Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

65fdbb4874...f6.exe

windows7-x64

10

65fdbb4874...f6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65fdbb4874824edbae3b8ddd9758f7f6.exe

  • Size

    274KB

  • MD5

    65fdbb4874824edbae3b8ddd9758f7f6

  • SHA1

    13fc501a38199ad1e58e301eccc72f08a490068b

  • SHA256

    67c9ef0b67c7fdd30ae6c1e691127d5fe07e9bd54b27d7d3a14b7008c670499a

  • SHA512

    60435d6a2a3f44fbc37d617c7445414c028facef794b8d8484ada1e2f6ebc8faa5c669194e7662ac6f22b5e4a984a1732769157cbb7c088670ddc1df0e2b4ae4

  • SSDEEP

    6144:2WC4YgB9Giy6WC4YgB9GiybWC4YgB9Giy6WC4YgB9GiyOWC4YgB9Giy6WC4YgB9d:FtJ9GiwtJ9GiztJ9GiwtJ9Gi8tJ9GiwL

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 12 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 6 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 6 IoCs
    evasion
  • Disables RegEdit via registry modification 6 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables cmd.exe use via registry modification 6 IoCs
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Executes dropped EXE 35 IoCs
  • Loads dropped DLL 53 IoCs
  • Modifies system executable filetype association 2 TTPs 64 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 24 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 18 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 40 IoCs
  • Drops file in Windows directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 54 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 6 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 12 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\65fdbb4874824edbae3b8ddd9758f7f6.exe
    "C:\Users\Admin\AppData\Local\Temp\65fdbb4874824edbae3b8ddd9758f7f6.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Disables RegEdit via registry modification
    • Disables cmd.exe use via registry modification
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Enumerates connected drives
    • Modifies WinLogon
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1204
    • C:\Windows\Tiwi.exe
      C:\Windows\Tiwi.exe
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Disables RegEdit via registry modification
      • Disables cmd.exe use via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops autorun.inf file
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Control Panel
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2564
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
        3⤵
        • Modifies WinLogon for persistence
        • Modifies visibility of file extensions in Explorer
        • Modifies visiblity of hidden/system files in Explorer
        • Disables RegEdit via registry modification
        • Disables cmd.exe use via registry modification
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies system executable filetype association
        • Adds Run key to start application
        • Enumerates connected drives
        • Modifies WinLogon
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies Control Panel
        • Modifies Internet Explorer settings
        • Modifies Internet Explorer start page
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • System policy modification
        PID:2956
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2284
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:896
      • C:\Windows\SysWOW64\IExplorer.exe
        C:\Windows\system32\IExplorer.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:1160
      • C:\Windows\Tiwi.exe
        C:\Windows\Tiwi.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2476
    • C:\Windows\SysWOW64\IExplorer.exe
      C:\Windows\system32\IExplorer.exe
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Disables RegEdit via registry modification
      • Disables cmd.exe use via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Control Panel
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2904
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2752
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3012
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2840
      • C:\Windows\SysWOW64\IExplorer.exe
        C:\Windows\system32\IExplorer.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:1724
      • C:\Windows\Tiwi.exe
        C:\Windows\Tiwi.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1096
    • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
      "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Disables RegEdit via registry modification
      • Disables cmd.exe use via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Control Panel
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2996
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2636
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2920
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2892
      • C:\Windows\SysWOW64\IExplorer.exe
        C:\Windows\system32\IExplorer.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:2836
      • C:\Windows\Tiwi.exe
        C:\Windows\Tiwi.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1496
    • C:\Windows\Tiwi.exe
      C:\Windows\Tiwi.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2796
    • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
      "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1140
    • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
      "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2780
    • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
      "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2952
    • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
      "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Disables RegEdit via registry modification
      • Disables cmd.exe use via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Control Panel
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:2052
      • C:\Windows\SysWOW64\IExplorer.exe
        C:\Windows\system32\IExplorer.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:2676
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2064
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2540
      • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
        "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1972
    • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
      "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1376
    • C:\Windows\SysWOW64\IExplorer.exe
      C:\Windows\system32\IExplorer.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:572
  • C:\Windows\Tiwi.exe
    C:\Windows\Tiwi.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1692
  • C:\Windows\Tiwi.exe
    C:\Windows\Tiwi.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:2800
  • C:\Windows\SysWOW64\IExplorer.exe
    C:\Windows\system32\IExplorer.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:2648
  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
    "C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1420
  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
    "C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:2552
  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
    "C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

2
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

2
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

9
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\WINDOWS\imoet.exe
    Filesize

    274KB

    MD5

    a1515e2145e4a1e1d1dee07a7b9884ed

    SHA1

    e81f5bdbb3610ac09a858e9c94737507e123827e

    SHA256

    40fba1ee1098ac055debc2ba346588a1abc58419c0c4c186c7ba41b753382683

    SHA512

    c86c7943b90b5337d7d9550cc5cc8a6087dea91247c2643fbebf1157b8ed347a649a160681c86a24755cf1b71b5490f0e6f484550e85326a31577f8b7dd06777

    Download Submit

  • C:\Users\Admin\AppData\Local\WINDOWS\lsass.exe
    Filesize

    45KB

    MD5

    8119ad941a12f4dc1f4a9828d3a94c9e

    SHA1

    0e7424d0f597bb9e2f36eb3a642768dedd8a7de2

    SHA256

    62f54c698e0944f63a9ea8ef848da87c7ef7a90cdfa38567062c7a66b02bfb59

    SHA512

    e886f4b474a8706209364107d4b0750a90685a6572d0be641e98d50be9f86da54494632befb4c239dd7db1ef54b8f84945e338568c1c49cdba48d3a2ed3c0399

    Download Submit

  • C:\Users\Admin\AppData\Local\WINDOWS\winlogon.exe
    Filesize

    116KB

    MD5

    d1caaedf7dcc078e5272243ea2755c21

    SHA1

    fe99f058db9c61424da63c62f012dbb2f82f2658

    SHA256

    4235da98bcb0d5eac4e8614e308a6cae55b464f29275abd88e7a39456966a846

    SHA512

    b8a8f8ab92ed4a57447356c3983bb4b0757b56bb6af60fb1f4d5f49184dd02918e9ee874c2162cfb29e0eb36b075d907ebdf2f2333cabad76af0750c2a8ced00

    Download Submit

  • C:\Users\Admin\AppData\Local\WINDOWS\winlogon.exe
    Filesize

    40KB

    MD5

    e36f9d52ecd7f97239fb76641043bfcd

    SHA1

    504f16b49e16dc97d81249e5731e36b29937b89c

    SHA256

    ce8e7c3bcf18d2839decb2360460f166c6b69a62c375b201a7c01fc9b9d48341

    SHA512

    d1ac15e19ce105710cde9fbd3bfe90f225ec8417ac590b0aeeaeaf40a73bae4a770561b12f11ebd3874d61d2dcc2acea9c63a4c0dafda378e396576dd68e5273

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
    Filesize

    169KB

    MD5

    797f02b95cdb321406fc6c8a1e93fc83

    SHA1

    a86fe1cc8ad30bcc6f2b85479157e8c4fba6f26e

    SHA256

    c0c87a9ce674853f4d86e414bdfe49074c6409f6659ebc249613ce44484f888f

    SHA512

    618075af3edd2cb55acc86fd4c4a5823e93c48522019a44b39b3bcbdc39a383c24c21b7df6a2d93d5730136ab363e799b11805191ff4b385e904f8833b3909e0

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
    Filesize

    274KB

    MD5

    937c02a2f4fc1705d464f841440571ab

    SHA1

    a641bd9d5651bd5c7d7dc3f7006bc950d89e6347

    SHA256

    45d837b052b0ace5fd1ac9518029d1a54bad49d825235cbb381037ae68a5ce21

    SHA512

    3a7ca1d14c79b906b339e288efdd20aee6b233d98d35350e09293aa424fedd7ed6e4dde7d17d83ecaf57b41fe404cf817ab35173c227519211164ee68a0df869

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\cute.exe
    Filesize

    274KB

    MD5

    c09a1125487eaaeb148b70534cdbd484

    SHA1

    3e55a152f40a29bb43e5d96d2339b6850345993d

    SHA256

    0caefc8a189ba2f8c1cc9f6361870a05ccaaa882904f6981472b729dae406089

    SHA512

    62ef792b7d7419a23d2ec721c28147589e21a3168b132bd47f7881f8b8a24fb16d29510ca04e5777ebce5500c01cb56a740e8d733632f355598a251292af60c6

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\imoet.exe
    Filesize

    217KB

    MD5

    b7f4b9831e5319b67e3fffec007a2e4f

    SHA1

    fb806b247ad05488e1c193d800796cd93d1fceb8

    SHA256

    a502ea3855b869929ec0e802824a01724260da34b4ce249f912030405a7e9d61

    SHA512

    8babd8ca9954e3609c0b13c9f3f4b91076f7d184825806aa625b598369bc86548a6fd40325b9e7fce5072db0ced95c500a441d323bbcb251d59272c22654ffb8

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\lsass.exe
    Filesize

    45KB

    MD5

    2ef6d0776eaf1b1354400f54934fc3d9

    SHA1

    ba07f6d2438a1bf1b6fd2e22167599aeafe5d422

    SHA256

    5f66dc37c4315d8156a0af2f9c43c7f91672468b20170683ab6d5ca37845773f

    SHA512

    074192140df5c2e19f62c8d42e20498c76fd246ca148de29ddbd41ad41d6756e599697e39401aba9a2bd98e3be22072c8bdcd5a4f26a8f4ae384c200a5549003

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\lsass.exe
    Filesize

    45KB

    MD5

    8e07dcd7f47a5515f7fa68da04b2e16c

    SHA1

    72cde03721ab41e6c69a60e18b6e79bfda22eb50

    SHA256

    90dd8449544083798d80b470f8aa5c82873d93147e4f3214f15faafe7ef9b080

    SHA512

    b4e36f283e86a95fa730f5aa173a3502d5fd0e5c3d634afbb476e8d501c69b47c063d32542cae3fdbf0ee91b7f0ca8db2391aa4e74865cc4628e8f7a3248c961

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\lsass.exe
    Filesize

    45KB

    MD5

    4a13daa8e597656281e6bc730524013d

    SHA1

    04ff5c3af82ff96cc6ac1ef5ade44608bb05e253

    SHA256

    7a631158d9fc9e349fb0b87b67ef1e81571752bd81b55021ffcc1af06f427f91

    SHA512

    54c1a125ad3b90c118d00bc0deb99fd684768dbfe02475b41514495da3674897563477b6f4efbba50fb72f990187f576730c8af6eb4c4816ec688216fc2c8fc2

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\smss.exe
    Filesize

    116KB

    MD5

    65880c4a980ee3d3c9cb68669d09d3f9

    SHA1

    1c3b47745d72de11c5d93f8486a7e237738da482

    SHA256

    15bdadaa6b83e4768c78ebd99bb7d17d61c583fb0b1258bbb76a6ec6613eb3cc

    SHA512

    bda4ba871e3b1972a5b7ceeca0e4a467258c84d44ebcbbbf7076405b448d94e75c84485042158871c4c806477a5259fdadd52a0e606ce8986dccf0e2bdfe6beb

    Download Submit

  • C:\Users\Admin\Local Settings\Application Data\WINDOWS\winlogon.exe
    Filesize

    130KB

    MD5

    c059c5e521847d7c84d613bda53c417d

    SHA1

    2d47e45c990528cd8c78e093c29517e7a9e2d9fc

    SHA256

    d7e11d28b96fbaa043ba35adba1725fa0189c607776b84107cd821f887bda3d9

    SHA512

    a49d2f5c52f232fb49442e23d6973dc598e999366474cf1fa04803b09c4d09d399f66f53769fadfbbb3026d9d96e03799ad5c631316a0029971b670344899ebe

    Download Submit

  • C:\Users\All Users\Start Menu\Programs\Startup\Empty.pif
    Filesize

    274KB

    MD5

    c74068870764b20584071480e7bd0d79

    SHA1

    b40d2cc244fa9f8d3396ef4730b9a1509a6c267b

    SHA256

    711060259a5a5befaea31a95f16a6bf4fa267fa422c111ac6a695a9e846d2b3c

    SHA512

    de23670612817606bf40b4b91e9bc30fc4994fd4963cb1d1a34ac9abce4ae8986ea98edae7b780d3909b577d4e0988a494256c30974e187bc684f4ced9b129d7

    Download Submit

  • C:\Users\All Users\Start Menu\Programs\Startup\Empty.pif
    Filesize

    117KB

    MD5

    ce7e48dc7995ba5da358665880bad115

    SHA1

    4a09649e5f63938dabbd6a82388bcb2910211ffa

    SHA256

    7b2f9ff048b0b006a15d6f4ae64dbe5d308baae4d51d28a60e722eaf4b1e9066

    SHA512

    c3e8581b60fd681c31e80772f3f1820355d1189422f7b9e63ac7fcf1b9156ab3074ff94f656d006a9c90d8b7bc38dec078b0681d45ef1b0106f76b2f49dd480a

    Download Submit

  • C:\Users\All Users\Start Menu\Programs\Startup\Empty.pif
    Filesize

    274KB

    MD5

    91618c32d5b760a16ef0c5c87d743a2d

    SHA1

    6b6267ceba603ccde313c02e87f91f8a8e74b26f

    SHA256

    6fa1e7ce49effab018c98f8fcdf08a66febfef1388079cf62d6a6d0b65a140b0

    SHA512

    f0f2caf4a0c6def4e602dbfd40449a73f1a00345c8cd1ef896d876130fc80d9e650cee7f37e4b0d6300e271db16a126ff42759d87a11b4f779e3ece358f1ea42

    Download Submit

  • C:\Windows\MSVBVM60.DLL
    Filesize

    399KB

    MD5

    436c295f145943b64388e234246b7650

    SHA1

    e9196fe3fb0ef73a0fa251944e57c22d41f561e4

    SHA256

    a1f8cb454f038d0459eba7a265bac79375f5e673efaedd934ec4bfa03ea64236

    SHA512

    cf4e3147f7b903f7ab5fd0112036db93f919f4d7c47aae799fd7e04bdf0c42782daf00fe80ccfd68ba31dfef238065838fed90dc04ab8964b6e0238865c55518

    Download Submit

  • C:\Windows\SysWOW64\IExplorer.exe
    Filesize

    90KB

    MD5

    9fe05d709186f080e9767b3f1e77a7cb

    SHA1

    ff9286c16666378fce0bfa9d84273ac75afcd73a

    SHA256

    9019205f18f642930651c833013a35e46a79d1fc391ae44d81bbccfa52dd045b

    SHA512

    149ae9f45284f51b99a7d33be157a9a3cf6bb2abdfb988637e226034cb4dffc6fbca55fc3e1b2f1e5883b0b7aaffba003c45b4d1300cbd5e77c36a0addf3cd69

    Download Submit

  • C:\Windows\SysWOW64\IExplorer.exe
    Filesize

    100KB

    MD5

    2972b16f826aec19e8da1a282fd592da

    SHA1

    50400cc2a57f308fa5889647fab69c32bf180496

    SHA256

    31b0d5da2fa67fb84111c5872a0574b71ed3022c7766b1f262f832fd63532f8a

    SHA512

    b3b9ba80d8d17c07e7b34dff649c3bbeb62e7b3ed4ba3eca0214928fdad84b50f6fb566168f1024cc798e75b23498004e59e24f0fc0e7658898d9bbf8f103440

    Download Submit

  • C:\Windows\SysWOW64\shell.exe
    Filesize

    274KB

    MD5

    0dd8cd314d94cfad0f1f3d2e4de8d5b2

    SHA1

    25e786ee702998ebd953b89028b9ca6d471c55bd

    SHA256

    504d66cc6d5167f73f31fa5130ab5c5228b0c92651729fc10b348c610de9835a

    SHA512

    24223e39372f7001019f06d74ea2b932ba75d309d46343708998db458225a75f84c96648067d04aaaf1ac33dd78352784913d4c8a4ceeef3fdb72d68f1d2a38e

    Download Submit

  • C:\Windows\SysWOW64\shell.exe
    Filesize

    136KB

    MD5

    8455a6359f78de91e6b0bf637631607d

    SHA1

    11268b8e4c88320f668cfb5f8bb68257bf5b05d0

    SHA256

    61ffc661a171df73d36836251e8fa6485216d11591e9aee4d0dc60b63bd7c992

    SHA512

    d6af0cc306399d3db02a6e5f7ae5d9b20b176403e449b6aa4add402cbf60f08eadd009e8313834e4990270065ae9dac3f38735a22a0580f754d7db15ac659f2a

    Download Submit

  • C:\Windows\SysWOW64\shell.exe
    Filesize

    274KB

    MD5

    50a683ee38676c2d2597252078164e19

    SHA1

    c9a0e7e840d15b4f813ffa807415c3424fe57975

    SHA256

    29789f4f573a4f4ff1a1618605e7667f9a014b4bf5f64172fd738e7a51475c7e

    SHA512

    b4108fa91ef232d886eacf085f31fd2d4eb36da72afc3874e6c41977566b8457d4cc336e11463fe897ef266ab98f83f5c5ed471aa68d5eeb4e31248b84e93ba3

    Download Submit

  • C:\Windows\SysWOW64\shell.exe
    Filesize

    274KB

    MD5

    65fdbb4874824edbae3b8ddd9758f7f6

    SHA1

    13fc501a38199ad1e58e301eccc72f08a490068b

    SHA256

    67c9ef0b67c7fdd30ae6c1e691127d5fe07e9bd54b27d7d3a14b7008c670499a

    SHA512

    60435d6a2a3f44fbc37d617c7445414c028facef794b8d8484ada1e2f6ebc8faa5c669194e7662ac6f22b5e4a984a1732769157cbb7c088670ddc1df0e2b4ae4

    Download Submit

  • C:\Windows\SysWOW64\tiwi.scr
    Filesize

    166KB

    MD5

    8bae946b0dc168acc0164ee6e6e438e9

    SHA1

    ca377cf98561e268f03e38bfc521ff4efb445a3b

    SHA256

    9e24974ddafce7bbe2ecf42dc1f871666b8eafd2445fea07cb02855787b55de7

    SHA512

    8135bd76389b613d3958907facfa30e7fa85b7f4cf9bc0f076772dd1348f5ce8e60268eb46de5930b821b458070eaea4067be77865681c8da0c1f947e1791138

    Download Submit

  • C:\Windows\SysWOW64\tiwi.scr
    Filesize

    58KB

    MD5

    6c61b940c4911b0bf1ebabb60a3d5599

    SHA1

    a91194505830fe3bb1e6866446e7109f515c242c

    SHA256

    a8e840991d1b3d40f8838bcda230a340e2c8bd5691483897562a70a4ae2763ec

    SHA512

    0007c65fc46dc16bf5ae141640115ddd741bb5de5d1734463fbfa8da691ccad0e24f0e7929d63ecc075fbfdf32744410f96a769bfd820636633ca63ad6f9e0f3

    Download Submit

  • C:\Windows\SysWOW64\tiwi.scr
    Filesize

    59KB

    MD5

    d021b315fdc330d4a37f8a581da1742a

    SHA1

    d3eb8c0fa7871f52fa15751468b8802c21d961cb

    SHA256

    d8c649e289ac98980d0854560eff0a127f9b079a3926194a110b38e4934c2e1f

    SHA512

    6808e415ee9d14cefced19e783becf2bee9d916863752726549d6980717b4374ff81735a0618cad4e964f71db139ca0ccd0fa41e406d5397a9140f85efcc0c40

    Download Submit

  • C:\Windows\tiwi.exe
    Filesize

    32KB

    MD5

    f93d0ce1f2f4021ffba0edad8c37a317

    SHA1

    0dd07de451a77245e8ae5102172f31f32ff67b72

    SHA256

    ff1b7234f669d84e8df56c7afb0353cfabc19a91abb56fce166b355dd0307140

    SHA512

    f3ec4165c141b23ea87c1478acc1d8d420058b1ea9822c9222643394325f583e84bd4e8b33b98548d9c0f2b410fe3176ab5b9462e7761d963c72af39d660ec7d

    Download Submit

  • C:\Windows\tiwi.exe
    Filesize

    274KB

    MD5

    6eeb0d26840cadb4dcddc8c8260a7199

    SHA1

    8fd33fa9ec2407e1c0df3b1084e3caa0bbe21fe1

    SHA256

    83422e1fa2a6076c3bcafcb8ee34c6bd5cf26f5be32a49ea02ac8790b7f23462

    SHA512

    b246f3a7cdcee93e68a6034c62e3a78d6c1b78ea05be99b9d5c9e18ef3828b52bcab353737ee25c751a698f8ee8abfa6c22fc74c97797045e70c0a3f176a045c

    Download Submit

  • C:\present.txt
    Filesize

    729B

    MD5

    8e3c734e8dd87d639fb51500d42694b5

    SHA1

    f76371d31eed9663e9a4fd7cb95f54dcfc51f87f

    SHA256

    574a3a546332854d82e4f5b54cc5e8731fe9828e14e89a728be7e53ed21f6bad

    SHA512

    06ef1ddd1dd2b30d7db261e9ac78601111eeb1315d2c46f42ec71d14611376a951af3e9c6178bb7235f0d61c022d4715aeb528f775a3cf7da249ab0b2e706853

    Download Submit

  • C:\tiwi.exe
    Filesize

    274KB

    MD5

    d31470542e7311e0f2d6f237f064ec5d

    SHA1

    c04aa0b3e05bdef0ae4d66dad2c80c5f3d4a9251

    SHA256

    1da98bbf2d33a563750b245ef3e1b15763cbf5a36217c1ac15eb48d13a2c8e36

    SHA512

    50fd31398e484feaa1cffbe3a71cb29611308b44f5a34a0a114ba0a06a1a5b743d95f8ac903ef779299e4d8a60b4f63410a5af81b864d913bde77e784eea1020

    Download Submit

  • C:\tiwi.exe
    Filesize

    274KB

    MD5

    b82b9410c08b9860595c70b7548ba2fa

    SHA1

    18aba6787c5b5c565155e93132bb439578583245

    SHA256

    4c4f4e6363a3c9b3e7b6e3a15161c33cfa440ff75e87787869f198d4b2ddb797

    SHA512

    1e2f5e3cab2e37499e931ed2fab37562f6ffd366a6d91083c462324a41194a54511acb9f76a39243726983974c92680a91a44d0c85cbfd706ae5c0ef0543d7ba

    Download Submit

  • C:\tiwi.exe
    Filesize

    274KB

    MD5

    777ffc7ecc017cfe329c9e4bdaeb752a

    SHA1

    4871cb40c0f95ab1e4527889c73701b8ce55b56e

    SHA256

    fa9d0957a54136ae5723c66d2ca56e08d62e7c798a9650206d2fbb4f87de4df2

    SHA512

    c99287ca481b0c06faa1456a357e856c3600513aae9899c3253405ddc3b360e89d3979048fbd9370a3f4739e4973f1f5fc1b1d53fa8704ef75bd5ca48af4aeb0

    Download Submit

  • F:\autorun.inf
    Filesize

    39B

    MD5

    415c421ba7ae46e77bdee3a681ecc156

    SHA1

    b0db5782b7688716d6fc83f7e650ffe1143201b7

    SHA256

    e6e9c5ea41aaf8b2145701f94289458ef5c8467f8c8a2954caddf8513adcf26e

    SHA512

    dbafe82d3fe0f9cda3fa9131271636381e548da5cc58cd01dd68d50e3795ff9d857143f30db9cd2a0530c06ce1adef4de9a61289e0014843ac7fefcbd31a8f62

    Download Submit

  • \Users\Admin\AppData\Local\WINDOWS\winlogon.exe
    Filesize

    274KB

    MD5

    5c564b592910d4c281a9affb5b2cf300

    SHA1

    c5e2ab45149898db02efc1956bedd062639917f9

    SHA256

    7080109237b3d0a698527cca78285434efcf443d82251bf027f9f433e8277037

    SHA512

    b0dca032d58e3a4a98fa04b4e1cba640b4479fa0e13a4f7bf0bf0631920976ed69c0d0293224bb86092f22cb83043c0bd1f460bf375ed7b1ab774f2f4f5ee6ec

    Download Submit

  • \Windows\SysWOW64\IExplorer.exe
    Filesize

    274KB

    MD5

    17fb750d5c2737a5090154a1e13144f0

    SHA1

    79f25a73e097ce873dfbf74a13da7c264cb0b4c2

    SHA256

    ef8d814c66ad6d7b5b010626a5cf553282879bf45faa69f56d5ff0b066711966

    SHA512

    3f1f12543988e60875cc5ffe8f5325c8ddc4686ceda321df28e23289c63510d78c3e4a213588d95d00c1421a718eaf3156213ac946d078699eb8cac16e6c550c

    Download Submit

  • \Windows\SysWOW64\IExplorer.exe
    Filesize

    115KB

    MD5

    b4931954fffc2888073236ee57ac1b9c

    SHA1

    adb4ab37613d8ef472774ddd0c825a6fcc06be3a

    SHA256

    8b8740cccd2a9819a85705dcb96132dc0337b0de833eb4e2bdca5072b325de60

    SHA512

    cd575946350092bfbec360a3c97bf806b8525b3dc2bd1c78b51e06583cd0e8560bbad198351c40b8cdec6757b8a5920953fee970319ad19edd0681ed3292f4e7

    Download Submit

  • \Windows\SysWOW64\IExplorer.exe
    Filesize

    55KB

    MD5

    cd705efc3cd32115ad9aca0e973e7fb6

    SHA1

    545b09f4240a45758bb2a10a31128dd2df0d6d9f

    SHA256

    436da9399e8d0d2967ca0b7cec1017a2377f6d7fb13fb5233f61912f1d19f4e7

    SHA512

    fc2eeb520cd73c1e0110239372dd40ae5305403686b9ae584e8ce8c59415bd3b86b4ff0a542d791b6234e83b1cfc75c173e7ee3c36912d14251d65872ad4caaa

    Download Submit

  • \Windows\SysWOW64\IExplorer.exe
    Filesize

    72KB

    MD5

    ed025aab105ba24356b62adc89031ef3

    SHA1

    7fc799d71b7f4e0a5525d54b7907fed4c32aff0e

    SHA256

    bc9137a9caad1f9b1618be34b52dabe6fdf0a11d9cd22b51573854b6b5d84d17

    SHA512

    d25f222320e5fe408d944d3550d5a3de83448ffda7ae8f2475c789ede049e0261fc1202072b7976e6be444737b2fa0ff02203eeedaeef0ec6f77ecdc24c076ca

    Download Submit

  • \Windows\SysWOW64\IExplorer.exe
    Filesize

    214KB

    MD5

    d2e3df3e10321fdbc0b8dd04d7ee12c4

    SHA1

    60f4eb4fab700c8744cffe612df2eb2232205a8d

    SHA256

    6f5c1dae2e26b258750ef93d23929c5f91b244e5923f7de32f5566641e447c2b

    SHA512

    7097d73f68d9da02ebb3303d3532bc4321920aa69db4bbc47aa84e79749714d02f04dfabc8bf224a26f67cdb93818e8ac2f27d15b03af160841d8561ed545e74

    Download Submit

  • memory/572-192-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/572-191-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/896-364-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/896-348-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1096-356-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1096-302-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1140-465-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1148-499-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1148-501-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1160-341-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-349-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-175-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-189-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-94-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-368-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-186-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-299-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-259-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-376-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-119-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-187-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-98-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-200-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-124-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-342-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-466-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-386-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-111-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-202-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-104-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-418-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1204-421-0x0000000002520000-0x000000000254B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1376-204-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1376-246-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1420-506-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1496-367-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1724-355-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1724-375-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1972-535-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2052-539-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2052-381-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2052-515-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2052-295-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2064-526-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2284-389-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2476-250-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2540-530-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2552-510-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-258-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-252-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-346-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-347-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-293-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-462-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-362-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-385-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-512-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-432-0x00000000003D0000-0x00000000003FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2564-101-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2636-428-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2636-433-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2648-495-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2676-523-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-434-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-427-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2780-460-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2796-179-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2800-491-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2836-380-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2840-379-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2892-392-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-382-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-378-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-112-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-425-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-338-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-490-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-513-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-354-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-383-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2904-497-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2920-459-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2952-396-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2952-431-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2956-419-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2956-496-0x00000000004B0000-0x00000000004DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2956-503-0x00000000004B0000-0x00000000004DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2956-516-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2956-502-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2956-489-0x00000000004B0000-0x00000000004DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2996-514-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2996-360-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2996-498-0x00000000024D0000-0x00000000024FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2996-369-0x00000000024D0000-0x00000000024FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2996-345-0x00000000024D0000-0x00000000024FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2996-410-0x00000000024D0000-0x00000000024FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3012-397-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download