5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe
Size

195KB
MD5

699b442dc4782395022bbbb4df187ba0
SHA1

2b00f696bd7333eaa89d9802d7ee4d2d6d41ec0d
SHA256

5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147
SHA512

c6b8ebd1e8a3e1cca01a38dcd465f6393aec8fe0addf79b77326077c0ce39615e67a904b85e9c8008ed2b7b201c24d6e3203cb248fc95cebd73b1ef7edb45bfb
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888u:Lpe+ekeq1Jpe+ekeq1U

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3635) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3020	_MicrosoftNotepad.xml.exe
3036	Zombie.exe

Loads dropped DLL 4 IoCs

pid	Process
2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe
2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe
2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe
2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	Zombie.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	Zombie.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	Zombie.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	Zombie.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	Zombie.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Windows Defender\MsMpLics.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	Zombie.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	Zombie.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	Zombie.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	_MicrosoftNotepad.xml.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	_MicrosoftNotepad.xml.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 3020	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	28
PID 2012 wrote to memory of 3020	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	28
PID 2012 wrote to memory of 3020	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	28
PID 2012 wrote to memory of 3020	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	28
PID 2012 wrote to memory of 3036	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	29
PID 2012 wrote to memory of 3036	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	29
PID 2012 wrote to memory of 3036	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	29
PID 2012 wrote to memory of 3036	2012	5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5dc39911995dd46cd4668bc585723d5adca13bf6af0f11199a58c7a11ca99147_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\_MicrosoftNotepad.xml.exe
  "_MicrosoftNotepad.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3020
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.exe.tmp

Filesize
195KB

MD5
6ae13581c24760f724772906ffff7546

SHA1
fd8863f7bc6806a393af6a04446fc49609adf9ad

SHA256
facb8bca85d808aac385477c567ce761ef8ea3588ef1710d0d93c2ecb014623a

SHA512
682481e7158190ac80758ac3f47e03b63ccd8584a5a99ecc8ed0096791c77b0fe55116a91e5d0d540d37d1a69585c2d456cb2a7dfc2adf3d808fc3fe140db87c

Download Submit
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
99KB

MD5
5b09310eeaac8d42e9394ac155f75ef6

SHA1
2afa1a7f829c85f67986c15793c7ea014c4a3bc7

SHA256
d9811a7d7ee72525e7030a78f008d513fe2f4927f5af4c54602f0c14d9738d67

SHA512
f504b96d545a2dc555bd11a966f9270bdada9da751cb51c72cadedb20c165e90bf036b5e578daee4b5ef2e7dbe31f740d8080f6868dc7887a721ed1524ada110

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
2.0MB

MD5
3fcfd051221b82048ebc3a0c34884615

SHA1
21ca4c602b6a3fe8bd23ea2a020961fe2a526c21

SHA256
06f2b9c217a036868b19561859a0af410a8e0716563ca6c23ddeae97d7c7e512

SHA512
d9d729b9097dfac3f8e96b19e3e9881f62713fcdd17e5c0280f099594f1a7f7e4611f2d52673e1ea651b13c0201c29d1356b12e4767a1757fdfc75a95bd725de

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
3.0MB

MD5
3966caa6dfda5746d44d106fa12dbff1

SHA1
2c7be5448a1308dc58882115d1869402f39c5b44

SHA256
c35c15376c2900dbca2e2bbdb65b360c36ac6a9ad93dfa8c154dab6e8c09e946

SHA512
a2a7e497f60573797e79e5bed671359fe27241fbb7a65b76271ab4941cbc321e785156673e178107f91a7345693a4b80b3f7228b6f8a324f717ce9356d4d9f9f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
868KB

MD5
8f4f7cc1b2a2e498a2bdc817a6de4e5c

SHA1
03d12b01c05b57df6177b2719ce9c4e3276a478a

SHA256
9b59c3633a611a243834644ad1325b2f2b044097dc7a47537be1d8aa24cfd6da

SHA512
f68dc508a1786d24f24fbeb40055405252c9df8d17e56422ddefbce11ba2e9e95611f9f7dd192f823981d19333ac7126017a54819d56db0f959c22d36ee60719

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
129KB

MD5
9cca4213285151638a86901092cc7b4c

SHA1
9b3f7f70f17b3b6fcb7ecf69fd5f30d5ac10c95a

SHA256
b3e050a1488a94c96bff20d0f6447e4be25f99cb59c7ec4e9f0df00b30013de9

SHA512
ec122e2480ed4302652d1e7a3614fb25cdae0a1cde39c5f820c3421c6f1661501e2fb8792f8548681c6ae4463663eb963b9483bd7806bba67226f2622caaef30

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
244KB

MD5
74ca58b2ebce2a9b872f3a58c61fef32

SHA1
860f8548284351ac05e96a23deb1d45f794eba22

SHA256
363ae20cba187507467d321366730de4f4f9e005a40c2fcd8ed78023e5687a46

SHA512
67e42c335e1cd49222c125d6be7f4aabd1c86747feb07e2662c73d6ab7f2a4933e8ca90460f4fb15aa411efa8292188a4dc9b5df5c5aa6f107ea1ed2e2be9a6c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
3.1MB

MD5
62496689ba17835c683b90235d408055

SHA1
47612fe0e322b82e8e578c012fa05a913ccf8836

SHA256
94f4a10af97fe129b570d3d81c849b219710765288662a230429da3d38d1ad22

SHA512
2d7d7c482aa513255cac508587d66251f99899b04df6803a3a764b2a61bf9ef97c9262a5f0b6a757e5c3adb75616aa9ec0ae719e1a1411c9d121fa6d1b6829cc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

Filesize
797KB

MD5
24a1aeb20bd7164323ccd50cad72628f

SHA1
31f82f320c6a8a5063153af7eb71d7475400d2c0

SHA256
529ccb1a0b9fe09a792f7acadb62d5c901058c1b02c9d71b47f5d44e2dd4e039

SHA512
572d7544d71564dd870dd6244bbc7f30421c54f74ebe36070eb848433f21814bde2b46336ac98e054637c34b2cba8bb226c85a1a0d11f6953c69a630444f5611

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

Filesize
1.1MB

MD5
189efcb55763ee1124dde7c9c9788dc3

SHA1
ba30ca8ec1010d2ce8d4ad8f8f62276efb121215

SHA256
3c96d1cd1b48512682ed403d8d89fa974a4895f4baa71e4d69ea814c4cd44f31

SHA512
faede05f0a2b618dc39abaed24ffa2c026a35ed9b4a5fe67f5e310ac22547e7ad13c3469f8b373b2edcab76330bf7f33027361d0b9b57e619579412600c7fedb

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
412KB

MD5
d426c235f2f3af3ec396b13240e32f0b

SHA1
dfd9f73fd79c552f2bde9d94f49451f73d5561aa

SHA256
3e44f95d4d9e8ff40688169dabd903ef933acd5ff3e5bccfbdad60bba386ed94

SHA512
f520a04493ed7094a530dff2debf1f3f77250b013c974598a1ec3492ed8ec57327e36dc67456a59954f76ceaff08bf0ae0d8e1024d3851305973ff5fc9f7fb34

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
16.2MB

MD5
712c27dbdb610845294aa7cec0e57cf8

SHA1
8b42c96aa8fd50fcca9746300a3a19c09c62a7ec

SHA256
657653c7615abb2fdc38921994ee0b938363dc7ffe416e8bc88a82168508dd63

SHA512
1c98f4bd01c38a82689cbcc13f0337f880b47585ff6c357ce06b63331146dfd507144734e3fb95c35489e8fa0e08e740d25633d9385cd4f233635b0412458964

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

Filesize
540KB

MD5
ee71404406517573d50865d618dc3fee

SHA1
d5d2a9c20303fdcb76b7a0b7a2dafe510e170412

SHA256
044c508583f8dd6748b085c4113961d6a86e2c925c91e6f269d65c80592ffca2

SHA512
6334a8d167ce52d0275ea969ab1c945a63093bd0a77a74689a186ff8ec234186f05f82d75534675321b993b14ffb1db4e0fd0061753e806d8dc6dec2a50a971d

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
101KB

MD5
5abfe362e2ab24dda5f85e86f0113d5f

SHA1
7c6d4ccde96c11763f5d01079140342bf34e3041

SHA256
01f1aaaf4fdcff4b7ff82f395f1eb09d41c50c1f60bee1cc19d8b3d726185ccf

SHA512
996cde31ffe4565b3cf3148b143f01ad593dea8cd7dfb38b068d229ebc9445d6e8af1ebbf257a1ffc92ce5476b35cd2d0c0c0896b31a504b399577ad58db8404

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
104KB

MD5
db52c9b0f88e41439ae5634bb96f7015

SHA1
a562f626253bfdb46917563cf6498711c6633166

SHA256
948b9b62476b91ec7fafaf8affe200cc58a0bbc7063491081748b63e1822243e

SHA512
da338de21536d71bccfc7f01e541fa6ad67894b14986f36bbe9b02a5af958a1b95c6c0b692b02514863e6043f6de6c995fd65a7bd6b812c44ab389d5d745e371

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
1.8MB

MD5
77d4dd94efe5a3f90964d0751b68284d

SHA1
99057653923beeceae82f5a75a4b93dcdb9c16de

SHA256
b83f9a8e0433d27092666edf95dcc70c6b63a568437ee543cf20761b3da0e768

SHA512
0fb2c6f14e1f6cc33cf0b2eb16221a5b0721d01635b14652c2b6d607e7c9cdda5337be2ebc9c340c1f113d388b6084858c2c4d65963f79d5aafde17a87a641d0

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.tmp

Filesize
99KB

MD5
15c760a33e3758d3b35d9daf74abcf2f

SHA1
f851707478201aef496bb654a6830bb9416b84b4

SHA256
0f6a458b5e1a931a9962b8c677d259cf68595712b8f680179027108c89a14bc2

SHA512
29a68d144e91ebe2625e14cc9838ac60bc2c0310bddd77a88d418b2b21b69f88b73f5be3a4245d8d0ec7987d2329639aee1e9c5ff3220111dfc36fd4e088e2dc

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
102KB

MD5
8e33ec411f77a147a8b8f2c67862fbcd

SHA1
293d6c1b09233afe922902a1626d08c53785278d

SHA256
1fb00b73d3afa8b94428a79971318b90398e859d814dd12dd8c3286400beb096

SHA512
99e381503385def4576bcfb688d1c204129ff75d8edf1f350705c81e6bccdceb64b1b1d545064078c42128b892be3d4c5e063032175993e2a697e16d60f78200

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
4.1MB

MD5
d309e6760fdb9673207e27c4824e05c2

SHA1
7ad61f101a781d332d81edb70d3cf975ddef39ea

SHA256
44064a964332c63f7550b3984b685748fd2e0788bf1c25da114a0cc37c57da32

SHA512
65e2e30e572a443aee539ba75621ab6bb00fad5d17dbdd6697de6b16dbba3f771e23ecbb3ba2000331b5c27fbd98e9cc9b9223b5113f802464c080769653e008

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
9.6MB

MD5
1eed0b0acc447566492be9a5e6371f89

SHA1
87f64e1f43969d979d2efcf31889e266725f0d64

SHA256
bac1ed006cb1989547e1ba8896ba99f4a5751bda646c5c44e9afaf1849c28140

SHA512
c2269e15e9e2c9020beba3c61e725b5f1f4a35771e4f4e72221cbcefa05efd972be842b90cd8db3350684797bee7e3c83596986d983f9a438b26c1820fc9a2a8

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
120KB

MD5
eece222cb18c7304f8dd360510e88d9b

SHA1
c6120399d0c83fbfc47de253cb3ae4cf3e891a1e

SHA256
a74e53138a1f53f2ea309d61fb6e217ffada33cf06a4727b0bc419c9119ffd24

SHA512
5bca7a08e9ef223ea7c7cb3a08e616457e3df50e74d57b0401a23bd7034ba4736d83a35ea6c92da1e2057bb08d63b36b106fc450cf30bc20584555edd5e4e59b

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

Filesize
4.0MB

MD5
4a2c90a0c979b76d6a1cada38afde51f

SHA1
27d25cfe33febdeb34a9cd8ca64b7d0f3ab7bc32

SHA256
d3d1084c8b39fe43f11ec807b32575c024c7962efb7a3900a1a79b450c46a356

SHA512
87c472e8a1665931b54fd30a2e443cf4c17d8bb4db9d6964d514703a48dfa00a20100206209910d52fee0b165e0f511681de25a21e5c9b5b7615fa6a070a697c

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
101KB

MD5
c969f41011a9c632a3a1efa6363610d0

SHA1
0f948a4ef6ef60762ff6a5af0c96d3b216e60b1d

SHA256
3b9bafc348378a65b499f11ee0815d2b6c19a711455f7269943afb5e9395534e

SHA512
7dd641133cadba5659d10978f4a1ed4bd2fbc57e8cfecfa96e5c3316608173277f0ffee890e8dbbefd38610cbe53c7d88744e8588a8ce432b998358714ae4819

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

Filesize
1.4MB

MD5
69e1910dd37fa98cf2628f637adcaec1

SHA1
5996892b4c9631e63731163d2bdd5de6af2ba10e

SHA256
90ea8bcb41c45f9a0b7b1b74e61be2e23a1324cdf1ccaa845fea3c5f80161a61

SHA512
ffa13cae47415ebe3a453cf70484fcd20b03d5ab6b010c1d102e50901e5c50b3e04224d10b365024ed15028095daeb7da10440f4426fef50a571d3300c2d3f85

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
728KB

MD5
695dd8aadf9751f836e4b08ad1902fd5

SHA1
3a3e5ccc75812051967bafd45266247b2747de5d

SHA256
27135ef8cb5469fd1692d75ec6bc147a2ff92333d253406cb6190bb87ec6d0ee

SHA512
eb20cb83d4271b68a1ab53d290d6510b55a980f529f75f4ee7dae72491504d8de6ed76ca74215696bef6521481f5a8caf2c0c3d1660a3c2b38312fd2134dbe9c

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
10.5MB

MD5
b4b6806b7538d7f400a4925cf1c03f64

SHA1
09ed9113045294c6075098f879e5f2c282b039f9

SHA256
fd7dd9959e498048b16bce2c714f70c95393f9b155b51c3cf66b4bbecf7318ec

SHA512
35a22c0d502219ec8baee6a3784e67a5d55b033d8970e36c58d6a3747c39143e69e1eed506324e14642e56432d0f1db866da9da9fd1b663ba5646649ae8d731d

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

Filesize
616KB

MD5
d15e7e8076e881a648708b26d87590a0

SHA1
69d4a2f9105aab63ff946694186b12d11b706ef6

SHA256
f4fd703373006d24a95524a92c1aadfb3b573942f25c14380219684fa2682932

SHA512
2bc0704e296af16592a7db4030757146d437be9064701c93aaeac9e172b17d1cfdd1cdc57dca7b5dbdd447b264a12ca28369183578d9d47063640c10d5368f22

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
100KB

MD5
142aef93c9fb279d95c4610bd8eb864a

SHA1
f04fc2101abf754e93de3ddb8b8f3dae7b78eb28

SHA256
a2dfb3cf70a89b8b35322e0baeefd1015b1936f31e5ded46e8334cd2afa3f1cf

SHA512
2065dcc1403b65c47cf9bfd1ba03dd311c5617dffb376ccd9560321043ed1648aef3e525676678c5229c1546e54c13c4539dbe35d6d3ba4a77e933ee02d7a9f9

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
1.7MB

MD5
276fde4d8f8148b03f4f5da229e490fe

SHA1
d0c558ae21c6a4ac4a4a236877a058ebb6217f14

SHA256
29fdfd074a75d7edc8db28fb2cdd1ab1b57bad4cfc8927451e862944f7d7fe97

SHA512
ea62d35bd03b73bedee7f895c660442ae1da1706a75b949e59cf6dcbd56e881591d81bc3faaa11409a1e25e60fbb202e9de9f078809c73bfa253e59b6dbbc2b2

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

Filesize
712KB

MD5
d6f47fec2b4cb4ba43420e1c835c8681

SHA1
68c7b80ac5bcfdc9d24a0f04658972ddfd3b8b09

SHA256
579f28e58228d63f950d2fc4b56d617f8229d1e0d24eb5acdc8a5fed10ded9ec

SHA512
723bec52268894740eb5e832a7cea9ede6ceceec504a3cdb58ef4a1a6bd298a7fe6f0b0404d62190436cde7c24e808ce4e7293bd887e5b9b3c6b80d1d24e99cf

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

Filesize
750KB

MD5
fc2df965107588a81e88710ad2398245

SHA1
247636499273544ec7dd3ffb192ecc17defabbfa

SHA256
482acb098efa15b6ae2c10173b768137bed5ca04c4e3c4d6d833e16f5d201236

SHA512
d18f50328e35b6ce126bf36d4158b965a0174499fd356c644a9e4f5cf9a49abcb343b656f4e3c577cc432833358b2b5420dc812382a82b3064c7847bfe5428a9

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.tmp

Filesize
99KB

MD5
20ab90f9af5cc0b23abef9d3ed7b68d8

SHA1
431bda196435ce177e2d90a0b21f6024f3ed25ef

SHA256
5dc0da66343d917997807fcbfb88fd17da82f8f9737ca72319564b11dd58feaf

SHA512
a3579c2edc6680852d120dc8823c07dba5e8c36f9e1725f0e7b6fd6a2f9bdddb71973567499dc6330a7fbe9c73428b56f81292e1bcef8349d95b4ce04da45cf8

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
100KB

MD5
3bc8fbe55e9f1bd0d5c99eec3df93f72

SHA1
20816bcde4834a1ee84b6f2346feb60dce2bfa79

SHA256
c2dc2159135ad9e20a6eb7246bef9a686ba9b9ca7c4892f1f35cf74c924f556d

SHA512
671a229b263fead9158a27d5c5929b6efd53c66596f061727414d4f1531297c1678ff8b1b9e8117da25786052c926760b75f21b74a807d784079e2fa3a770d16

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
733KB

MD5
a9ff6edd15804bdff2a328c9ec32ea24

SHA1
41b6992daf1cc8c833f6916347974ffbb9be0ecc

SHA256
7134ba1510992ab100975354a197a9c57b3593f3f3190020eadfe61f3ce66f18

SHA512
e5513395ab757fc38b1cf894cb6dc7703d0aaff6fe391eea1e32a2e50e7d97056f1cee7b7955ac64ef5157a35333ba3dea602e36f319152e2f315d4df16be770

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
104KB

MD5
aa766a1c99fcd638230cf7d904f1a874

SHA1
f674ea24f72e138289284b6aa1440569484dc0a0

SHA256
4b7f389a3805708be8a07b749f71a59d04630a8b95928d62cf9b65b1cc191ac8

SHA512
df09e2de7a9c86c44d0a999eaae4371ca234eb7880681e2eef5679b8c2253fb9acff64e30373a1be1610c545a8c1bb17775f0a244ea74f6ab62feaf99dda7add

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
104KB

MD5
9500e84194a9b0183c7d6b05604ee8e1

SHA1
dd77d6399d0ad1488e7e7e5719a6e1a5647960da

SHA256
88037a55eee6cb306c34ca64430241862b223ab99df31322d217b3ce1896111f

SHA512
4484b6b9c6a8f9f35d6eec0d0e1ab42da8ebe729f29cd2f1c2cf43bc00431e9e4742283a254167b7d0b8e08f3965813b405ebcb65883debce9b41289aa8c7ba2

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
15.1MB

MD5
a5cdb88a04a1ab3ad2b063c8e18b9d5a

SHA1
11ec9ad9351eef3bd783343f9ae3cfea86f05468

SHA256
36e4b5ee1d69e4949d8dd9c06da2c061a773b5ee179e44e4aa63d4d0ca666217

SHA512
8cc735ab137f1ba3e9de2d083d6d303116f6f4249b6ac693e501d877697608b0818d21bd2abc3d7a53368bcccd16b7070f31011273f04cab13f8f6b0ee1a51a0

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

Filesize
888KB

MD5
866933f262910143322a53159e789e25

SHA1
d64c15dd41a407c560627e40970dbc760c4320c3

SHA256
1314184bd7c6fbbe8ab20ed787c0567da7ce9c255fdf9276d889acc81438c4e8

SHA512
3b25b7fcaa8ff46d1826ce3a87836db80296b40d0daf92461b98843ea1a7c88efe4d17c9c3b775fbc5d9a9cf87854a0385ecb5d48aab82908ca4394b08e9d2c5

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

Filesize
1.8MB

MD5
d1e80d16a747c517e8b04486683e7484

SHA1
8df0b418f5225e90dade24e39aecb36b141135ae

SHA256
8784ed06cc4a2c8a9956ea62b53492289ab2b0c4b300b1f580cfe7eb0445f31c

SHA512
dadae798ea8fb1c5035fb65c4be5ab0d40915d159953db509fa8191c426c5747fb4a1a13bca8d55b32e576b706f3ca6762f066f5f5bb75e8c4a23fc38c2bcc70

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.tmp

Filesize
101KB

MD5
6c1ec87502f0b53e908caff3a59abd44

SHA1
cd2875770bfede954edbc5ac62166897822d8764

SHA256
8eff9f6076523edc7fc1a056cc53a5bdbc41a772bf7167e7ee6bc51e9638041d

SHA512
d3c43b7a289b49cb2622c7c32f38ddb758a902f9dfb5925550c62ffb692dd7f5e6ef04c60199eee6feb59b738092ba501b522cb3245a984ed217974e426d38eb

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
12.2MB

MD5
0669e59a3e4bce8c2fc64f3413f9058d

SHA1
72b7bc957b64746da7f8b80dd836719a55a2a581

SHA256
f858b3f473a14a3bac20f1a5fc1c8b5274a4a88ca10e75fe4f0ea421d57c5adb

SHA512
18cbbf525b5bfc3b72663dc208b1c5418852ab8856bdbf4c6bcb7da2696d863af15a712c176507531611c2899b6415c8609fa892bf6253ebaaf4ed6240d72a18

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

Filesize
4.0MB

MD5
72ee0d20b0735327ae67f2143e244d72

SHA1
06ef533caee03b1f2b2a82dfc45cc2a608b65a49

SHA256
b384362c31b280a96852f29ef4b706f3b4d9b291bcc1c0a42bad619ee6cd68d3

SHA512
2cd26fb2b2884daa332d1187b5c51d819fedb80b56f68724136ba28d44c0e702debd979f9af20d292b696feff1c8d13456c5c3275c5ad71aabfaae5ad3e2c371

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

Filesize
204KB

MD5
44e5a67a80964948740008f09db2d979

SHA1
4d8a0e5ab76cd62f1ed95a00e40a08478761db0b

SHA256
ab54b641dc1972f0f49d8091072c64daf720e85033e2298796b24c863251debb

SHA512
4e4306267c1fae9bbb1aa44dfca9f881c3d95d3ec18307e81f4c788d511230f9878fa8ec5e4c8474f25a45a53ad52ab698e4e260419812b13e2f7ee126616af1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
917KB

MD5
7d191508dd128d5a34675d30aa7da407

SHA1
bd504b3cb53a932f16e7b89c4d38f5d7eb3a16e9

SHA256
4c245b71a27620111fbc43975d54bfeb54e5bd9c794f14835fedd3df15b10b5a

SHA512
55302072c8c1fda5089c0514a8b3da39b2be942ac38397f32ebbea5151e1b0d2ed0b198b176676fbc15f672338b464cd51e7bbe8fc3fe4e5a2a5aa9fd35f536d

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

Filesize
13.8MB

MD5
d11e4224b35835efc92a0d6c38ffecb6

SHA1
67a5cea7443870123948103c5a38ac5d0aed7739

SHA256
0571e431eb3f091b183b1d6a15d507e02f358dce66eba8597fdccbb8f25cb0a6

SHA512
70f822b52f0d0616c30745866539a8d737402b26b57e545f692ef97452c9ec284b02725fde3d7c2deb13f97f784f0ce0b348574e978fbd76ce804a4b4d43bae1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

Filesize
2.8MB

MD5
fc598a5248e082cc6ffbe103fc4a9052

SHA1
27e616713f1f7dcf937c8b21e762366e3f453e66

SHA256
561d6630b2ecab957a355ad7c1fb7a24256499dd1b05172bdc89c301062f6496

SHA512
3c82db805849d977ddd29471591ef94bed5b96491cd4b2d5f2b87395b5ef9cea112507f187c5b216f5626bff0bc60981a3e6242ca7da8c257fe529d153768965

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp

Filesize
105KB

MD5
4707738b37efdfce25f305cde3ffa5a6

SHA1
fb1f58d614a336bf736f844a299ab25968559837

SHA256
16befa79074cb7e0922a728384fb6b9d9fa40ccaec00551251cd2316e2ad9e3a

SHA512
eb53443a8586209e66b2f8aded9da52f6b334e6705b00fffe20e124e3aeb6ca186e31ecee9d8a9cbb36dd86dc4aa91bd83b6d54f98a445c2edc708544586e2ff

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.exe

Filesize
681KB

MD5
e474387c9e339994ff2f279147106ae5

SHA1
5b42f3e65251a640421138c237a3248dd7992593

SHA256
2f548b544daee1d336d1c79ddd184c84201309e9bbb4efa61a9cc85d979692c1

SHA512
943812e1cf6680c14a0e539e41cace510ae047d6d86d21d1277cac1ce7e8e3177132a412ac1b2d4eba0adaebd3f10687d32bf88135d6ac3c6872f9e1747267ce

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

Filesize
368KB

MD5
4a5a407c0e24141947c599ff3e488bf7

SHA1
c0c7b58d0196c67a915b4d5c9797e0791b231693

SHA256
134bd815fd6ffe515c4f78695f1b0622864abec3999366f288b53ca17290c06a

SHA512
e69603a0c2ec1a3ea35707967fb44f0b789d9fa30864e7ba0f536a542fc8f01c9ad1f25d0636f3d1b5896a0e5478f2fa697b04076329058b998958bee2623edb

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

Filesize
739KB

MD5
2a6a257d1aa18e62615e6393c268e428

SHA1
fb227fc6f67626214eb7988d10dc2f5bb51b9417

SHA256
4a769bf274e8bd006a8f9c9d0078be8f00e8f59415155f5d9bb820acc63813a9

SHA512
ceb7f1f37593ac8b862694e347929312bf74b5a699f842c0963f184f08673b92755f34c73cceb50d760ca7a257decb77c0dcb1ec1856f128cea7e740c1e6e684

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

Filesize
124KB

MD5
4c921f64351f49d53bce65e3d544c468

SHA1
e0e0ad7b6492df5e40a04ad72eb37d60012aa601

SHA256
e1938751e6d27df1ef6922efeb39bd260984f3c3a53739ef947f55498fd90c00

SHA512
08498bace6b14c608804301c0f676e5f72f6884052ea0da23ccd437c1277a65a3bb7eab7fc5d12b3a5d72dc47009b528b9dfb1f6091c4ef590204c036b5b6bc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MicrosoftNotepad.xml.exe

Filesize
98KB

MD5
9dd83188250952d96bc8e423009e6817

SHA1
b78afa280d009a067e2190865f9ef4db2588bab2

SHA256
d9869be24fb3bb0c576e105ac0dbcbf8731591a954b397e3a9d6c321e756682c

SHA512
33a2661c19b89d196d2e20dc7735961f710892c5b1eb16203ac0af21a152397048721e0b7fe41f900dff3f501a55536d910c4d81219c3519a097d664846ca0c5

Download Submit
\Windows\SysWOW64\Zombie.exe

Filesize
96KB

MD5
7f77fa8cafbe2b09f81d8362c728f4a3

SHA1
8b5deb2ad9629f9eef286fdf348625aca020e166

SHA256
6b6ac97a180158912628eb4c50b73a865fa1d51853865f1b0c7e9b7f3b616564

SHA512
59adec6fb5bff51f9cf3102939471d9fb7be5a456430a99a1126ca555b1c742ded5f33e11da2f73b3c8936b631dd43f1733c15cb0bde9bd1ab9ceb62ba26a45c

Download Submit
memory/2012-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2012-14-0x00000000003E0000-0x00000000003E8000-memory.dmp

Filesize
32KB

Download
memory/2012-1103-0x00000000003E0000-0x00000000003E8000-memory.dmp

Filesize
32KB

Download
memory/2012-1104-0x00000000003E0000-0x00000000003E8000-memory.dmp

Filesize
32KB

Download
memory/2012-1139-0x00000000003E0000-0x00000000003E8000-memory.dmp

Filesize
32KB

Download
memory/3020-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download