4c80c0a0d3c211c3aa52b734b4ccb40d50bd0d14b0364fd1160c0c4887df9cf1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jkas.exe
Size

731KB
MD5

724841114acf0bbde3a70c4a7cb54bcc
SHA1

1d298b3bf3b2d0c4ccd0615597ba9510e8f180c7
SHA256

4c80c0a0d3c211c3aa52b734b4ccb40d50bd0d14b0364fd1160c0c4887df9cf1
SHA512

cfd0494247c5dd11dbd9852c54131e90f5a4bf7ee1097c7a8be70bf958eb497c31d94c80ba8759e798c408704d9c89bc606b341af1dafec1d3941d29dba82d90
SSDEEP

6144:P3BBCqxV6VsgHTQer7CZ1wwE5P4j8P6pfnFczW0AQxe2gHcb998g4iBCXtzrf78f:P3+A6hXqamQP6pfFCGVu8g4sCXtzr7O

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3463) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	jkas.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	RansomBy Lilteca.exe

Executes dropped EXE 2 IoCs

pid	Process
4792	RansomBy Lilteca.exe
4424	svcran.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File created	F:\$RECYCLE.BIN\S-1-5-21-3027552071-446050021-1254071215-1000\desktop.ini	svcran.exe
File created	C:\$Recycle.Bin\S-1-5-21-3027552071-446050021-1254071215-1000\desktop.ini	svcran.exe
File created	C:\Program Files\desktop.ini	svcran.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Back.jpg"	RansomBy Lilteca.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms	svcran.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll	svcran.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms	svcran.exe
File created	C:\Program Files\desktop.ini	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\wsdetect.dll	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms	svcran.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	svcran.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms	svcran.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll	svcran.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll	svcran.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	svcran.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar	svcran.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms	svcran.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms	svcran.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\LICENSE	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\master_preferences	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-compat.xml	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml	svcran.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	svcran.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF	svcran.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\RansomBy Lilteca.exe	jkas.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 6 IoCs

evasion

pid	Process
3052	taskkill.exe
1008	taskkill.exe
3728	taskkill.exe
2340	taskkill.exe
4228	taskkill.exe
2624	taskkill.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4712	powershell.exe
4712	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4712	powershell.exe
Token: SeDebugPrivilege	3728	taskkill.exe
Token: SeDebugPrivilege	1008	taskkill.exe
Token: SeDebugPrivilege	2340	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	4228	taskkill.exe
Token: SeDebugPrivilege	3052	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4792	RansomBy Lilteca.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 4712	1212	jkas.exe	86
PID 1212 wrote to memory of 4712	1212	jkas.exe	86
PID 1212 wrote to memory of 4712	1212	jkas.exe	86
PID 1212 wrote to memory of 4792	1212	jkas.exe	88
PID 1212 wrote to memory of 4792	1212	jkas.exe	88
PID 1212 wrote to memory of 4792	1212	jkas.exe	88
PID 4792 wrote to memory of 1008	4792	RansomBy Lilteca.exe	90
PID 4792 wrote to memory of 1008	4792	RansomBy Lilteca.exe	90
PID 4792 wrote to memory of 1008	4792	RansomBy Lilteca.exe	90
PID 4792 wrote to memory of 3052	4792	RansomBy Lilteca.exe	101
PID 4792 wrote to memory of 3052	4792	RansomBy Lilteca.exe	101
PID 4792 wrote to memory of 3052	4792	RansomBy Lilteca.exe	101
PID 4792 wrote to memory of 2624	4792	RansomBy Lilteca.exe	100
PID 4792 wrote to memory of 2624	4792	RansomBy Lilteca.exe	100
PID 4792 wrote to memory of 2624	4792	RansomBy Lilteca.exe	100
PID 4792 wrote to memory of 4228	4792	RansomBy Lilteca.exe	99
PID 4792 wrote to memory of 4228	4792	RansomBy Lilteca.exe	99
PID 4792 wrote to memory of 4228	4792	RansomBy Lilteca.exe	99
PID 4792 wrote to memory of 2340	4792	RansomBy Lilteca.exe	98
PID 4792 wrote to memory of 2340	4792	RansomBy Lilteca.exe	98
PID 4792 wrote to memory of 2340	4792	RansomBy Lilteca.exe	98
PID 4792 wrote to memory of 3728	4792	RansomBy Lilteca.exe	97
PID 4792 wrote to memory of 3728	4792	RansomBy Lilteca.exe	97
PID 4792 wrote to memory of 3728	4792	RansomBy Lilteca.exe	97
PID 4792 wrote to memory of 4424	4792	RansomBy Lilteca.exe	102
PID 4792 wrote to memory of 4424	4792	RansomBy Lilteca.exe	102
PID 4792 wrote to memory of 4424	4792	RansomBy Lilteca.exe	102

C:\Users\Admin\AppData\Local\Temp\jkas.exe
"C:\Users\Admin\AppData\Local\Temp\jkas.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHkAZwBjACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGcAYgBsACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHgAcwB1ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHAAYwBoACMAPgA="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4712
- C:\Windows\RansomBy Lilteca.exe
  "C:\Windows\RansomBy Lilteca.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM mysqld.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM sqlwriter.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM sqlserver.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4228
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM MSExchange
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM Microsoft.Exchange
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3052
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svcran.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svcran.exe"
    3⤵
    - Executes dropped EXE
    - Drops desktop.ini file(s)
    - Drops file in Program Files directory
    PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl

Filesize
5KB

MD5
9e7f18fc6ca905ebb4d7704df1e05226

SHA1
1599332601f4ce6de3489ad68fb7e98b36d82f8b

SHA256
1b8a2b393a7960ba783f5f6f03ed1f921498233748317bb9cbd5e3382cfcb0a7

SHA512
09f8b3784f343f42fbe3a5dc16590ad26b78f574cf373706a050d6ead4b852da5fc51df9e1e7e27ac1c51c524b9b8fed85cc0b7f921ac1e85616e9733b36aedf

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\msvcr100.dll

Filesize
809KB

MD5
109b99be3e7edfc961e3f42df79fabde

SHA1
aa67445d14027e9e8b24d261e58f2708a8332fde

SHA256
26c129408868765842a31acc382eb2f6e03bc8925de9ea5e90fb13774e36a52f

SHA512
85db27117cf2b8135d6e0f28404db0b1c078692585bfd14568eb7932acedf91c723e99d217494b01a265a051bce88dd7c3ac2787ae3a5d061f80aa1d6556c569

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
a7e45359ff10d8877174ff1cb7dc4672

SHA1
dd984e2c25d4e906ee68e7b1da27c3fd6d43ad2d

SHA256
8a5362b5ce103e1277ec02639dca7e0ae3cd11284f970066b1e5a6f37946465c

SHA512
cf5be570985502a4ff84c73e0f502a79e93cdb7d48b7429ce5e236229662408cc8825d37ee69e4a156a3fc3f05caf505833b37544100be7a1951622ce539219e

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
52faebac477a750fdaf1e13b828c3566

SHA1
77ab345335d2185c7dc78335d808450701428a40

SHA256
ddae563f7ec5881aead33430706cb04ab49530d061ead4ccf2a89fcc727bd480

SHA512
5299553785111a807f844e7be33e853171044c0340e38e4cc72961030223bcbb3aa9005775813b05999305e1ea3a3df60b0327b768244bf27154759fdabd9c02

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
9b7c88a880e36737e5cff30c21be7509

SHA1
94c10c22206363a9a13dc0440b3e9ddd81c71d1a

SHA256
ee078baead40ce74657a9486dee53683ea45c70b818d8b82c9fbc4590ba2a26f

SHA512
c675efbd25f52946091e6e389deb90295b4e18c5673ff225a6085db52639ed6fde331898f5e909f3b3d0f2030cacd269b069f774606af32b85206509ad97350d

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

Filesize
64B

MD5
7d5da8556f599fe5a93fc8e9036f8e80

SHA1
97b97297fa649981ca431990f10010f6a4ed331f

SHA256
67626661efe72635f49950ae08ab6833615e7ece943c6c72723c82d5114c83ac

SHA512
1b50add7f7638a5885352c2fcef9456f6062a979cfafb05aa9a8e8ea82f590a5d95ed9f1ec6531c1a660980cc3ed297b75e6d5dd88109016fa801897e5f8f408

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
8e8bc073ca0f3165864208cbacd62d74

SHA1
c0315cd9c9f9ba8dc6ffa69bac44f88f8deb9347

SHA256
4a0bfc281676e95b7de7ec763c333b9f549f8a8fd0d4ed58a816255d8e797d04

SHA512
7236063496988c70e79f173ad436e9626f7ec997e1cb4cf8a45d9d0aca1d2fd5b39bbf6adbfa1172820f164b587d0fd8809837e97709f3dd4cf352e810535222

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
8d785cbffc8e88561c4d0e955fbe5d30

SHA1
ecfcb5400780183ea613a67a36cf64643ff5e601

SHA256
8daa9799f1292c4496d1b3da26ce4ef67bff387abf817a6152dc2423e33f5e61

SHA512
e205f9e5699829a096732ab344f0d20a17d79803c379933ae5459a288bb3312e6a92874f1cccd4ecf6396511c7e4d7311627598a1944c927ff8447ab1b6a4253

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
2d9553c716acc5c39465e5b72311cde3

SHA1
44171f84ef61778fadf53a2425657eb385213a4b

SHA256
4f6096f07ab8c94363a5d1aa0ee27402ca0e1090fb1bc1be58a0a9e21115ab07

SHA512
9024a7d6e2d62f62adc27ad752bf66f11f736470f4cf269a0d8c42aa2dd18fb6af11f335b50fe2dbff74b20f3c0d20234c3ea82262e74bbe4a9dbc3f33580c8a

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

Filesize
144B

MD5
73dc86c7908755f05c4835b05d9fcd7c

SHA1
e10d764d094c4861aeb57e536a3050b5acb3d15f

SHA256
564c35e4d808934791adb62b1a5a35e58758c124a79be32a694a41b4b5382ebe

SHA512
80e17ab6db475174bf7d556f3c0f0fbd67e7cb49d6100eb2d91b5875f50ff6340ed4d20e11c2163f27da204aaf3655c6e9ec05376620721a20c2ce68bb9b3f38

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\.lastModified

Filesize
16B

MD5
b465c7d229d2882d195efcaafe88b974

SHA1
eb867fe3ca9111ce4d22d96bb872472cc505bc32

SHA256
a427d11417f20e831e94187f39a2c93d0a8317d221bf00145ec66dd0cfc532e5

SHA512
96f789f64337e9bd23eaa70eb5432ae5affb66ed72db9d49a32e926d70a7f25d9721ae51e9855879044bf57099fa7c891c95955b18866a695a5d5d917d046730

Download Submit
C:\Program Files\Java\jre1.8.0_66\COPYRIGHT

Filesize
3KB

MD5
bc61c1905414dfc851289e735620282c

SHA1
8404ff9403819fa9e372904e5e39b144c8bc03b3

SHA256
b25316d18ffbf577454a134998e2e890ee49cc028ce927ef37c6a1064ca34fb0

SHA512
1027aa40ef0fe92baf706c4cdc1b6173df8f6fadf27b96e48ab12bda644f7d65ad945b9967e07dd5ddd94feec3f602fb475e1b243a1fed6c7205464171a02302

Download Submit
C:\Program Files\Java\jre1.8.0_66\LICENSE

Filesize
48B

MD5
d98c66118705104101c90d08694d72e4

SHA1
6e7e2d1cea6df7384eaf08bb70a10f51be12929c

SHA256
16741a25a48c828d8c9b1b22e2df2231f74b1560632bd9ed5880d6849977b861

SHA512
bfaff7f4944473356f5d421d4e7f359b4c21e685681d08494bb2cb7fbabbb7cae372026a24d311b0b0e35c05133b9f145efa0e331e62cd320a2ec32d8a608696

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
107KB

MD5
fbbe1b04a91730dc85aaba67a73c27df

SHA1
42a7108508e720b3acf89063e776126beb2889e9

SHA256
a69ccf69be6a845655bad1dded96f7dc7f9631bc7afb9eec5d8b76602757cf75

SHA512
6b7ed9bdd56d48424bb95771b3d80c4be0a6136a9e6aa35486797395450db85d7895788efedd35aeb551be3688da36877f0d31237751c88e548ee8e94db62cd2

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a36215d98e6bf1a824facc1739a35e19

SHA1
fd142e4134c194a26cf6a7d23c2995d47844f74f

SHA256
2a322cb651827533e34fb4406b3e426e17608fdee46d8c88430c34b2f2c57222

SHA512
857712b36fe7c3de290b12e916f8128dc5b2b111335d7972b485fd51d96f5933027ec8e1886ee9e6a5fd8c3a5acb799112e29ab3e7bb5b0d6580a110e0220f03

Download Submit
C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_HK.properties.exeSaherBlueEagle

Filesize
3KB

MD5
ddd4576937e445e54d912200b560942f

SHA1
d439793cc6fe4fc2334a808130535e65181dc9b9

SHA256
8e3b58bccdce90869e23c24a558c6641054302c1c99e72b965a78cda145a1686

SHA512
4b97ea6e1dd8bdd4431771f489d23cd6bf6534098a43bc1755516146d96fe06b73330c978e0c055f4d6ef4917cf8049d313567b6bc78858ce4fe671b08439175

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
199a848cbbd6cb5353340826fd163e67

SHA1
df7dd7ae2abe8ed9a467b846c1adcb06de7d5e80

SHA256
229ebee6f1ded52edd03be8f7892d0ca980ccbcdbceead0a3f5362521680ac01

SHA512
2a7bb5b824a2cbdeec71d818e7c2e859ef387a277832488f987073f8653c26e4ec1854e1d77cbb2e2438070521ef1b2762813a61020a10a970328d503e374601

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.exeSaherBlueEagle

Filesize
18KB

MD5
b449622129bbff81b25e067804da3aae

SHA1
9498d7f875f4235f9a2163bdd27bb59a59a977ad

SHA256
6e1797d2a381977ca29e926f73286ca92bc0defcb7df7e94fce8b976667cea3c

SHA512
c847b1370ba9236864fb4ce355a08335d088e3e6ed57baf964b802a64e61dff1021564a4f15f8cbfc5dfa80bcb551e9a1c80faa20b89fe1d2732c1a2fe6518b2

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
b2e10166637c9261a5608f2b5e25261c

SHA1
eefacef700d12c9121b9ab23514c60a0a05866da

SHA256
173f74a03a58e61dceb1aa98558a8caeff3d9ea3a597e5e4ff8b9a2f4f585214

SHA512
59d33f95bde6eca405f5cbe93318b6ecc90355ca0ca301cf9d6540865c26d131ca277ef5d4640ec19c463aaa1351dd4d2a8c2a3fbadfd4b31495a371c5735f71

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
a5582b071e839caf3405052b6a010965

SHA1
d861cbca82047a9b9650936b750c25a7e8ea0b23

SHA256
280ce1b4042834429a1837539ae35b919d39ce2b7b4317b4e7ab014906288f51

SHA512
33b833a4b3de18d84dde37baf92076319492441a76c70f32083924b883cf027b697bef05b61bee181e03ed76b1efe633ea03333b35e0289acfe2a14b336463d7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.exeSaherBlueEagle

Filesize
18KB

MD5
9622a00a9022fff4788eee7672242b9a

SHA1
34f94e9731a87b77c5e4339f17d588c1def94063

SHA256
ebce2dfafec754e8f032c93e7f9cb0581ca6bf1032d4385c523921fc0e91e19b

SHA512
9ab29770ee293cc2551303979c5ba22a737622636487531ae5f056a5aef8e2370a9f291bedb3087e657bc7bb58d235d82862151374a8ee362a7247e1618f7a86

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.exeSaherBlueEagle

Filesize
18KB

MD5
b8cedccab07503b181c78c4daeb77010

SHA1
baddc7c3956c64494430c6e6ede246efa415243e

SHA256
4f393533f1921fc7a72460dfa282d8ef3f7a712a594e989e011664ea8dafe134

SHA512
39c83e633bcd41b98760d7aa54e6d3d9a9943551e2e43de9ed5dc0ee1be03d82ede9fea0ed60566aeeed0b408af11c7e3463891c520cde5161c018a4bc7cd97f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll

Filesize
11KB

MD5
2db7c0a2377d76e2dd6f216c65394d4d

SHA1
38633d5d3e9fccb1f115fec0424303ec8618f974

SHA256
0dd56e15e33ab0d1060c8e97b662176ed572036e32885cf4c0da177962d15423

SHA512
c86ff956069ad40688c7e317b634acc22a997e0887aa859796d4885241e24776a1d7473a1f65568fa7a0b2efeb79959a767bbee27b619a873ead54a95f58679b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
24caa865c50c9027f2f6414fa5bee3bf

SHA1
c22affb855e86d1e652eb78cda6a395bdbe49dfd

SHA256
21f5f6f63545fa558cb15f6933a6b5d1604edb013601c6a6f2b241131616a21f

SHA512
0452406e4a0917d34535d6b532e8faa08d958739b989c6526583f225059c59ea48cf6b06c6bee0f6a78e761769d4ac1b3ce4778d5e6e2d23b1ce647103f117a9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
28b509da383bc01e81c6b0746349a5f0

SHA1
6f9890c8a8d60221920680ccf19fe7c60558a92c

SHA256
784ef138e08477c630ba8a474ce60ebff0d53c931750a244fc125a256e869c0f

SHA512
c10d1d8291fa08c623fe01b1a8dc26c56cd505e792043e13f318990780d5615d1802535911c92cfe166280cd5d45f5703c64b6e2ad04801be8178b460a5ea607

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
056ad82bef0e0ceff9f196ffdbef9372

SHA1
33cc8d0cf3b2228dfd5b13c74ec5d73579882dd2

SHA256
1c25a3a374f7beff292cc5e5e00a503c3020c8b3152fd6c0f68e224f5b47b753

SHA512
10e4ace255e5b1b90ccc62a9836d06ec5ebf3493ed860e9ccb34fde42b99e64d8179bf586b657f7887493ced4d1304ca1f75880dee04f2097867a5d8a00167ef

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
4db5cdfb201f64974796e7fbf380532b

SHA1
91339cd544aaec496ad4981bedb8dd396a595cad

SHA256
843dddb34499c8e0e96f92756f9923c96616adec3c077c567b7e30fa81c8e08d

SHA512
53c19448a6b5262d87a36edb197afeb423959bc6031a15a06338027f2a5c36791d979ed94df67c1d8a31f9a2b8e462f7f59247ad3433746437d9260884eb3eb8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
cd5ef89456082b96a58dd035dd0ef296

SHA1
aa0912cb8642292d7e1b1d79a232b7baf8de4f30

SHA256
e0a838ff055ff422e468750796c48ca4a34ec41e5690f8e8793663cb51006774

SHA512
cd368a9bc770feec06ecc50ae54e3b63d8af359e7ddf467b6b09c8c06c2dd5dcf5422b1ce903815c0f3d27f6271a46f386f782fcafa7a0ce7ce97fd19939c74e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.exeSaherBlueEagle

Filesize
18KB

MD5
9356d54a4f964f55444de5fcd061dad3

SHA1
50d343759455bcbf57109463cc7276c9c0e22057

SHA256
0e8d2b1e833425d39a1b808fe15ac0a128b3746428bedc14e5dfcf7a04c54a79

SHA512
0adb460b90428a939ec3581661cff1ff9ebecf62bad40c9e2db91ce0c1780685c9caa88c76c8569830fa273926a537285772e153d15561fcd47de6faf7f0de80

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.exeSaherBlueEagle

Filesize
27KB

MD5
b3daa6ebedb1e2e8c224c1d2da81fc36

SHA1
c5b8a336b30c92d6989403081ea7d1e19c73df2e

SHA256
6b5e6053176393822e4a8ccd5de5501f617fb02feb2b9241332ca81a97004c1b

SHA512
52a684a88fb4218b2559b594254a7710522fe474a7e6fd8e8dcae9f5531881d5fda8b129e5ee2a1f4d6f17cc602eb7948b0a203ce35796967f4662a86ce0cc0e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
5f4044a044fb9d167c1f01f7a7c0bfae

SHA1
c80f1034c6bc70b83f664ed61885852348a491c5

SHA256
79247e2759e3d48c51b99f0f1a5ec52dcbc7513c6bdd0a75f1f21ab9a6675a14

SHA512
da57a9f788f1b0ebe42f8c4b5579cfb2d25828eaf976fbbb0d95e3127573aac4ca0d5921d399304b2091bf2d298d0c6272cb63ad68273b735803457bc87b6608

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll

Filesize
69KB

MD5
11ed8dc30ae92f802a66fc52ff7c2036

SHA1
4b00a067f0d5f5fbec197f1a26c78726353a5ba1

SHA256
d07c391e734624be82fae60293d9c13e12ee0e22f9a39d6edcab3afb8c7203f2

SHA512
8fc98d7db4387b13113888122a92e4945328987873a901546ccaa4441faceefbdc43cedaf9d4389ff58bb9c65029b0cff59519c9c7f1e2b182a8ed04d2825b15

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
c4e7302851ff7f9d81249fc51a399ef8

SHA1
09c719ef74eff76d5a61f5de4a042698522fef1e

SHA256
3ac8475b018753129a5e759bd106a6c8121edac132bced19da62f367a8aded83

SHA512
898e8e97778097949278dbee70328fc7cf6027f58ca37e00e6c9d298e8a79d5938d34c65611e3b4c27fe9322fa870e9c05cbcdb904241c1827dc66ac93d8d187

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
97836ca79ba86d4091975dc13c4c01bc

SHA1
caf4272bfd08e499a7167a4fa64d05a8dcfffd75

SHA256
8ad316aff6981645be1a85afb882664ac82ff3bd31b7dc87c5aeda771718daa9

SHA512
42269b2d738a3179033c48601406a1c4f04498c85c95cb0828540ad2938687c02c7139eb77e7be1c562ba5b4d565407fa202d0c38cf5416eb906e1b88fc1c359

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.exeSaherBlueEagle

Filesize
24KB

MD5
9807ae6a46af26afdf9101dfc36da93c

SHA1
904119016692401d71924c2f294df64c6f2b9736

SHA256
eea7f08fb1942d84c487fe1fe3f11c69cd4f1e633506a5fbc55c1ea5235de5f6

SHA512
1fcff3ab72c33c1190de38c815e2ecfd4074af7accae5764c293be900b4578031dfbc39a6e2d9076d77f88d70fdf79388f42997a6ae2fefefb84330404202817

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
20c62c3999c944823836f64acce1a426

SHA1
90176f4df7bfdf3320f85e770023410fc132e97e

SHA256
e4902679aa2832e8812137aca612a4ccbdd342303e56baf83fe5df3ff87eea35

SHA512
cba0863d29f4afaa8e29eda050784561af8b664ddbac0d1246debb90966bb17ab4a6ebf787d1edb13dc63519694ae87e5bc5b04f25599eb88a8399dba87f2358

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
4197e9ad246931bf567e4a2ea531e865

SHA1
b6630aa45c323f87be276ae03890f10bba481341

SHA256
4bbb681d78d2eee3ca0f2f9474d0d451682151be5b6345fb6d720e6d3d1a3921

SHA512
6edd8c90703399f98b9ffd76b4479ac6ba9933719752e17a3c6143c974aa5f0308b27c74c79ee66306b665529f82ebeb713a3dfdf0eb7a13da88f41451d74272

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
2dd7d11c8a24f6d8bb33254d3a20c6c6

SHA1
6151229f5ebe3c26bdb8f2a3ab23ef6aa501f498

SHA256
0189d4185397ad7c7255990094374cfac7505e8f20c5691cec11e1051ca6825d

SHA512
388613acd247daa1ef477f74c1174357802a580321ca4ccd42b264e8e414f0aa58895a68e1d5237662ae8e25073b818e85e41d12c275da91cb9c3d0e15ece743

Download Submit
C:\Program Files\Microsoft Office\root\Office16\concrt140.dll

Filesize
324KB

MD5
15c8627d8e1eccd892b84f67127018aa

SHA1
c58884828ad80f3785cd9a6f7fdcac43a648e161

SHA256
d6115b230ed06075b9a3ddd65473fa0d26ebd20149648f2145ca0d562753342d

SHA512
e140d8c985df9b5927f2a5188db05abe470eb316744512189366abb8390b74c1ed16b5396178ee2b2f566e16d80b811c22350f3eb49c80a19cb5b0a481c4c132

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ayyaxvl5.b5u.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svcran.exe

Filesize
83KB

MD5
baaed72fac342c09f9bd3e55beedd048

SHA1
80f36401a2f2c791e801ed072e12dc37d830daed

SHA256
66895e31ed416fb679bd81667da49b62c30b78344db21f86bb68a7b4bc24b795

SHA512
91b3968eb5710dda149e18219690433530a5d1e6b067cff0fe48fb64a250233f87b7de3539d379454df567d40f97d9ef1a56d4e5a9c310c9ae94fcd72370047d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svcran.exe

Filesize
83KB

MD5
baaed72fac342c09f9bd3e55beedd048

SHA1
80f36401a2f2c791e801ed072e12dc37d830daed

SHA256
66895e31ed416fb679bd81667da49b62c30b78344db21f86bb68a7b4bc24b795

SHA512
91b3968eb5710dda149e18219690433530a5d1e6b067cff0fe48fb64a250233f87b7de3539d379454df567d40f97d9ef1a56d4e5a9c310c9ae94fcd72370047d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svcran.exe

Filesize
83KB

MD5
baaed72fac342c09f9bd3e55beedd048

SHA1
80f36401a2f2c791e801ed072e12dc37d830daed

SHA256
66895e31ed416fb679bd81667da49b62c30b78344db21f86bb68a7b4bc24b795

SHA512
91b3968eb5710dda149e18219690433530a5d1e6b067cff0fe48fb64a250233f87b7de3539d379454df567d40f97d9ef1a56d4e5a9c310c9ae94fcd72370047d

Download Submit
C:\Windows\RansomBy Lilteca.exe

Filesize
726KB

MD5
6fd647d78d9af5b5e25a3a2b4fcf58cd

SHA1
9db70b728aeea2b604eea6fe365a4bffd6bed776

SHA256
01db6baa97f0452eb0bd17244f3b3081129c276d5e4d38a830973b6dbb0f9568

SHA512
cb5f2cc5514a9adc2d45128caf586588cb681eb284610e94db7f741fa726bf109813a1522ba09e4432d9b1b1a1a9216670c9a72072268e84526dbb1768c34c55

Download Submit
C:\Windows\RansomBy Lilteca.exe

Filesize
726KB

MD5
6fd647d78d9af5b5e25a3a2b4fcf58cd

SHA1
9db70b728aeea2b604eea6fe365a4bffd6bed776

SHA256
01db6baa97f0452eb0bd17244f3b3081129c276d5e4d38a830973b6dbb0f9568

SHA512
cb5f2cc5514a9adc2d45128caf586588cb681eb284610e94db7f741fa726bf109813a1522ba09e4432d9b1b1a1a9216670c9a72072268e84526dbb1768c34c55

Download Submit
C:\Windows\RansomBy Lilteca.exe

Filesize
726KB

MD5
6fd647d78d9af5b5e25a3a2b4fcf58cd

SHA1
9db70b728aeea2b604eea6fe365a4bffd6bed776

SHA256
01db6baa97f0452eb0bd17244f3b3081129c276d5e4d38a830973b6dbb0f9568

SHA512
cb5f2cc5514a9adc2d45128caf586588cb681eb284610e94db7f741fa726bf109813a1522ba09e4432d9b1b1a1a9216670c9a72072268e84526dbb1768c34c55

Download Submit
memory/4424-56-0x0000000074B60000-0x0000000075111000-memory.dmp

Filesize
5.7MB

Download
memory/4424-55-0x00000000017D0000-0x00000000017E0000-memory.dmp

Filesize
64KB

Download
memory/4424-508-0x0000000074B60000-0x0000000075111000-memory.dmp

Filesize
5.7MB

Download
memory/4424-509-0x00000000017D0000-0x00000000017E0000-memory.dmp

Filesize
64KB

Download
memory/4424-54-0x0000000074B60000-0x0000000075111000-memory.dmp

Filesize
5.7MB

Download
memory/4712-31-0x0000000005B70000-0x0000000005EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-40-0x00000000049E0000-0x00000000049F0000-memory.dmp

Filesize
64KB

Download
memory/4712-112-0x0000000007570000-0x0000000007606000-memory.dmp

Filesize
600KB

Download
memory/4712-108-0x0000000074330000-0x0000000074AE0000-memory.dmp

Filesize
7.7MB

Download
memory/4712-110-0x00000000049E0000-0x00000000049F0000-memory.dmp

Filesize
64KB

Download
memory/4712-107-0x0000000007350000-0x000000000735A000-memory.dmp

Filesize
40KB

Download
memory/4712-93-0x0000000007920000-0x0000000007F9A000-memory.dmp

Filesize
6.5MB

Download
memory/4712-96-0x00000000072E0000-0x00000000072FA000-memory.dmp

Filesize
104KB

Download
memory/4712-60-0x0000000006570000-0x00000000065A2000-memory.dmp

Filesize
200KB

Download
memory/4712-82-0x0000000007190000-0x0000000007233000-memory.dmp

Filesize
652KB

Download
memory/4712-66-0x000000006E7C0000-0x000000006E80C000-memory.dmp

Filesize
304KB

Download
memory/4712-77-0x0000000006550000-0x000000000656E000-memory.dmp

Filesize
120KB

Download
memory/4712-67-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/4712-167-0x0000000007610000-0x000000000762A000-memory.dmp

Filesize
104KB

Download
memory/4712-172-0x0000000007560000-0x0000000007568000-memory.dmp

Filesize
32KB

Download
memory/4712-141-0x0000000007520000-0x000000000752E000-memory.dmp

Filesize
56KB

Download
memory/4712-12-0x00000000049F0000-0x0000000004A26000-memory.dmp

Filesize
216KB

Download
memory/4712-15-0x0000000074330000-0x0000000074AE0000-memory.dmp

Filesize
7.7MB

Download
memory/4712-207-0x0000000074330000-0x0000000074AE0000-memory.dmp

Filesize
7.7MB

Download
memory/4712-117-0x00000000074E0000-0x00000000074F1000-memory.dmp

Filesize
68KB

Download
memory/4712-14-0x0000000005060000-0x0000000005688000-memory.dmp

Filesize
6.2MB

Download
memory/4712-16-0x00000000049E0000-0x00000000049F0000-memory.dmp

Filesize
64KB

Download
memory/4712-33-0x0000000005FF0000-0x000000000603C000-memory.dmp

Filesize
304KB

Download
memory/4712-32-0x0000000005FB0000-0x0000000005FCE000-memory.dmp

Filesize
120KB

Download
memory/4712-150-0x0000000007530000-0x0000000007544000-memory.dmp

Filesize
80KB

Download
memory/4712-26-0x00000000059A0000-0x0000000005A06000-memory.dmp

Filesize
408KB

Download
memory/4712-25-0x00000000058C0000-0x0000000005926000-memory.dmp

Filesize
408KB

Download
memory/4712-19-0x0000000005820000-0x0000000005842000-memory.dmp

Filesize
136KB

Download
memory/4712-18-0x00000000049E0000-0x00000000049F0000-memory.dmp

Filesize
64KB

Download
memory/4792-17-0x00000000012B0000-0x00000000012C0000-memory.dmp

Filesize
64KB

Download
memory/4792-34-0x00000000012B0000-0x00000000012C0000-memory.dmp

Filesize
64KB

Download
memory/4792-35-0x00000000012B0000-0x00000000012C0000-memory.dmp

Filesize
64KB

Download
memory/4792-252-0x00000000012B0000-0x00000000012C0000-memory.dmp

Filesize
64KB

Download
memory/4792-13-0x0000000074B60000-0x0000000075111000-memory.dmp

Filesize
5.7MB

Download
memory/4792-427-0x00000000012B0000-0x00000000012C0000-memory.dmp

Filesize
64KB

Download
memory/4792-11-0x0000000074B60000-0x0000000075111000-memory.dmp

Filesize
5.7MB

Download
memory/4792-132-0x00000000012B0000-0x00000000012C0000-memory.dmp

Filesize
64KB

Download
memory/4792-63-0x0000000074B60000-0x0000000075111000-memory.dmp

Filesize
5.7MB

Download