0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d

Analysis

max time kernel
159s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2023, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe
Size

3.0MB
MD5

88a230528b06c525c64b27905aef17df
SHA1

d69533af59e863787f0e914bb62c713ea3db90af
SHA256

0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d
SHA512

a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9
SSDEEP

24576:eEtl9mRda12sX7hKB8NIyXbacAfPNRdpkhtIShJVVTyJNPtx:9Es1RMB8NIMIXDCjVyT

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	MZ

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	MZ
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 2 IoCs

pid	Process
696	HelpMe.exe
1584	MZ

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\A:	MZ
File opened (read-only)	\??\J:	MZ
File opened (read-only)	\??\L:	MZ
File opened (read-only)	\??\Y:	MZ
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Q:	MZ
File opened (read-only)	\??\F:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\F:	MZ
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\G:	MZ
File opened (read-only)	\??\H:	MZ
File opened (read-only)	\??\R:	MZ
File opened (read-only)	\??\S:	MZ
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\N:	MZ
File opened (read-only)	\??\V:	MZ
File opened (read-only)	\??\Z:	MZ
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\I:	MZ
File opened (read-only)	\??\U:	MZ
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	MZ
File opened (read-only)	\??\M:	MZ
File opened (read-only)	\??\O:	MZ
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\E:	MZ
File opened (read-only)	\??\K:	MZ
File opened (read-only)	\??\P:	MZ
File opened (read-only)	\??\T:	MZ
File opened (read-only)	\??\W:	MZ
File opened (read-only)	\??\X:	MZ
File opened (read-only)	\??\P:	HelpMe.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	MZ

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	MZ
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ka.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\descript.ion.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe
3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 696	3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe	85
PID 3852 wrote to memory of 696	3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe	85
PID 3852 wrote to memory of 696	3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe	85
PID 3852 wrote to memory of 1584	3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe	86
PID 3852 wrote to memory of 1584	3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe	86
PID 3852 wrote to memory of 1584	3852	2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe	86

C:\Users\Admin\AppData\Local\Temp\2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2023-04-25_88a230528b06c525c64b27905aef17df_ryuk.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - Drops file in Program Files directory
  PID:696
- C:\Users\Admin\AppData\Local\Temp\MZ
  C:\Users\Admin\AppData\Local\Temp\\MZ
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1675742406-747946869-1029867430-1000\desktop.ini.exe

Filesize
2.5MB

MD5
7af77339a44c8e640f0cbf16e1e7b4ca

SHA1
e1769bd9e53186a6b9c636014e420448d0850506

SHA256
d36f11ead97bb2458cea4ae86709620491c74a2ac68fb48e3d5ebbb73bf3bf46

SHA512
2b4966097db1956ca088b6c2f0d7fba64f00d6f01bc7017aecdcb0a7140f820d3fe01b1c81365453afb6c2128d21e4525799aa2ad638c1b0b9f270178f934f57

Download Submit
C:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
C:\AutoRun.exe

Filesize
2.5MB

MD5
96fe9afe15150cd44126d984b9087035

SHA1
7ab7b18461f1e6ccad122116555e6a2fab3423ef

SHA256
9ea786661f9422c4c22025e3e1ee49cdc21424a24213ccb8761268a0fa88c5b1

SHA512
e87f1b2f8661d7321295bb229ab7a3f3d12dc9a7bf4792306442941305e5c618f28cb012b0b2dee41954b0dbbc78f4fca652b9c1d9acdbd7e4bf9c70bf3f3077

Download Submit
C:\Users\Admin\AppData\Local\Temp\MZ

Filesize
3.0MB

MD5
88a230528b06c525c64b27905aef17df

SHA1
d69533af59e863787f0e914bb62c713ea3db90af

SHA256
0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d

SHA512
a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MZ

Filesize
3.0MB

MD5
88a230528b06c525c64b27905aef17df

SHA1
d69533af59e863787f0e914bb62c713ea3db90af

SHA256
0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d

SHA512
a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2ac546178650518e385d6945222c2aae

SHA1
cd94ab1d6b550c1068697d7140831a6823dd7dc5

SHA256
a29a74356ba87b91bac9a51a29fa01df7bb253a8caec9425d5738d546708b2dc

SHA512
31e1e95303f834a0b859476b5b60e955401c60c91d792f1fe5c262eaceabecd0aa34fd972b2ec6214c01a11d43c2cbae2df57958043bf1d88347274d0034889f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
223a753d0b75e855dccd96964127842a

SHA1
00e2e341e4918ef35d4dcd17fceeddeae41746c8

SHA256
7575fa28ec7bdb7036cf19b53f38a652835109fd7a794c222bb1a3c65ddef48b

SHA512
343951186abbec9337ff2e0d5dd5ca2f92992a3e83d84188b84bb3a200440ef48ef6dc8b2aff42c368885dc55447033a6d1338d9c9a5f6f91fb958d3d708c784

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
79f0a3d772ae6ea5244d5477883828bc

SHA1
930f45a54c08141de1720897357468d254119099

SHA256
acee7692c9ca9ebe53496414a7b2478a97966ede5458f5021cc4c7b83ad9c3b6

SHA512
097cf217863961677f2efd11d5b05394adb33d548b80d900004bdbbf60bf9aae037a6e1efc70dbbe56b428e91963cd8035887488e8074dde3e39275e4fb636a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
223a753d0b75e855dccd96964127842a

SHA1
00e2e341e4918ef35d4dcd17fceeddeae41746c8

SHA256
7575fa28ec7bdb7036cf19b53f38a652835109fd7a794c222bb1a3c65ddef48b

SHA512
343951186abbec9337ff2e0d5dd5ca2f92992a3e83d84188b84bb3a200440ef48ef6dc8b2aff42c368885dc55447033a6d1338d9c9a5f6f91fb958d3d708c784

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bc31f02a712ee188415bc121527e2ce3

SHA1
b63a1983c55d8a4d020f2f4602743965f321b8db

SHA256
00ae95ed505151deb10de6cd9dab241fc1efb4ca128861a672f8b6d71ddefbc1

SHA512
b056997dd0fd3d397d09d54b76d520801491a434cc6ef8efe4f78ecabc884e3c360da6cc4a8b12617fd428caf283f2aded76181b61f011d33d4948d503f3df33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6dec305a25de07487f4ef410b9a387fd

SHA1
07478bd1377a6c1b7ac7055d8dc2d85f2fc7d1b3

SHA256
bcbb45b50983b5d76874280bd8f810ccf6768914caadabf29185a458961e8204

SHA512
15db8fa90cb88cbd2a16924fb5199e89c47f0f6f5cfb017dd23c820d18f5568822c47816c9359f628da071dc73ddf6dcc71b18cfc64ad62522fc5e3dcec5f4bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bc31f02a712ee188415bc121527e2ce3

SHA1
b63a1983c55d8a4d020f2f4602743965f321b8db

SHA256
00ae95ed505151deb10de6cd9dab241fc1efb4ca128861a672f8b6d71ddefbc1

SHA512
b056997dd0fd3d397d09d54b76d520801491a434cc6ef8efe4f78ecabc884e3c360da6cc4a8b12617fd428caf283f2aded76181b61f011d33d4948d503f3df33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6db2dc4f94d3655dfae87c7bfb8d204b

SHA1
aa33f16a837ca225d02781d5933a108c8c9fe713

SHA256
174e8b12332478b33af84eff51d606149a4af7b2d0ad0ee20e1ee8ba4edd159a

SHA512
f6b5e7c74215a70079d974366bde6ff4baee7f94dc2961a0ac0e9255a795d01002eda20a4dd9855e9b68e03d31992c34577d5017ec4d721b4822e7f79fa7ac16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
91097a4436259cf6751c21dc95d414a4

SHA1
4af2ba728b376278c57d5fd5c3805f83b7a77141

SHA256
4ea8827ae3daff551d5a7618882ba11cfc99b27f87fe7cfe15870e0a8fd81084

SHA512
1fc2a5c2edf65cbcd60d0e1967a61c453e2a4e186d3359990888c1c3105af44903fd1ad1a3025294c8b47c9a4a01a234273558f905b3a50a9ce9636f953e4c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
27070234cf603fc109808e2df94c5ecd

SHA1
a0f4f87120b87723076d83871796ca683c2ee45b

SHA256
915d225397c585a940b699810425c43c56d148c8b4c4b09f778f6cde518b45ac

SHA512
e35a5334223e23c877b76b4d1f416699479ac684d537fe5c1e15662d88925f884f42452638f71c1f6768198a90273fe702ce51537b6f94236138b065fb85b037

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
91097a4436259cf6751c21dc95d414a4

SHA1
4af2ba728b376278c57d5fd5c3805f83b7a77141

SHA256
4ea8827ae3daff551d5a7618882ba11cfc99b27f87fe7cfe15870e0a8fd81084

SHA512
1fc2a5c2edf65cbcd60d0e1967a61c453e2a4e186d3359990888c1c3105af44903fd1ad1a3025294c8b47c9a4a01a234273558f905b3a50a9ce9636f953e4c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
79067e14cc0b65d8aa5b2e7ee5efb3fa

SHA1
c5aa690c70e3020fca378890aa1bf72f164e0936

SHA256
dfed4f564522185b0767955f7c0bd6a2394778dd0d55fbcf034fd7a805d37259

SHA512
48a317c9d1d60a68358f6bf8d0baa986219149fdc835f668855d769fd9508d7b6affbaab61f0953c8a0a61c4e19044b8627dbde14ff826f4f603e27b29d257b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e36b32b91538f8122659de4e119f0371

SHA1
035ed3eb674fb4794c41772eec8d2bfa8ec22875

SHA256
b88d903a0e55646e39832c659f254b71540e79ffc1423c97bfcfe181e2a15e49

SHA512
a13d317f30bb0a10bd25e813ff0d26d7e02112a472226e6eaba834b0a6cf7867122c1294bce6c199422c880aff7c94f38e715fd2e37d158d561ecd1c9a00971b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2ec52765a71639eeb238d73e15bcf8b1

SHA1
b7e16574f05131feb548679eafee8fcb4d9a807d

SHA256
025beca3ab91090714f3eafe92414931225d7d43d2ee3998eb86819624714da6

SHA512
43047d167d3e1dedb61b6aebca4493cc1bdf56064290ecd7cfd91d84ecfdebe616ff78d526d8fb134ad58275640ab91629463dc28b8f6a852a6641e5e14b9c82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b6a6520f273e503b72a7697c45a7ba10

SHA1
c18ab092a347dc7eb251688dabd8a0915986c4c6

SHA256
cf51fe15ce0c6adc43889692f08d3bfb39c5e1cebb9b463059d35211d2c8100e

SHA512
8913a7a380c6d40ebd3d35511192e89d5886ada57e6a85a930e73479663f2cca8999c584ef76e0dacd6aecac2d80751d08897d8c63b6712f2d93b2d923ccc6ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2ec52765a71639eeb238d73e15bcf8b1

SHA1
b7e16574f05131feb548679eafee8fcb4d9a807d

SHA256
025beca3ab91090714f3eafe92414931225d7d43d2ee3998eb86819624714da6

SHA512
43047d167d3e1dedb61b6aebca4493cc1bdf56064290ecd7cfd91d84ecfdebe616ff78d526d8fb134ad58275640ab91629463dc28b8f6a852a6641e5e14b9c82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d78df41a1ba0727b1bf33268424fe8d0

SHA1
4f206c50aff4b66f720f77bfdd394663c1987a27

SHA256
a6ba5bf2d74177ec9b4b7f74d807a42811686a09423356ded4ce43499c373300

SHA512
1fda4253291480228934db9eb29c0f91a70b9eb4c1d1d8bee3546549ce5a936e1a7fca3ca098e35b8b0cd6dec738d6464ec649a98e22c546e4a30e79b62c1cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
15f157f5e3d64466cae0b40d6a5e6112

SHA1
0393fac7d071e9884991fc20bfd017dcdee407bc

SHA256
64b1b84d2fd73af37fce9e604f963355d224a64cc0c40847b9a227b3b5732b34

SHA512
5e4d3a895cab94f5836865130b67e50b9d2a6f115e6389bdcf2c3f8c6843f53ad5a73d7ff6cab1d31493bed014c999626e44283f7ea8de88a8d22a22e12a3d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d78df41a1ba0727b1bf33268424fe8d0

SHA1
4f206c50aff4b66f720f77bfdd394663c1987a27

SHA256
a6ba5bf2d74177ec9b4b7f74d807a42811686a09423356ded4ce43499c373300

SHA512
1fda4253291480228934db9eb29c0f91a70b9eb4c1d1d8bee3546549ce5a936e1a7fca3ca098e35b8b0cd6dec738d6464ec649a98e22c546e4a30e79b62c1cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2c4b631d8c508645c83980012cfb3f6a

SHA1
9fdae2ca89646eddfb747f6428b7de769ee85e89

SHA256
4ce1ff8869c4e53ae4c971ea734f1eec7c6ac2a3c12732592d38519a805e33dc

SHA512
3b63d9254c18becae0717957359a77b56f3d82678bb8ad73363240463c0cafd10d618cf9f4d2f10e8afbd95a8e05614db645f035b29782e3ec29ee3998801a81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8ab6c54209d04cecf3d159ec5701f913

SHA1
382a1926e2b4e83066a751233a0e5cba212297e3

SHA256
fa745ee7094b340b043d895ddb75d53ef221e65743e59efe4dec1da7ecadd92b

SHA512
d096b6a5668881c211cc6e07358cf8e3d2fdc812d34ad4d5f01f961f003bfe05e956dc0646265130d6d6d5fc75b0244eefb3b4d956bb610dc2ec23623fb7ca8d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
875f34ff290cfa07ed4d8e726a098bf5

SHA1
72eecabcc46745832995e8b064c9de385d612a00

SHA256
fc8ece2917686a6d18e8e5229eeb5b21d6e035ac74046cf5774e63b1b36fa348

SHA512
ca14a55d294b89dfdf1479dd725da622643b3612daca6cf39268f9e04a88706bd9edadeb93585781a90eda340a1065ed89d166d49d369e68fa0f4eafc91a5547

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c3331624c6f90a0514bd4fa5c5534363

SHA1
0b6722122db0e777eeb4e5a155baf86d1a027195

SHA256
080c9c86eafdc8284e47e8bfda6aed9cde31bd0ddb2718c4d8c23c2ebc73cc40

SHA512
d042f549af6ab2e3ea3972573fcc01882cf4b7e508113a421e4cc1a88f30f3a40312c1f4de2475eaafb6c2b746f7e02b4e20590904f218421e1434a95338f441

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4c0403ce8b35b1255c96c3a4c47a5893

SHA1
451c5a82124dceb412debfaf3a8582fc61eb8fd1

SHA256
ee045028018197407f41dfddecd784d199c36193f2290279ef152e1d994e16fa

SHA512
f2bcfc18e602facbee0d7b838464e427f2d5c88169e3de57897d9854112fa700c5022a70e859bea5183d5570ce1b5bb50c8b1ee9b25f6e14c916b97f4156e9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1db615846f4549ec0827ecddbdba5136

SHA1
bc52d4922f3d5e8dd714b2bd1052396ca18214d6

SHA256
2b7379ddd8241784d9bfe5c594611592ab94a0b5ea128511867fecdc565ede71

SHA512
0d358a996bc58cac086cbbe9c1267a96646f3063b1072a4d6d6098734f2225cc716c6f0286594f2ad95a4027311e441b07b763934aa0da6ea256121af0dd86e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d8b2db70358208c027b098c8c3714663

SHA1
23cf8c7ebdb7b43f8643dafd953d17e8d1c395cb

SHA256
86760f61b0c350f57cf7b5a012d825917504bb31a49cb2f446437c3f53122a6a

SHA512
650edb5fccc0fea9355d7784d1eaa09700a311f4ef7a6001b46156f5c706b0178b723ea9d62ce3b9d66f41926b533a767f63176d39e6987869a1593256325519

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
79fd3b1b5ec8f3e79592852f052b0619

SHA1
5e8e72fa73a4414e5a8a814ff1197b27f8122631

SHA256
04bf124960afb32cebeb3ac3defb05f843cc0faff465e7dd769568d7642f53f7

SHA512
6809f538fab7a103cf557420b7460cee69be728a0592986cab1681fbf9f3240b232b881b777c93b63ffc291a98a38f741335edc3f85cdda659817e0afc16bc3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
86579be8d7e3bc879dd2f510456e25cf

SHA1
8eaaa7ecc750536b69f991df4388644f02238d51

SHA256
38e217845cbfb9ad2a2a4ea5f094e17bc8a3b40159eef7ca6fca07e49116ed21

SHA512
a418b304a104ded46d9b26b08faa04200f89f948d274bb77b4579c12e09ab9767ecc22beb52ba5f34315bc7fd1516eb66f52325bee8d64b9041fc7ca43057366

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
af4fc090ae12d1f38d2c101d5b9ab709

SHA1
f249702ee4592c81acdbfb571191e3aaa1f26228

SHA256
547e6c1d7691df59c6a75e55ff6994be1649f006da219c1c17fb3add79e02710

SHA512
cd24a7536b5cadca8690dbcafbdf37d1123136f5852ff15ec4f3f87eebb4dd30c2fd8cf19ce577e6d6f287ec2a09bcd832b8717ff933bfee59bbf254a2a75875

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
29dae7d49e8f0fa852cb09b167bfbb23

SHA1
fa3f28e91b29a32a59723cb8ddace0d2b77b3bc1

SHA256
de7fbf610993c43c62526881e95e4e03cf7c3c14fa907fc99c96181d2d37b79f

SHA512
be8ba70741e58c632b2efdf4e2bbe86127239700eee89ee321d8030a166ad3acb2bb27e0808742f87270e5e24534ee87f17fd32546fd7158f43a123b879d6808

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c49e3697929491f515ee97135153a176

SHA1
317d90a27599ef0c700d49248e8c3ad9a2ae7f22

SHA256
3025d79ef54ea9fc5addde080b20640a9a9506510abde4bf245443ad9294594d

SHA512
34cb8b878160c7b1c7961e9d56dda03e88e704f4113919b95387dbb0bcf45e444a3aeb4985be7fdfa2fd8b48538232beb9d67ce95491020133a7808dba04ee2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
927bc3b76a5a4056e7c1972c3f775d2a

SHA1
e2b74861b1c08185f4defdc0ec94664ef4506cba

SHA256
e67712b0cb2f39b968b86f32d71a34935434673afa67bb691a682e616f8f7731

SHA512
64c5ce22858cf2f0cac0da76359952d47d981df0e50f5987d9c775017cf1877669964e0d629b35b6b34c66fb5e731765b2f47235f9111be10d63f15ad2339dad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c49e3697929491f515ee97135153a176

SHA1
317d90a27599ef0c700d49248e8c3ad9a2ae7f22

SHA256
3025d79ef54ea9fc5addde080b20640a9a9506510abde4bf245443ad9294594d

SHA512
34cb8b878160c7b1c7961e9d56dda03e88e704f4113919b95387dbb0bcf45e444a3aeb4985be7fdfa2fd8b48538232beb9d67ce95491020133a7808dba04ee2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
597b425309f6346059d6279b55b723ab

SHA1
6bfa1409d1fa18f06612b035e7900222cbd04de9

SHA256
cd259526a88fe1e28ec5b487f236fdb20832fd739bbce2027609431b312893d7

SHA512
5a197b212f00bf68bcfccef6213b0f8301b093044c21a996007f3742cb91ff01974ff6eab4b931cad3e72c183e3cc2fd63a59d58e0a61f3ac616d6ebe1423fe8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4d7ca451368d0b4439184b3ff9b0bcb0

SHA1
bb3a2f1db1a7a022be1485a6f41cf367284e71ba

SHA256
96ee6b9b5455a989869c01a1fd461197bbc5d06e2966fff3d9e7fa254d313d63

SHA512
1e6fe6fc2dc311b49110f6c1cbae1a5b0714469d37253c58aa0b7c6888ed87bf3891bfd7f641c6907b15acfa0113aaddfed679f1eb59d9fae141519357301b01

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
647177e5d046ee50c840a895e7922d59

SHA1
8ff37f940e2ae44d713a101150e2cd6c81a71da4

SHA256
2bddbfcbbbc9259f9fdc31f50e38aee7c1a3b1847ab42a76638d30c77a97f3a2

SHA512
71644e05e2a50c7ffa03468c9198082eeed1af2c4417a28832296775cae0e634deb6bb82c70682047680897ba437d13f915493fbde89227afbe939bb08bdbdb3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8ebdfc0d593ca03fd84aff9b480a6b79

SHA1
b9eb33bc2d28a374327a7ce133100a49233bd349

SHA256
627c5c7e83c8d4ada0431aa5761c95f15b02173114d1bb56475b71366f2130b0

SHA512
6b7aaae89f6d56a7af89411b94600742177d48c1e2d680cc59a134dee3e6f919df3cbab72214fe613ae808fd02904df15e4d2700d22e68e55a664cb8e05ebf01

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
647177e5d046ee50c840a895e7922d59

SHA1
8ff37f940e2ae44d713a101150e2cd6c81a71da4

SHA256
2bddbfcbbbc9259f9fdc31f50e38aee7c1a3b1847ab42a76638d30c77a97f3a2

SHA512
71644e05e2a50c7ffa03468c9198082eeed1af2c4417a28832296775cae0e634deb6bb82c70682047680897ba437d13f915493fbde89227afbe939bb08bdbdb3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d13b0d29ec2ff6ca4e9ce23ea2a39134

SHA1
c85d6756ea497abe9ed3b783959bd088ff263e5e

SHA256
9990e04f52bb11095f02603806361ef8cf73688578a95c52d2b39866e9d9567b

SHA512
4ef79564f98202dda55f729e4aeb2a845b8622cce36a556775c02156f2c2711edbdae0f7f154f22079406661a0d4518a0d62403aadb9eb466095309b925f1641

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4dcea0d3fb4a7844baa7b594261d6fa1

SHA1
efbbc77d1f773c6277c4a19861ea80af7656e81a

SHA256
0f99b281cd8a783d9374121efbe7b533ca37ac62ce4a0cf835acd57e9a87a095

SHA512
88b5b1359c9442d0a16c1d6fdd09d55b5461560ac3bba8323e327a0347b46d0ad41293a8dff0cc987766437e029849539a66a626c5d5f1b94b66b816e7c1ac6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
37bde2bb44ad0becbf54cae44f5c1236

SHA1
24ac482fc45c590fb950ffdfd7e10d14cb920e86

SHA256
277d019916ea00f32f27054d0d2a16c632567d210556d25e1dd6605d87913a54

SHA512
75945ac6c6e640cf99428b17ffa5723a8c58400e387f25c8e91ea8f574e6c542a2d19de309d5e9fea703650991d3ece525be45efb320b2211a77893fdee5e6e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4dcea0d3fb4a7844baa7b594261d6fa1

SHA1
efbbc77d1f773c6277c4a19861ea80af7656e81a

SHA256
0f99b281cd8a783d9374121efbe7b533ca37ac62ce4a0cf835acd57e9a87a095

SHA512
88b5b1359c9442d0a16c1d6fdd09d55b5461560ac3bba8323e327a0347b46d0ad41293a8dff0cc987766437e029849539a66a626c5d5f1b94b66b816e7c1ac6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a5c178a18a12eaff5be0006390faca24

SHA1
4827f733f5acdb0ff1a6142242865728f19d2f65

SHA256
405fdcd68a365ad52f2e25719f8edd7d8a97ea8e560531ecf40be0f5eb24bb52

SHA512
475278c86a96db742f9b53a0b78821eb1b624cab588250a7c27d9436f8efa71008c14e74b18b6b2d03563e658073b2995639824bbda76071361add5c4f264268

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a5c178a18a12eaff5be0006390faca24

SHA1
4827f733f5acdb0ff1a6142242865728f19d2f65

SHA256
405fdcd68a365ad52f2e25719f8edd7d8a97ea8e560531ecf40be0f5eb24bb52

SHA512
475278c86a96db742f9b53a0b78821eb1b624cab588250a7c27d9436f8efa71008c14e74b18b6b2d03563e658073b2995639824bbda76071361add5c4f264268

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.5MB

MD5
96fe9afe15150cd44126d984b9087035

SHA1
7ab7b18461f1e6ccad122116555e6a2fab3423ef

SHA256
9ea786661f9422c4c22025e3e1ee49cdc21424a24213ccb8761268a0fa88c5b1

SHA512
e87f1b2f8661d7321295bb229ab7a3f3d12dc9a7bf4792306442941305e5c618f28cb012b0b2dee41954b0dbbc78f4fca652b9c1d9acdbd7e4bf9c70bf3f3077

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.5MB

MD5
96fe9afe15150cd44126d984b9087035

SHA1
7ab7b18461f1e6ccad122116555e6a2fab3423ef

SHA256
9ea786661f9422c4c22025e3e1ee49cdc21424a24213ccb8761268a0fa88c5b1

SHA512
e87f1b2f8661d7321295bb229ab7a3f3d12dc9a7bf4792306442941305e5c618f28cb012b0b2dee41954b0dbbc78f4fca652b9c1d9acdbd7e4bf9c70bf3f3077

Download Submit
C:\Windows\SysWOW64\notepad.exe.exe

Filesize
3.1MB

MD5
6faefe662996faedf9592751fbc6f11a

SHA1
c1a9dc83ca5ffecb4fd27bfe0806b3f9b37a1957

SHA256
bc8072098d1efda0c122116fde8e3ca7814d7928fe41e13576e1ad8ed92c1e40

SHA512
8deb08fdb37d85405f4a91bf8f02ffe49884c01f5d5bd0cc2f17209ac3d79dbd76fcf2e648c608131f60f765822e4a15576000b92abd78a96df20fd95b6c8104

Download Submit
memory/696-386-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/696-144-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/696-142-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/1584-401-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/1584-146-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/1584-145-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/3852-133-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/3852-151-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/3852-134-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download