be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924

Analysis

max time kernel
148s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2023, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
Size

3.4MB
MD5

d36fe560cdfefeba4580a307db8cb2d3
SHA1

9e43c59d95e988ef2ac013d36218b4ecb856d04b
SHA256

be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924
SHA512

34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389
SSDEEP

24576:eEtl9mRda12sX7hKB8NIyXbacAfZNRdpkhtIShJVVTyJNPty:9Es1RMB8NIMIxDCjVys

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	MZ
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	MZ

Executes dropped EXE 2 IoCs

pid	Process
640	HelpMe.exe
1456	MZ

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	MZ
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\O:	MZ
File opened (read-only)	\??\Q:	MZ
File opened (read-only)	\??\U:	MZ
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\K:	MZ
File opened (read-only)	\??\X:	MZ
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\A:	MZ
File opened (read-only)	\??\I:	MZ
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\M:	MZ
File opened (read-only)	\??\T:	MZ
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\H:	MZ
File opened (read-only)	\??\P:	MZ
File opened (read-only)	\??\V:	MZ
File opened (read-only)	\??\W:	MZ
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\Z:	MZ
File opened (read-only)	\??\R:	MZ
File opened (read-only)	\??\S:	MZ
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\E:	MZ
File opened (read-only)	\??\L:	MZ
File opened (read-only)	\??\G:	MZ
File opened (read-only)	\??\J:	MZ
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\B:	MZ
File opened (read-only)	\??\N:	MZ

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	MZ

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	MZ
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaws.exe.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_CN.jar.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2ssv.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\7z.sfx.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\msvcr120.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\instrument.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_ja.properties.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\LICENSE.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\NOTICE.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\mlib_image.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 640	932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe	85
PID 932 wrote to memory of 640	932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe	85
PID 932 wrote to memory of 640	932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe	85
PID 932 wrote to memory of 1456	932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe	86
PID 932 wrote to memory of 1456	932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe	86
PID 932 wrote to memory of 1456	932	2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - Drops file in Program Files directory
  PID:640
- C:\Users\Admin\AppData\Local\Temp\MZ
  C:\Users\Admin\AppData\Local\Temp\\MZ
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4078585466-1563564224-3678410669-1000\desktop.ini.exe

Filesize
2.8MB

MD5
2a5a09a1db4209a6bbf1c7ad53ef8bbe

SHA1
55bdbaf0955e0d709938c77160e79be5ef8f15d5

SHA256
71efbba7d49ba55aa66ff7d4affe39ca9ce25ad51bc9fa504b8eff06901ec3ef

SHA512
9e3cbb0f2a7cebfc642b917d581c0d8aa9869547c4b60019b41710715686e195ade7de77b999ca48dbecacc0e75a27b8b8078c7abae1d5857ab3c1cc4a14d3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MZ

Filesize
3.4MB

MD5
d36fe560cdfefeba4580a307db8cb2d3

SHA1
9e43c59d95e988ef2ac013d36218b4ecb856d04b

SHA256
be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924

SHA512
34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389

Download Submit
C:\Users\Admin\AppData\Local\Temp\MZ

Filesize
3.4MB

MD5
d36fe560cdfefeba4580a307db8cb2d3

SHA1
9e43c59d95e988ef2ac013d36218b4ecb856d04b

SHA256
be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924

SHA512
34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d77d674b40a66d37fcc4da6c1a8bb137

SHA1
6c5d1a6484bd87efc14c1e8b1dd50182e3d06f7e

SHA256
46c177114b15a40f6dcaa18a9afff0048b81ba5fb813727a708be5d9c17cd979

SHA512
1c193d3e9d2a89fafe0d66d421b172504636876a4ede9321871b776c59413b71f2b0b77359405c244b9c991925480859ba4e19b81a0e56122554de0e193f575a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
fdf68ee24377630ba87f8a96f590f8f6

SHA1
3e8d884b2645ce822b05e5bd16eac77a2149254f

SHA256
1d0f96e913ef44d170d0bff97d88f7e58df367b058bad6a802b4cebaad8aec97

SHA512
8de7e3385f91abbdef255a7653778ccd637fd65e7388ed6822d98cfafa4dee91e0f38f1a30bff02e24aa8f2855653ac65cdd79c8b7c2ae4ccd29691ce5af52c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4013ef14d6dbf749300ac49eb82fedfd

SHA1
9e9550392c53aec33ffddf3ff80291420f843025

SHA256
1a16e3bae6c653182d74f84055f2d7e919f33cdb15a7c655dece054768e371f3

SHA512
8ac9364cf67a46d1a51ae06c49e1a424658aae1b8b0a341c29cf6cbe0ffb4c08ebb664fef5fd8d66297abf698be2701af844fa420682bc95a6a1752de57e2055

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9ff61ce6e4916e740335c002a3ea2dc6

SHA1
721d27c4ab577b33240bca86519f30d2ed7d262a

SHA256
f722d33ebda4d5074c866bf59c638ea232be608fe5c4ac0d6478d2d9434f8c84

SHA512
fba2993c37e4b00762a89a97da0df913b28f68872cd4b583977af8852b3af3deebcddd816e1c4d11f98a7a41066da3d99b2098d3176b93f3290275cf0f41ad32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c2e2911bcd29689eb48ebc971cfd59c6

SHA1
551bd5ff4f76199239f7a5c4b783e987b7f69003

SHA256
a992581ae0ac2ad10933e2ad14d8c946c30ecbef1b080ad035fa1e5fbe06dcb2

SHA512
4d577a7502a1cf99576621e384aac1ae8f242e5e8b87926eeb7be692587e77a8a7257aae73720fa7f8149394b3ede1e6b7a3edae1434b6c11c0910aa4a738cf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8841dc964a4788db235434d29ff58506

SHA1
aad3bc25599b141f16f161903a898bff16055b7e

SHA256
35e402eb6d483ae8ff18fe0571ea0c92feb8954089e8efb034ebb422f2c3424f

SHA512
a5c09a1375202c2c45f962c9f419cdd0be7479c8e57eac5ed29ed34ab6f81d1c128d065def91d76f3ff9651d5b1b87bf13185df636c1374e678dfb6284604192

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
76a8d245e0d28be71c672d1e9f1a9ed9

SHA1
65af45c51dc13963f9f3ff489a76fc9db68007e8

SHA256
809c63c3d2a1db3b344649eac5252c8785a4af4680fe0419d7b83026d161d6f3

SHA512
0de8de365a429fc567266dfedf06febc241dd27f2a16a796fd0411eb4d82e831ddab4f3bc3765ecd8e9967bb9e33afe9fc31dcc9fb763fe974ba8207c2a3fe20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8841dc964a4788db235434d29ff58506

SHA1
aad3bc25599b141f16f161903a898bff16055b7e

SHA256
35e402eb6d483ae8ff18fe0571ea0c92feb8954089e8efb034ebb422f2c3424f

SHA512
a5c09a1375202c2c45f962c9f419cdd0be7479c8e57eac5ed29ed34ab6f81d1c128d065def91d76f3ff9651d5b1b87bf13185df636c1374e678dfb6284604192

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
54fa9abbc2e298393860deafa25a284f

SHA1
34b5d3ca179b4e339576d57bdad8f83e0abf86f5

SHA256
0a0f3e7f3d3993f8cee45e912ae67c482820655ea9b77ba1c5f8fc764d15e43b

SHA512
1671d0499164ae6d35b25a49720b725bad18052a6b53fc7e3eb28404bc47ea7ebeac7a0e2462251d8eb2033b5d79563b514877b29a10dad73a4554333af5de6a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0c848c6b4b2d9488bb4b7153cd2491cc

SHA1
b44099e1ee80856e5511aaaabe7b08ab2408ce2c

SHA256
9099700232d1e564939388a6e749c41a8e19254aa25ce67b06ffd7674747a4f9

SHA512
04c74956bd48b168ef50eabd16b080290482a8b971959469b8f31d2cc7ca33bdb0675233f74fa25a5070188354c18a21f4aba432fbdeaa264bf9e0834f694382

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9f01a0fd4627d604afea98c9e11c31e0

SHA1
ea2ef29d64e02576a481b259b3e18c5026cffe66

SHA256
8fd8d4311572053ca482d63c1f21d9d90ddb62ff370e1e8a7960b7d011d76a14

SHA512
7955f93e9f8aaf19a09702e51c116a26b1455e174b9dcd2d576c29d28230baa457e4ab158433230fa580f87220091e44490cc4272fd07ca1d22e25e1db19270d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0c848c6b4b2d9488bb4b7153cd2491cc

SHA1
b44099e1ee80856e5511aaaabe7b08ab2408ce2c

SHA256
9099700232d1e564939388a6e749c41a8e19254aa25ce67b06ffd7674747a4f9

SHA512
04c74956bd48b168ef50eabd16b080290482a8b971959469b8f31d2cc7ca33bdb0675233f74fa25a5070188354c18a21f4aba432fbdeaa264bf9e0834f694382

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4f3a978a137f3649afc214f8e175e344

SHA1
3eefcc0cbbd8907ee73ea22cae488299fcee89f1

SHA256
6eb6ce3021d292f55d0092eae12e371e6bc018441a2434a959f992c9d4347928

SHA512
e70defc2a360a82f130d104b970aad3dcd57ec6281026ad875679aee6eec7cfee841f69495aa5d4e3bfe6a7cc8deaeebf1fd63a2cca6ad8082c64eb0f87c0608

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8b8629ee524546f2a6ed64091249dcd6

SHA1
1799d2363f96fbab035918f02821364f7bd57c8b

SHA256
d07cacecefc382b85f9a04cafdc1a4d46b18697053984ab3625232f80af69177

SHA512
7a582f6a845580b694c203e31059db537557efada344f636e7efc10a2cc6c311673870f851a812f5467d1c7006cd9bec78ab66860eed57428370f976a027b20c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
bf303505510011e7819446e715fc8db7

SHA1
dfb3f0eea7134a589a2bfe9c8f93fcf47439502e

SHA256
e182b59c8c1eb08660a5017f17e89d6bb740ae9d09da8e7d3d17099ff2126f6b

SHA512
804e91dc332a119b0a2d75f54c9343813b60c2b6d0732d4b29f890389669de6004724a9d41036f26872c39168b56675a1e522eddadc3058d64298cc23a6a7394

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8b8629ee524546f2a6ed64091249dcd6

SHA1
1799d2363f96fbab035918f02821364f7bd57c8b

SHA256
d07cacecefc382b85f9a04cafdc1a4d46b18697053984ab3625232f80af69177

SHA512
7a582f6a845580b694c203e31059db537557efada344f636e7efc10a2cc6c311673870f851a812f5467d1c7006cd9bec78ab66860eed57428370f976a027b20c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
94f5dfec2ea2ab8e3abd75e30812a5b7

SHA1
35e731043045598ac93e159ef9db0d71c5b78122

SHA256
2b4985b7976b09fecbb016ab5df3803a07a20806787a4654b10798bb55e6ce73

SHA512
4c1e2e580c5d6e3325d7758abb29678e231d21582c5adcba17e33c4b938dbdcb71b006c51a006eebb325d6911a23b840e42f3f5f05d163eb71e25d3b9b994bbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3336ed81d6a48d17173405a21311d0f7

SHA1
a81bdbfced8999020d285793c66d72551630fd42

SHA256
93a319a05aed537f7e3a727c5c67d60bd23c873a6f1a616fa5e64477cad8f9e1

SHA512
67cef2a2f1d55b5c6c406fb6a61a1f9312aa1b2680d2c34769373492c542886a9cb28cf3775c225980d62d68cbce289efdc9d8084a7483f7299b2bdd74f5a277

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8d7ee8d02d51d296ff0e8b249ea71cf4

SHA1
276532efc5c9241fea901fd5cca0d9ce0160518e

SHA256
66157f3771518203a88d4ce865769b3146882d9908cf467249f1d343b0fc2d62

SHA512
7718a2f5b27affb9013f29c52e18cbb07228bc734605cac041bc3d86e64209c3531f00d4238b8be33cfeba1739982d5dd8f7ade58d0f644f1da2fb0eb2e7a5fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3336ed81d6a48d17173405a21311d0f7

SHA1
a81bdbfced8999020d285793c66d72551630fd42

SHA256
93a319a05aed537f7e3a727c5c67d60bd23c873a6f1a616fa5e64477cad8f9e1

SHA512
67cef2a2f1d55b5c6c406fb6a61a1f9312aa1b2680d2c34769373492c542886a9cb28cf3775c225980d62d68cbce289efdc9d8084a7483f7299b2bdd74f5a277

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0a037f6a60c93c04f07c06a7211afc38

SHA1
e25ca9993ef194d58760cc698cbbf8dd8016eb9f

SHA256
66628c93e0edc9a46b895d4d2f1b2ed037765850805ca36b1055525a839a49e8

SHA512
9e3dd4d47842084192065a6dc130c745dd842d414077c8ddb343be55e7a8f990bfd65cc7286bc0157e3fc9b9c90156cb974f2ba47d59a6661c803ea9afc4a6fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0d5b7c2c014d2c9de7c37ed8963979fd

SHA1
9cb6ae614c4483398918f45345f28ff52dee629a

SHA256
1805456a49642843c963c9b82a78f9c4402b83e82abdc5168a336b0f59caadaa

SHA512
04b0d48fe868bc3a6fe475e95ba002742912ad417fc2da97d6d5b6fcf7903d7ff3c07f2f7fbd400e614dcb0e5127b85454f790387cf40e87b38c3abbab4486cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0d5b7c2c014d2c9de7c37ed8963979fd

SHA1
9cb6ae614c4483398918f45345f28ff52dee629a

SHA256
1805456a49642843c963c9b82a78f9c4402b83e82abdc5168a336b0f59caadaa

SHA512
04b0d48fe868bc3a6fe475e95ba002742912ad417fc2da97d6d5b6fcf7903d7ff3c07f2f7fbd400e614dcb0e5127b85454f790387cf40e87b38c3abbab4486cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8f32c937619951360052524858872e73

SHA1
176d9f4b22c6d745f2942767fd6a3094b7b91fd1

SHA256
a2e0f87ecd4256c56ef5d90bf34c1894f89aea673ab0470586fb8ea312985f33

SHA512
b3ed84b322e14df023ffa57b4d1fffbb74cc6e644958f900aa50095094789af3d7b296a8c054d504daaba79a10dd46c309e9d6a5a8be2586368871e4dc4bb57f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b190d23a16a35a54015e825bdedd795a

SHA1
77a62024472fe143e4baebd6930d146f7e99f3fc

SHA256
7e26a1649aff44a1e2456d3efffaa674823e7713319859efeb1a576ebfb1bd9b

SHA512
eae8725de392fd22abdf87502414141077dfeca48278e7c4c43435c086204527023c441903bf0b2876ed115ca62e6aae1b0205bbcb00fa72e02b35211003669f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8f32c937619951360052524858872e73

SHA1
176d9f4b22c6d745f2942767fd6a3094b7b91fd1

SHA256
a2e0f87ecd4256c56ef5d90bf34c1894f89aea673ab0470586fb8ea312985f33

SHA512
b3ed84b322e14df023ffa57b4d1fffbb74cc6e644958f900aa50095094789af3d7b296a8c054d504daaba79a10dd46c309e9d6a5a8be2586368871e4dc4bb57f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
40aafa63c71840167a5cf5cc679d4293

SHA1
97c6a2597e5cc0f77d473868b590b18c53b2ab4a

SHA256
8a4ac148559558c45cbe3abb7a81b154ddcc7565add06306806b27dee5ea570c

SHA512
65c088e7321173cb1726c5eb6af431b3d82f2fe8e5cc3282379cff03fd7516e2ef9d6a13dcf3ec842ad40210f5366c14412b70a7b7771842ab3609e1c6a124ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8f32c937619951360052524858872e73

SHA1
176d9f4b22c6d745f2942767fd6a3094b7b91fd1

SHA256
a2e0f87ecd4256c56ef5d90bf34c1894f89aea673ab0470586fb8ea312985f33

SHA512
b3ed84b322e14df023ffa57b4d1fffbb74cc6e644958f900aa50095094789af3d7b296a8c054d504daaba79a10dd46c309e9d6a5a8be2586368871e4dc4bb57f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
dfd1ff309c1485665fadacea67c70605

SHA1
cefe3d89bbf1dd95908159f5d2c1a328575ac584

SHA256
e411a590a91925ece6bffa3e4389c41671570c03af6555761cdc3d8f4c0b658d

SHA512
5e9f10af209d8034ae0d39e3e61cab7d59438698b8a21830a395416211289366526a2366cbcd95a4335af3d8bdf72470286357b50dcd97c6c254cfda2e4829ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6a378e2b60dfdbc39c595e3d9dffba59

SHA1
ec683388e8ee72d9d3d9b1ede05b4a2151725115

SHA256
92efb7e9afe538b5e2bf1fc068b2c84c07884414fddd94f1b9731d706a9b5f28

SHA512
a4c361b8bcf7d24731a9fc8310da212162373ae384496f42bf4875468813b7aca9ea7e67c16bdba3d85f104e086a20be179520df4dd028c64d71a3e75ae34786

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6fa6666e9bc6f61689e4e3582e1b56f6

SHA1
28f39386789a4fb5182ada4b745044dde96cc594

SHA256
c68e812b06e239839861cc6bd772da2322c1eca0e14ab2c6221271912fb2318b

SHA512
5218179af2f2d05b617eb63b72cdb2fd5ed72d3912dc62148d2dca5faffb1f64281f6ed8136766170654c81621e2835b729bb31a7185aed3ac52ecd53112b568

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
885b901f48895062db219a89f9c6c140

SHA1
079cda5db83198f52f15559ed7ada56e671810d6

SHA256
8fc864fb8cde2187aea8fb969e578c62b8a52100f660ad39ae0ace1c14853219

SHA512
f0f7133f8fd1916d9762344a8b3078b3dc21898f1291ecbb0383c795f28bc9c09f34c4e4845630d15d2d2051959b3636b1443f9f4e1ef778086d110da226035b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
322f4cd6ac0a46c1b99c067f34897aac

SHA1
fe6f4195b7c562fe83810ae94a854ada3e8e8c7a

SHA256
e68792ae39ee6715eeebb27887a1e0f71f2c4e8c6edd20a769f87a23b3efe1c9

SHA512
15e4bef9e3e1506d017330c050db87f8ae61a512e46d9ce6764a4afc73461b2fdc8203f3df88d34628f58b70f4e4f359d1bc82b9c7c98cb26e1d54dd71f23ce1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
96983dbea452485a2eadeaba143ec933

SHA1
42c34c134d5d4a4a616e21576cb9b148f79c65ac

SHA256
63b628f8b79f5228a46f034424c01f1acf71f090eb861e5b6f35575ce700226e

SHA512
404aed06fca562339ee56adbbbaf4f8cb7b5e28d4c4ff8648cf9a4a7cd3e2bd96443380a506bd33e1cef8af5a3c8de9982645f17a0e5feb3920117ba98feae5d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
322f4cd6ac0a46c1b99c067f34897aac

SHA1
fe6f4195b7c562fe83810ae94a854ada3e8e8c7a

SHA256
e68792ae39ee6715eeebb27887a1e0f71f2c4e8c6edd20a769f87a23b3efe1c9

SHA512
15e4bef9e3e1506d017330c050db87f8ae61a512e46d9ce6764a4afc73461b2fdc8203f3df88d34628f58b70f4e4f359d1bc82b9c7c98cb26e1d54dd71f23ce1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3989bf7bb67d7277c5135fa34321789e

SHA1
140a05f1a7f506272a5c794f94040abb0a29f651

SHA256
8de24ba69961d4ba3e91ee892e4e621e69da52cc21f157163554ba1b99f9a55a

SHA512
4946eb76202cdb9f019244a59452210a280329bbd566463d6062e711cd05163a7b177debc4000ca084784c4332dae61d3f89862146ed4c6b07c47d8998bd6f3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cd6e7fe26ac942c5643eff38207214fb

SHA1
469ff9fe0be7e6b0f367c9959e6dd3a6123ef863

SHA256
952fa49e82b7f2cbb50f00ca652189d07f35af765ebd33f5a12e30fac5799606

SHA512
a50fe6695a38c3dced01891b579ea3d0e155471b3eba03b31913700a5121fac86b364fbb828126c06273c066e9cd4c41598318fa1019794ba31bfad9a8cfaee3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f64647fec2cd20abc9e4eb53b170a66c

SHA1
cb0910e9d37f6656c99ab814527ccdd7322413e6

SHA256
c62f6785cea14ff078e6f026853b13c29c5c73fc3e0f2d6682f01c683f8fcc96

SHA512
6e719adcc8e82fc8a56d38aa4a63f1ff1bb7c8c992ab563ffddf036bc8e5f095fe95fd123f5773ee2bc803c9152ca58f1a3fe02bd6ed46160e6959e0de4c0680

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b19aba3d4322775c4e5d0a3ec48d3079

SHA1
5c54d62eb7ce963745c250dd342209f158e970d6

SHA256
caccbd81c617f188a49ee8b3d671990fe0a26ded040887fe66b9616f78d69e22

SHA512
e2b8024b7339d4663a3d750d00a849b53daa64cad7aa032a0293a6d2f0125ea9928a3bafd0776d2fc25e69c396e2aff72d11979802af7e8d146b6acc9d64c0d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
debfc1d93b75501448f6540ada75292c

SHA1
a9766273ae795c1125b1f18495937e54c1997faf

SHA256
627c6194620da66386c4037ca104e249360d9162f85bb27b228e94d743ed6473

SHA512
f06b9fa4fac7eda313e00eacaaaf875e65873bb53e9214692036c2ffc87074aa26b014238008cbe37e1bff7b68c32ec49f8579d8eb84d82cf1507612479a3518

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fe021f174ae1ce930468f6c431194eb7

SHA1
c9a24140ca33e23ce0e224ce9ab3cfad9615525f

SHA256
eb0de181e8a3da2deed48b47da497f4681862840d4525b167336bdaa5b056f0b

SHA512
890ad2085b3489ccf25620f498630174c72bd89e5637ef12229e42ab3556b7aba2dd59ca7a242ab05b35c2a29c82fffb3c6b8c48c70a64e6b4e43f0b329e93b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4013ef14d6dbf749300ac49eb82fedfd

SHA1
9e9550392c53aec33ffddf3ff80291420f843025

SHA256
1a16e3bae6c653182d74f84055f2d7e919f33cdb15a7c655dece054768e371f3

SHA512
8ac9364cf67a46d1a51ae06c49e1a424658aae1b8b0a341c29cf6cbe0ffb4c08ebb664fef5fd8d66297abf698be2701af844fa420682bc95a6a1752de57e2055

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.8MB

MD5
71a4097f0a3d33d2e3ab305f9f26ff91

SHA1
e888ecf56bbcf65326ed3ba7c81afad3321d3030

SHA256
7a5c77be3cae4ed0f86c762d390feb4e14152b8807e4b7ee4f616eb1007431b4

SHA512
f475f3688a50cec777ecf9763fa93d14b682ceee5a4315ad412b193f19a8c30768b5fe7cd486b69ca8f2c3d9e542d1c9f27482648bfb49e3f4339176d6686dc9

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.8MB

MD5
71a4097f0a3d33d2e3ab305f9f26ff91

SHA1
e888ecf56bbcf65326ed3ba7c81afad3321d3030

SHA256
7a5c77be3cae4ed0f86c762d390feb4e14152b8807e4b7ee4f616eb1007431b4

SHA512
f475f3688a50cec777ecf9763fa93d14b682ceee5a4315ad412b193f19a8c30768b5fe7cd486b69ca8f2c3d9e542d1c9f27482648bfb49e3f4339176d6686dc9

Download Submit
C:\Windows\SysWOW64\notepad.exe.exe

Filesize
3.5MB

MD5
24b024d4eeb55a3d17852924e7858bc5

SHA1
ede479df8fa508422aadf767c9aaf34c2f975ac3

SHA256
b668b441d0403ff069997fb4e028102edf4c8d4fe12ccb7cc8970e5de64db72b

SHA512
cd14285bc1e7d3439dd89bc2448dba83912919c597b71a457ea8e8c72ee7581bb7210b12fbc7b027ec7772921ec27b6342001b2c3849b0545b8408009078be8b

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
2.8MB

MD5
71a4097f0a3d33d2e3ab305f9f26ff91

SHA1
e888ecf56bbcf65326ed3ba7c81afad3321d3030

SHA256
7a5c77be3cae4ed0f86c762d390feb4e14152b8807e4b7ee4f616eb1007431b4

SHA512
f475f3688a50cec777ecf9763fa93d14b682ceee5a4315ad412b193f19a8c30768b5fe7cd486b69ca8f2c3d9e542d1c9f27482648bfb49e3f4339176d6686dc9

Download Submit
memory/640-7-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/640-264-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/640-270-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/640-6-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/932-17-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/932-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/932-1-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/1456-12-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1456-277-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/1456-304-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download