ryuk | 8742ac94fd7adcb26361b7973f8a66a06968ae04f7d92d4876640d144eb43834

Analysis

max time kernel
109s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
Size

5.3MB
MD5

02f95431883571b60ac8aba1827e84e0
SHA1

24bd00d1ca12306728a7f25b1847c8c10ca65355
SHA256

8742ac94fd7adcb26361b7973f8a66a06968ae04f7d92d4876640d144eb43834
SHA512

05bba479971f7516e72a83fcc2722199724fce42b14268dd43f6c691cb2f857846832b9d2f891a55419eeddce181f7ccda5793ddba45b3cae87061a6444d5b8a
SSDEEP

98304:UxAWvB1FMUPdzjgAOH5XJtAyciIAW8ysGb4E/JOcdLYB27PtiSA1p+gaH:UxPKUPVjPOZUilW8y2E5qC

Score

10^/10

ryuk dave discovery ransomware vmprotect

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Renames multiple (187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Dave packer 1 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

dave

resource	yara_rule
behavioral1/memory/2212-48-0x0000000000300000-0x0000000000322000-memory.dmp	dave

Executes dropped EXE 3 IoCs

pid	Process
2440	ndIEbYqdnlan.exe
2756	StXlQBvDtlan.exe
848	wTbncwuEDlan.exe

Loads dropped DLL 3 IoCs

pid	Process
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe

Modifies file permissions 1 TTPs 3 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2376	icacls.exe
1052	icacls.exe
2204	icacls.exe

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2212-35-0x0000000000400000-0x0000000000CC3000-memory.dmp	vmprotect
behavioral1/memory/2212-38-0x0000000000400000-0x0000000000CC3000-memory.dmp	vmprotect
behavioral1/files/0x000d00000001269e-52.dat	vmprotect
behavioral1/memory/2440-96-0x0000000000400000-0x0000000000CC3000-memory.dmp	vmprotect
behavioral1/memory/2440-95-0x0000000000400000-0x0000000000CC3000-memory.dmp	vmprotect

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\ClearReceive.rmi	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\ClearApprove.cfg	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\RyukReadMe.html	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
2440	ndIEbYqdnlan.exe
2440	ndIEbYqdnlan.exe
2756	StXlQBvDtlan.exe
2756	StXlQBvDtlan.exe
848	wTbncwuEDlan.exe
848	wTbncwuEDlan.exe
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2440	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	28
PID 2212 wrote to memory of 2440	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	28
PID 2212 wrote to memory of 2440	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	28
PID 2212 wrote to memory of 2440	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	28
PID 2212 wrote to memory of 2756	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	31
PID 2212 wrote to memory of 2756	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	31
PID 2212 wrote to memory of 2756	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	31
PID 2212 wrote to memory of 2756	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	31
PID 2212 wrote to memory of 848	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	32
PID 2212 wrote to memory of 848	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	32
PID 2212 wrote to memory of 848	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	32
PID 2212 wrote to memory of 848	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	32
PID 2212 wrote to memory of 2376	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	33
PID 2212 wrote to memory of 2376	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	33
PID 2212 wrote to memory of 2376	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	33
PID 2212 wrote to memory of 2376	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	33
PID 2212 wrote to memory of 2204	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	34
PID 2212 wrote to memory of 2204	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	34
PID 2212 wrote to memory of 2204	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	34
PID 2212 wrote to memory of 2204	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	34
PID 2212 wrote to memory of 1052	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	35
PID 2212 wrote to memory of 1052	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	35
PID 2212 wrote to memory of 1052	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	35
PID 2212 wrote to memory of 1052	2212	02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe	35

C:\Users\Admin\AppData\Local\Temp\02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02f95431883571b60ac8aba1827e84e0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\ndIEbYqdnlan.exe
  "C:\Users\Admin\AppData\Local\Temp\ndIEbYqdnlan.exe" 8 LAN
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Users\Admin\AppData\Local\Temp\StXlQBvDtlan.exe
  "C:\Users\Admin\AppData\Local\Temp\StXlQBvDtlan.exe" 8 LAN
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\wTbncwuEDlan.exe
  "C:\Users\Admin\AppData\Local\Temp\wTbncwuEDlan.exe" 8 LAN
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:848
- C:\Windows\SysWOW64\icacls.exe
  icacls "C:\*" /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:2376
- C:\Windows\SysWOW64\icacls.exe
  icacls "D:\*" /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:2204
- C:\Windows\SysWOW64\icacls.exe
  icacls "F:\*" /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:1052
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
  2⤵
  PID:3932
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "audioendpointbuilder" /y
    3⤵
    PID:3856
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:3212
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:3432
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
  2⤵
  PID:10492
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "audioendpointbuilder" /y
    3⤵
    PID:10736
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:5996
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:6436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab

Filesize
22.8MB

MD5
efe9912f463a147a073314753748383e

SHA1
9fa3d45fcd6d9c947d686c9d79f4c9ec44fc618d

SHA256
f7c8f73c6d4af815e82124d608551f434321319949ee82095ca5512b6a9286f9

SHA512
d3d7baf46663c6a299b101c2354ed34769ac0ed7b2ba0d88762c60fc376b1f15434d0fb7efac38b43d48291067ec9720130d75deb2c9ffb3d890d8e5b74b8305

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.RYK

Filesize
2.9MB

MD5
6b19ff119dca7fbced3b2e6d84a9b8dc

SHA1
94891e77e02f7b7d12025cf639d996330635ff98

SHA256
963c701fab53c9d0d2f4d256b7193b73bd038b5da31261a16de54d5fcf060da7

SHA512
1d4431b0f88376c57ac3ca3c90ba8761e1ae4269643d26dafb88b2055cc644fc3ec367519415615b8a64ec51f60491aaf55b294bbd575f3d32c9225d52ed050f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.RYK

Filesize
4KB

MD5
5cde7c22f8345d0168882a80796ef064

SHA1
686971d273c2bc8473850c4133a12968591be36c

SHA256
ae28ef4c53356a9d65acfa2c78c9df3d51a3db461d63ad17038b8880620dd86d

SHA512
e3c1c53ce5c50998cdf3f37164c65ccfa9f0397dc4331cebd24e3aff72016e4e93adcd9ab1a9fc6a0c4c0086826a797ddaf4a9dbace94c5d9361b28861ff8343

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi

Filesize
23.7MB

MD5
cfb53fdcbfafe762cd1fce6796139077

SHA1
f98c0464a7ad052883dea1bd36d96c8f4d126b43

SHA256
09c3bf335d77a12814c77003a973e9d43cb8c78e7b16bd087ab3ae3e8549fffd

SHA512
be45e639b69699d86906bcfa17e77def58cc2cf86cfbf58e8c66e4752820769c3801fb4d20d597a9c93635bfad322d4f405d3586159541cdbc6dba508886d2c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.RYK

Filesize
17KB

MD5
a6ee13291fc54f1f6b81bd2a63f9cd99

SHA1
fac861ddbbcb176892819e9093c36fe6d7ed89d3

SHA256
15cdc7a2148ed50c6e7ae82f4444999e644b192303c991b01bd2cf07e9d8622e

SHA512
385eecc90dbd0c0afedeab29e3bed2e6ef72077f8166b7b042449acc0617fe4729ff1ad645af06aa7941504a12918d7bb386618b3dcf14d1d84263f435ee4c1e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab

Filesize
142.4MB

MD5
9295146b955c61f3f2098d79327f62ba

SHA1
316e956353ef7e56d39d4e12633682553a899886

SHA256
b3073e5c28b8976cc6644e1633c8452e18b823ee2074c2c8fbe295f263a753b2

SHA512
cd297ab148991b45b2c595cb64c33f8df326802d7ee6f11da9bd2dc29ed7fcaed930e5d840646337efad22049224cc059cb5e9fb68908fb1a8448fabd09866f7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab.RYK

Filesize
188.8MB

MD5
ccd03ef99a69b7d555acbf997ffe2f8b

SHA1
f15b67af39830ba1d4e36e32a730da27f38920d8

SHA256
dbf33b9d24615785e9386603b14e2e99451c6f5ed1b9163d615f87a32ab937d0

SHA512
1ea1517aa2601669961ced977e13d0a7a12dfe99094e5d8e62d3661384814f35a49d9e3d727a18b289c72053d94150344e73745665ffa5aa4626aa80ac48cc6a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
31KB

MD5
9606cac8e1c4e25c6fe9700fa0bf4fb8

SHA1
32a90eebbc2dfef5539b459c27c7271ddfec5a6b

SHA256
a482abf0cf7a02eb8929d6a9fad97fb21b2fb8a6f492b6beae9d0f44ae55b199

SHA512
f3795832c0042258433b1c965423152b8f89337a6e34fc9eae84f5fa772f0854a05d5bda8978c0d8953787dec4e7e7045f262d3e6c52bc01d6c812e3cc456dc6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.RYK

Filesize
699KB

MD5
c8756d0457265f58e7bf8a4260e1fddf

SHA1
0816213f5079bc47cb76a1cedc5440c35307dc9c

SHA256
f577c8f4aa9f141fab14344d8c9cec5ece8d50deecb6120e2b86ca925394f2ba

SHA512
9e2ca064f52b286970111ff32625432c6009731712d02f1f09e32b2d10ffa65059735f03af7d42d155b778b24470e7d2604da1b557671bd7b24d6f4adafa2c4e

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.RYK

Filesize
16.1MB

MD5
5235da29e4ddf431e200e9d914c54255

SHA1
d41eddefc481f90b1bf027c2666c0180fda1031d

SHA256
e655fb69c7ee1e4833483485b889d74855aa01d503a76a0d7a1258b83db333ae

SHA512
ca8c8b6f2f8e3dbe75745c053f9c17420016704b65e39e7d518e24a0322226fdc1dce7f18f9e46005de18e9910f7eaf0aa4cff8ddf1e394537f9abf2499a610f

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.RYK

Filesize
1.7MB

MD5
d2bb5ce5e5becc47d304ea1c04aa930d

SHA1
d33646841daf6e8a2023f33211c8be00c488f250

SHA256
73bf77028ca4280ec309e4cb1955115bd1f0eec26c1efbe0a1e028728443808e

SHA512
3b98499d3e48caff2474f465c531e452e8d3327dc9eb28e322377a3a52381cf5356c69563f4688876e6e401d54426066e69ef9a513ea3d555f4367a4bbd195ca

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.RYK

Filesize
1KB

MD5
f9c3748932877bf9b2a53c76d729c514

SHA1
53d35df692c1c519cfc1bb4d0ef7bac7f1c0f22c

SHA256
1a121703324c6edb7c4e83b6f2252eac83f5d64770b1732c868cbcaa7238d15f

SHA512
b789d24250d276e276ed880467beb0b127e2b8ab9b61c0465fc5150cf7e1b114b5936fb0576d5041d2606642e97a16910031afde0393d5c819af33c8de9d44a4

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
b02ae85c0b1bcd51eb965cacc7e90eb6

SHA1
dd4362b643893ef435f40687e6c469fb017aff96

SHA256
27106ebb95ea124125f4371a8c031e82b1bfc5a04cf23776cea57f8411c242c2

SHA512
449912b9e16dcfc83f91ff8a67dac9e872465abcf31f24f4f8ae3d0d7acbd21a6dc2a5351df6bba5da67dffb957ca75eec7926b3eb6d8177cb2122b7071b0837

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.RYK

Filesize
1.7MB

MD5
22409aee1b159c957a7287a0b9c68a1a

SHA1
57e18217caf9464e2a98d34ce6c49895f1af8024

SHA256
49b9126f914dc94ee7f1db58b4345a23f8334471cd4bf6c1cc8e9719b5284fcb

SHA512
1262ca8d51d1e720693638c727c399e2a1516af6166b63501c237024a21057ad8e8a848da67fd2f53f1ed4bf719e29ebf2f8c61b1a2a656621d6f092eac347f4

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.RYK

Filesize
1KB

MD5
81328a315775ba3d53b0c8e4e5b85df1

SHA1
921b0ebaa85781552c0757aaa182da5b2c8e6acb

SHA256
6eccdf99c8d9838f60a8cc8695f66398c95185eabbfb25ce5f694238cdcea55d

SHA512
89fa733d82a2d764c14eedc1dff85dda13a2112be6e6bc0665015aec9a618e49e5d7f70ca41f5261f0df6a30eb3dab380af26cc5a8eaafb03c3b7936d533720a

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab.RYK

Filesize
67.7MB

MD5
44bce43d184d98d1b2ab9036b552cabb

SHA1
e2f47f9d2ecd800f6efa253df0bfb9d296009272

SHA256
4c2c7d9f035213971dace7c9c64937772f0627d77666abb9136728a2b85f3df4

SHA512
23913620555ce580a7566fb3c53c2107cd40ae4c7227855e6f219859f66e43de208b769bb016b405b89fafbc562a9de7c9a5f6f847785a5f3710df050beb9e88

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
7f77df0a470abbb099688364e3662bf3

SHA1
d8cea3ba46cad3d74400636f7cdd79746a54158c

SHA256
8334a6b8f0494ab099a7366a9ad7774613afcaffde20c254546039b10f1313c0

SHA512
e429a6e70da380b8c06620ae97199922bf96b91b51ceac3348fc8e80b2e40a7ca79440ec3b388c75bf36d05b709afc7d0920cbb39e07e502a0cd4809fa49eedc

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.RYK

Filesize
9.5MB

MD5
94fc3bc05d774308c58b3eb661972e4b

SHA1
d347e2af9c09e8f4d6fd00a56ac7e6df5193e63e

SHA256
6831a260e65038f0badc39f51856508b5ae6ed1827543283658dade9232e6552

SHA512
fdb287851b53c724dd72d115b4b61c0aff5c23afeb6bb0f53b1c936c4f03438ede176ccfbe9f20fd2cf7e804b4a5a70ce22e4ae7242b97cd3d231b17ce5dd86c

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.RYK

Filesize
1.7MB

MD5
62691059f5557f608db53a25442e865b

SHA1
d148148f6a005a0bc6efedd03598a95d991ed9f7

SHA256
c10e05929d5edb696ce0193c7610e23d87e5235f6eb8a8b35d050f5f43909e36

SHA512
8e429e24bace5db17125210917626cca2e7f30a3169d4fbe27aa84aa8db54603d86f6d7eeb556bd209d23f978e810cb1c6f31f81c36e87ad9d918f4dea9f71da

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.RYK

Filesize
1KB

MD5
2a5b545b7c8e322767f0816a77fe0000

SHA1
ece5e28026da07671baa7f89cf0d199c9e614563

SHA256
3ccb4bf3a82112523c92d9eca8a5c3083fea3c68681ebc941f8bc22ccdacf987

SHA512
4a32e40d33c7ea76dee700f0f74a0a50e7788e1baca61211895a110f30b5feb0a31db58ac3bac1c3af56ef099f53e761208633d6a8d78155506c0ce3473d9a11

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
1KB

MD5
b43f57bee9f011fef4b1f1c616a8eccf

SHA1
c52f6f022d8d817a48e1b16cd443f6315870e96d

SHA256
f0f7b159d8c743234dad42194ecc47f7a3832b867f2794884da2afa8d4475e38

SHA512
4ba4de2adf51e2ac4d3d713dae72f56dc89ecef5dd517003f682b72e71b9a000abfe110c0279c419c06fdf5d46f239927e9db5390432a829526a5cbb31b3bf17

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.RYK

Filesize
14.1MB

MD5
9d767fecf3be2d9e264e5f28c993c60f

SHA1
79b5e3a8af8528a524ee714d498e2e13781b8136

SHA256
0f94cd19ec1e96550f25261df0000810c3b1e08ebc74e7a673e69e09c24d4fab

SHA512
9d8c941b8707f2aa3b84a94b253df9c855489d6b1fd2c99ebc843525b13481063ca245b1ed9cc20fb5851482b683989017ee0db692503d29debb63ad84b48cdc

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.RYK

Filesize
2.0MB

MD5
ecb3562f5274403a4fc0e3be2fe067c6

SHA1
6bcd6cdbd3f5958536df4a8c542c76782aa24d61

SHA256
b6d6350a7622c83e11b8d8e2bd37a9178441d7a41f376b468ae16b1f3d59be7d

SHA512
e845ac98cbc7c71faf90750c1070dc67a81531660bd38ff4e71593aae7800d0a9b426eee73e5e288d30674f55806cc39d27df959db1f027b8e64e89da78c9eee

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml.RYK

Filesize
3KB

MD5
89d80d77cce29b45e7b02edf4ba8057d

SHA1
0f92f304ef11da4dda0a13a44f981f4c78fd64c8

SHA256
f8f2f4d5389835da16b534f5d177dbc3395bedcdd4bfb5e416266b9310d6fde9

SHA512
b85bcf93ce6becdf6653246b285d29c5ab21e617e467d2ae697ce73118c04e9b890d86bb416ba04d364f53b432175a2d4f87f1c9ba30e253c98745126ef92a82

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
4KB

MD5
7803e99fc1ad67b395548d38dbd478d5

SHA1
b3677cb9bb10614a68b71d5beafd9c800c698924

SHA256
a76505bf0071d7da0a2d1356d388a605785de2a711c1eae88e3e3fe3c6d5e17f

SHA512
079b97f1c54c9c315e4849f6de6256f0cc152318498e18c9867ae756fa413ed90fb2c8eb679aefafb65d1ad499156cb491be81b36da2f3bec24b5a6286b6d0dd

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
b577fc42aecd3ef961a89f83e91c1886

SHA1
85d000069d84e3a4a072f5c4e52b0a75b1253483

SHA256
186a48d4dbb10868fa91b9e35f352e9098d33df4db2add11472a34a76b5ed0fd

SHA512
028184f90ca6eaff048436e746f9362c057fee228872b0052e787d5598f6eaca3da0ee9710a26ee28e2b6e76282594a593696ba159242368fce2c0d8d2293e49

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab.RYK

Filesize
41.8MB

MD5
1435482e8ea5996136e7949f9e18dd77

SHA1
f45e4e8479dcb4509495ccf4cd70a9e12dfd7d39

SHA256
fc03e5813e60955ea36e712103a6892fe48e4a732efe7c05ee54e129b05d3215

SHA512
bdc2ef30257d2638a466df82b46a5fb0ca9c1b5cc9b7fdc97b314a4b9f8a74ec6e5dea02efca9d1ccc7f73d9fa75eeca6f5385c81dd67c6cf0aee0a030199a34

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.RYK

Filesize
1.7MB

MD5
19683c57135a3ee411e34b9c21acf0e8

SHA1
8e9384f78e47a438d2441149b48cc076ff2c58d1

SHA256
54b3579834bfdbc20dc6106911d031127f53515e6a4e2b487bf4e5d640cc6385

SHA512
b112992de695167a1e1e7101c2d2c30808ee52e2d96ece5e0fe2ecc9d597815012b3e92680ddb6e5b2629e8631fbb546bcfec67f0ee33137341ece28bd0073f4

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.RYK

Filesize
2KB

MD5
cf0965c5a350fde5ad5118f2d2b8a4ea

SHA1
78b4670fc0f3d3ec11fd30b77cb9c0c5170ed796

SHA256
56ebd98c4a355681e10d83b9480acaf8ebdc2ce4836a68c619714ec4fac2e80b

SHA512
e4a3b36966956f049fb30b4fe85f94ef2bf9407e8c8fc12189cc3f64f985fb5198ef0110a225111801e73963a17ffe2602a8eb0533aa45b99de26afd3e863b0f

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.RYK

Filesize
10.4MB

MD5
94e96cbb9a1fe2b86669f87204eca7d4

SHA1
9083c5124914a79adba66ea2623cc0554b4ac566

SHA256
4443eda72553bfd0659f4985bd19afadd4880d07202f4bf778642da3694a0ed8

SHA512
d05736b92f1f720c3d664d2f3cf6b6dea1aae9ea871ba1684903835c98f83d54e189c4c20b31590bac1718bb9c4bfbdac75a52f29814c7912f5e0281e0d67633

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.RYK

Filesize
641KB

MD5
b95ac2d1b556209e5ce84c25d9a1b918

SHA1
b15817021c25d3b3ced8e894f598af24e269944d

SHA256
ad1223843313b2be146170343c68f7854d87aee0513e5e1afc9a47d071dc6bbc

SHA512
9ab9fe6c5de3e2107667890543187c6477b83039d8b5647e71ab5f986a8e8458b6e960e371cbd1e840f4cd7e4128768f6a286721615e3d33b6056da0cf7ad031

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.RYK

Filesize
1KB

MD5
f63dbdf727677435b7428617bb1ae9ef

SHA1
0a3c20fce52d1d163ced0c37dd2879a1cee1f8d3

SHA256
8370028e67ffdea9f47f7d0e4f83edbbbb19c761dd14cea989068df30edd0130

SHA512
46422853f03ffe943bc379c6603bd4a3e0065a0f44873b3c94e09393d85c4fb107167074f255543cf11069cad8a5d07a8af6a43d31b0370876c77b0762136772

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.RYK

Filesize
12.6MB

MD5
a7c7c58dabe892f4030d662e166ebaa6

SHA1
6a25c7abe6594720764e3361af1c1b5d49a659ed

SHA256
0d65692d1ceb03c1abd46068b33534d18f35a9d449ec5846cf6fd80be6c6697b

SHA512
50bc25e7994c7b3417e33573cf0ba88f2a99e4babf39ffd18e68ab5438b33b0d8aa947cdd42b2e163b25ab94538d4203f03037c63638d7b8efae024d4fa5366a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.RYK

Filesize
647KB

MD5
71c9bab38a5268187b2b41640d155e2f

SHA1
c76d1fc9637b4c436fef672413d7151a64733ff4

SHA256
16d9587dc3936a6e5b7bf69b7652350659e053f683460828bb6a58fec472a085

SHA512
739182cbba7e4040280243d57c4cf47dd184e141cb06f5bf4752963f9693a49f74f0d3da687b7dff2b7e050ba0807eadfee8debef383e9a57980da721a9b55f2

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.RYK

Filesize
1KB

MD5
06aedae3958fd2996a3c943db65ae239

SHA1
e229d104246c8f979af07e509f907fef1daab1bc

SHA256
0690f3b855165728310877efebb865e722f83550abff3182e88c4f6e39ab988b

SHA512
092287c3f6e9800e4aa61e7b039e3e206b17d297c129295df58ae174c12b1848b3a59ee5be0872aa942e95416f6c54b10ed075923a8e1fe9f762899b49bd3a3a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.RYK

Filesize
19.5MB

MD5
68b0d975768cd9a061ad673a519d3c82

SHA1
4b37fd552533941eddd1eaec965fd6b5ef49e537

SHA256
77757e9f6058a7f41aff8d28bad214fb52948db862581f816164b60ca36b14d6

SHA512
5ab9bc49661251594964e50a35e33b3851497b06002d1211bac6f63e9a54feedec95cdb8ea923607ded726ec85c0f080700e2cf071d324c9741390fcf7f08377

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.RYK

Filesize
652KB

MD5
65663f3457d0c33d14627f42d4ba1097

SHA1
416c84fa7f87c098f77ca946f228d77f91011997

SHA256
da271b2e5dc86c9e104011d6212e92f058b424b54790d093ba787e84183fd162

SHA512
8ea7388f924a74e2361238135af62fdf021a49091d4b0bd4666625bcc7ae396a2565744f2ed7b0b8758728b6930401034fd9adf0bc3bd67265ce501ded61f5a2

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.RYK

Filesize
1KB

MD5
8c530e9db9bbb01147cc0c81c5679229

SHA1
ba3cda08ad08dba1abb0e60e8d3a250a9163d547

SHA256
33a7686d1e1d74547b7ff293fb73daa28325ecb7c51239972785711a234ecbcc

SHA512
d5d32c8f2be1ef103e24b526faf8cdad63c1fe70950c2b8e1498c0274485b93abeafbc44c3529cfb4b663553b505112a4fc08070100099a4a78e76f213fbeaf0

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.RYK

Filesize
635KB

MD5
bd870db6b002c8bcfa0d7e9a9127d8f5

SHA1
65f18e31e8c91583c5fa20cf81ae96abeba3414f

SHA256
2cf562a9ade1d5a67070e1110b6ccc25f66f9b60b3483fc4a3014f208ce844e2

SHA512
5666dc411b1dd0133a78a514884906b236cdc0ba09321e62dbd796728003b0adab7c399c01e4067751564a2957576d2e4984d3d7f220f404cfb3278279060782

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml.RYK

Filesize
1KB

MD5
f911aacbdebf632118d45048fd7a8503

SHA1
101378cbb92f623d4c471c0cdcf5361429681988

SHA256
24dc9bf0dd8d53dac946bafb9649eff4256d60ce359a7bc33d11638a83920da9

SHA512
c1eae08197d30e71d001574a06bad7101898f24b75720f4f137cd263eef6b08384029790b03ec1f3c6b27a6cdfd12680e731490d652026aa5e4d609c222c0958

Download Submit
C:\users\Public\RyukReadMe.html

Filesize
620B

MD5
d44eba00082f04c0c1205448057bb263

SHA1
1182d5cf6c275f8a53ed5400fb100fc40e331c1b

SHA256
b1a82fc489ed62fc82784def756c1208f5da57dfadc39a0f467e3f42cf192797

SHA512
3955ae04f45e5d100ed13463c51bb42fbf4ac56ed48c8c02f1e01e2866de2412b57ca6f0ff717f2f98f42ad7f248ad632bbf5b5bbbb2b45d69465f0a5071bdc3

Download Submit
\Users\Admin\AppData\Local\Temp\ndIEbYqdnlan.exe

Filesize
5.3MB

MD5
02f95431883571b60ac8aba1827e84e0

SHA1
24bd00d1ca12306728a7f25b1847c8c10ca65355

SHA256
8742ac94fd7adcb26361b7973f8a66a06968ae04f7d92d4876640d144eb43834

SHA512
05bba479971f7516e72a83fcc2722199724fce42b14268dd43f6c691cb2f857846832b9d2f891a55419eeddce181f7ccda5793ddba45b3cae87061a6444d5b8a

Download Submit
memory/2212-32-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2212-19-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2212-22-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2212-24-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2212-27-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2212-38-0x0000000000400000-0x0000000000CC3000-memory.dmp

Filesize
8.8MB

Download
memory/2212-48-0x0000000000300000-0x0000000000322000-memory.dmp

Filesize
136KB

Download
memory/2212-44-0x0000000035000000-0x0000000035029000-memory.dmp

Filesize
164KB

Download
memory/2212-40-0x00000000002B0000-0x00000000002D4000-memory.dmp

Filesize
144KB

Download
memory/2212-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2212-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2212-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2212-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2212-9-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2212-12-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2212-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2212-39-0x00000000775D0000-0x00000000775D1000-memory.dmp

Filesize
4KB

Download
memory/2212-30-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2212-14-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2212-35-0x0000000000400000-0x0000000000CC3000-memory.dmp

Filesize
8.8MB

Download
memory/2212-29-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2212-17-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2212-34-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2440-95-0x0000000000400000-0x0000000000CC3000-memory.dmp

Filesize
8.8MB

Download
memory/2440-96-0x0000000000400000-0x0000000000CC3000-memory.dmp

Filesize
8.8MB

Download
memory/2440-74-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2440-98-0x00000000775D0000-0x00000000775D1000-memory.dmp

Filesize
4KB

Download
memory/2440-97-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2440-59-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2440-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2440-64-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2440-66-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2440-69-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2440-71-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download