fantom | 7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

Analysis

max time kernel
210s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
09-11-2023 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware spyware stealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>OdP4i534WzOy0wWNst7txJw+a63UT3/J5wYrZgArNFKa/JJR+ENHT9Btyik5SrV/kT1IWjskqmfSkZNEbHEmOAlvL6bdwDrx7LyKRxbp3gcTLXFunjFVr2CH89zNZ4U6Wyng4zxqol/WXLD1b3n9FEaePsioVP7W541t2uQL7+tG2iJMNSa+Qe+JtaSgiq9VOMriSuTKdFizluZM6uNCHVxkoquCtb5lnrcrILesxzOkaos0alHNgVwEgHQanx7uJCaWCBFZjnaKKbgrNHprL2TgQWNq0fXFD1VQ4URKPDnp4GTKdeiTHvgbMB7itEeRK8OjdAFldTEFNfH5qVSwkA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (2446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Executes dropped EXE 1 IoCs

pid	Process
2008	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
2096	Fantom.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png	Fantom.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar	Fantom.exe
File created	C:\Program Files\Windows Journal\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png	Fantom.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImage.jpg	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml	Fantom.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Clarity.thmx	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue.css	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right.gif	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Teal.css	Fantom.exe
File opened for modification	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml	Fantom.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png	Fantom.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Common Files\System\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png	Fantom.exe
File created	C:\Program Files (x86)\Google\Update\Offline\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\form_edit.js	Fantom.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	Fantom.exe
File opened for modification	C:\Windows\PFRO.log	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2096	Fantom.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2096	Fantom.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2008	2096	Fantom.exe	30
PID 2096 wrote to memory of 2008	2096	Fantom.exe	30
PID 2096 wrote to memory of 2008	2096	Fantom.exe	30
PID 2096 wrote to memory of 2008	2096	Fantom.exe	30

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
c9c9cb9466751ec1b9a7e11b4305c599

SHA1
e65e917fdabd3142c9ada5f02751466adfd703ed

SHA256
10203e5b67dc7c77fc289e1eb9c8207e41cafa0d237a9058d0d67dd981afbdd8

SHA512
393cd74837c65f5ddc7a08c15763a022f399facb96bc2c0a22014bc72b189654fdceafd5dfc7e657386af2847d5ee3db663f59673b2b21a66cf9e66beb220d94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
352B

MD5
c8ca0d87b422443691403b62fa96e738

SHA1
ac8c29970ba84af64896f2d13ddd7d4cb143d9ae

SHA256
35bcf782b61ca2256ad71f35a2437007ca362d94019e7ddf3f290c87b55455d5

SHA512
1b38e3624fe084270cb9f56c81902f3f107dc4e9044e65592fbea67d34281873ab701ef663d83e3c3514177ec2e1a3273a214b8d6c07542d374f46b3dc53f2a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
224B

MD5
de11ab1e8568e7bbac74185a930916fd

SHA1
80988c3dd5095b5cb1aedc6207afeffc8749a5fe

SHA256
eb75033a3a2980acd1705ccc079359d1337569f0731a6c9d2545952f0523d639

SHA512
0129f492f444b950975f54c9bf7930c79060eece10778965ba0a9403bb7d31ead73e52b18710559aeb33ede43f36adc66454ba5f0ec8afbb941e15e08ba4a888

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
6ca2426c1036adb9bb621cbb9da51943

SHA1
2b6fa07d172d880576c3e3db2c9bdd66ea5ab08c

SHA256
7cdede813f2773e7c5d8b54392e05961222c1dbfea446f3495ea31f1b811802e

SHA512
9c9f34fed47e2ed7b1089ce7a4aff1c371da0b91e4f256458f440a9318e54b6655fe48fb092ba312b13b262cb17b89e0637c7dd45d690ba5f64ebaa379e8bced

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
f4e5522578fb4a500b1bccab5981e0ea

SHA1
1465fcae053fe2b1ed8d652ef4c52f605b8d7733

SHA256
1707b7bbc453516f0a201e6e7dce32fed61de37faea68af34a4c2367b2be11e0

SHA512
f0bf514cf7eaa32f07c181ed7f933081b856b45fb789336dea13b7eb1f988e8206df41be1327c2e813acfbba3cc6a6091e95fbe71a055644835696865c91e2bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
09c2b559b0ea74b44d9d0bc5ca6a4de0

SHA1
5ad11cf1dd588ddd0bfe2061931bcd949bcdd5bb

SHA256
1666fa80eb5e8e1a4e268f9272092aba4bc99c9bddd2611c1b0c3f29b3e1da43

SHA512
a7049b1154c1d4132dadbda403ae66747c155d2e29517c6af1822b6e0e6b5a10d741aaa8e56cb9e55b8acc96351cff77bda02003f825c967cd9305be3ceadbc4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
31ab96f1d114e9ab5069e03552114fa3

SHA1
3027d8b2c79fe9e61409cdcdd9266b28f5fd6e9e

SHA256
588a27748eb785ee6b665d1771d4bf13fa14dbebd342830c9aa1b8c93a9a10d3

SHA512
16b63cf6541b5bef8400d11b7504075421586c2bf2bef3e2a12c7d63baf8b7b2b9e2031bc9d40a73bfd61cb320019ad3bb7b8c74100001e8886bcd9d5e0d320a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
112B

MD5
b55ebd55913489c49600c9d31a416ae9

SHA1
747db5181cb7cc4a2b7361b50d94aa844206ca77

SHA256
d34009ac77cccc91bf06eca6c049c318e0732fc721bda5e066b2dda21d0116f0

SHA512
214b42c4087e7b8e34ed10e4914c9edef978810982c6020d27212c7ccc54be34267b7c5d1c9cc78534d06ae0e18edff3e4814fb6a911cf75020d805286df55c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
b364c79741ed8a3a3b90590d967e1354

SHA1
cdbad6015a0f95ba963aac603316f70d45e64641

SHA256
24bec6f57bb64baee592f4c49f32d1d3bb6bf9632474cee6daaab37c4a109d37

SHA512
52ce899812c687b3be8d9bc78a465d5d37bb995bcad12bf104f10bf90470c65b221045d7ecd0630baa63ecf90b073cd37c03e0777240c2d2a25b014660936254

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
7a0a9b15645c3b7ca8870b76b1051910

SHA1
05b3b78e624d94c7e7ce0613d09344f5c06c201c

SHA256
26f9162bc8df1e7f380d285419d89af0ba44ce8c4f44196afd1fc87831d81941

SHA512
9973b283544d5176af319d85d4bc6adc53e9cc0562384cf35cb56e3b7cd599ce743f3bfb09825214f80043b91a9b2f3aa3bab43fbd050e8cd8b3b941a28cb9bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
652892c22979dac2cf9483f54589ea8e

SHA1
4293bf530983e4819ea1578a4426e04aff4d9f6a

SHA256
5874e724537e2e7ed6be250e9ffbb2baa02915f6439acfbf5a72f04b1a270221

SHA512
e01d8111157982e20bec87c38a319fff41f0684f4dbec441609f326a7269eac7bfe07bd9081c0564e96988d6c6cf570e145223c0a0fe1292974b8357cd34b987

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
83c4def02607f6f4a4ef3e3f6c25554b

SHA1
b693c035a1e2c9c4749ea970c8cea57ebeb3c7c9

SHA256
c92ad5bd84e4e4318507fbdf6cd7d8cdeaf923e21c22cae80cd9156238a0c53a

SHA512
1c35189319d3343fde3f036e4453d024b5d182cb0726aa23c876938fbebae887501755cca1864e6af9bb73fb144c26fab673a03ff067c9d17e4a7b2cb75ac662

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.fantom

Filesize
6KB

MD5
23f6fdb967a339a462b9afff0528d9a3

SHA1
08b3e2c3749ace20dbd7de9befec2e8c12e70a20

SHA256
f1a228a5aa8238c5fad48449e855adf76b91d3b3b3bf1459891d2ce5c056cfc9

SHA512
514d352c2e709c92f507a3953e20b344dda0f8fb1f6607919a6b1f9b1eb4770deb36562e9623aed161a94a6dacbab8d5fda58d93119b039f942dbb9d31b7de42

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
afc9abb01b3d08709ff463b13e708183

SHA1
6d395e3ae7f171aeca6841cb2189b78e68b0b5a8

SHA256
b311bf6071c89f3f0b3983955a50ec321e6ce35ee0927a0837f9f1a9e17ae3ac

SHA512
e314c52b5f8ea43c2a1e4a9f71234a1bc88db546334187fa045d05fb5f807cba5cc968121db8be723c5a597a0f0112f8584b08c6505ef4d33e374bef0943ed10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
481983e9af385b7113eeeca9c715a502

SHA1
9c058f106e7df8fc5eecbdc335c1c16216a49fac

SHA256
1eef549a74de34668597442f68adcb773bfd960fd74ff239e69d1515eb49bac8

SHA512
d4ef13fc3ca4cd13a69599fc424f52ea9c116ef8d0df9e774916ab3a8a97d68625070817cf93ea2c13553fa6ccad0fec9c260992dbeae39da02f7ad0ad44b76d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
042787b70c27b2eed089ad5ea43f89e1

SHA1
193b72eb243c20afcd8968d038d894a3e4a0402a

SHA256
a0a75eb63ca0053a5468a9113ec8ade55307c82cdb907cdcfc0a3cc66f9b9ddd

SHA512
8750eae98d87e3313ecb466d745882c4e6cfcc870c75a3b63475d02b00120daf99e5a76b2d574826bd8a6531587747d405bc4b7c15ca989760ecbf90d8f735de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
7KB

MD5
801b4e27a7b30d6d30b101c5a2ac213c

SHA1
123556a813fc8b2921b0ef93e1fe09977bd2e4b9

SHA256
34667ae60b85a5ea6d40ba640f3555e1d9441eac1ee2892818f41ca4ddaf56f1

SHA512
d349ef5f6c7df742f0d91db990aaa8ac911c6b5a1782e230e35445f2e122d36a7823a85d0c4207f8d08d3298a86104b8d38fd800ff0617002a75d0c33127ebd1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
336B

MD5
d18c57a10f3ef9a7ad7511992714b11a

SHA1
e20e935c6a2f6e3e01b75ac8981786d2593ab00b

SHA256
56b36784a3a04d617c7f51e743c2d6c3afa9cff52e3f9e9ddea655a5a8367171

SHA512
950a509a64ae7545b437d9db296efd1562e4c93d9205d11597597129efe32055560393b8ca42080f144c74e8e6c8bb466a02c721cececfb498c7f8b79eecbd84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
240B

MD5
992f1e67c64b89b4719e1fc2f89b5a7d

SHA1
55df2612749d73b8da4458f0c0b3a8297605e68d

SHA256
69ec5dcd745f331259b0656a3e535178d2e1e38e7e7314555ae8bee97c9ec714

SHA512
fe6f51fdbaedaa9aa74723a137979964e90b01e5c1009e8c69c4878549aff174444c4f15c08c373bfed2899046c578d0f427acb51117c30691a4dcd86c8ebb05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
b5f16467b4270b238d3ee72c659b0272

SHA1
ae448ee0b7bf91c1c1dba3d8a6bf7bae2ab48451

SHA256
7d3bec0e56749e991d26d1f8128df59d2b17242248ca870d2841b2ec944dcde5

SHA512
aaa21acb672ef01eca65183850e4e599fa486238600c787c99e7a3ea7b85404b215ee7a43d6a833174d349a3687857999e85664596452e668fda163c8df29c1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
816B

MD5
fa03156bd96d386375867edd8ee06a81

SHA1
a7bc7a52d19c306e9a0eb4b920ed1045f07ec6e4

SHA256
06ff7e5cd574a7afd7e26b7949a33f7c62680627f8ae3447674b43a00a0f2cfa

SHA512
e41975a5b188ab7bcbbb689420dde62d468351424a031b0ecd1f630b590c497ef024ae2d176bd16e4bd8bdef21b64ad125fb8a34426acce91e8da91dcb7b9892

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
8642aa72e9b2514525ea25f0a9be2c7d

SHA1
75f3263bd42b546cd0338dd23647f441cc0591cc

SHA256
020166816e2051557bb599c4f867d7a38e73f2029dce4621b3d13e6e39ce10fb

SHA512
ccef41a3cd56cba4c11a8a98e384d13f5f2e1b1430be2765062d7c87717a3061e8603e95485657cf72577b1bb3a4961bc6ae94ce98e8c38575e7e946489839a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
754eabf33f15807bc9dcb6067c29a3c9

SHA1
725a50b6d6756b573026834fd94853e89b2dd2c8

SHA256
b5852ad76bc9b95e45e7f187a585f12140eca8277b82148c4ee20dea30ad332d

SHA512
84c688241854e980cf7fe66bd44b9fde9f57b1a0554266f557aae248216fbc70c0741111cda7a784b4ae2bf8a8da06a96f32b65348a0072360d99d01e5f918a1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
afd9b3402ba099645ddef9035a1deb91

SHA1
06c610e36c24a86a538cd94b6bd75d1e4bd680a0

SHA256
c16d7767e9d46c467cc760dc83ec7661e4d2d09c6c6b82faa95351d8b261d56d

SHA512
ba844c08f8675c971b32c83224e8a4a2170b66bc780592549cc30f625877d00ed66d82105e808fdeee22f8c7cf10e0974eb137fb2e103d14ebfff0188516095b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
896B

MD5
9e2e267cde284eb72c126d3d085ae164

SHA1
b21197ddb37800c441c1d964daf5892e0b866b2c

SHA256
aa18500f6858187a072f10d799b84c02236b446b62fd10ae4b72b4e6390dcb38

SHA512
62705509582d93282bec93e5c2efc63d5e6c8f8fa3084ffab004232576df06cd710a75f17722f0ac5079dce4c34dac695f23294298041789d5edc4ea8dafba36

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
864B

MD5
254398e88eb3e629fc85a86b0274ce2b

SHA1
173d223e509e2b46e465882556eb5843c5d663a6

SHA256
f637ef583847e7b57b747de6d79f85059879267148fe6490b1ac6eb20474a485

SHA512
f73f259b67ba54f4d19da1ea18870d504e0a2837489d04c6c1fcb0fe6371d8c5d5cafb47a93cbe54fb5bca8f6fcaf1a3d7c193b1dbe6b9753bd50fab63d0269f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
864B

MD5
889576a3209e41011029fca05fb03987

SHA1
dcb5022dc5eec42794c2ef84def58507366def98

SHA256
def080c5672364522ce7e949ace70ab847a8fb4e69abbc1a1bfa9650a04cf223

SHA512
63629c0ae6497af7c777a2371de8169b3db8e86dca20c64567f69318c5212520df4abac5d698cb87047a22907d52b9eecc27b7dc55bc4171575d2ee4e232b578

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
f4ee9db4d68465618e307b1062bb5c39

SHA1
69e09cbb6e392ea42802846352663558ac2ac4ee

SHA256
e225eace5438a0521103f2f04e24b7a4da763cabdd214bc83ec692dded414fc1

SHA512
b6789cff2f30aced7ad9d48fc9379fe265e409a5115355cbd362b849ba185896f203b9878325405152509565e5baeb57509e304aac3fd5ddc89c9e9a8ec2cd0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
d9d7fc37706aa2be74a83345b8b70d53

SHA1
5c7a25cd706f22bc6e460175cf4fd4f7772f6192

SHA256
b4283ffd534605ba9290af8ba9626474287a8e5425ede63b4298efdc559b4012

SHA512
a00bf6872e765afe501ebfd581fabd478aa0ceb1e2374cbc50cbff639574e5240a3d0b3f2aecd4b16c5b1aa7e17d7592710c62c37271612d7bb4da7a69b6a4e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
864B

MD5
9af2a9bf9f0c105d8b5f67c8d23719f6

SHA1
c81369471b4103c7ac73eda6e04ef7dccb86267f

SHA256
98855dc6aa0dd1ef62710f8c1fa4a27196e56fccbe8e1bad8917a3d68ab9cce7

SHA512
79188de6718183cdfd70c9f1e265364c24cf404b51173481e64a35170992caef81e5de277aa7c030630ce030284a67b5f818e4d6d5e64697b0113cebafb50f2a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
848B

MD5
6a5e8b36125485c206391a3106ebfceb

SHA1
ca5e4608d068270e299928e6361736a7544c483d

SHA256
4d914d3afd4507d5a064f839e00024f0059777f7f520266a8248fe17063534f1

SHA512
ecd894a59d0c2840e00929427513cb540bb2f7b5a48f20ecc05d3a1fc268370f456aa2753c81b418d8aca08bc13f48a5e6613e9623063b77bcb991ee3a017e66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
880B

MD5
82fea63ae17ae542133ffadf66c98c2d

SHA1
5280bbb33179c1236f863a44501406ad075b9581

SHA256
f49c4f29b1b998dd76cd023be2611acee2ed2da8349dc52b2b45713cd309eec6

SHA512
9db8bec654bbd95a53170889fdfdde2b202a073d8d4ef113f043f0f51dba938cf03295430e0aeae20713ef767ad18df9bd4a5664fb9a546e1ae68aaad8f7cf47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
848B

MD5
fe90bcc88c9e2ce8018c8d98bedf22f3

SHA1
a6799ab3bc13f8927f76aaf37bd9f2427bdf60f9

SHA256
c58fe021561ce30412616a8dab22672816cc49909033ee620573ec316d298fc2

SHA512
12fec66d9b9c88a5c414924dcb71554dd2ae60a9d57e47b9baae646740a41cf756532c1abedf44542519f0b577923d3a9acb8beba11cb8a7e9ddc39dce588d1b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
864B

MD5
2b18b1d733cca6ad6c070ed91ebb540f

SHA1
4ccf23a172cb87d36b7fd73c03c0810ddbcef9c3

SHA256
8d02b95c307b2306518abbf6a0e0c4edc44f8a763f70e3dfda24aac38b9bad3f

SHA512
b8ed2674e8a47730e1151a9dc0ac4869e88c4f52d444d80d0acf712f374a3e481eec7dc566eed00addc82af042cb361957600ba6b2c277d66cf1577c7ed01991

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
864B

MD5
6653cd2a1d7e2d41a52413d18b69bba0

SHA1
a74a0076706c82acd767f3b9ecec979b4c3ffaaa

SHA256
4de8fae5a0b6923dd1c3860760bd9be9d41be354d612007808991c3d527b9444

SHA512
198e4c097ad9f28fd26b992a637590c6c8bcdebe002c28af3deabfb0fa4913e0210528aa4eec73ab7a81910f6dfb94d0e5f48a380a9bd085475a49bfb40b3f1f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
864B

MD5
1382c68f7556316dcac7f17b19fd7d4f

SHA1
91764d9a62147a9069a00d8af5dbdd9095991e50

SHA256
0d8f5abe34c2a398931a27539fb7bab1c7acee5e6d97970bb4d55601e71d5337

SHA512
03b5e5aeaafdde67352ed5c68831d388521a0acd08c742ac93a124f28e0f50d8fcabfed8cb76ac70e793c15d81a7cd39bf31d6f8df99722cd14930ae72330c1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
896B

MD5
efce97125a1e18f6ace59b1b85d6361c

SHA1
1fdcf6a31d4c874540233452a33a3af7bbb71f5e

SHA256
3fc315c4d0844c0dae13de7234b49bd1318d8b483a1cd9a523bb466bba8f8832

SHA512
d3c3e4e56f1a3029e150eeb11c05e096fcabc8f504c19c822c8c4ba1a092e0f31e3734f88f2acec9d08da83025f0fe0bdef567897ff09069c67b7315d1c426b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
2ac6b814c9605ae62dbf07589b286004

SHA1
64ee1b48c3201925019475244b9dcc1e766394b5

SHA256
90b3ddbc7eb8144f292fb953f8161f85c3d581409601e5fb78e573d8c12fb396

SHA512
430f12602a73bc7b35600e9259d37c807f9dbee9fca09ff06a89f049b708a9e3b2d5d49de23ce6c4faf2950e88b640be91cbfbd2f65e44ce686bf4de85d7f2fb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
2fca945f73ddd1b2cead853d4237da9f

SHA1
116b7ad4cee1336ebd301d1a7a7de9b28cd9bead

SHA256
dc6810b3bc63e52f1eeb8bcc586c56f1786c349708f57871cf19b5c474e19a2b

SHA512
26866c902bbd1696b9014c0d640518d55829abc328e7eb767ee2d971cbfecf9e81049f4c196e73212ab225056529fa29a7d6873d0713e4ec513be7cf62ddd5fc

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
4cedeed968b4e4345315911fcf5aeba7

SHA1
0438bc1308c4d9599d4d9c920f6b011eafa2e0e9

SHA256
42f143e2cb6ad6e837c21e87d194cba06efbc713903cd198b7490cea7c2b05c3

SHA512
9f768a90e2b208e2af07c19f1300b22c2d210cd2d652b30dda8f4c1c37f41b1d86067e11f2205bd57012946e019eb12c4e8f0615541d38a3d8d9629a87fd0e3a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
37482ab172daed6b4d3539db47dd7887

SHA1
05c60d3f41659bb8dcb84ae106d65b312951d119

SHA256
dd2c08bceeab92117b16f3481d16aaa2a83882820a7ae25cea0f3cd9b86051ba

SHA512
a08757b29d889b5b83497c1fb644ae02cf8c3bf5da71930d6773659e08384ba122e3333927e88a9049c8d89b17e0fd1402c2bb7eb28c2ca9d1e89e79d8f9f658

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
dc5518c5912bf65d360a0882a3e76dee

SHA1
22d9147d5bbc581faceaf9c754d5bda2b12520d9

SHA256
2419fd12242cf22b54a848db4458d1ca8464667a2b9d83a664a3180d6b4d7927

SHA512
c23026cd940d9dda21939b8dc312810c533472da33878d3526b6b5702e9182cbbd878658c6db5baab53db3e8f4957f897d914a956669979d07d52d6637096c97

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
ba0aec168a4da8dfe2b134c88ba5e297

SHA1
3901decc284e473bfc3bf114832ac75cd08f9630

SHA256
1e570853755af0fa98b8d6b08796c3b944c6c60645ecc613d400a71904226d24

SHA512
79fd7ca3beb2f7dac69be9663745c560284843229a471bfd3a3292c7981be976ff53fcaa3a274fedfc07b4adbeeb96d58ede9aecfdcd001d807cae760e3d7afc

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
dcde02e4987b01553b2f55a636efeda5

SHA1
f6bfa8a454cf8bb164fd452f124ae4ae5192ef7f

SHA256
d761f0824468bbb3f7a7b373290ae3eb483b097ba6409d5232eff84b7cf5c913

SHA512
4705d7073372109fceaeaf7803f84ca4e86c831628f7b8dc3dab692108ecc844ebab717c26329f2f66e4b2f7ffc439ea3d17143b22b70e6fe79575c5c3c15b00

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001

Filesize
16B

MD5
867e32a6f678a2e69877c37be0699840

SHA1
feabb626bc4e10186a04646afbe2bde21c983cb1

SHA256
1717a27602d8ef847a067e2efa41969b848eefd5372ace0b9cc53581cc666f44

SHA512
08920463ab8b80adaa12129005b9140de96a04d53d4ffba06057ca4180c31e047f3da60ea56e9c534707d036a307f24d15047152df1c489a7e56b640fed561fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20231023_181225044.html

Filesize
1.1MB

MD5
84a626e4cf76c4f2c4f255db9063b96b

SHA1
aa840f407a85528a7d51597b58c1c0dc660be8b2

SHA256
4b2d5c47014fa83fb1ef9187c6ac9d118a25f9a29dc544664a48ac807dd993c4

SHA512
e0495a1f24cbbb80c7b5cb8ff187f9240e81a3616c67abf0a65b0b550cf6ba4a12f24b069a4256bcf9a8fa000a63699c6927625741081db1ea9c04aac9865530

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/2008-150-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/2008-628-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/2008-142-0x0000000000360000-0x000000000036C000-memory.dmp

Filesize
48KB

Download
memory/2008-180-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/2008-147-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/2008-601-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/2008-626-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/2096-60-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-66-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-153-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-135-0x0000000002300000-0x000000000230E000-memory.dmp

Filesize
56KB

Download
memory/2096-134-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-133-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-132-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-131-0x0000000074530000-0x0000000074C1E000-memory.dmp

Filesize
6.9MB

Download
memory/2096-130-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download
memory/2096-129-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-14-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-18-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-22-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-30-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-34-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-38-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-42-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-44-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-48-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-54-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-1-0x0000000074530000-0x0000000074C1E000-memory.dmp

Filesize
6.9MB

Download
memory/2096-64-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-68-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-627-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-62-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-58-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-56-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-52-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-50-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-46-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-40-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-36-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-32-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-24-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-28-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-26-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-20-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-16-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-12-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-10-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-8-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-6-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-5-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2096-4-0x0000000002100000-0x0000000002132000-memory.dmp

Filesize
200KB

Download
memory/2096-3-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2096-0-0x00000000020D0000-0x0000000002102000-memory.dmp

Filesize
200KB

Download
memory/2096-2-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download