Analysis Overview
SHA256
e8f4e6c5157096dac1db452bf051c82dfb779f58fd960bd881037e7bfba91e0b
Threat Level: Known bad
The file c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Possible privilege escalation attempt
Checks BIOS information in registry
Executes dropped EXE
Checks computer location settings
Modifies file permissions
UPX packed file
Looks up external IP address via web service
Enumerates connected drives
AutoIT Executable
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
NTFS ADS
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-01 09:48
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 09:48
Reported
2024-06-01 09:50
Platform
win7-20240221-en
Max time kernel
141s
Max time network
155s
Command Line
Signatures
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\winmgmts:{impersonationLevel=impersonate}!\root\cimv2 | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\winmgmts:\KXIPPCKF\root\cimv2 | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | drummerdp.synology.me | udp |
| US | 96.240.1.124:21 | drummerdp.synology.me | tcp |
| US | 96.240.1.124:55600 | drummerdp.synology.me | tcp |
Files
memory/2892-0-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-11-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-17-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-18-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-20-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-21-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-22-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-23-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-24-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-25-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-26-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-27-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-28-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-29-0x0000000000050000-0x000000000036D000-memory.dmp
memory/2892-30-0x0000000000050000-0x000000000036D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 09:48
Reported
2024-06-01 09:50
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime | N/A |
| N/A | N/A | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\winmgmts:\GYLQWJCN\root\cimv2 | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\winmgmts:{impersonationLevel=impersonate}!\root\cimv2 | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\winmgmts:\GYLQWJCN\root\cimv2 | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\winmgmts:{impersonationLevel=impersonate}!\root\cimv2 | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime | N/A |
| Token: 35 | N/A | C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime | N/A |
| Token: SeSecurityPrivilege | N/A | C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime | N/A |
| Token: SeSecurityPrivilege | N/A | C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4436,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime
C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime x "C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Download\grubinst" -aoa -o"C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367"
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe Setup "CleanupDir=C:\Users\Admin\AppData\Local\Temp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c diskpart /s C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.output.txt
C:\Windows\SysWOW64\diskpart.exe
diskpart /s C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c diskpart /s C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.output.txt
C:\Windows\SysWOW64\diskpart.exe
diskpart /s C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c takeown /A /F M:\bootmgr > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.security.output.txt
C:\Windows\SysWOW64\takeown.exe
takeown /A /F M:\bootmgr
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c icacls M:\bootmgr /grant *S-1-5-32-544:(F) > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.security.output.txt
C:\Windows\SysWOW64\icacls.exe
icacls M:\bootmgr /grant *S-1-5-32-544:(F)
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c diskpart /s C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.output.txt
C:\Windows\SysWOW64\diskpart.exe
diskpart /s C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c C:\windows\sysnative\manage-bde.exe -status C: > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\encryption.status.txt
C:\windows\system32\manage-bde.exe
C:\windows\sysnative\manage-bde.exe -status C:
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c C:\windows\sysnative\manage-bde.exe -status C: > C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\encryption.status.txt
C:\windows\system32\manage-bde.exe
C:\windows\sysnative\manage-bde.exe -status C:
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | 149.12.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netcologne.dl.sourceforge.net | udp |
| DE | 78.35.24.122:443 | netcologne.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.24.35.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.pool.ntp.org | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 60.8.111.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/3720-0-0x0000000000B80000-0x0000000000E9D000-memory.dmp
memory/3720-11-0x0000000000B80000-0x0000000000E9D000-memory.dmp
memory/3720-17-0x0000000000B80000-0x0000000000E9D000-memory.dmp
memory/3720-27-0x0000000000B80000-0x0000000000E9D000-memory.dmp
memory/3720-28-0x0000000000B80000-0x0000000000E9D000-memory.dmp
memory/3720-29-0x0000000000B80000-0x0000000000E9D000-memory.dmp
C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Zip\zip7za.runtime
| MD5 | 6482ee0f372469d1190c74bd70d76153 |
| SHA1 | 9001213d28e5b0b18aa24114a38a1efe1a767698 |
| SHA256 | 4b7fc7818f3168945dbedadcfd7aaf470b88543ef6b685619ad1c942ac3b1ded |
| SHA512 | 6a5c2bdf58cd8deadf51302d8f8b17a14908809ef700a1e366e7d107b1e22abe8caf1f68e7eb9d35e9b519793699c3492323f6577c3569a56ac3c845516625f3 |
C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\Download\grubinst
| MD5 | d8042943934cf319f4d828f8c1971683 |
| SHA1 | 3bf160c56e67a82568d202de935ca018f7d4ac89 |
| SHA256 | efcafa9ecdfd2d3a3b4b24f829a046a6b1a92833b825428da99e232c30f6e11f |
| SHA512 | 64bd3d8c728b72b3a42853f1eb0c8bfe6605b813ab995751402d93abeeeba05d7075a9917cc65abe04bdfb9adc8d9ee4f00f8a93bfef6a7087268d1dd5d367ef |
memory/3720-185-0x0000000000B80000-0x0000000000E9D000-memory.dmp
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\locale\hu.mo
| MD5 | 40242c1cb16f3ca91dbc278522391412 |
| SHA1 | 8ff6e98dee6f239a14eb725bcfd1c97ba556bc57 |
| SHA256 | 9033a4326ed2ef8923e47b87f74996f8677ec848507fe1aa4d82df0238afb2d9 |
| SHA512 | 89247fe240d06871510465c0dbfa8c8af29e2198557af6693bcccaf3d0c54487745dcea4e73d63afa7ffeb17ca8aa8c1ce6d9f1f29558087756272ad22c9ccd9 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\locale\ko.mo
| MD5 | 04a03fc01898738cf312c1921f7c1b83 |
| SHA1 | 5f8db136a0ac9a51c2f2da83a17f53a4c784a089 |
| SHA256 | 9462dd84639686e1596075b4aa6dd30539b0e60668c786e3441084bb75b57417 |
| SHA512 | f27cb7c99ea994abd3a5f76f0017e51230aae97f5cb04be3aa6b7d65d509a54a23ff30521342ca18c03984271172acc69820fe2f9ae0c86042109316b36a9aec |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\themes\common\colorsource\snowflake.png
| MD5 | 2928e41c326b8e24942885db0bcce0d8 |
| SHA1 | 07f3dae39eb94a351d7b2fc9291ffd6808807228 |
| SHA256 | 9c3b8372be727a32f864eecab9fe78da10be50b62a2f59e1c333ca01c649ff0c |
| SHA512 | e1a4f2562d2fa2e5c20dd6e847e1bdd10b4279f01653bab1b438c89b7b08ecbb733097b3439e299aeaa4efaae90c2563b14a9c69ab31961899b8313f9c483656 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\themes\common\colorsource\radian.png
| MD5 | 54fd7851317f76824702f27ce73aebaf |
| SHA1 | dcaedcabe71b23b816d5f1761f9c4a8eec5f5588 |
| SHA256 | ef789f0038029b55141e1c89a9879f3ec8621f3e416c32847972dc0d30a31234 |
| SHA512 | 6f5841f0cb9346a86a53fef0b6151ba113733920c2ea044b10f9940e82de2eb2af7975aca4593a84069b6bcc58b1224c653b0e74acb045b2fc64a096cd87018e |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\1.png
| MD5 | 51d00dd365a4e751f03137ff4650246f |
| SHA1 | bec678099aa192ddf29b44a26a48ee744065461d |
| SHA256 | bf166874102c79b51a753814607a6c61ca84b1a481fcda4cbb0f11b2313bab8c |
| SHA512 | edba25e081f4e5ea7efd2a811e5ad1120c2360f6f29ed37477b62599160e2553e8a71ed07a651895aed8e5dafbf0d79b7c2503bb8e8cb4aea6aab1436810081a |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\0.png
| MD5 | 0df2a89e2fc183745a4a933573ca3661 |
| SHA1 | 6d6a1d28a1464a0df5f6b4f98dc3ce6309d080f4 |
| SHA256 | e28fd0c48b9bc579ed66b23efc92e7b071592c8a93ac281bd35e0ada195b3ec6 |
| SHA512 | cf9a57a8718643acd13c4e52fd381f1a06d6fca6de8869bffc711596d3a09ba4aa8e555aec5070718286a617fdd32910a711b29d575229b793430194e1752322 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\13.png
| MD5 | f7c5136334675cbbbf472d88edd07c86 |
| SHA1 | ee3db81b274c256859f69491a1d7c584c91bbe75 |
| SHA256 | 82dfa3fa3234d0224a20b0481e6fa718f10baad5d0e028e50efcbdc9757f47f1 |
| SHA512 | 62e2329a4f4c91865aa6386da8f9a53883163c577132b1cde2c86d01e4fa7ad6349bfb74902899ba848945f4e48cfe1d0983b1fb0b527b978b20501108b23906 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\12.png
| MD5 | d976126624684569de1b9eebce279211 |
| SHA1 | 7eaccaabccf9a055d89154f04d4f21506d680381 |
| SHA256 | 330538eb0cbf8dabd56a19c770a08e69027dcb3129c11f719f2c0dd7bcc7dcb0 |
| SHA512 | 6a351ab2c0e1cd9eb4a6089a4a9137e005299c850f1d5fe269fa52290a51d866be1f3c289c2b1bb3bfb291c2c307bf711d7307b4bb73ce7c96ae3844444ae259 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\11.png
| MD5 | 6fbab54dc0a4998230f8bc5d171d3cf9 |
| SHA1 | dd3a235951366dc3c6e718221f3a0e8b9f6abb4e |
| SHA256 | 8d49d2d6e46def8f9ab8ade45c0dd3d53d84bb5fca51a278fee24230374d0c83 |
| SHA512 | de0b3666c8431d541f881f362cc54b00650311db0489c8dd4f37eea27409434ce537d2b634a045bd4bc758e55abcf76154aac03c4acd417bee45a2198f29c3e3 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\10.png
| MD5 | 97c1005c5222ea8768c0eaa0eaef0720 |
| SHA1 | 0b49ae47e365b169ea36701122a77bbd1ebe57d8 |
| SHA256 | 3f1133fed577fa5b6a30cb3a33b54971dcb385f50576f15a75608530cc80fe2a |
| SHA512 | 81ff262ee8fa50d03ce07f80eff61ba01ff075cd868c0c3b96749f53f1187f9463bb65a42b6b496aa5cbd68a77fcb255fbdf4946a50fe1bc40ff44ab3630ac59 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\14.png
| MD5 | def267fe65d7d4ab8b1ecb39439ccefa |
| SHA1 | a53aa17c48ed31f71a8ce84798a37b1bcab7f5f8 |
| SHA256 | 5f2468ea24844d0b4333c3a007c3097b92bc46a3bb03fbc50d00e857447769c7 |
| SHA512 | ee45aa47713059c00505e39c1cf92a0a893493ec4140dd6017c23f01342acd006d5639e48a4d059e66469a73f861db2e776ebfecf02f12e3d45649e0d9be3ae6 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\18.png
| MD5 | 4e4609a5f6c060b25ddf8565b5169897 |
| SHA1 | c23b1245847b482d413dd80dbfdafd922f23db86 |
| SHA256 | 230a24f9a6d714793ea2e35dc73bef51e66ceb40a497d226f877dcac5452dede |
| SHA512 | 4123883051aa00e8a7ec249a3e13e6b9e87b6492affea479048c6fc5c089893778a850eb107c79c62a18b2a72b44ef91db22780b2e89079bd7798f6476a7f346 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\19.png
| MD5 | bd6599d67d7aae03745573295805d54c |
| SHA1 | b4a4bea98cd3656dc0e514ce43d3a841d52ccf99 |
| SHA256 | f4a44b81ba285b9bf78177235a2da976ae08f77cf1a00db5056c4d9527ed1654 |
| SHA512 | e57a9cac9e56752b85ee027f1d1281b6449c05e7d0f6a8bae864ac4d4457cffa50c93d0a4d67fd299e82de233370248b694508324eb3b33e1c20078531d798d6 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\17.png
| MD5 | 0351799a21ce9d3968b384f095b7d5c8 |
| SHA1 | 16062b17a05c27a1c29b44394d1360f25ab6b819 |
| SHA256 | 11d654eb2b8788200c12a4fbf175534fcb3eb6bdc892f68f015e15083a193c17 |
| SHA512 | 65f045efcac50b90803902c6bed6bd5be6957a7b5c5dddc591850f71e62c2caed24be119e5623ccd711f587949b0cea21c56c42ecac8ef3ed903a7522a0377c6 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\16.png
| MD5 | 6dfa8f6b212ddccd03860ca89a69e067 |
| SHA1 | 34adef80aee89e3f81ebfa404d57c3822ebb6af3 |
| SHA256 | 7f37a12ba62689af22d2866f8907f475d93a6798572dac54ba2538d12f4c8903 |
| SHA512 | c05bb2028bd2e9fbf0f1d66739cfd582a89afcd24feaa348c94e684e8bdf22c2b8b82dd4d978bd1294ab4a4611ce7d3ffc90b02ad92c08962fe0fe9c0949a9e5 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\15.png
| MD5 | 8d1bc59edbf35e178a0d8d466a7c5aba |
| SHA1 | 6f109d15848e844b2ed15f224304c4adf5eb705c |
| SHA256 | bb62b6c1f983b342e98111e205a303411f24447cdb5827678c722280718cdce7 |
| SHA512 | 68315d3ba79a912989a7eda7024b99c8c79be85527cb3ac6b240fd0d2d9596f2b2994fe6ef8a091ee50db932385f9d969cfb4d7e3c735760e0f7099796bb62a4 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\2.png
| MD5 | 6441bc777463e9737e5ffea8bf6aba70 |
| SHA1 | 79eb3d2e439715dabcbc75873bcbd827ab4a49e2 |
| SHA256 | 83b0515460d543934aecc85adcbc54f75bde0f16599ea6d279e2015608259d83 |
| SHA512 | 02e7ea0bd871a7027789705e87c8efb33e62d7c0a753fcbb36901055da6a5484c959c1088f09fc72b676d5b3d8708f54927887b0d5428b908438347e62fa0acb |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\3.png
| MD5 | 978fc278fd109f206df39545070e1da4 |
| SHA1 | eb8b44af471e6a9dd51af8db3c23275047eccb49 |
| SHA256 | e316295634d5c257f3951e9857298f5edf46f0896d312efb0f2976f80462408b |
| SHA512 | c1a638c21d56df6dcdad73458574cb5f36cbd4527dd8ae7c578d4ac1cf230ec3813567ce1c687376879afc2b5fe05ed980a57f62ff9d3da5431b3c749d93dd39 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\29.png
| MD5 | 8211a20bc3e718bac4e698b904462a29 |
| SHA1 | 81ea116cad8c6c184c1b6448f96fd833be3a3ab8 |
| SHA256 | 9016758ee07d8226eba9a02a0aad406340f4da9b5ba959877c31be9f1a00b71f |
| SHA512 | cc1576cf64cd51f2338577a4ac9d75df0220ceb0ea68b43f5919fd777b42a41cc7ea0e6c600901cd5d3855d7778a0f05b6a63862a7ab5228b62063b3728d9114 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\28.png
| MD5 | 36b3450114046bf6c5f112c5575611b8 |
| SHA1 | 96c8e585168abe70f9d0c4cd7fece5814576d29d |
| SHA256 | 07b1006523dda31b363ec92cb55060eb60c9456feff47af8cc5eef03e707ef36 |
| SHA512 | 1c7c4ab04ccfe4858d05f7cf9b92d62ac5b813c146e6e43e17a7a7c8be7fdcab23b839d36c58004d6fbad3309b94a9a410ea1a43cad375cafeadeaee273daf51 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\27.png
| MD5 | 06f5440baf2cc1e8eb35e8406022a0e2 |
| SHA1 | dcec954a2bdd0cbbe1455e93de9724aaa47d2a70 |
| SHA256 | 2ed3f1cbfa0713535232d5fe4db184422ad85c1fb4dedf4706bf6d805f39c392 |
| SHA512 | b8819a1428195cb2c8fce591cdedd0e5a8053a841eda631eca0024ddb6cf4faeedb7dc1dc3eb5138edecb196a8fa775b1cd764a5d617d436dfcc7f4c6d7aac61 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\26.png
| MD5 | f93dabb0aa9e388801e8aad37b434156 |
| SHA1 | 7bd3139289228e747ed79c12ca627cc2413c757e |
| SHA256 | 8bd3c3da42c489050c1cc1bc0ba57c31f42b4aba7b6dda6956cdd1291d3b22b5 |
| SHA512 | 3eaf82c9aa291de8275152327b85193887b4a2f4153d2b1ce60c7e35b2b45deefe4a36c076ad55ed0a55777bfb9681b58d799ac278562663e63e93051691f6f7 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\25.png
| MD5 | 064cbce4288afa79b6117b0af5af5542 |
| SHA1 | a271ea70d00d8b94f5c1767765e269459ff323dd |
| SHA256 | 2570ffdc53f990b58c2201359b670faf6690fdde791bb14704a5cde626cc25cc |
| SHA512 | 96d9c5673ab5dbac49fcbd52ec11d69ab96fa10e5605c9aaa06b2e17ba966f2bccf267715b4108405db18aac0c1d2749f186d5951d64096b29b157ea1a7b658c |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\24.png
| MD5 | f1d1de3e0af5518455611c0d12c991f3 |
| SHA1 | 535f1724af25fc418cf8b669e37cf947679b9f64 |
| SHA256 | b003214deae689804bb7726e753faf69ae228b092ca41cf5f35bf689c5b2f3b5 |
| SHA512 | f9460a68bf9ab8be55dbbc75d8679fc175e10c9d13e28946f0974709feb404255bf93e4ea8c04210bdc7c9b0315f92a84587cb05c195940b21f1f0ab6c5c0220 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\30.png
| MD5 | a1e2b262c82afe1d3b44f99b2436672d |
| SHA1 | a98825f116ea25279c2eee1e58ab73b2381dc124 |
| SHA256 | b6fc22e23ab61f0fc7f769159e7185e79a7b81de58791aa3c0a50bb329669b81 |
| SHA512 | 366ed818776edf735c3d741aab2a99d0bc55bd21c7ae67b833585e5466b32f6815c30732a6b71d1e69f6572339fd61bad4cac752d3e6a387716c5668db100897 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\23.png
| MD5 | 5b7a82da60e67587c6e1d354678529c1 |
| SHA1 | 18e18287df6183fe39401ccbaca3f1b66b7bcc5c |
| SHA256 | 71113107a2f0d621d90f5cf71874c0ec530589976431d25a5bd6cf5b15432bb2 |
| SHA512 | aa42fcd71813d2c2b50f7f1f6af3ce80fbe8708f5572537aa2ca752512ad5c2ef28078b69f36ca75de3b185378530f1a69686538dd0318c9fcc537625eab6554 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\22.png
| MD5 | 324af2ae15c07f6fe72128746eef77a4 |
| SHA1 | db4c6b11d9827460534bb3f1e0ee8ea5fb795e67 |
| SHA256 | 8eacbc263ab688c4cd7e5634dba3841e2dce088ed852b4d6b8ce2964cfc42ffa |
| SHA512 | 07877a44aa85b62dde6efbc416d1299395b4c5a5671e4aafb64479e8be9edc77b8bd540edfe8dee0df3a234886b3b24ed279e567d9cc2ab48e3092f56b003fcb |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\21.png
| MD5 | 9a30d58431abed7dbe48a416e1a459e6 |
| SHA1 | faa6a8d798b644e7aafc21bf94f29ff979197990 |
| SHA256 | 6befbdee672fff55cd15bb65190463af0c4ebd41ab7f5591e7472d3d9b52c325 |
| SHA512 | bd2b0ae99af9caa60825c1a18c0533c831c7d8e113b6ea579485d03f6660b7e7553e5dcb4d4f129e7c367b3cf306525fc0e1ee4500ddb4b5fe01d8507d726ad1 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\20.png
| MD5 | 2dcf566260bb90ed15cb9be9045bd6ff |
| SHA1 | 7a4429d54dceef8d91749aad21794031b1767c50 |
| SHA256 | caf95f64db3d13a991bcf1e0d65a9df60e8fafc21bc8a0d56404ac8ed5ce8374 |
| SHA512 | f345ff76e827a71a9ea306bcca311aca329453c652a9d6c09a0ed6f3a02fba0a22bb1db6ad5485bc52eae96e74e08b9090d8d82197a170bd3b0e32357fd1dc23 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\36.png
| MD5 | 1700c9038e056584b4130157898410f6 |
| SHA1 | b7e760682011fd2ca2a31347b8c717f1fe0ef6bd |
| SHA256 | 57e37823c61cbb3ae2ec50881a0b794cd8cd3131d5bc00615f77632e3ddb4561 |
| SHA512 | c2d6074463baee1eaed1d87c25d947bddee58117e9f5e5803339dbf4e6ba933cd16738caa82ad701647275898d2862b9cd00dffce3099f04aeb156a5286fcd5a |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\35.png
| MD5 | cbd86f478b98d7a7184a36abaefa2946 |
| SHA1 | 75a3afddeaed03ceff45c3e2a36faa8b2ad1074e |
| SHA256 | b3097eff403a19aafc9479e6bb00a994b85d21aabbf6343b198dc402e82f3f84 |
| SHA512 | 9309ce1801466e83d6b25c59d91e841dd19b115c5bd698fabf80242b62fbbc03ce97e31be3d303b82bdacee6c2b5eebfc9688ba22f9bc2d7d25151611d48dc1c |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\34.png
| MD5 | d2e7cfee7697c162fb45367b748b9527 |
| SHA1 | 581497d6322fbcb25e52cbc95968a99a3df7b4e1 |
| SHA256 | d48413a31ea43ada1f905bc662ef715c44f6fc356e3f341372b0e8c5525face7 |
| SHA512 | 6bf4b5791d79aaed9a1997817a639e2c8ad3c1323a7fd385a00c872645e9e44053627dff40956ac8c7cb27fbfdb1c5d972a2627c871eb3aa7461fc4cd40b8c2b |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\33.png
| MD5 | 9bd06d03be71ffa54de8f7d3938108b3 |
| SHA1 | cbc432d5821883045d5c72677a01951e4090a7e0 |
| SHA256 | b3a29ab1bdcb1a8e027a92d5ede843485553c7554f6eb4ae832e38041f0880b0 |
| SHA512 | 2cfd2ad71c3e51a6d3d50098a56db36279dabe17cb98921b2a891e4aaca2cb0413ff3513e4cd6803107e9b422fcbc67ae86b0b8148dcaf262a124a7301c488e7 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\32.png
| MD5 | 48b1f2923d9ae1224ecfc18eb48e43c1 |
| SHA1 | 8bd130bebc33c631db59ce3a8c13863aa5690cb8 |
| SHA256 | 456678114d2cdda5c2447dd5c197b4564c7f8b64062b188e1499d244f87696e2 |
| SHA512 | 1e745c770710b4b4e8224a7128b9406c75d52b6569a908231807275f0760e47a90e9cac8bc65f09308080a316a4574e71ee91fdc8ed3592b8135cba38f064831 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\31.png
| MD5 | ce1b4b1d8f093a878e98d3d53d8e8669 |
| SHA1 | 43737402da2d90a012b4b1ff36b6dd8c4f731cae |
| SHA256 | 3240b8cb461571587263e94f0160a2c4e614c1f0277e30dfffffdd3f19eeb165 |
| SHA512 | 455601e6eb9d84ffb8f8a67cc65e81c62af46f09a15417e642dc9b4c5ca8abe6f1e702775c9b8ee7a16071825f9805c84ae7956de609ee12c1046bb126d2e94c |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\37.png
| MD5 | 9c2dc70b8fcad1dbca19ea157ab66f9b |
| SHA1 | a0d8611489e4e134c3d1eaafde3a74b5e819b25f |
| SHA256 | dbf69058676bd3e4f73bbfe3210431e735dffa8846217fb8d1de1077266bde2f |
| SHA512 | 9e6c3b8b1b30ae2c12caa81066979c8147d84c27c5c442b236dd84ccddf4f6ed7386d41b2d42ea939bb81d069aef23bc8e54c1328edc25c5b69d8801c7f7b841 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\38.png
| MD5 | 97a2bf7d57e5e173e417adbc70e487b9 |
| SHA1 | 46c27e280e27b5080f3e555e53e7ef5ccd3b71b0 |
| SHA256 | 5cdb249ee0d01596bd4c634dff1353282bbc91768c77706b77079e9e811220b6 |
| SHA512 | 58c9dc590e38325f5c05e3e4adaeea9873e2e734a1c49c7c66977e65352e31038994c0bed439f43d14ceefed0f6b84aa1d35fb638dba6897cb0de0d2cf6c76d2 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\8.png
| MD5 | 4b3f9cdeba108423f3c80300efff1958 |
| SHA1 | ef7fa256ae3441a568c8f3bdf4ee5725f732af89 |
| SHA256 | 6239a97e39e6604584d5d3aa05075a00ea277371b7af79e14536ae79edfa93fd |
| SHA512 | 5deb2c296d6d111543461f4d4a95db0201af3f6660194dc9ae13cd6964339bd570ac99c99d9f7f4e04bc1ec6ebc51b6adc51db92ebd63a32108811c29f3adfff |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\7.png
| MD5 | 97c3ad3885d6c0c0174510788ec85e42 |
| SHA1 | e4ce36da271ef8028aa6b85c857536c2bccd16cb |
| SHA256 | 162b3b8729418a3925447d50b4fbb24482c82804ffa7a46eaf82b751eac10899 |
| SHA512 | 3f800c998e82375fdc0f75da6f91d4175170713b4d19d43711cdacee0490e6fdf4accdbed568e75228b6c5fd443da5a93a59e8c202a5ffab09f82e2d1aab2e55 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\6.png
| MD5 | f35ca234c01575ae87bd0308823ed62a |
| SHA1 | d06f45f05291cfaadb34d537f453bc0f01ad38df |
| SHA256 | 18242f17950a2df4a55cf8f19c4e0d38125f6a8a565552b8bb786a2470ede112 |
| SHA512 | 7c3ffa3951c799d9ad4e494d857530381da7af700711c259bdd8bed877c2e926e9100e9c0ad36ca9b67986c5956f7394369fcba461fab3badf4eebe55f5272d5 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\39.png
| MD5 | 0509f4378a2f32bdc329900dd3c1971b |
| SHA1 | 72c7d9829c949a8f7322dced8081821bae37ab2a |
| SHA256 | 34a7b8728a668cf01f85416e9ab4c790dfb087a3f935a38c7bf81e045918ddc9 |
| SHA512 | 124f2dd142221f78abb530a9a649c204fac74d07ebe4798ad16ecb6c5048d023c0f5c3c1bfa3fe08bc1019f0b4af566ca40b0c8ec3ba2dbff2dea2725f73f2fe |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\5.png
| MD5 | baf3a84232614cd8c2ee9133296f7234 |
| SHA1 | 43faa2409b5eef379084c9ebd620fce00f0bb6b9 |
| SHA256 | e46f2319d3988173c1766d9ac19dadc3bf63fb98432b7c9636241ae5c356a319 |
| SHA512 | e8c0bdcb049ec3ead84a1215b34dae0512358ad85702f31ce7618712d8f4d9afc86eb823b20090db5354463eaa6c1225cd4f1fd95ed1b7e11765bbd22b798575 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\41.png
| MD5 | 53cfb99b1b1ce106ba18051e28b5fb8b |
| SHA1 | 9717abeda7046973b6162ea5593e2c71d45d5cf7 |
| SHA256 | d0106f503486aea379cec27d4df6b84f26e1cb312613e2762421a428e85c3ed1 |
| SHA512 | 24b2e8f766c3a4fa7c4cfb47882acdff6c59eac349834cc9302ff0bf5475f568591f81dd3f6d8df93a4d9eec6c556ca74c9bfe9f3f233b1e413bf70dca0cf3c1 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\9.png
| MD5 | c1a44e8bce9ed3d25e95b6f15f08721e |
| SHA1 | bed5e6825dbaaddbbcffa255d67693ef0961b724 |
| SHA256 | a1590194311c386a5c8659c0b763a7ee45cab9639b526d2a822776035317ee02 |
| SHA512 | 75a5293db695c242b25334b17e9653ff1a5f73f68238217d808596ed09df9f122853dd48cd39b2a0e4ec98487ab55ac1049b3c913e31887fed7c1660083bf4bb |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\40.png
| MD5 | 29dac7dba26b3f49231e9d38d28ce84c |
| SHA1 | 0ef797529ce2b97a0d366333cd891812f7584709 |
| SHA256 | 46a41b720beb99aba5643675c42a3882dabad5e8d7199de37b1ab2360db3d0b1 |
| SHA512 | b01478523f89b5f006a562e93f48a8b64e18d256c48dfc2c26cc89ed6cfb33ddb742a4d34683b88684b79fe88dca7d3583023b71dbb2909445af94b5b52211c8 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winhelp\usermanual\css\dynatree\vista\4.png
| MD5 | 0d44c34c20571042f203ea253ea4d55c |
| SHA1 | 333cc13952391b4acb96b9191ea59f3fc1e521da |
| SHA256 | 27b09323f37b7877b02df789b938bd792e0a5504de9cd405c76276b19c41f60b |
| SHA512 | 1bb144dc607831bfaed82981c73b09be655448349425b89c608792b8a5ee43a7653efb2ad75afc2539093903b03916ae7bff019dc9e10a9d747942b9e97127e4 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\xxcleanup.txt
| MD5 | 04a9c9258e3ca67142c2190e0b457978 |
| SHA1 | 05c84cff023fd37c880b60d573530560b3ba9ca7 |
| SHA256 | 95b1ca34006643256ce7c2a259829fc6f65947251844614b690957b5307f6719 |
| SHA512 | d158358ed74069b4aba29729086f729b982c2d7365ec7d8a7f76b14113671b6fc6783a90845b11bf312863c881df4e6aaaef403680cb729912bd1a8d675051c1 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\x86_64-efi\crypto.lst
| MD5 | 6a3f58db454b17a0a339323b3e134a6b |
| SHA1 | ff00d28114398cf1a052329494d63aceeb8ff29a |
| SHA256 | 1b766f38a94927fe9b7bc1e809f0363e778e14c601e800faea271a2e75d3fc43 |
| SHA512 | 7488c4b6c106c8658a308e514b6fd03e6642f201737fd2716831733d98c3d686beab9903d36b0b2e9e30b3c01f2bd9757f30605d318215878a2b932ec4ab5ebb |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\x86_64-efi\fs.lst
| MD5 | 4f72bc2bcabe379b4fe0f7e1bbd03c04 |
| SHA1 | f091655c7ac7314eb0df21931415de47628d621f |
| SHA256 | 32fc7f5de8c0a5dc0b1e7eb609ca31a77eb3475539e1d97a4543dca1b9b26c57 |
| SHA512 | 930e8cd4d3e74f6fe9f7a66b93abb846624f1eecfddff45f943dd20e86da06ac55dc3f4226a2b2de15285746365d6fa8112737bd2d75a364a28fc38a28a6f552 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\x86_64-efi\partmap.lst
| MD5 | 02b988d7196362ddf27caaecf35c23dc |
| SHA1 | b5a777a9c9d1d484b9f133987047bca324a9c01e |
| SHA256 | 85a3d5f84d20723a27c1442b861be44fbf58a4525eefe2ccbb2b5f7ceb21e8be |
| SHA512 | 4efa28eb28d06d4fdc7de8086910588359f7013a47f199a8e6af037fdcfcaeb535124417cdafb8d1d417aa9a09123a59525a6bdefddc5d1939aada231e606e91 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\x86_64-efi\parttool.lst
| MD5 | 3190a91d3075032543740d0998971d77 |
| SHA1 | 408f07c267ffdb9554b69138616a472fe4207026 |
| SHA256 | 6de6036ef0dc8a908e4cc248ef1d8aab87172e722d8c5bad9e137fd43994e0fe |
| SHA512 | 6fcbf3a8135d075bd23f0737a8d50327f2fd585738b5439968d0c0448b9e19ac74cfecaf483bf323433effe2c460e563ffc0e5a6aedd7f2bf8a30ea4b52bf038 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\x86_64-efi\x86_64-efi\core.efi
| MD5 | 2f117cf85668e3cb77ddc79486378a48 |
| SHA1 | 841a1e185de4cfc8ae6991e8f27a0b1dc9a0e9db |
| SHA256 | 34a3088e15d5acff1a25bec07109b18d17f2fe6b07ca1cccb261234ecccb0fcc |
| SHA512 | 75c6d7196ca89a51d0d9298b0d77c7e1fcfd062d10085a187bf6c7d08c93481e3bb93be51d3a4ba8487cda8a56060200448fab2f057536fd202de64ce5f99e3d |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\x86_64-efi\x86_64-efi\terminal.lst
| MD5 | 098832497928edecd396096490b430de |
| SHA1 | 66b726c6d64bc109d3948a9528f502ea94938ef4 |
| SHA256 | 46f888c52f36baf9b62d60bc8d06426a314aad5a0ff86a4362a91c2512a1df9c |
| SHA512 | 4fdd3b4cb38c5c69865033bca010d6b914ddfb74dcc5886b258fe4fa8759a1160ec4b924a1c7a7128b0f6899e6f3b0e33373a1ee7532e533e9b6b1629e52533f |
C:\ProgramData\Grub2Win\c3021210220ed56f23090bb9c211b1b0_NeikiAnalytics.exe.24060109480367\inet.work.internet.txt
| MD5 | aa43a7da2ac1c4c3a62c134ba0ec03b2 |
| SHA1 | a4c2aa7a312975ad468d60285298af9438881e65 |
| SHA256 | d2d632846dd5563a25b13783888448fc93016baaca3871cdeb1ecb1e28d5ebcb |
| SHA512 | d1480b9e35c9d8e0c6941654f0a3845cb2ddabd99f2e5dec2bcd9152cd7a0ed9b69cd57fe6c395ed7b085efb0fca7ea4f9e1bb3b706dd17c31ea8a908d0476d9 |
C:\ProgramData\Grub2Win\grub2win.ExtractTemp.24060109480367\install\winsource\grub2win.exe
| MD5 | 9d61da62be0f18ce9a5ee57456b9b552 |
| SHA1 | d0bb2ab18472e3f49da200be53a27ba5baf6e212 |
| SHA256 | 924d32ca2698f3a3c3b433584ce2e422fdf8de4d7e9c343d97ca931db1d44e75 |
| SHA512 | 9b6535f52aa39b3ac7b89ca0d604271aa3c54425fcf241d62276c56b792889419bf05edb11ce7a75000061b229bcbe88b931920cbb924689f24b0cd063c26de8 |
memory/2016-3331-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/3720-3334-0x0000000000B80000-0x0000000000E9D000-memory.dmp
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt
| MD5 | b79fbd6daf1b05c5fe132a183e242504 |
| SHA1 | cf37299bd587ff61010f0d9e83566f11ac9bc624 |
| SHA256 | 1cb5d9d78ca0e30c9e4b6cb0a5838d927792a54b9930308e604dfd9a9a43fe8b |
| SHA512 | 0dcd359619806b54398c123d903556660de510bf20372eef69835c96560644b14abc5d7f5ede638866068a462a704ce1d04aa19e6a3240d6dfa815607ef184e9 |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.output.txt
| MD5 | b4b87f31ba9411a319c800abb5b3b2a7 |
| SHA1 | 522161287c6aa7112c93c6cd5314f57d374012b4 |
| SHA256 | 3f6b10bdc185a0c6421788c1ff802988b2e88c3a80c044a387f22a3d8abef8ce |
| SHA512 | e6bd39e15dcd3b4d675bed91eb78b6a2e6a83383c3ff9a273e91e316c594f252fd614b828822e14134a6bf2f67d0677b90652768ffd6cf8dfc36f76abbe3c3f6 |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt
| MD5 | e8927b03efcd1ea1b567f9d8335bd927 |
| SHA1 | 1f5f208fe823c728da04bbd4440b520bf0fb45c6 |
| SHA256 | f966e7559ea2a95e7c6d2f7827f36f478362bb736e0502754b0ecf1954c75040 |
| SHA512 | 9b2b7c08f2496a2dcb84eb527bcce90ef0112250abbb9b7282278bbd68e960274ce642b6c50464e4f43fd7ddf12fbfc88d712533dcc2e582a5ee3e5fbb98adc5 |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.output.txt
| MD5 | a598aaf854d35a35adcf815d8e6ed31c |
| SHA1 | c3d0f20c1f5fffd19fa6c9df6dbf07da3349b5e8 |
| SHA256 | d482fe244e4ebc85303dac2d113f0167a70078154fd17377003b7500f51451cf |
| SHA512 | 8b984a5a6e303e0f20bad27acc96a7dc2992123bf6eaa82bc7664a5c11ef29274dee83261961903a8011d74862c53b02cd4d6c0ca63e2908fcb047f21a54a516 |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.security.output.txt
| MD5 | c5f391be9e8bdc0ab1a4ba2c80b7cbf1 |
| SHA1 | 7407d8ca672be8194f74e8c734a64ffdbabdd57e |
| SHA256 | 059f065dbf5cbf605c78de731a91db5a5229b41a0bbce1e50048ee0983850545 |
| SHA512 | 6bcf978b6ee1bc199b9749d0296e0d5966b383beda1fac6a9d63442e85cba0aa69b99dda190a090044d3bfaae7e6f030eb80ead60c3beb28b983e9a34f4ed361 |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.security.output.txt
| MD5 | 04d134900b0b9c7c72b5942a7afc151f |
| SHA1 | 624e50d0a2143fffe0ec5fab0735906a30ae5514 |
| SHA256 | 01d225329f3e5d6a35a5c5890e7a715ef6d2950434dc16038a23ee6cf9e4730a |
| SHA512 | 70196e89e85ca2e76c2de799c36fb3527b32b1b4065ab22e33bc3816e60d72d574aee34bb4e1f9d1f797c654fd684bcfa117d61f0b3d67b1fc1017a38ac87eb9 |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.script.txt
| MD5 | 70b06ea089ea5038168ef2a662a77f31 |
| SHA1 | 86e57abbc41f01b108ea39942a1a298091bb045d |
| SHA256 | d2284fcdd778f48ed3d0fa3be2dc76d4b245442ffe1afacb8f58d0d4001a709d |
| SHA512 | ebbde155e219df5c74b95e6be8257ebf99cf4d94322cdf7a38025087769f8f81ba1379fb01863f35300d8e7eed10fa23e6883f582cc9ff7b90d7042c29570a1f |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\direct.diskpart.output.txt
| MD5 | 3af2604ead8ad4c11cc7274b379b08f6 |
| SHA1 | 4bf39d17384477f5c2af2593084376488b348c10 |
| SHA256 | a3721707b6d675847dc55ecbdee4346f0b825cebaf3794d324234daae52c6ab8 |
| SHA512 | 998551829f00572db5c56b436d3d61ba58eeb0aba124b56343837ff6d5b21a3ed61e9c9fa0c4faa36eefe604b41798df9a99ff4066cfd0d860c52c37ed050ddd |
C:\ProgramData\Grub2Win\grub2win.exe.24060109490923\encryption.status.txt
| MD5 | 2bfca6f52799fea70c73d0d98eb1c5b9 |
| SHA1 | f643bc11e3f459b0da01ac52c1aaba068ce14199 |
| SHA256 | 4f0c357415b700b775b6838503a604f7e174cc0836e1d32e9d1cf6eaa0041f10 |
| SHA512 | d81b7fb46d4befc43c77536a8ddd2417dd8e08d2714f4ff80f356ca20f57fe07512bd5c59749cd8b83bedc730d4181904db2f6f95ba2d4a9a143daaa10a592e1 |
memory/2016-3366-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3367-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3368-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3369-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3370-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3371-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3372-0x00000000008A0000-0x0000000000ABB000-memory.dmp
memory/2016-3373-0x00000000008A0000-0x0000000000ABB000-memory.dmp