        SHA1

        9e499ce32219248f2b4a7718a0ab2fdd35cdca38

        SHA256

        d0130c5e7a9d79a9600af6da6735d348650f7aab33fd2ec023bed2aa26930b60

        SHA512

        354870156fa0010a8bb066c56d2261cfbe12569a268c9d2e6e6029c1c809b32ce823e9a2aeeff7f8a651d30337fb703bb0280d58c4e126ad263374193906eec3

      • C:\Windows\System32\OpenSSH\ssh-agent.exe

        Filesize

        1.5MB

        MD5

        01b0fa3375ef16a9c18f788d2f53cd71

        SHA1

        85ce43cee95c631f165e9a9a2ec532d3914034c5

        SHA256

        9690a2086c20aed773613b11d6823f76b620af8f172680732fc614a2189ee738

        SHA512

        1cfda4d25e12c4f8307ff9d55ec4ccc10a4844f6ee547db23031db66c2097cb4b6bc657cccb4b3ad93275ee5d763230167c4b2db83c58c328a98d9176d54143f

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

        Filesize

        1.2MB

        MD5

        0c1ee1f05fb4ff3771a3560ecda4cbe5

        SHA1

        accd313bc43c4be006689b627ec284afa8c29a91

        SHA256

        8b710af05bf7bc2de55140f61f0585478b8c26f71c45e944a6f0bff3e8755eff

        SHA512

        d3607fa3b5090e9a6284b092fa1e12ea241cd13a90c2297cb87bb33d0346b0893c51259ae958680cb1bccc056abda9e9bad47b60e1fd7e61b406874f4c994b71

      • C:\Windows\System32\SearchIndexer.exe

        Filesize

        1.4MB

        MD5

        dccba79fcbce49dd3faee9006b3eea44

        SHA1

        6e27efe8b37868d3a499261effbcc04d54aff504

        SHA256

        78f0869a1db9c9352729115fe9081f7190bae0d3b18e9c7126cd7226d24721d2

        SHA512

        5b867bf561157359beaa751f0def990498414959822a8453cdb5f0fc53388174e2cb13f3d8c50e19f5e6fb936df7e2f9df01568f77fb01c883b7b59020ce930b

      • C:\Windows\System32\SensorDataService.exe

        Filesize

        1.8MB

        MD5

        4110aa916a34d7fbf52f3cd24a984bf5

        SHA1

        f38539bb82cc18e69e95edb6b888bd20994cebbc

        SHA256

        7f6ce29dda86f3111c964d422accabba24e53a51acf7cddd1382f292e471e6e5

        SHA512

        c965e7418f361c050705828de0ed7b8fb388e3a47f533ea83457d2cc55e8fb51a7ab38f1635995a0e3a9187dfa916c5252e90a3c7243f0bba02a3a7597f1eebd

      • C:\Windows\System32\Spectrum.exe

        Filesize

        1.4MB

        MD5

        fe4bb123f25d866c0192b08afd7b0234

        SHA1

        6ff3b21951c53ad44e6d1a33a93977dfe2b409fd

        SHA256

        960d0b7def3998fcef31f85ad380c69d4828febe354865a741e5bb779216c08e

        SHA512

        98131e3bed8bf8d48377702732be5fce4f6cedbb03bf49439a8620bf61d5a6cd56cb6a26a20117dc3ba8e62729cd2a7cf10fa6ec3198135a44cc9c969808d576

      • C:\Windows\System32\TieringEngineService.exe

        Filesize

        1.5MB

        MD5

        f9ce502fd0496408c11c8e978b096ccd

        SHA1

        f6fe9acc452bfaa65815819b9f68fc9357ee3e33

        SHA256

        488910a5bd1e370c1692be7b00e844e773fa056b621877cb6c39bc013497f7da

        SHA512

        dcbadffebd3293f4e89da1af0fed8dbb8ba2627b9aa75051ae2d83f636a4027a50c7eb77cbc0382ec5006dedcae763a07f6fce5d2c58e9bdae5340fc271efee4

      • C:\Windows\System32\VSSVC.exe

        Filesize

        2.0MB

        MD5

        9f63421a20af22bf9a2227f7392ee6b9

        SHA1

        25f6b720d8b53dbefb662a9e90b83fbd618c0994

        SHA256

        02ffcecdc222e4790e6a3edb8f66d815f9818ebb1fd196eef11cc2df53ce8559

        SHA512

        259e021bece4285410f20c09c20015c5c6d0cac8693f19b3e48473e09de6a164edce71f94c8eafe73d6194ef0ee32656fe82f1f5e7f7c76b56022f4e815c4352

      • C:\Windows\System32\alg.exe

        Filesize

        1.2MB

        MD5

        c1582ab1ab1f374b35e25d7d6b95f340

        SHA1

        ff8c79c89e1d7f2d2fbb184b79c2a39ed77bb274

        SHA256

        fda6e2b8f96624c234af5287a38516e1468753171d8e2b6c0ef8adb7bdafe749

        SHA512

        037919930f59d0ba59e03ebdce99a5dc25c771d8bb0945b6266b0995bc359c4f29b40efa30c244a04504ad596333f955b8e257223a6cca27a9807aeddc3629df

      • C:\Windows\System32\msdtc.exe

        Filesize

        1.3MB

        MD5

        30fa9f50189b9c2f3f9ae8f724821f43

        SHA1

        d70ba24bdb7030f6bdd8ad5719773bad31314e61

        SHA256

        c486242a36501cea84a72ea4930428b9f66116ee8f6c2afa8ac5330f07df696d

        SHA512

        5b6a1d1777b6e1ae52db5909428a17242ad261e4d9a0e485e19a3ad751fa26bb2a5dbd43d62a3dc41d336821fb4b804c8a15e39d34c624dc38a18da6fcaa1472

      • C:\Windows\System32\snmptrap.exe

        Filesize

        1.2MB

        MD5

        79a07bf745803897a6a897fe16dd9123

        SHA1

        e0b14d2a91a28660856f41ab4b6e65adfd3dfb3e

        SHA256

        425e3b7a77c05372e29a5a27654531fc6fd44dce15f1ee454a43f59ecbb49a84

        SHA512

        97da827280620c7d1b18da0bc363e40da81d70c8f0a1aaaccf95b709b69876696a6d011455fe3d59f0f47d6484d7c800a9979e61f33011e458d90f07f47d2dde

      • C:\Windows\System32\vds.exe

        Filesize

        1.3MB

        MD5

        a599d51f62f074855fc9dd55dfa8ef99

        SHA1

        8a17d24ecd8d58cd38c73fad3069737d5bf1800b

        SHA256

        292b62b75301f97305d4d731b81e44b81a323086d2a40a7fff08932bd29f41f9

        SHA512

        d6fc275557db093ebc7f467020c656355f1eb4dea5153a09a732781c1ae3313e91457f31542bd1f3f11eccae016123afe1784a4a89adf32b8f7c530c9e562cc7

      • C:\Windows\System32\wbem\WmiApSrv.exe

        Filesize

        1.3MB

        MD5

        b22e868f9b9b430e87b5f15303bc874b

        SHA1

        f78fb4a619889123f33282a7a619530561b3faf9

        SHA256

        d16c9b840d263963d168acb11dfda943b1b7044f3021d85efbf2bee843869b0a

        SHA512

        02444f912f28aad8eac1a39b4d6629dfe82e5ca1e2655124420e4daa7528049fad5269f91a3d65afc64aeb2ebac27693087323dcbe0264f6f26947deb5efad44

      • C:\Windows\System32\wbengine.exe

        Filesize

        2.1MB

        MD5

        d6834863a59418dccf600337d4282e99

        SHA1

        e00eaa3857d1640f7d751ef5d5bc6eb212de42b3

        SHA256

        2362356079e491b166b481d034f9aa8496b93d9a51a9db710a1d3ca5913b7ff5

        SHA512

        52ad4f4aa38f143fe722c952ea862689c7307e69bc72bea84193e8de99459f2a5a40d7f731abab2d86562011a85ff7eee56995814c2f334d177f863e886ff7c7

      • C:\Windows\system32\AppVClient.exe

        Filesize

        1.3MB

        MD5

        fcce5de4fb7fa34610a53869b9c6283a

        SHA1

        a7afdaa47754425737e0d0d32744f46834911d29

        SHA256

        412b66a982458774861a2b0a3f2701202ad075d2a49ccb990b665f7877d08706

        SHA512

        372a41a5d7037aaa2077969657d40ab2d315338271ff5f521db1e46357a832a01fabd4eebf1469893a3d5d07613122e7b47aec24a93e955071c570fd99ddb322

      • C:\Windows\system32\SgrmBroker.exe

        Filesize

        1.4MB

        MD5

        2b4e4e6665fa2f7acfe5da1b39f8f8e7

        SHA1

        4d6b0b8b42851191309d040e9c9ca6a8f9d53be9

        SHA256

        fe3fcf11b09cd09f72d16dd85442eb8636e24427c19759a90f5351b23012f4c3

        SHA512

        8abfa64c5f78c5a2fbbeab531d03bb5c3f6a54bd6c9b18d452f112a98b328310380240f0a9ac062cb82013fa1f32e051875ad72563b8702572b37f68ce5a5a5b

      • C:\Windows\system32\msiexec.exe

        Filesize

        1.2MB

        MD5

        0416b42283f992ce08d5425b928c47bb

        SHA1

        72a6f6d4466bde4be46fafafe4a0f2c2f0daf99a

        SHA256

        f2e848be8721198b23aa63f1ac1f997a27ab47c291aa4d025bb5d327ce4377e2

        SHA512

        ac15a4b6c54977d6ebfedfa6d72108b616eeafd935e723718baaa82841a1c6efc1fdafa09ba12b454a56a1c804a3d258c0dd0bee7fdfb9a9b157e6571bd85885

      • memory/692-215-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

      • memory/792-214-0x0000000140000000-0x000000014012D000-memory.dmp

        Filesize

        1.2MB

      • memory/1168-274-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

      • memory/1168-590-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

      • memory/1312-588-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

      • memory/1312-213-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

      • memory/1360-210-0x0000000140000000-0x0000000140142000-memory.dmp

        Filesize

        1.3MB

      • memory/1428-12-0x0000000140000000-0x0000000140141000-memory.dmp

        Filesize

        1.3MB

      • memory/1428-21-0x00000000006E0000-0x0000000000740000-memory.dmp

        Filesize

        384KB

      • memory/1428-13-0x00000000006E0000-0x0000000000740000-memory.dmp

        Filesize

        384KB

      • memory/1428-218-0x0000000140000000-0x0000000140141000-memory.dmp

        Filesize

        1.3MB

      • memory/1520-208-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

      • memory/1836-217-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

      • memory/1844-90-0x0000000000DB0000-0x0000000000E10000-memory.dmp

        Filesize

        384KB

      • memory/1844-89-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

      • memory/1844-48-0x0000000000DB0000-0x0000000000E10000-memory.dmp

        Filesize

        384KB

      • memory/1844-39-0x0000000000DB0000-0x0000000000E10000-memory.dmp

        Filesize

        384KB

      • memory/1844-38-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

      • memory/2028-61-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

      • memory/2028-70-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

      • memory/2028-67-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

      • memory/2028-425-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

      • memory/2072-81-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

      • memory/2072-8-0x00000000023B0000-0x0000000002416000-memory.dmp

        Filesize

        408KB

      • memory/2072-0-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

      • memory/2072-1-0x00000000023B0000-0x0000000002416000-memory.dmp

        Filesize

        408KB

      • memory/2272-230-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

      • memory/2272-583-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

      • memory/2284-219-0x0000000140000000-0x0000000140166000-memory.dmp

        Filesize

        1.4MB

      • memory/2628-211-0x0000000000400000-0x000000000052E000-memory.dmp

        Filesize

        1.2MB

      • memory/2632-252-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

      • memory/2632-585-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

      • memory/3428-589-0x0000000140000000-0x000000014015D000-memory.dmp

        Filesize

        1.4MB

      • memory/3428-263-0x0000000140000000-0x000000014015D000-memory.dmp

        Filesize

        1.4MB

      • memory/3460-216-0x0000000140000000-0x0000000140199000-memory.dmp

        Filesize

        1.6MB

      • memory/3692-92-0x0000000000CE0000-0x0000000000D40000-memory.dmp

        Filesize

        384KB

      • memory/3692-446-0x0000000140000000-0x0000000140150000-memory.dmp

        Filesize

        1.3MB

      • memory/3692-209-0x0000000140000000-0x0000000140150000-memory.dmp

        Filesize

        1.3MB

      • memory/4080-36-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

      • memory/4080-34-0x0000000140000000-0x0000000140140000-memory.dmp

        Filesize

        1.2MB

      • memory/4080-26-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

      • memory/4128-212-0x0000000140000000-0x000000014012C000-memory.dmp

        Filesize

        1.2MB

      • memory/4256-56-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

      • memory/4256-329-0x0000000140000000-0x0000000140234000-memory.dmp

        Filesize

        2.2MB

      • memory/4256-50-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

      • memory/4256-58-0x0000000140000000-0x0000000140234000-memory.dmp

        Filesize

        2.2MB

      • memory/4624-72-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

      • memory/4624-86-0x0000000140000000-0x0000000140166000-memory.dmp

        Filesize

        1.4MB

      • memory/4624-78-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

      • memory/4624-82-0x0000000140000000-0x0000000140166000-memory.dmp

        Filesize

        1.4MB

      • memory/4624-84-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

      • memory/5040-240-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

      • memory/5040-584-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB