Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2025, 05:54

General

  • Target

    2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk.exe

  • Size

    1.6MB

  • MD5

    9919f5cac21ac109d52310f6b86eb7a3

  • SHA1

    8cd8d9204451a6209e79422888ffdc5b3b32c985

  • SHA256

    c697b3b40a2115c5c7e2d3fb2da0b3ac26b6caff42babcb1b4522128f008818f

  • SHA512

    b1a2d036c3b3b374b85e01d2663197a23b7e9887936530be012978153d1628009794e838b189d317a6ba7ae679c88d0cd9b487550268c6b5df1ebf7a80a4a0c9

  • SSDEEP

    24576:6NB7/gE3mM/SWWsbT/cq3fNuGGC5SYCSNyBo4kx929bL3Hnx:ABrgE2M/yk/dWB+kn3Hnx

Malware Config

Signatures

  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1416
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:1388
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1580
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:1392
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4452
    • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4008
    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4116
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:3672
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4628
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4656
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:4788
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4568
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:3156
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4396
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:5004
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4976
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:2928
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:3068
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:3144
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:6096
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:656
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2644
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3956
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:4164
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1748
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:412
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
          2⤵
          • Modifies data under HKEY_USERS
          PID:3716

      Network

            MITRE ATT&CK Enterprise v16

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

              Filesize

              2.3MB

              MD5

              5b2ff31ecfda32d6bf5d9ca07ee3ad50

              SHA1

              8eb72a1d74677130cf2b390eb58bc80b6d929945

              SHA256

              d0d936f4309e0aeace953c3361847883c6e4d18e3aa623432190a8b682033314

              SHA512

              c796ab2cd3c710c19b341a254f09081bd7efc8acbdbf4e3457858de0d7827e23417d124a4e104d431def72fd0595ba4c045ed8a7414f113b519d5ba54a42768b

            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

              Filesize

              1.4MB

              MD5

              72a8fdcfdc74fbf6fc2ea4451805ab2d

              SHA1

              2a621028b2fed19511911b82cda64b89efec66bd

              SHA256

              dfff8e0e255ad70ea2e8df3fdc0a13566d420172cfb33b5cd17636b1c638d100

              SHA512

              a72a58fe9b0bfa6b9b645447182f8f533e0a9357c1789dd75eeddc5920e5aff5aa0dc273c45457cbe90cb3018fd881c73d9a09a192d8e24b04fddc981215b229

            • C:\Program Files\7-Zip\7z.exe

              Filesize

              1.7MB

              MD5

              be20d36ea13b9826c4abf643d20ac3a1

              SHA1

              702b796f92f4bf2453ebe082d5927b587d3b8093

              SHA256

              ec36a8b6e6d9e70da69349fe424a66fb5d2fdadee879d3db6f3ae6e8d0abfaf1

              SHA512

              25dd3d7dc8da97f8c418cc38ba43384f9cf9f860d88c1d6ae0be0912410577f38f3759c679d5d3d6897b94b98e5c01530035aa8447212f1039e4aa2111d5cb54

            • C:\Program Files\7-Zip\7zFM.exe

              Filesize

              1.5MB

              MD5

              2bd7c5ee519ae2b660c5913208370183

              SHA1

              d602216785892bee12d4ca48e42773b50fb8b4fe

              SHA256

              486f4f3f1241ef8f6f4c542f20957ef4841301ae8c5cdb3c1d9a94b8bc936289

              SHA512

              e4a7e6bc364a279cb1bb5626f4fa27edeb6b8b361f73657b7b2d6e9b9114a652e8e39926ff6b8f60a36e62ad019b5c23be68e77f8460f3ce293d43cda72de2bf

            • C:\Program Files\7-Zip\7zG.exe

              Filesize

              1.2MB

              MD5

              812b2940dd6bc0656531c02c04e28677

              SHA1

              2a322fd117ebfdd389f5a43f98ff742903b59e7d

              SHA256

              a63151ac43c1ac89a41ab3dc74dc95295c03227eee3e9ecba14bb291f79923c7

              SHA512

              27568cb2dfbf8224e98efb4ed70ae366b5938002070c591ad4fd824261c750edcf052b952e28469d05f9f9e290bfb7345099aea66ef51c4a5c3a7c5df3f79f13

            • C:\Program Files\7-Zip\Uninstall.exe

              Filesize

              1.2MB

              MD5

              029f51db55861bb0f362cb656cf77e09

              SHA1

              4f6fc14c46ea68a48d3b6a6514318d88ce610d22

              SHA256

              e38f6d73721e8f2370b608c1c64d2a4e8bcdd45f025afa3d8e0c489dd2b22d6c

              SHA512

              f33588206b6662b44a1c42be4bd24f8effbbc62f9270708f80ec2ccc9bf73df093e794573369a5963111ffc55b38d740087bc3d388df44f35ca8eb62bdafd772

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

              Filesize

              1.4MB

              MD5

              4f5a751576e31893bb7f0ce7a4a8c090

              SHA1

              0a6e8703b0fd66a349a203d6c6eca86a02ebff42

              SHA256

              5807be0547680a2d95e33f3dd7b2e2395f9357f23da69d9e1647ac0df17b3498

              SHA512

              9b81ed4244f1cc103fb17dde990f87d7304db1ad2f791bf41451b90d0138ba42b3a58a45379f2119bd0d1f07e022486bda73b4e157b4ed03a984b7702ac72e03

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

              Filesize

              4.6MB

              MD5

              74a286f754d5d0978470e061150dbcf5

              SHA1

              f619f99de64c388549ddb151d5f26fcdad128b9d

              SHA256

              0942e5dcbbd15cd7950780ce38e9b3077dbd2491c5930a9c141cca16a973f07a

              SHA512

              45e4587176a1c1861c52aa6ed865f92781468799495b85af231b6e6287d0eadf4b9b7bc80ba7f118f90f1eed3441370d76a161fc59034e473d19ce8709584e67

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

              Filesize

              1.5MB

              MD5

              99413ce170dd77aab2385cfe59d4fc4e

              SHA1

              8d5f125992332fbbd159930f8a4f63950adce763

              SHA256

              b7c10f79599c20514f56311fbc5b46ee460748daa324705855657c3e741decd9

              SHA512

              75112d20bc48c5eb31f5332ab257dcbbbb81ed6aa24b373f03998b5afc77867ff50e8aa49d3e6ebc393f46cea22d32da8cdb12529f243a503de9367f2a067095

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

              Filesize

              24.0MB

              MD5

              7ed774b323e6ee480956142a5a7c7da3

              SHA1

              d4db7e8b690c74a8f65574f5d4332fb1e5a6ca83

              SHA256

              ce5c75275954f12b413a426ebd788c55d0c7deca85213525a0a80ea04079ea51

              SHA512

              675a79f74172f50f4c5f3426c05873cadf6b0b627c14302e28f72377991d758c593ecc9498d39ab3c9afbfe21fd2f1af41fe0714142864c44a1da84df49bf1de

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

              Filesize

              2.7MB

              MD5

              71e78d74db55f68a13a5748ad85160da

              SHA1

              000388479b575ed82dc0fa314444651a975b285e

              SHA256

              5d5df67d79cf95340030c5043ab5491978a1d2d91b8af3d375f27dc9aaeae6e3

              SHA512

              3bebd4bc9481263a01085653ecfba932f17fbdc79c06d177dd24f6ac60dcf818839bdd60211dcfde38d3515f2c385890c21be61e006abaa1acb7620f7ef60be4

            • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

              Filesize

              1.1MB

              MD5

              165f490194ce64bca7c717b1c1ba8f71

              SHA1

              3e42269447ada1a5775b8b0b6e0dfe536e01bdd4

              SHA256

              5dbb04ce5c5ceb4eeaee9da715cb9d6c19682e1fd03e4f96e25beb7c0c31db45

              SHA512

              3d1cccf8083daa54d10ba42f2657680d1df58436ee84c85cef6de25548f288c6e9645baa3900bf7bf514d530d994140dba94e85a12ebc3fc25fbd7cc77139b39

            • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

              Filesize

              1.4MB

              MD5

              6afdfb0c48193572990f575824c3b6fd

              SHA1

              092c8c4b41c62b469ac0fd3662e953704b02a2d6

              SHA256

              3a7fe5947bafe38cbabf655c34d51013899b8b93350ffaf8a6ab814562cbc915

              SHA512

              de1bdeed1b01d81101b45d9c15fe5e8b17a13e4f950c425494147cdcef259469e6d6f177acdb6287777cdee07a1cfb58be11679b2edc0f4895a124af0464db54

            • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

              Filesize

              1.3MB

              MD5

              c4aa8d5f6b05c4a4709cf300a9692be5

              SHA1

              0369e1bab7377f84c45ab891fefdc9f020d58a2c

              SHA256

              79241b59b01c71ecac00d0828be465d065aa33dd5b1d4920786415d8bf25621d

              SHA512

              e707e8e4d9468da9ea2e87c94bbd532b05fef461fdd10593ed50fb41c3613b492cef58e0e694f131ea34784d50e899c059e2fc0f8f07af2549b52eb88058ef2d

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\chrmstp.exe

              Filesize

              6.6MB

              MD5

              33ec870d960328ecb6126a03eb564c5e

              SHA1

              612f4db5b20aea73a8f4044fc37552a2e585994b

              SHA256

              b1babb5e2feed22696e8396c1f1f7149041a8256d7628a756fd75bc52dc55b36

              SHA512

              a5651def36d45cb3db25d6e3eddbdcd4a0ecf99485dadc3050c12ba9e5927ea7e54d5c6d333863decf45e89001b04a1cab01e8e5419826e81371a99cb89172cb

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\setup.exe

              Filesize

              6.6MB

              MD5

              f7b0b7b818ecef337258c6e44f6d638f

              SHA1

              b05d8cea8a79d6bb764e765b32970f16d71b1c1d

              SHA256

              35bc0f91ca2b0cb6103e3e39f7ed3d2b3c2f3536e9340c18afa4c0dc1250e59e

              SHA512

              4e16e2d294eca35b7483d89b960a711baaeaa4abe3f1499d41d103ff30909f30e5b13ef524ca21ad650e88535116c817925d03367a35f56cddf923b49a3142a8

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_pwa_launcher.exe

              Filesize

              1.9MB

              MD5

              896917fd38f820a42f43e48ce52f38c2

              SHA1

              81d70f3f1156be90ba313fe3a0710cace7fe65c9

              SHA256

              29cba1741c60b16c1c5b29b420e39fa63af5960f7390415d5ecfed4489413a17

              SHA512

              eb06a7fe18174ffdcd83f6625d56a103a879eeae0a27aae02e7203a29b3565b254c7cbc6b68309f96dda9151dce3d37ba3a8b4eec0c5ef9faa29ee8bb6df6890

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevated_tracing_service.exe

              Filesize

              3.3MB

              MD5

              9cfdf40eb172e5c181f25c1daed643f9

              SHA1

              d3ece9c9ba4b8cd600bb3aa92b829516c1d0c23c

              SHA256

              cad59a067df8dcfd351858eac1725171d8d0b6226089535beef87ca4570ced18

              SHA512

              1ecc833c75c8ca2fc1774a2b993101f1f51e3569ab1ddcc910dcfe9e2f2bc2e34a6e5bbf680f0bb3986ae7691a1970e7ccdb22fe30c22aed61794287f886befc

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

              Filesize

              2.3MB

              MD5

              5188f499355658b0abda03a1dcbd0405

              SHA1

              008920a556ee08ca7501bce44edb2896c14b4e39

              SHA256

              8d4b1c12917b9542f593e6b4e1e0151befe3c85e65a97fe6d85f5c9d292253f7

              SHA512

              0a20fe90a77d8cc74a93c13fa311211c6cde746c882cae59548d67dc1f5594ea13e17a697135c90e26b5c9d7d4b4e0fa400a5f1b1d0752096809026bcef528e5

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\notification_helper.exe

              Filesize

              1.9MB

              MD5

              f4c5e780685dfd8e2e2e834a16d60edc

              SHA1

              1f0f019b11450bf0940fa9b299b6ff6d0da56731

              SHA256

              07fa93843cac08298d1555a32d5d31738c41efa3289ddaa23ba64c234738282b

              SHA512

              f6a450637f9b88cbca32f6e0bf391eb31db010bf241664f41079907ddf058ea742782b2e65f4853a587232ad997753bd0e349252533e11178d723c6fcdcc63ca

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\os_update_handler.exe

              Filesize

              2.1MB

              MD5

              6272c377b8be53b1e29b3d6f4baa408d

              SHA1

              336aa3eb400c664d38322511ceceeb3d1fe92aca

              SHA256

              c3e2333f35d84e329e1d87356d3c98e3551a046b3c2dab2b89a2601f2505f461

              SHA512

              7515c13f4dcae5c10ba77ac19cc7054e2620c664cd8fb1e7fca0e5147fc272eb04068dbae181da0a4aaf90c4168a872caffc0df38477085f01cfdd43f8c45c72

            • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

              Filesize

              1.6MB

              MD5

              65c79a697b6247331abfa801009cf1fd

              SHA1

              fbdae286801edf1d97b82665f1b47ddd0d2155bf

              SHA256

              a06283a72bf3f0f5dc07f93aef1756e6a6a0716d4af2eee9b66f4e139527e55b

              SHA512

              efffb963ae385ef555c348a4efacf4ce5f3d214cc172ea74786c7deb373a56b9769354de2fc806d0d4f873f11ca67d11492644e41ff5c49922112ef6a759d076

            • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

              Filesize

              1.2MB

              MD5

              e3ebd2cc227643343ba5d9d65385ee74

              SHA1

              2c1f86ccbae3bbd31f06134567a280ab116cd8c0

              SHA256

              e4d665701abf7dea3b6ebc944664f5f97ea55f46b979a5a44a52dac7d2baa6f3

              SHA512

              587ca6aa1ba04b36c43cb45d22f60a4c2a79475f8aa08f7a88cee64f6591ecfa8f6eb8202e581d4c0ef9c0d39e3daeb2516609550fddd7d47bf20cdd294b666b

            • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

              Filesize

              1.2MB

              MD5

              6e6f52b6d3c775c0fa98c7bb00068e2e

              SHA1

              8bd08531d6bbda19281d3d90abc22ec57520fa3a

              SHA256

              79e6b20b269fb42b28de251e4e2dc8d6cc973bf9d19577a0a56a6a7a656eb7d9

              SHA512

              59b7a1514eaeabe4b2be968adc2892267cb8fc39cc02f4f4da5d910d737667c20fb5062c23d5aa145adce011768e0085a132f13e3cfc39937c95f367bcf0b060

            • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

              Filesize

              1.2MB

              MD5

              226d36f9e4f8463a3d1ca3882ff37c7b

              SHA1

              cf162c252cc47756348e9d83f1ba45c20c648224

              SHA256

              b5125b938feb5cdbcc1bdc4246a45e2469d218426a2031f7c9b1dc5cfb0a9c96

              SHA512

              a494493f54419d057f4802fc76da592a68e4ae88739abfa90319c7b16a7e4e8f04d45735396edd4af18f16ca04d06f3b42a376399e9366b6a3ce2da1878eb18f

            • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

              Filesize

              1.2MB

              MD5

              a0258c9033e848a4b85a26ccad682414

              SHA1

              0b43b066d54b3fdc1da61a646855087995bbd7a9

              SHA256

              81f4121678dfbd70fe32c379abbe1db2e30ae13a6d7e9c41e160dd94b6b28319

              SHA512

              10b2d50768da27fd4cf248e6e3cbca42d7ee328a12b7e00f0af6124e568be94afb1128bf2ddcdb976a49bae209014c0c4e0ddb1e637f8d5eeecb5bbf13d86528

            • C:\Program Files\Java\jdk-1.8\bin\jar.exe

              Filesize

              1.2MB

              MD5

              9c7130953d5553f46840f15ce3207ca4

              SHA1

              a792da28383bfe80b70005a3820c0423e9d35e59

              SHA256

              f2a7d3c47112eff0c8e598804c7298b9a1f8449590497395b4ee1a36a3adf80d

              SHA512

              44c8a87831c7e694b6a61adbf1b76bb6c1ee6e4b3a461ae56f918d36a1db012e5be4f09055798625671a83ac0af6ea350f69e9f8ceb23e797b1caa34849ebabf

            • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

              Filesize

              1.2MB

              MD5

              358f3bf69cae19271680780110a6fb26

              SHA1

              789b5bca46530c98395cf1a89429bb1ac970f4cd

              SHA256

              a1dfba382f2d9c6e29487ce0031921bc2c92f3e74b3ea6f784ae040c583a04ae

              SHA512

              672d5c83224c59232d87fca8e3101192862ec38a8316c35efbe7bc5991aaf7d597ca7bf4ceb47855e22bc823b204fe4d599db46e30c6e22eb1e5e73d2cb04226

            • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

              Filesize

              1.2MB

              MD5

              b9c9014752bee044e774adbd45fa2f3f

              SHA1

              e40f1d6ecffa72b814e319e54b500febb690fde8

              SHA256

              b5bd285f134d153297ea4ad27b3fda2e7bd5f969fa192308e5224b1592019254

              SHA512

              2bd7db7987beb8ec94b7ff5f6c0e6ef917f985a95ef7eea3258b16600457ef7923f9c5fd1eb6f5a33e69c840e3ca168e9f6554145c559351841a0a0082deb4bd

            • C:\Program Files\Java\jdk-1.8\bin\java.exe

              Filesize

              1.4MB

              MD5

              939bd36e9bdbe14967e35c7c189dd085

              SHA1

              b360dea793298925c34b1a80bd0c9f67389ead12

              SHA256

              56266d4eacc57912e5ffe66467e2dc1c52abbbb64f38cc3f3fc572810779a741

              SHA512

              5139915bef0b71f6bbffb6644e04c32c2dd4b266ffafee24ed65d18621c6698c207d47fd2504f8126101e4545d16a91d67f603f6d3cad4def9d5daa0ac7c9a11

            • C:\Program Files\Java\jdk-1.8\bin\javac.exe

              Filesize

              1.2MB

              MD5

              a6662853c1f1f34cf5bdde3ac717cb6e

              SHA1

              bcf3819edd18bc08257590b5a8f59b64151fcc07

              SHA256

              c43c52de544b70fb490e06a1fc9e100d9e4668daa3e9fcd9751afd7df7706e1c

              SHA512

              1c78fd0fb2f54e6a5efc896faa10c88a7796f20794e4ffb71f9677bc45d63b3beb630cd7891f90cba7f8713cf1c62e85812bb62f3fb3eb01a73e7d9d450e40ae

            • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

              Filesize

              1.2MB

              MD5

              4497be5a59d4ed7d5d727e72dfbdf667

              SHA1

              405d8d47631018091ef1889802497850787f7c06

              SHA256

              56e1c9816018f9934815591ec99a30ffdd0cec5f212573da1e7095ee0fca6c0d

              SHA512

              65e7087494431c19746bb0d5914652cf6929ddec1af63de51f577455a986d8290f1df95cf2bfade6ef4ca0ca726eb087b6ade319946d396a56cd6fa3a5ae44a9

            • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

              Filesize

              1.3MB

              MD5

              77cc71899236e77e558fffa702e976a4

              SHA1

              549fc0b11e321ef91482ea81b8b5292df0b3d0d9

              SHA256

              d0d8137223b5ae3dbf0c34bec0ce33d46a41589b3d6c42923fa9e8ad4d64522b

              SHA512

              713d3e63a57fbfcfd03e3ecea1b98d440b902f0b453c3a0777881459437eedbefcbba9972f151368d4cd7d92bd870ff24dd8826e4a83d5b0a8d5e1e2649ad979

            • C:\Program Files\Java\jdk-1.8\bin\javah.exe

              Filesize

              1.2MB

              MD5

              161982de9ef951e6b7fc9e5b155be885

              SHA1

              6fa7da0c97fec2fb0581c053c0e406e9f1c1cd01

              SHA256

              694e48d2c8cbb2e76a37843907d8784428cb2f98b15751fd4c8fb47cdeb002a6

              SHA512

              8660fa5bda435d5909004b06d9332ab7f89952811d57941414756fc9835f95732afa0bb2aa3a146fe9749a7a10c3c8ed0589448d583169a76aea2cb67a6dbecd

            • C:\Program Files\Java\jdk-1.8\bin\javap.exe

              Filesize

              1.2MB

              MD5

              55fae27ac0425898df8a8371d8dffe00

              SHA1

              c32e62070edadd1b3593d82831b8a4c70253d59b

              SHA256

              9e5a8736d95847904684274a05f3dd9ef6534a2784164e77c4e40419a48e03be

              SHA512

              8ee0bb8613f2ece94a6f9246b327f36cdb1784672df35c3c8c2bb3474aae41577dddd5ab7fba1f8a18b8affc6c1601ff6a95a0f8d3a4553f8cde5408858534b5

            • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

              Filesize

              1.3MB

              MD5

              96d35501cbe7c72fa656ea51ce4dc812

              SHA1

              8a216b76fadb6b1c9f287f6755072fabd0a7fcba

              SHA256

              0fb2dca1ceca5286c2b4123dacc7cc33f779dc3b2149a4a00a12a035250191e2

              SHA512

              0d26f2e4406302c9c7bd91e812f228f88a91153e0a141a0c5969c295073ef144241e19081bc27a209c9fa06337b29b65eddcc404ddd59fadab9b17f34b801ffd

            • C:\Program Files\Windows Media Player\wmpnetwk.exe

              Filesize

              1.5MB

              MD5

              bf9b4f850670672ab1e48a29a372daf9

              SHA1

              2b52f65ddc3ff25b8ba89c7a832c0e7b77f99a35

              SHA256

              4376ea07cee1788c0b7bf162b3517af4c8667dd9569bc79a2e154a1766e75ec6

              SHA512

              1a77716133211117b9a68aa857640f5eabb40f11f8c93203da664a3158d41671016f5e087daf9026eb62a7f1550de5a08d520ff000e99cd4fbf3eba6ecfe8a48

            • C:\Program Files\dotnet\dotnet.exe

              Filesize

              1.3MB

              MD5

              bdc2f7673eb796b1fa92e43e9d6d30f9

              SHA1

              9b6351f6caf1429d26d7be1b5124105d7f3563ee

              SHA256

              e18de804ee2f4f1c56b0ccd0831a2b8a298d3831d01ec669a2cc6240aea2c71a

              SHA512

              b8eff382dec263a66e150c4730fb34d10a6b31ed5ce2f4f2e2d911c970fc2c7b3bf978b8aaa0e934d89334f5f39c1c3cf52a0774c1a41ee865febe59823dfeea

            • C:\Windows\SysWOW64\perfhost.exe

              Filesize

              1.2MB

              MD5

              6e1a327b3b7297a48aa6f201e9d0020f

              SHA1

              1edcdf6646c5cb901be6ba1f70a3fc2e870cccb7

              SHA256

              7e2739b0b9a2ce1254426f3f20a222ff9b64936c09913f2af8bf34c3dd10c6ca

              SHA512

              8c5affe6972181cf08deb5df7ccb978e979c78e33877e18aad1659957f19e01e3bf8762d027a39e0039af8786c592db86531d94421864b4e1d02093815e09854

            • C:\Windows\System32\AgentService.exe

              Filesize

              1.7MB

              MD5

              e018206aae43f8196f34b50b0aefc8ce

              SHA1

              e6fb123225ce1dca9ab799b7b20c2ecc53da43e2

              SHA256

              7a8269da4d44e68e370cd8439c45d536e242db114701c597e5a84c91efda4091

              SHA512

              fd03fded8e84cd78916c560b38cd6d3b25dcde833adf40e54f1e038d5fe3a69de32232c7cdffb4a7f1f41f44097dcdc6ec3420120c1ecbeded0678b1b4aae21a

            • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

              Filesize

              1.3MB

              MD5

              b9648ae6091b6f3265e12e3916dc45ec

              SHA1

              c38a4f7fa84bdfcaf21db3d340859e06174bff9e

              SHA256

              c16db618f623d49d535423e1df96a16d2be25b36a12a299537e2a8ab6b3a4749

              SHA512

              55c3a54d9593ef980193979371a9bebfece9e35e9042513551fbb4d5f9769dd992fe7a5c97b10785e3d757a44d6a2b7b226c9139d11ae1f0c0be5096bb9be697

            • C:\Windows\System32\FXSSVC.exe

              Filesize

              1.2MB

              MD5

              cf2ae184c02323b81da0c66f2fd9c28c

              SHA1

              524a7ae65376e82282cc9fed21c16580d6360dbe

              SHA256

              f3febe63ea87c2841a32a69879840b131106b1134a5e35472f9153e72283e7ad

              SHA512

              8ac816ed275742cb1180cf9e4310b1a3dfa946c4fa63bf486d32d867f793a77734c7190650b64010860d0fbf1ed110640a2aba8056aafae7f6a3069ea256ac5f

            • C:\Windows\System32\Locator.exe

              Filesize

              1.2MB

              MD5

              646b67fff58617819f90a13ca7b67b55

              SHA1

              b2aacb6cf93ff261782a9b10ff77a281ef9d3697

              SHA256

              804c1117fa6a4af5ce44d3fdadeb86ed1beb91c487451f3e7e8a851e4116a07d

              SHA512

              68c7d53768eeb5e3df72ce44ec77c4e6940418c0ef87dd4a25b32af8d8686fa68b28eed78a8a60e5045bd9e2600ef1602d65a31f1fb773aa54c0faa5dd7fb136

            • C:\Windows\System32\OpenSSH\ssh-agent.exe

              Filesize

              1.5MB

              MD5

              17cbd7fbfd76f85711a30d2826064c6e

              SHA1

              96bbe5e51d55580b91154a878cc13e0473ea7f98

              SHA256

              15d142021d5e848830e53c3bac37986e8fec401712530d7fd959e1b99a1b468b

              SHA512

              7c558fb1d90cb1757c9f1a53ee2be3e10b2bcdbdc2382d194b618b5b8567a2ac5df92362e5c7884af3ba52659e0fb10a8d7fd1c8335ecc1ee205b1cb9c94d32a

            • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

              Filesize

              1.3MB

              MD5

              1e5360abbb92085e1ca3178e89fec51c

              SHA1

              fd49e5c8f27cd3b5d990fba2a074000dd5d8d2e8

              SHA256

              fde8193e1d38bdc3bc3ef8bf6f88a17f8c77c92519bbfed908f00f956b308364

              SHA512

              cbc21a6b2dfc384a31458458232330f2f907512f4e9aeda7f5957e3d83ce02dff0c659a517a3a55be59d9ddde2f1864edacbc280c57d498ffb64f7454bb40d16

            • C:\Windows\System32\SearchIndexer.exe

              Filesize

              1.4MB

              MD5

              5ad3b1b29fc69526a448b47444aa7848

              SHA1

              bd533b8c92a8948b2e1083f6b978a4d4c065e18a

              SHA256

              f9f58f3dc3ad08df175f0e9030cd5318424d764ffcb3dc54b662c792ac072451

              SHA512

              9957def83a521480177b73803f8fbe58352fb9840442797b5ddd3b097e7fd6a6424e5a11714e8611ed70d4fdba13e88d853435b391adbafd92bb94a8a20e553e

            • C:\Windows\System32\SensorDataService.exe

              Filesize

              1.8MB

              MD5

              f1684e759d1b905f6a8224ec38209101

              SHA1

              5e0862538953dcb94e1e5438b8fb34d7cafc9baa

              SHA256

              0acb16e49b6cd6536cf63d6d366ff4019f9fe58fc020503f299c4552f415fdbe

              SHA512

              a214f027c6ecd0eaa535134d1553c52241b3f55c5e36b4937982f5db60fdfde990976695bef2b5ab32460e6229e73f38e2b46cd381f46486103cd87981a4854f

            • C:\Windows\System32\Spectrum.exe

              Filesize

              1.4MB

              MD5

              fd7986550ec8c317605558678153ecea

              SHA1

              45004900ead973a29699af68084353c52be448ba

              SHA256

              03918ec4ad8a31fc67c37e54890fa5bd8320f053cd952e3fc777e6690a86900b

              SHA512

              6bc80a53098cfc244416509f3d3f58bf8a5125e7458db239bb6ca0a6999cbae43dda57f605f07068e798341aca7f8f6a24eb5fd6086be75d41e3c19fec5fc426

            • C:\Windows\System32\TieringEngineService.exe

              Filesize

              1.5MB

              MD5

              35fa65d6b5e145b491cb95536e30a7fe

              SHA1

              3e675587ec3aad18e134c45a88b2c74bdcac074d

              SHA256

              d730fcfef3228a77eb71a3d798be658534b1e84dc93ace0dc77f147a78ee2264

              SHA512

              ed19604869e9d946c2982a210518193e7e938b7ca24625e453d8190f26540ff6f2bbb311d2be99cb17c480807e1f00faf86aa6211ef9a976413ea9de7f78a2ff

            • C:\Windows\System32\VSSVC.exe

              Filesize

              2.0MB

              MD5

              018cfa7f79043c1d64c2885521280766

              SHA1

              e38d636058fb3504ae0b96fe1439cf93be270f74

              SHA256

              885f9225e4c40d03e3cb32f72d3583fbe358f157677c9294ec56b9bf56b81bb8

              SHA512

              b2accb0b0aacdba4e2db74517671f89dd2aa26a6756020a42c8fc8fb26463c9abc0bfd48caa973091609c3d41362dc95da8f7e2bdf45191a3c5883bb7ea1d77e

            • C:\Windows\System32\alg.exe

              Filesize

              1.3MB

              MD5

              a0eec0a5da7a7b325fbea7fc63657bd4

              SHA1

              7c2428f4c0378464fa9da6a5efa6a002f07d053a

              SHA256

              56a7e5cfdae28514340b79d381e2540b42457641c25b9cdd62f22751939868eb

              SHA512

              8291220e134c8278422ea654f3d1a4905eb4647004ef268c36fa0f5d8fc4381b8e709cd7963c27a7ee0001a92b47244ab36478eedc8da7c62ceae073c3396782

            • C:\Windows\System32\msdtc.exe

              Filesize

              1.3MB

              MD5

              7d07e300f09072ad2790251852c89a1f

              SHA1

              2c6a3d89e28fa8dd48657bea6175d0d5ce4a7772

              SHA256

              61d585bdf435a03cc3b6f4a4db7d7c74087fcee63896155217743f827c7ba78d

              SHA512

              b3b5b96b238607c411d601b61a5a9cfe7770b5a563ec14b71e43200e31a0c6821100c39b4483ca67a807b08f146a61722b409a0c4b209c915567250defead890

            • C:\Windows\System32\snmptrap.exe

              Filesize

              1.2MB

              MD5

              66666fda6f3c5efe1d68a06336f03bd3

              SHA1

              0e936d32405b3921c912dff3fb8a36ecf6a36633

              SHA256

              cf616e545cfda039d3eaa5126559098cf164e477c0d1026eba40dba083568d69

              SHA512

              75d322831922d20fefc3bb4a58c6c489ba9a69e3d2ae635861508cd42969062626de6676a7772b2e4e1131adf753c983cf6ea7f14fac112bbcbbdded0bd4719c

            • C:\Windows\System32\vds.exe

              Filesize

              1.3MB

              MD5

              ab5883c3a0588d4de63ef37870ecb764

              SHA1

              1106377ae242b214fee329b1a5f1d2243aa7cc7d

              SHA256

              d9e3225b65e42732e5d95560e96b7c52d50029b291ab2cbeee01cb88e3e968ef

              SHA512

              53d9c4faa5570d93c9b310c6544feb222c6e357e5857e7a8a59be0fcbd643336d36fcb25540f0419dc886738cbea430b7d78fde3823ca763edc586036934f2a1

            • C:\Windows\System32\wbem\WmiApSrv.exe

              Filesize

              1.4MB

              MD5

              9345c25456dfefc6a7eca8f091f7003c

              SHA1

              0cf9c2d9b2fee5b324a33ee07b2cba2c7aed4c83

              SHA256

              93d3e4acee866bb66ba3f8f8b9452686934fadb9137217d7d91157e3593cf6d0

              SHA512

              f7d4fe3752f0f647dae37802b949324a07fa72c6cd271268928c62e90c9000cb8a722f7c6e27a366b6665e8fc34bb030a46bd85c0c00c42e3c59aeab5e2e3ca2

            • C:\Windows\System32\wbengine.exe

              Filesize

              2.1MB

              MD5

              0f371479db2f2f54b1f035db88ca49f1

              SHA1

              e7a117f82647a217daa254d8cf60d4a0f709628b

              SHA256

              543a741f27906a5481b95ace0fc2aab27deaa4b832615bc940d087e9f94873e2

              SHA512

              3101bc3eb11ad70426a6560913687660ada206767797941b40742b8942bd88742c5a0c89a2c52fd6077b78e183a9dc3b594646d00e4dd1b944e090837d48cced

            • C:\Windows\system32\AppVClient.exe

              Filesize

              1.3MB

              MD5

              e6a379497b06b7c0b6300e1f12f2fdc7

              SHA1

              bf3acb8c890587919fe99c5ecc83959f15a0d26d

              SHA256

              d24e4d0af3109ff51ab8ff9bb55a8264609ab664aa2788d14387f6f6b046624b

              SHA512

              b2f792ec688ff051408550dd0cceca8243482f505449660c186d341b421db75010cac381cc9e62405c05af9e73380a778db697b97fac047819316da1454e427b

            • C:\Windows\system32\SgrmBroker.exe

              Filesize

              1.5MB

              MD5

              c52f11ba2fe2dcc89add910e8363876c

              SHA1

              03a04af97544c7a3b6341d9a2816f2d5bc03f738

              SHA256

              5b12a2a5561b6a7282ef90932b915870d3d33cafda1f899d80b0246fde6248d0

              SHA512

              382b11b958492d0093670055a85fe9de748136449c5529d55bd7727b55e04d08a87c6e98b122c6676920a9f2a088000c257523d3bf4e6589aa28f8d276e21d16

            • C:\Windows\system32\msiexec.exe

              Filesize

              1.2MB

              MD5

              0cbded6a9bbb8777ea3cc8f628ad06a1

              SHA1

              84ec2e596e3d57dc47a0e1addd10b9e6fde91eed

              SHA256

              c933d84bfb37b199fbf504a7b4558d729f62efe97fcbfd1b4bbc76369246eb15

              SHA512

              2b8063b4d1c0b82ef94fde68c90fd00dd98872b760511378023a019873339afa5d39decef9e287ecf9a88d37ff8291b209a7f2e682994eb2ccc995b053ccb4e7

            • memory/656-162-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

            • memory/1388-14-0x0000000140000000-0x0000000140148000-memory.dmp

              Filesize

              1.3MB

            • memory/1388-318-0x0000000140000000-0x0000000140148000-memory.dmp

              Filesize

              1.3MB

            • memory/1416-9-0x0000000000720000-0x0000000000780000-memory.dmp

              Filesize

              384KB

            • memory/1416-0-0x0000000140000000-0x000000014019F000-memory.dmp

              Filesize

              1.6MB

            • memory/1416-248-0x0000000140000000-0x000000014019F000-memory.dmp

              Filesize

              1.6MB

            • memory/1416-1-0x0000000000720000-0x0000000000780000-memory.dmp

              Filesize

              384KB

            • memory/1580-18-0x00000000006D0000-0x0000000000730000-memory.dmp

              Filesize

              384KB

            • memory/1580-17-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

            • memory/1580-26-0x00000000006D0000-0x0000000000730000-memory.dmp

              Filesize

              384KB

            • memory/1580-351-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

            • memory/1748-500-0x0000000140000000-0x0000000140179000-memory.dmp

              Filesize

              1.5MB

            • memory/1748-165-0x0000000140000000-0x0000000140179000-memory.dmp

              Filesize

              1.5MB

            • memory/2644-501-0x0000000140000000-0x00000001401FC000-memory.dmp

              Filesize

              2.0MB

            • memory/2644-167-0x0000000140000000-0x00000001401FC000-memory.dmp

              Filesize

              2.0MB

            • memory/2928-160-0x0000000140000000-0x00000001401A1000-memory.dmp

              Filesize

              1.6MB

            • memory/3144-161-0x0000000140000000-0x0000000140180000-memory.dmp

              Filesize

              1.5MB

            • memory/3156-156-0x0000000140000000-0x0000000140133000-memory.dmp

              Filesize

              1.2MB

            • memory/3672-55-0x0000000001A80000-0x0000000001AE0000-memory.dmp

              Filesize

              384KB

            • memory/3672-67-0x0000000140000000-0x0000000140174000-memory.dmp

              Filesize

              1.5MB

            • memory/3672-61-0x0000000001A80000-0x0000000001AE0000-memory.dmp

              Filesize

              384KB

            • memory/3672-65-0x0000000001A80000-0x0000000001AE0000-memory.dmp

              Filesize

              384KB

            • memory/3956-163-0x0000000140000000-0x0000000140216000-memory.dmp

              Filesize

              2.1MB

            • memory/4008-40-0x0000000000CC0000-0x0000000000D20000-memory.dmp

              Filesize

              384KB

            • memory/4008-458-0x0000000140000000-0x000000014025F000-memory.dmp

              Filesize

              2.4MB

            • memory/4008-34-0x0000000000CC0000-0x0000000000D20000-memory.dmp

              Filesize

              384KB

            • memory/4008-42-0x0000000140000000-0x000000014025F000-memory.dmp

              Filesize

              2.4MB

            • memory/4116-138-0x0000000140000000-0x0000000140266000-memory.dmp

              Filesize

              2.4MB

            • memory/4116-51-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

            • memory/4116-45-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

            • memory/4116-498-0x0000000140000000-0x0000000140266000-memory.dmp

              Filesize

              2.4MB

            • memory/4164-499-0x0000000140000000-0x0000000140164000-memory.dmp

              Filesize

              1.4MB

            • memory/4164-164-0x0000000140000000-0x0000000140164000-memory.dmp

              Filesize

              1.4MB

            • memory/4396-157-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

            • memory/4396-400-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

            • memory/4452-30-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

            • memory/4452-32-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

            • memory/4568-155-0x0000000000400000-0x0000000000535000-memory.dmp

              Filesize

              1.2MB

            • memory/4568-100-0x0000000000800000-0x0000000000867000-memory.dmp

              Filesize

              412KB

            • memory/4568-95-0x0000000000800000-0x0000000000867000-memory.dmp

              Filesize

              412KB

            • memory/4628-166-0x0000000140000000-0x0000000140157000-memory.dmp

              Filesize

              1.3MB

            • memory/4656-72-0x00000000004E0000-0x0000000000540000-memory.dmp

              Filesize

              384KB

            • memory/4656-152-0x0000000140000000-0x000000014016E000-memory.dmp

              Filesize

              1.4MB

            • memory/4656-78-0x00000000004E0000-0x0000000000540000-memory.dmp

              Filesize

              384KB

            • memory/4788-88-0x0000000000B40000-0x0000000000BA0000-memory.dmp

              Filesize

              384KB

            • memory/4788-154-0x0000000140000000-0x0000000140149000-memory.dmp

              Filesize

              1.3MB

            • memory/4788-82-0x0000000000B40000-0x0000000000BA0000-memory.dmp

              Filesize

              384KB

            • memory/4976-159-0x0000000140000000-0x0000000140169000-memory.dmp

              Filesize

              1.4MB

            • memory/5004-158-0x0000000140000000-0x0000000140134000-memory.dmp

              Filesize

              1.2MB

            • memory/6096-135-0x0000000140000000-0x00000001401C0000-memory.dmp

              Filesize

              1.8MB