Analysis
-
max time kernel
146s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
06-02-2023 21:40
General
-
Target
GlassWireSetup.exe
-
Size
66.0MB
-
MD5
cbdff02625ef580bf509b60832bf06c3
-
SHA1
fd3ce416b3d8e4ce1af8b310a89e2ef58d25c263
-
SHA256
cc6174aa776a0b1bc29c8a466de095e281cc9a238dee7363196dbbdbb7bb2873
-
SHA512
4c2e645780466e58015e678c3dbd2041cdd39089d50d2afe7c250b5aa813023ff2b23a57cc0fe31986e4fb0f50f374feb5b45315e47da144f74875341a1f3964
-
SSDEEP
1572864:uHAyCN598RzIxTnHF7d1pXTygI9hbl0rcmjXFcI9BKvBiSVwzfZf4:ugJyoTHz1ByV1Sr3FcIXiALzW
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
-
Drops file in Drivers directory 9 IoCs
-
Checks BIOS information in registry 2 TTPs 10 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 45 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 5 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 12 IoCs
-
Drops file in Program Files directory 52 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies system certificate store 2 TTPs 7 IoCs
-
Runs net.exe
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 24 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\GlassWireSetup.exe"C:\Users\Admin\AppData\Local\Temp\GlassWireSetup.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\vc_redist.x86.exe"C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\vc_redist.x86.exe" /install /quiet /norestart2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\Temp\{214ABFD3-7EC6-4A91-8F70-B58023411F9D}\.cr\vc_redist.x86.exe"C:\Windows\Temp\{214ABFD3-7EC6-4A91-8F70-B58023411F9D}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\vc_redist.x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWInstSt.exe"C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWInstSt.exe" "https://www.glasswire.com/stat/install.php?v=2.3.449&build_type=full&os=Seven&platform=x64&update=0&install_id=EFB5103512EFE4699F85AACF962A1DB70E7A43002782D8D1351CB160507F5432" "nsis$$.tmp"2⤵
- Executes dropped EXE
- Modifies system certificate store
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWDrvIns.cmd" -i "C:\Program Files (x86)\GlassWire\driver\x64""2⤵
- Drops file in Drivers directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\RunDLL32.Exe syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\Windows\System32\Drivers\gwdrv.inf3⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\runonce.exe"C:\Windows\system32\runonce.exe" -r4⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\grpconv.exe"C:\Windows\System32\grpconv.exe" -o5⤵
-
C:\Windows\System32\net.exeC:\Windows\System32\net.exe start gwdrv3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start gwdrv4⤵
-
C:\Windows\system32\net.exe"C:\Windows\system32\net.exe" start gwdrv2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start gwdrv3⤵
-
C:\Windows\SysWOW64\wevtutil.exe"C:\Windows\system32\wevtutil.exe" im "C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\eventlog.man" /rf:"C:\Program Files (x86)\GlassWire\GWEventLog.dll" /mf:"C:\Program Files (x86)\GlassWire\GWEventLog.dll"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" im "C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\eventlog.man" /rf:"C:\Program Files (x86)\GlassWire\GWEventLog.dll" /mf:"C:\Program Files (x86)\GlassWire\GWEventLog.dll" /fromwow643⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe"C:\Program Files (x86)\GlassWire\GWCtlSrv.exe" "-i"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe"C:\Program Files (x86)\GlassWire\GWCtlSrv.exe" "-s"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" "C:\Program Files (x86)\GlassWire\glasswire.exe"2⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Program Files (x86)\GlassWire\GlassWire.exe"C:\Program Files (x86)\GlassWire\GlassWire.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GlassWire\GlassWire.exe"C:\Program Files (x86)\GlassWire\GlassWire.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\GlassWire\GWCtlSrv.exeFilesize
6.6MB
MD5c6d8866bc3d4b3791fb99db7d63343dd
SHA16b10e1747662a04267ce55bfaaa21c5181c83b61
SHA256e5a80698c3ec6cc9421f11b9954b0bf962795f664172b926d5a04f014b2a78cc
SHA512a4c7796e0e15926bae961b7a6fa617590f344c1d10790b3d1788a73ff53534ba00a16da9e20acdbc39114f4c78f61a52791abd1a5ef58c4c4c65e579ce9b6b76
-
C:\Program Files (x86)\GlassWire\GWCtlSrv.exeFilesize
6.6MB
MD5c6d8866bc3d4b3791fb99db7d63343dd
SHA16b10e1747662a04267ce55bfaaa21c5181c83b61
SHA256e5a80698c3ec6cc9421f11b9954b0bf962795f664172b926d5a04f014b2a78cc
SHA512a4c7796e0e15926bae961b7a6fa617590f344c1d10790b3d1788a73ff53534ba00a16da9e20acdbc39114f4c78f61a52791abd1a5ef58c4c4c65e579ce9b6b76
-
C:\Program Files (x86)\GlassWire\GWCtlSrv.exeFilesize
6.6MB
MD5c6d8866bc3d4b3791fb99db7d63343dd
SHA16b10e1747662a04267ce55bfaaa21c5181c83b61
SHA256e5a80698c3ec6cc9421f11b9954b0bf962795f664172b926d5a04f014b2a78cc
SHA512a4c7796e0e15926bae961b7a6fa617590f344c1d10790b3d1788a73ff53534ba00a16da9e20acdbc39114f4c78f61a52791abd1a5ef58c4c4c65e579ce9b6b76
-
C:\Program Files (x86)\GlassWire\GWEventLog.dllFilesize
3.7MB
MD5fab7713ae3022c17d5b585a68c5a7790
SHA1b818f6f59332e61451ed05ef3549556bd00282ae
SHA2564ff10a45588805166af7c6c413de3b419bf3ec6ff682bc23fe4157ada1e26cca
SHA51285097e9cb8926e3fbb4ce2b41d4b108d2f885514e98a07bd0bd7abcd208ff79d29bb7d703149c5cbda630016f9af1b70a1c4ac7fe1d63464bfbdb8ff9a5a2939
-
C:\Program Files (x86)\GlassWire\GlassWire.exeFilesize
9.2MB
MD5c9cda8e511bf9aa37a1d3a62cd319079
SHA10d3ba654ad5b05c0c8136b49158b6adf7d5f79ac
SHA256c4e21bb911e46c50d4843bd93fc4b756bad36041aa82b592f7e37a8d73e38864
SHA5128c0e8812e6eab18766c4cf52be7344121babd2a05ac16ff9a1f0e36c6f4c88839942c53009033691a85ad1184d41831e599cc83c035c35781104059598322706
-
C:\Program Files (x86)\GlassWire\GlassWire.exeFilesize
9.2MB
MD5c9cda8e511bf9aa37a1d3a62cd319079
SHA10d3ba654ad5b05c0c8136b49158b6adf7d5f79ac
SHA256c4e21bb911e46c50d4843bd93fc4b756bad36041aa82b592f7e37a8d73e38864
SHA5128c0e8812e6eab18766c4cf52be7344121babd2a05ac16ff9a1f0e36c6f4c88839942c53009033691a85ad1184d41831e599cc83c035c35781104059598322706
-
C:\Program Files (x86)\GlassWire\GlassWire.exeFilesize
9.2MB
MD5c9cda8e511bf9aa37a1d3a62cd319079
SHA10d3ba654ad5b05c0c8136b49158b6adf7d5f79ac
SHA256c4e21bb911e46c50d4843bd93fc4b756bad36041aa82b592f7e37a8d73e38864
SHA5128c0e8812e6eab18766c4cf52be7344121babd2a05ac16ff9a1f0e36c6f4c88839942c53009033691a85ad1184d41831e599cc83c035c35781104059598322706
-
C:\Program Files (x86)\GlassWire\Qt5Core.dllFilesize
5.1MB
MD5b20a6fb343339a3a2eecaa007e0a9c2f
SHA1c678c781b86c3561ac49c9a93603ea875b53cc51
SHA2569fe6e29344c047c37091dc2e20aad8ad57213c05e219e5a4c454f7b81bd5ccbf
SHA512eb768423f01b8638bddbed492146c4c195ee14a16203822b0a0aafdeb4c3af24b12ae18d3398282e74dbc95aaba6205c6e681d87be6442d4d85c330a52446d2f
-
C:\Program Files (x86)\GlassWire\Qt5Gui.dllFilesize
5.6MB
MD5cacb8f799f55fe611faef0f7caa3df79
SHA13c2193a2f91473138bbde2848e49123dc201f973
SHA2560c47fa154b4ddfb38cfb01eef193c618f64e544d8baa04a340d3a74ace4d5d59
SHA5127a4ce3bd22b7aa17a834e15ef0fa12006a01bf142f2fbc2a1587ac1f45fbca0a7a3549f86e0263ae24580b69e3d63ecf0da11d1f3cb4ab8fbfea2bff2bdbc191
-
C:\Program Files (x86)\GlassWire\Qt5Svg.dllFilesize
259KB
MD5527717828eb2ab0a18e92655adcaed20
SHA1b44fa4bc368bd35ef8982fbdebc35989f9c1c502
SHA2562ed7843fdb9835ed39757cf6076e91b1b5f31f8edd1704cf694b277b6723b436
SHA512cf99134cf091dbeb85c5379e8b5b8d17f28aad490ff254764778d35162f2ceb15148e697997c5ebb88988b61c6acd9ac5b659bdaa2bf53e5ae7400335c3a01aa
-
C:\Program Files (x86)\GlassWire\Qt5Widgets.dllFilesize
4.3MB
MD526563c035f8c40b53a9ea653f2ef0457
SHA199e044a3406cf6f1baa2ff25d267913d181d1021
SHA2563689981ce691ce81b4e135454d2b08ff7c2bd00c08edf2751ded2d369d047260
SHA512871061c4ae818cf4181ea626dc595b75546e3d4597c1dbbddb3f94c3acfe1fa7b0b704daa3aee96aa9b5aa9fff70c12663b9053f292f2c3435eea5412c798c5c
-
C:\Program Files (x86)\GlassWire\Qt5WinExtras.dllFilesize
199KB
MD58bd1306e6993b0c04cd268117bc0d86a
SHA1f567c2b9e92dfd61af26dff8d17284be90682fb8
SHA256b6551327ff429afedb38b408dac35d6116d75f71378916b79daf06e6900ade84
SHA5126ef762186e9293f025b5b69b9d3aa11f4c9d0f7b41d38a6e6c6dd3553f34ee916ebb280a20f186097918ebbfc02035806327e5d895a964427a872c216ef2ce54
-
C:\Program Files (x86)\GlassWire\driver\x64\gwdrv.catFilesize
8KB
MD522c7579bb03241829184d21ef69668ab
SHA109e4b25cbd482356679f95085005d0303bab8d90
SHA25650c22d5b327966ee3288f7781e896e6e38b375006b67a409edbd2712d3db90a7
SHA512706a3d83b916ae17f602cacf41ad3d691bda68e3d19ac6b66ad6fa6024fdf5a5b989d656c0827b18a0d404ad2b8fdee1c5cc5e6aaf8f89be28232ff74d34ab67
-
C:\Program Files (x86)\GlassWire\driver\x64\gwdrv.infFilesize
3KB
MD561f60c794f0b40a68bac6b61a5145311
SHA13e04a3bc01bdd4c8a02901e7f3fe1652234f26e3
SHA25690d0ddb705594ac621d316cb6213f310d99893da5dc3f0fcb1bc26b2ed9affee
SHA512605660c74864b2cbb309850000290eb42c542a2ff597e48e1a4a26170967d040283ebf184f2b9665c59eafbae9210e529deb2c0c675c28d1afbda26be084f78f
-
C:\Program Files (x86)\GlassWire\driver\x64\gwdrv.sysFilesize
32KB
MD53cf2c2f026b06d3f6b9a402dd50d5c9b
SHA14f451c061bd21941803b995939f1660e5617d080
SHA256eec63c73d54bc6f9aa53f6a248a041e3a0f1ce39386da6243b42d1c14a322b2b
SHA512396ad45beb8b55f93b506b4ef268800e39391080f2e5254adc020d7409ab12e4361ec5a1f40c185ba935a3000d909c4c26aca8c0a0cbff0ce3bc51bc8945fe30
-
C:\Program Files (x86)\GlassWire\platforms\qwindows.dllFilesize
1.2MB
MD5a2f5be96ba49a3d377b5fcec56f4aef8
SHA147fddd74923b5675fff932c119ffb848170e0f33
SHA256b0955a055ee627eda2d432d3b823d8dc238f230a88466bb3cc7028cf3653e227
SHA512836cbb29b8d517a452ba53d29dc4cc99c9db1c7449f0ff7ec50b2badf0fd86ae03ad65595ab58c3d8097334570eb2cf633e32f683e62ba972874bd17342db0d7
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWDrvIns.cmdFilesize
1KB
MD52c2dbd5ea0edb588cb86c034f9a2655f
SHA1d5f533b2de9edd9eeb8e2d74f892f37217c96d62
SHA25637a1cc07dea0aa1367f5ee44aa41c80ad6c6b82069e6c89ffa18c215059dd4c5
SHA512987fae7be030cdebdf16e41eaf48f0198cf1d25cf3b0eb346c2d2d111b2b166d5693fb903cb0da6c539f28241d653b982d3b882a38069c3345cc545c00ca0d1b
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWInstSt.exeFilesize
12KB
MD5235f6357e4e16912fc0f40c70adbf6a8
SHA17a7b6fcd7ba0a22105c4f95e238279b329aa7861
SHA25634661a68b584b83599f089ce571a02a41a62b82a5fddd193211803649f870a39
SHA51254de9c99e008633049a81f5d40230e7c15bdd99083ab2db43a9b685b38d8abc598c87e05437cb9d67134775f07ad32f3e88db9acf439ffa2884b4d59d28d1010
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\eventlog.manFilesize
20KB
MD5690ff28d524728616f1ada1b5071bf13
SHA12fdf5fe9f8d1bf7a40c88aa6728a5735715ac994
SHA256909d481f3fbfdfbcc18b9c9743f8c9c00d822671013a8bb521d9f3e7e949fc6d
SHA512dcc1dec2af9b198b1a101c8d47be0f43693090d9cdb3638b9b68825a158eb514156c4aa033c1b7a5b480dc38181741c5379c99a2b661d4cb8906cf68e8451bbe
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\vc_redist.x86.exeFilesize
13.1MB
MD5dd0232ee751164eaad2fe0de7158d77d
SHA17391663f07cba7c99f3503929fcd3561f1f6a552
SHA2564c6c420cf4cbf2c9c9ed476e96580ae92a97b2822c21329a2e49e8439ac5ad30
SHA512cc82a7a8ead3c036559109d4daee623622edd4b4b5241545efa0e36d906c1af10d4056ad003f8849475f4e1e625eb9f27de7a9e13b28ac7ab88da99d5f926c2e
-
C:\Users\Admin\AppData\Local\Temp\nsd2898.tmp\vc_redist.x86.exeFilesize
13.1MB
MD5dd0232ee751164eaad2fe0de7158d77d
SHA17391663f07cba7c99f3503929fcd3561f1f6a552
SHA2564c6c420cf4cbf2c9c9ed476e96580ae92a97b2822c21329a2e49e8439ac5ad30
SHA512cc82a7a8ead3c036559109d4daee623622edd4b4b5241545efa0e36d906c1af10d4056ad003f8849475f4e1e625eb9f27de7a9e13b28ac7ab88da99d5f926c2e
-
C:\Windows\System32\Drivers\gwdrv.infFilesize
3KB
MD561f60c794f0b40a68bac6b61a5145311
SHA13e04a3bc01bdd4c8a02901e7f3fe1652234f26e3
SHA25690d0ddb705594ac621d316cb6213f310d99893da5dc3f0fcb1bc26b2ed9affee
SHA512605660c74864b2cbb309850000290eb42c542a2ff597e48e1a4a26170967d040283ebf184f2b9665c59eafbae9210e529deb2c0c675c28d1afbda26be084f78f
-
C:\Windows\Temp\{214ABFD3-7EC6-4A91-8F70-B58023411F9D}\.cr\vc_redist.x86.exeFilesize
632KB
MD529c7a21bae42889b08137c25aae8e55c
SHA1d5cd79ca094c60f64ef7d9069e24270cee24b4ea
SHA25682612a2fa05d62929833052ce76788b98701f0c19dca313923452afec44edec5
SHA512484ecdda526b95d0fd062a2b24be537dd6c5a5945441de250cbe2419b98041625505fa51202735cb6054db444dc1f4bbf0b0e51588500ab89d54d7addca5e2d6
-
C:\Windows\Temp\{214ABFD3-7EC6-4A91-8F70-B58023411F9D}\.cr\vc_redist.x86.exeFilesize
632KB
MD529c7a21bae42889b08137c25aae8e55c
SHA1d5cd79ca094c60f64ef7d9069e24270cee24b4ea
SHA25682612a2fa05d62929833052ce76788b98701f0c19dca313923452afec44edec5
SHA512484ecdda526b95d0fd062a2b24be537dd6c5a5945441de250cbe2419b98041625505fa51202735cb6054db444dc1f4bbf0b0e51588500ab89d54d7addca5e2d6
-
C:\Windows\system32\DRIVERS\gwdrv.sysFilesize
32KB
MD53cf2c2f026b06d3f6b9a402dd50d5c9b
SHA14f451c061bd21941803b995939f1660e5617d080
SHA256eec63c73d54bc6f9aa53f6a248a041e3a0f1ce39386da6243b42d1c14a322b2b
SHA512396ad45beb8b55f93b506b4ef268800e39391080f2e5254adc020d7409ab12e4361ec5a1f40c185ba935a3000d909c4c26aca8c0a0cbff0ce3bc51bc8945fe30
-
\Program Files (x86)\GlassWire\GWCtlSrv.exeFilesize
6.6MB
MD5c6d8866bc3d4b3791fb99db7d63343dd
SHA16b10e1747662a04267ce55bfaaa21c5181c83b61
SHA256e5a80698c3ec6cc9421f11b9954b0bf962795f664172b926d5a04f014b2a78cc
SHA512a4c7796e0e15926bae961b7a6fa617590f344c1d10790b3d1788a73ff53534ba00a16da9e20acdbc39114f4c78f61a52791abd1a5ef58c4c4c65e579ce9b6b76
-
\Program Files (x86)\GlassWire\GWEventLog.dllFilesize
3.7MB
MD5fab7713ae3022c17d5b585a68c5a7790
SHA1b818f6f59332e61451ed05ef3549556bd00282ae
SHA2564ff10a45588805166af7c6c413de3b419bf3ec6ff682bc23fe4157ada1e26cca
SHA51285097e9cb8926e3fbb4ce2b41d4b108d2f885514e98a07bd0bd7abcd208ff79d29bb7d703149c5cbda630016f9af1b70a1c4ac7fe1d63464bfbdb8ff9a5a2939
-
\Program Files (x86)\GlassWire\GWEventLog.dllFilesize
3.7MB
MD5fab7713ae3022c17d5b585a68c5a7790
SHA1b818f6f59332e61451ed05ef3549556bd00282ae
SHA2564ff10a45588805166af7c6c413de3b419bf3ec6ff682bc23fe4157ada1e26cca
SHA51285097e9cb8926e3fbb4ce2b41d4b108d2f885514e98a07bd0bd7abcd208ff79d29bb7d703149c5cbda630016f9af1b70a1c4ac7fe1d63464bfbdb8ff9a5a2939
-
\Program Files (x86)\GlassWire\GlassWire.exeFilesize
9.2MB
MD5c9cda8e511bf9aa37a1d3a62cd319079
SHA10d3ba654ad5b05c0c8136b49158b6adf7d5f79ac
SHA256c4e21bb911e46c50d4843bd93fc4b756bad36041aa82b592f7e37a8d73e38864
SHA5128c0e8812e6eab18766c4cf52be7344121babd2a05ac16ff9a1f0e36c6f4c88839942c53009033691a85ad1184d41831e599cc83c035c35781104059598322706
-
\Program Files (x86)\GlassWire\GlassWire.exeFilesize
9.2MB
MD5c9cda8e511bf9aa37a1d3a62cd319079
SHA10d3ba654ad5b05c0c8136b49158b6adf7d5f79ac
SHA256c4e21bb911e46c50d4843bd93fc4b756bad36041aa82b592f7e37a8d73e38864
SHA5128c0e8812e6eab18766c4cf52be7344121babd2a05ac16ff9a1f0e36c6f4c88839942c53009033691a85ad1184d41831e599cc83c035c35781104059598322706
-
\Program Files (x86)\GlassWire\GlassWire.exeFilesize
9.2MB
MD5c9cda8e511bf9aa37a1d3a62cd319079
SHA10d3ba654ad5b05c0c8136b49158b6adf7d5f79ac
SHA256c4e21bb911e46c50d4843bd93fc4b756bad36041aa82b592f7e37a8d73e38864
SHA5128c0e8812e6eab18766c4cf52be7344121babd2a05ac16ff9a1f0e36c6f4c88839942c53009033691a85ad1184d41831e599cc83c035c35781104059598322706
-
\Program Files (x86)\GlassWire\Qt5Core.dllFilesize
5.1MB
MD5b20a6fb343339a3a2eecaa007e0a9c2f
SHA1c678c781b86c3561ac49c9a93603ea875b53cc51
SHA2569fe6e29344c047c37091dc2e20aad8ad57213c05e219e5a4c454f7b81bd5ccbf
SHA512eb768423f01b8638bddbed492146c4c195ee14a16203822b0a0aafdeb4c3af24b12ae18d3398282e74dbc95aaba6205c6e681d87be6442d4d85c330a52446d2f
-
\Program Files (x86)\GlassWire\Qt5Core.dllFilesize
5.1MB
MD5b20a6fb343339a3a2eecaa007e0a9c2f
SHA1c678c781b86c3561ac49c9a93603ea875b53cc51
SHA2569fe6e29344c047c37091dc2e20aad8ad57213c05e219e5a4c454f7b81bd5ccbf
SHA512eb768423f01b8638bddbed492146c4c195ee14a16203822b0a0aafdeb4c3af24b12ae18d3398282e74dbc95aaba6205c6e681d87be6442d4d85c330a52446d2f
-
\Program Files (x86)\GlassWire\Qt5Gui.dllFilesize
5.6MB
MD5cacb8f799f55fe611faef0f7caa3df79
SHA13c2193a2f91473138bbde2848e49123dc201f973
SHA2560c47fa154b4ddfb38cfb01eef193c618f64e544d8baa04a340d3a74ace4d5d59
SHA5127a4ce3bd22b7aa17a834e15ef0fa12006a01bf142f2fbc2a1587ac1f45fbca0a7a3549f86e0263ae24580b69e3d63ecf0da11d1f3cb4ab8fbfea2bff2bdbc191
-
\Program Files (x86)\GlassWire\Qt5Gui.dllFilesize
5.6MB
MD5cacb8f799f55fe611faef0f7caa3df79
SHA13c2193a2f91473138bbde2848e49123dc201f973
SHA2560c47fa154b4ddfb38cfb01eef193c618f64e544d8baa04a340d3a74ace4d5d59
SHA5127a4ce3bd22b7aa17a834e15ef0fa12006a01bf142f2fbc2a1587ac1f45fbca0a7a3549f86e0263ae24580b69e3d63ecf0da11d1f3cb4ab8fbfea2bff2bdbc191
-
\Program Files (x86)\GlassWire\Qt5Svg.dllFilesize
259KB
MD5527717828eb2ab0a18e92655adcaed20
SHA1b44fa4bc368bd35ef8982fbdebc35989f9c1c502
SHA2562ed7843fdb9835ed39757cf6076e91b1b5f31f8edd1704cf694b277b6723b436
SHA512cf99134cf091dbeb85c5379e8b5b8d17f28aad490ff254764778d35162f2ceb15148e697997c5ebb88988b61c6acd9ac5b659bdaa2bf53e5ae7400335c3a01aa
-
\Program Files (x86)\GlassWire\Qt5Svg.dllFilesize
259KB
MD5527717828eb2ab0a18e92655adcaed20
SHA1b44fa4bc368bd35ef8982fbdebc35989f9c1c502
SHA2562ed7843fdb9835ed39757cf6076e91b1b5f31f8edd1704cf694b277b6723b436
SHA512cf99134cf091dbeb85c5379e8b5b8d17f28aad490ff254764778d35162f2ceb15148e697997c5ebb88988b61c6acd9ac5b659bdaa2bf53e5ae7400335c3a01aa
-
\Program Files (x86)\GlassWire\Qt5Widgets.dllFilesize
4.3MB
MD526563c035f8c40b53a9ea653f2ef0457
SHA199e044a3406cf6f1baa2ff25d267913d181d1021
SHA2563689981ce691ce81b4e135454d2b08ff7c2bd00c08edf2751ded2d369d047260
SHA512871061c4ae818cf4181ea626dc595b75546e3d4597c1dbbddb3f94c3acfe1fa7b0b704daa3aee96aa9b5aa9fff70c12663b9053f292f2c3435eea5412c798c5c
-
\Program Files (x86)\GlassWire\Qt5Widgets.dllFilesize
4.3MB
MD526563c035f8c40b53a9ea653f2ef0457
SHA199e044a3406cf6f1baa2ff25d267913d181d1021
SHA2563689981ce691ce81b4e135454d2b08ff7c2bd00c08edf2751ded2d369d047260
SHA512871061c4ae818cf4181ea626dc595b75546e3d4597c1dbbddb3f94c3acfe1fa7b0b704daa3aee96aa9b5aa9fff70c12663b9053f292f2c3435eea5412c798c5c
-
\Program Files (x86)\GlassWire\Qt5WinExtras.dllFilesize
199KB
MD58bd1306e6993b0c04cd268117bc0d86a
SHA1f567c2b9e92dfd61af26dff8d17284be90682fb8
SHA256b6551327ff429afedb38b408dac35d6116d75f71378916b79daf06e6900ade84
SHA5126ef762186e9293f025b5b69b9d3aa11f4c9d0f7b41d38a6e6c6dd3553f34ee916ebb280a20f186097918ebbfc02035806327e5d895a964427a872c216ef2ce54
-
\Program Files (x86)\GlassWire\Qt5WinExtras.dllFilesize
199KB
MD58bd1306e6993b0c04cd268117bc0d86a
SHA1f567c2b9e92dfd61af26dff8d17284be90682fb8
SHA256b6551327ff429afedb38b408dac35d6116d75f71378916b79daf06e6900ade84
SHA5126ef762186e9293f025b5b69b9d3aa11f4c9d0f7b41d38a6e6c6dd3553f34ee916ebb280a20f186097918ebbfc02035806327e5d895a964427a872c216ef2ce54
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWInstSt.exeFilesize
12KB
MD5235f6357e4e16912fc0f40c70adbf6a8
SHA17a7b6fcd7ba0a22105c4f95e238279b329aa7861
SHA25634661a68b584b83599f089ce571a02a41a62b82a5fddd193211803649f870a39
SHA51254de9c99e008633049a81f5d40230e7c15bdd99083ab2db43a9b685b38d8abc598c87e05437cb9d67134775f07ad32f3e88db9acf439ffa2884b4d59d28d1010
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\GWInstSt.exeFilesize
12KB
MD5235f6357e4e16912fc0f40c70adbf6a8
SHA17a7b6fcd7ba0a22105c4f95e238279b329aa7861
SHA25634661a68b584b83599f089ce571a02a41a62b82a5fddd193211803649f870a39
SHA51254de9c99e008633049a81f5d40230e7c15bdd99083ab2db43a9b685b38d8abc598c87e05437cb9d67134775f07ad32f3e88db9acf439ffa2884b4d59d28d1010
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\StartMenu.dllFilesize
7KB
MD5d070f3275df715bf3708beff2c6c307d
SHA193d3725801e07303e9727c4369e19fd139e69023
SHA25642dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
SHA512fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\System.dllFilesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsDialogs.dllFilesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsExec.dllFilesize
7KB
MD5675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsExec.dllFilesize
7KB
MD5675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsExec.dllFilesize
7KB
MD5675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsExec.dllFilesize
7KB
MD5675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsExec.dllFilesize
7KB
MD5675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsihelper.dllFilesize
4.6MB
MD5af3014521035887c994e3a4ecaba8993
SHA1b1d811f1575fd829de79c5f50c6842a003430bb5
SHA25658af17b511a39a1b6fae3a4d7502e7560fec376ba11005c106d061cb317bdfb4
SHA5126eb78bc59aff57d78706e92132d1445b734cb22e1de147c0cba77a51af50665607c08f55b9067cd8d33da23f02e568f58393c818848427da62562b325e05f547
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsihelper.dllFilesize
4.6MB
MD5af3014521035887c994e3a4ecaba8993
SHA1b1d811f1575fd829de79c5f50c6842a003430bb5
SHA25658af17b511a39a1b6fae3a4d7502e7560fec376ba11005c106d061cb317bdfb4
SHA5126eb78bc59aff57d78706e92132d1445b734cb22e1de147c0cba77a51af50665607c08f55b9067cd8d33da23f02e568f58393c818848427da62562b325e05f547
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsihelper.dllFilesize
4.6MB
MD5af3014521035887c994e3a4ecaba8993
SHA1b1d811f1575fd829de79c5f50c6842a003430bb5
SHA25658af17b511a39a1b6fae3a4d7502e7560fec376ba11005c106d061cb317bdfb4
SHA5126eb78bc59aff57d78706e92132d1445b734cb22e1de147c0cba77a51af50665607c08f55b9067cd8d33da23f02e568f58393c818848427da62562b325e05f547
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsihelper.dllFilesize
4.6MB
MD5af3014521035887c994e3a4ecaba8993
SHA1b1d811f1575fd829de79c5f50c6842a003430bb5
SHA25658af17b511a39a1b6fae3a4d7502e7560fec376ba11005c106d061cb317bdfb4
SHA5126eb78bc59aff57d78706e92132d1445b734cb22e1de147c0cba77a51af50665607c08f55b9067cd8d33da23f02e568f58393c818848427da62562b325e05f547
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsihelper.dllFilesize
4.6MB
MD5af3014521035887c994e3a4ecaba8993
SHA1b1d811f1575fd829de79c5f50c6842a003430bb5
SHA25658af17b511a39a1b6fae3a4d7502e7560fec376ba11005c106d061cb317bdfb4
SHA5126eb78bc59aff57d78706e92132d1445b734cb22e1de147c0cba77a51af50665607c08f55b9067cd8d33da23f02e568f58393c818848427da62562b325e05f547
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\nsihelper.dllFilesize
4.6MB
MD5af3014521035887c994e3a4ecaba8993
SHA1b1d811f1575fd829de79c5f50c6842a003430bb5
SHA25658af17b511a39a1b6fae3a4d7502e7560fec376ba11005c106d061cb317bdfb4
SHA5126eb78bc59aff57d78706e92132d1445b734cb22e1de147c0cba77a51af50665607c08f55b9067cd8d33da23f02e568f58393c818848427da62562b325e05f547
-
\Users\Admin\AppData\Local\Temp\nsd2898.tmp\vc_redist.x86.exeFilesize
13.1MB
MD5dd0232ee751164eaad2fe0de7158d77d
SHA17391663f07cba7c99f3503929fcd3561f1f6a552
SHA2564c6c420cf4cbf2c9c9ed476e96580ae92a97b2822c21329a2e49e8439ac5ad30
SHA512cc82a7a8ead3c036559109d4daee623622edd4b4b5241545efa0e36d906c1af10d4056ad003f8849475f4e1e625eb9f27de7a9e13b28ac7ab88da99d5f926c2e
-
\Windows\System32\drivers\SET6D73.tmpFilesize
32KB
MD53cf2c2f026b06d3f6b9a402dd50d5c9b
SHA14f451c061bd21941803b995939f1660e5617d080
SHA256eec63c73d54bc6f9aa53f6a248a041e3a0f1ce39386da6243b42d1c14a322b2b
SHA512396ad45beb8b55f93b506b4ef268800e39391080f2e5254adc020d7409ab12e4361ec5a1f40c185ba935a3000d909c4c26aca8c0a0cbff0ce3bc51bc8945fe30
-
\Windows\System32\drivers\SET6D73.tmpFilesize
32KB
MD53cf2c2f026b06d3f6b9a402dd50d5c9b
SHA14f451c061bd21941803b995939f1660e5617d080
SHA256eec63c73d54bc6f9aa53f6a248a041e3a0f1ce39386da6243b42d1c14a322b2b
SHA512396ad45beb8b55f93b506b4ef268800e39391080f2e5254adc020d7409ab12e4361ec5a1f40c185ba935a3000d909c4c26aca8c0a0cbff0ce3bc51bc8945fe30
-
\Windows\System32\drivers\gwdrv.sysFilesize
32KB
MD53cf2c2f026b06d3f6b9a402dd50d5c9b
SHA14f451c061bd21941803b995939f1660e5617d080
SHA256eec63c73d54bc6f9aa53f6a248a041e3a0f1ce39386da6243b42d1c14a322b2b
SHA512396ad45beb8b55f93b506b4ef268800e39391080f2e5254adc020d7409ab12e4361ec5a1f40c185ba935a3000d909c4c26aca8c0a0cbff0ce3bc51bc8945fe30
-
\Windows\System32\drivers\gwdrv.sysFilesize
32KB
MD53cf2c2f026b06d3f6b9a402dd50d5c9b
SHA14f451c061bd21941803b995939f1660e5617d080
SHA256eec63c73d54bc6f9aa53f6a248a041e3a0f1ce39386da6243b42d1c14a322b2b
SHA512396ad45beb8b55f93b506b4ef268800e39391080f2e5254adc020d7409ab12e4361ec5a1f40c185ba935a3000d909c4c26aca8c0a0cbff0ce3bc51bc8945fe30
-
\Windows\Temp\{214ABFD3-7EC6-4A91-8F70-B58023411F9D}\.cr\vc_redist.x86.exeFilesize
632KB
MD529c7a21bae42889b08137c25aae8e55c
SHA1d5cd79ca094c60f64ef7d9069e24270cee24b4ea
SHA25682612a2fa05d62929833052ce76788b98701f0c19dca313923452afec44edec5
SHA512484ecdda526b95d0fd062a2b24be537dd6c5a5945441de250cbe2419b98041625505fa51202735cb6054db444dc1f4bbf0b0e51588500ab89d54d7addca5e2d6
-
\Windows\Temp\{3B9D4E2F-990C-4D67-B523-04BFD3A052B1}\.ba\wixstdba.dllFilesize
191KB
MD5eab9caf4277829abdf6223ec1efa0edd
SHA174862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA51245b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
memory/524-152-0x0000000000000000-mapping.dmp
-
memory/544-67-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmpFilesize
8KB
-
memory/668-150-0x0000000000000000-mapping.dmp
-
memory/764-223-0x0000000000000000-mapping.dmp
-
memory/764-269-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/764-270-0x0000000000270000-0x0000000000280000-memory.dmpFilesize
64KB
-
memory/768-70-0x0000000000000000-mapping.dmp
-
memory/768-218-0x0000000000000000-mapping.dmp
-
memory/772-191-0x0000000000000000-mapping.dmp
-
memory/772-213-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/772-204-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/772-203-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/840-154-0x0000000000000000-mapping.dmp
-
memory/980-158-0x0000000000000000-mapping.dmp
-
memory/1044-155-0x0000000000000000-mapping.dmp
-
memory/1176-189-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1176-166-0x0000000000000000-mapping.dmp
-
memory/1176-174-0x0000000071650000-0x0000000072045000-memory.dmpFilesize
10.0MB
-
memory/1176-181-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1176-175-0x0000000071650000-0x0000000072045000-memory.dmpFilesize
10.0MB
-
memory/1176-173-0x0000000071650000-0x0000000072045000-memory.dmpFilesize
10.0MB
-
memory/1176-172-0x0000000071650000-0x0000000072045000-memory.dmpFilesize
10.0MB
-
memory/1176-171-0x0000000071650000-0x0000000072045000-memory.dmpFilesize
10.0MB
-
memory/1252-83-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-113-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-116-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-127-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-114-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-128-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-112-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-125-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-126-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-110-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-57-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-58-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-109-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-59-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-60-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-108-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-107-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-118-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-106-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-104-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-105-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-103-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-120-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-99-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-119-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-100-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-122-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-102-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-123-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-130-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-115-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-61-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-124-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-98-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-54-0x0000000075091000-0x0000000075093000-memory.dmpFilesize
8KB
-
memory/1252-129-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-117-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-97-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-96-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-95-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-94-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-219-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-93-0x0000000071D70000-0x0000000072A4D000-memory.dmpFilesize
12.9MB
-
memory/1252-92-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1252-90-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-89-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-88-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-87-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-86-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-85-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-62-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-84-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-82-0x0000000072A50000-0x000000007372D000-memory.dmpFilesize
12.9MB
-
memory/1252-63-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-64-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1252-65-0x00000000739F0000-0x00000000746CD000-memory.dmpFilesize
12.9MB
-
memory/1288-271-0x0000000000290000-0x00000000002A0000-memory.dmpFilesize
64KB
-
memory/1288-244-0x0000000077320000-0x00000000774A0000-memory.dmpFilesize
1.5MB
-
memory/1288-276-0x0000000001D00000-0x0000000001D0A000-memory.dmpFilesize
40KB
-
memory/1288-275-0x0000000001D00000-0x0000000001D0A000-memory.dmpFilesize
40KB
-
memory/1288-274-0x0000000000290000-0x00000000002A0000-memory.dmpFilesize
64KB
-
memory/1288-273-0x0000000001D00000-0x0000000001D0A000-memory.dmpFilesize
40KB
-
memory/1288-272-0x0000000001D00000-0x0000000001D0A000-memory.dmpFilesize
40KB
-
memory/1352-161-0x0000000000000000-mapping.dmp
-
memory/1364-142-0x0000000000000000-mapping.dmp
-
memory/1532-80-0x0000000073DD1000-0x0000000073DD3000-memory.dmpFilesize
8KB
-
memory/1532-75-0x0000000000000000-mapping.dmp
-
memory/1636-137-0x0000000000000000-mapping.dmp
-
memory/1792-133-0x0000000000000000-mapping.dmp
-
memory/1880-157-0x0000000000000000-mapping.dmp
-
memory/1984-160-0x0000000000000000-mapping.dmp