Resubmissions
22-11-2023 17:02
231122-vkac9adg64 1019-01-2021 19:24
210119-s26yznnqsn 1019-11-2020 13:14
201119-s41ec6lt86 10Analysis
-
max time kernel
1783s -
max time network
1718s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
19-11-2020 13:14
General
-
Target
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Score
10/10
Malware Config
Extracted
Path
C:\_readme.txt
Ransom Note
ATTENTION!
Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-T9WE5uiVT6
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
blower@india.com
Reserve e-mail address to contact us:
blower@firemail.cc
Your personal ID:
046Sdsd3273yifhsisySD60h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1
Emails
blower@india.com
blower@firemail.cc
URLs
https://we.tl/t-T9WE5uiVT6
Signatures
-
Executes dropped EXE 24 IoCs
-
Modifies Installed Components in the registry 2 TTPs
-
Modifies extensions of user files 7 IoCs
Ransomware generally changes the extension on encrypted files.
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies file permissions 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 34 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service 30 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 12 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry class 29 IoCs
-
Modifies system certificate store 2 TTPs 10 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 45 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"1⤵
- Adds Run key to start application
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295" /deny *S-1-1-0:(OI)(CI)(DE,DC)2⤵
- Modifies file permissions
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Admin IsNotAutoStart IsNotTask2⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsNotTask3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 2112 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt14⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3932 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 2924 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 1840 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2908 -s 58081⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3184 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 1976 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 2232 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3616 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3704 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3360 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3752 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 2824 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 400 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 3636 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db.kropun
-
C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.kropun
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\Admin\AppData\Local\0854849c-746a-4dfb-a930-9c35ff4d7295\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeMD5
ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
C:\Users\All Users\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db
-
C:\Users\All Users\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
-
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_28cfa8b3d0f0ccca608b49d257b92547f98ab5ba_41822faa_cab_08bf4fcd\Report.wer
-
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_28cfa8b3d0f0ccca608b49d257b92547f98ab5ba_41822faa_cab_08bf4fcd\WER4F61.tmp.appcompat.txt
-
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_28cfa8b3d0f0ccca608b49d257b92547f98ab5ba_41822faa_cab_08bf4fcd\memory.hdmp
-
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_28cfa8b3d0f0ccca608b49d257b92547f98ab5ba_41822faa_cab_08bf4fcd\minidump.mdmp
-
C:\Users\All Users\Microsoft\Windows\WER\Temp\WER4E27.tmp.WERInternalMetadata.xml
-
memory/32-299-0x0000000000750000-0x0000000000790000-memory.dmpFilesize
256KB
-
memory/32-298-0x00000000021E0000-0x00000000021E1000-memory.dmpFilesize
4KB
-
memory/32-294-0x0000000000000000-mapping.dmp
-
memory/400-297-0x0000000002110000-0x0000000002111000-memory.dmpFilesize
4KB
-
memory/400-293-0x0000000000000000-mapping.dmp
-
memory/400-300-0x0000000000510000-0x0000000000550000-memory.dmpFilesize
256KB
-
memory/688-252-0x0000000000000000-mapping.dmp
-
memory/688-258-0x0000000000600000-0x0000000000640000-memory.dmpFilesize
256KB
-
memory/1040-165-0x00000000021A0000-0x00000000021A1000-memory.dmpFilesize
4KB
-
memory/1040-153-0x0000000000000000-mapping.dmp
-
memory/1040-205-0x00000000006E0000-0x0000000000720000-memory.dmpFilesize
256KB
-
memory/1840-19-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB
-
memory/1840-20-0x000000000077A000-0x00000000007BA000-memory.dmpFilesize
256KB
-
memory/1840-21-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB
-
memory/1976-209-0x0000000000680000-0x00000000006C0000-memory.dmpFilesize
256KB
-
memory/1976-208-0x0000000002430000-0x0000000002431000-memory.dmpFilesize
4KB
-
memory/1992-135-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-186-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-72-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-74-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-76-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-78-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-80-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-82-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-57-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-87-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-89-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-91-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-93-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-95-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-97-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-99-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-101-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-103-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-107-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-50-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-113-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-115-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-117-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-119-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-121-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-123-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-125-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-127-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-129-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-131-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-133-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-59-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-137-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-139-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-141-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-143-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-145-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-147-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-149-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-151-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-61-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-155-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-157-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-159-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-161-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-163-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-54-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-22-0x0000021698590000-0x0000021698591000-memory.dmpFilesize
4KB
-
memory/1992-166-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-168-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-170-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-172-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-174-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-176-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-178-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-180-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-182-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-184-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-23-0x0000021698590000-0x0000021698591000-memory.dmpFilesize
4KB
-
memory/1992-188-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-190-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-192-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-194-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-196-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-198-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-200-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-202-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-204-0x00000216A49B0000-0x00000216A49B1000-memory.dmpFilesize
4KB
-
memory/1992-67-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-52-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-65-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-63-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-85-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-70-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-111-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-25-0x0000021699B00000-0x0000021699B01000-memory.dmpFilesize
4KB
-
memory/1992-48-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-26-0x0000021699B00000-0x0000021699B01000-memory.dmpFilesize
4KB
-
memory/1992-46-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-44-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-42-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-40-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-38-0x0000021698560000-0x0000021698561000-memory.dmpFilesize
4KB
-
memory/1992-37-0x000002169A160000-0x000002169A161000-memory.dmpFilesize
4KB
-
memory/1992-227-0x0000000000680000-0x00000000006C0000-memory.dmpFilesize
256KB
-
memory/1992-224-0x0000000000000000-mapping.dmp
-
memory/2112-12-0x0000000001FF0000-0x0000000001FF1000-memory.dmpFilesize
4KB
-
memory/2112-9-0x0000000000000000-mapping.dmp
-
memory/2112-13-0x00000000008B0000-0x00000000008F0000-memory.dmpFilesize
256KB
-
memory/2188-247-0x00000000006E0000-0x0000000000720000-memory.dmpFilesize
256KB
-
memory/2188-244-0x0000000000000000-mapping.dmp
-
memory/2232-240-0x00000000021B0000-0x00000000021B1000-memory.dmpFilesize
4KB
-
memory/2232-243-0x00000000005A0000-0x00000000005E0000-memory.dmpFilesize
256KB
-
memory/2232-236-0x0000000000000000-mapping.dmp
-
memory/2292-259-0x0000000000000000-mapping.dmp
-
memory/2292-261-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB
-
memory/2292-262-0x0000000000640000-0x0000000000680000-memory.dmpFilesize
256KB
-
memory/2352-15-0x0000000000000000-mapping.dmp
-
memory/2352-17-0x00000000007F0000-0x0000000000830000-memory.dmpFilesize
256KB
-
memory/2352-16-0x00000000022F0000-0x00000000022F1000-memory.dmpFilesize
4KB
-
memory/2404-14-0x0000000000670000-0x00000000006B0000-memory.dmpFilesize
256KB
-
memory/2404-10-0x0000000000000000-mapping.dmp
-
memory/2404-11-0x00000000022D0000-0x00000000022D1000-memory.dmpFilesize
4KB
-
memory/2824-265-0x00000000007D0000-0x0000000000810000-memory.dmpFilesize
256KB
-
memory/2824-264-0x00000000022D0000-0x00000000022D1000-memory.dmpFilesize
4KB
-
memory/2924-69-0x0000000000620000-0x0000000000660000-memory.dmpFilesize
256KB
-
memory/2924-35-0x00000000021E0000-0x00000000021E1000-memory.dmpFilesize
4KB
-
memory/2924-30-0x0000000000000000-mapping.dmp
-
memory/3080-289-0x0000000000680000-0x00000000006C0000-memory.dmpFilesize
256KB
-
memory/3080-288-0x00000000020C0000-0x00000000020C1000-memory.dmpFilesize
4KB
-
memory/3080-286-0x0000000000000000-mapping.dmp
-
memory/3104-55-0x0000000000620000-0x0000000000660000-memory.dmpFilesize
256KB
-
memory/3104-34-0x0000000002250000-0x0000000002251000-memory.dmpFilesize
4KB
-
memory/3104-31-0x0000000000000000-mapping.dmp
-
memory/3184-213-0x0000000002060000-0x0000000002061000-memory.dmpFilesize
4KB
-
memory/3184-210-0x0000000000000000-mapping.dmp
-
memory/3184-223-0x00000000006D0000-0x0000000000710000-memory.dmpFilesize
256KB
-
memory/3236-304-0x00000000004E0000-0x0000000000520000-memory.dmpFilesize
256KB
-
memory/3236-303-0x0000000002300000-0x0000000002301000-memory.dmpFilesize
4KB
-
memory/3236-301-0x0000000000000000-mapping.dmp
-
memory/3360-249-0x0000000002460000-0x0000000002461000-memory.dmpFilesize
4KB
-
memory/3360-250-0x00000000006F0000-0x0000000000730000-memory.dmpFilesize
256KB
-
memory/3508-271-0x0000000002340000-0x0000000002341000-memory.dmpFilesize
4KB
-
memory/3508-273-0x00000000007D0000-0x0000000000810000-memory.dmpFilesize
256KB
-
memory/3508-267-0x0000000000000000-mapping.dmp
-
memory/3528-222-0x0000000000730000-0x0000000000770000-memory.dmpFilesize
256KB
-
memory/3528-211-0x0000000000000000-mapping.dmp
-
memory/3528-215-0x0000000002200000-0x0000000002201000-memory.dmpFilesize
4KB
-
memory/3616-234-0x00000000005E0000-0x0000000000620000-memory.dmpFilesize
256KB
-
memory/3616-233-0x0000000002180000-0x0000000002181000-memory.dmpFilesize
4KB
-
memory/3636-291-0x0000000002380000-0x0000000002381000-memory.dmpFilesize
4KB
-
memory/3636-292-0x0000000000870000-0x00000000008B0000-memory.dmpFilesize
256KB
-
memory/3704-257-0x00000000004F0000-0x0000000000530000-memory.dmpFilesize
256KB
-
memory/3704-255-0x00000000022F0000-0x00000000022F1000-memory.dmpFilesize
4KB
-
memory/3704-251-0x0000000000000000-mapping.dmp
-
memory/3752-266-0x0000000000000000-mapping.dmp
-
memory/3752-272-0x0000000000530000-0x0000000000570000-memory.dmpFilesize
256KB
-
memory/3752-270-0x00000000022A0000-0x00000000022A1000-memory.dmpFilesize
4KB
-
memory/3920-1-0x000000000082A000-0x000000000086A000-memory.dmpFilesize
256KB
-
memory/3920-0-0x0000000002460000-0x0000000002461000-memory.dmpFilesize
4KB
-
memory/3932-6-0x0000000000700000-0x0000000000740000-memory.dmpFilesize
256KB
-
memory/3932-5-0x0000000002200000-0x0000000002201000-memory.dmpFilesize
4KB
-
memory/3932-4-0x0000000000000000-mapping.dmp
-
memory/3944-2-0x0000000000000000-mapping.dmp
-
memory/4004-237-0x0000000000000000-mapping.dmp
-
memory/4004-242-0x00000000004E0000-0x0000000000520000-memory.dmpFilesize
256KB