7df4b81f94e23dac8d6bf5dab2871c23af2b9d24a073f3ec6abf03bcf061bd38

Analysis

max time kernel
145s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
Size

1.1MB
MD5

01dacb4881715814e99dd9333b5616b6
SHA1

e542473ed025c2f2ecab8f9bcc09f4fdb1702a4c
SHA256

7df4b81f94e23dac8d6bf5dab2871c23af2b9d24a073f3ec6abf03bcf061bd38
SHA512

c74b2760b4242da68c3e548dc227d31195829a2794713ca686ac065a25139e8ab47c3802da2e14830532be8de78064daef524f81b323bb3f01990d4fbf95a3a5
SSDEEP

24576:ZMMpXS0hN0V0HoSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nc:Kwi0L0qlR

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

HelpMe.exe01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

2316 HelpMe.exe

pid	process
2316	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe

description	ioc	process
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\N:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\P:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\Q:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\S:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\Y:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\Z:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\H:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\I:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\M:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\T:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\V:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\W:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\B:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\J:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\E:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\G:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\K:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\O:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\A:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\L:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\R:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\U:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\X:	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

HelpMe.exe01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe

description	pid	process	target process
PID 4856 wrote to memory of 2316	4856	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe	HelpMe.exe
PID 4856 wrote to memory of 2316	4856	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe	HelpMe.exe
PID 4856 wrote to memory of 2316	4856	01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4856

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:2316

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.exe
Filesize
1.1MB

MD5
2a22dc12b2789a6516b79b191b020c9a

SHA1
4fa1b120281504290ec67cbccebf408e52a2522f

SHA256
404d7870e0646d7eb345657e7f7327ad34736ca3ea0c9e2f085fad6ccc922b33

SHA512
3005b274ea132d2eb5bd262aac258d8e6ea52605950e1f2a33bcf270ffcfccc37ef628fdb1d10995dd736676abafad2a94d026891b86eded309b9e93bec103ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
816203ec0f507c63f6663da16920cfd5

SHA1
af0161dc97cca3003cf4588f4684c9740e9554dd

SHA256
450369b0c765513bef8de6ac07fc6f490dea3a8295efb3b2e9730fa4603bb8d8

SHA512
223d9a3981bfacfbc7060e78ddef26a9b0ec0f47913327660b85d65853d8cb75ce68a64f71d2ba3cb61360bab25833070519566ae649e6d225fc9eb17b05f8f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
dab1ca1de83ece5b9e1bb80eb11a75d9

SHA1
8c265e1f4ed29dc9c9225da45d6d8b933a3ac0d5

SHA256
dfae24b3d1e2a7841c7d0c3711426d59461234d167dc9ae9e2be7b1c85f0e9e6

SHA512
d79868d1a1ffd648aa43ff1e5b41e2b4ffb120c242360a599f44ffd150a23052db2e1cadf733ec02b807ddcca1b782aedfc161129964cee56143e70dbda55794

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ff099f89e8d5b7907b5c5e2c3b730bfe

SHA1
d36f5d62ff510ff2c18d915a24331727fd3a596d

SHA256
6874c799696721cc5671091ceff5f1c475731f59069ea6950258a1b28a68f030

SHA512
75d362a39ba88d4a9c51e13d371cbd0a4b8cfb6422fb3cae41262bd3ec4dfd04b8737155c3d076ab293a11e2060f5757672aefe421d98f21512d602948c39191

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3eb010ca6012f2da33d060524c3a7106

SHA1
a606a36eaf15ea54109cb71b35c0d4cfde19a726

SHA256
e040bef625ff79910f2eb1200a8e2dac4e8877f0ea82fcef876ad82db9829927

SHA512
e4aa00948f69ef05b22ec124b89f5e377d35502f62d60a98548a5f868462f78585fd48a6a2d0949824bfd81ad0031956e845ed1df1195c4b344fa35697ab5709

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
f69ee9c0156c93a790b7eaba3c81795a

SHA1
88349dc45f1cc2cd00736ef1a4fcc65da58e136a

SHA256
b5ebd7bcf17025b4bf73e5f1eb13a110847977106707e0a71bf79d594387cdbc

SHA512
ed571ed1a26a1e414463b53da760773e4d92c8de52f13fba9dc1344210e2b445531ef28f9da72abec6b185956b1a78626054b8aa7d096fc6c3902736dfcff93f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
11bcae40fb1aa2d502519c233b93734e

SHA1
12047c452134c85a9547149161b9f3c504271e8b

SHA256
41a0e294149e3271d11761527afa2e61ab4106f7ce698b07e16167a164240b06

SHA512
6ab820e50f55d84bb99f9f60ac967b4b9f43f0fe4e8d8b9cb602c526594bcdae746147c91b23dc88c15a456338c94e6c118829a63964d486f3b6e5e74b418f2a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
49534611e2d81722565744e47428dfc0

SHA1
4ac324df2dc225c88974ff8c4923b1c8579ebf5f

SHA256
2dbf2f917d03ffc18593f1fb5e171b407502774dca8708580e4c581431ec635c

SHA512
c07c6d5883d6240dcfb32450acb4cf2e7801a094709bdd35156047e3f3a2da9673855ae8b0b93cf82bec89767e88710716ef7c8ca646847bfe5ef362f8ef7596

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3843aa50224617175d185ac5478fbcf9

SHA1
d7830855b4af6ac5933affb149a84eda584428dd

SHA256
8c9de5f3ee3d9f26bc6eb5cb5d7f3dff02586313b841437e2676c1ccabe2656d

SHA512
bfff32f69b1858454a33a249c3eaa9fc53da6cb03ee9b5756e7c5bdd5b04dcfd34107b93d5e42d561a931dcf2497660df21b179047501a88ac0528c30d33b9e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
1cc414923e072790777d2205577d2e55

SHA1
19dc20173cdee61f667cb4f0ab9c4af3d4a68030

SHA256
2387d67a37a8bcab6fa1698765ba5778b6e911ba673def09cb72bb8d6e070ae7

SHA512
b759c3b0d2cec11f614d4200b1a96005077026024f6361048623feb635d4f4fb55623d66f3ec0a271e37433a7386e2c3c5806ac65af42f3ce3ddcac127c6cf79

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
317d1ae33933e485d62d4505cafd309c

SHA1
fdac8841a9e815de7909e1b4e186eb8d8ee62764

SHA256
49b66b0921fefdc6cf5b08669f352b83b1060c8c87d271ff865e11f02576a3be

SHA512
948da0fc322820728509911a97e909d91f121320ee2b0d9ce046db65b18d438428f0e0ddea2cfbb6e37cd450fee60ca684dba158002db9cb10541575015762cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
097b67a0174f672b3c810eac74c7108c

SHA1
407b1c004decf63cae4ec2c16813bac34aca92f3

SHA256
e91e7de028401ef2f1dc75894fbe4aaf9ebf06f1660743a4fe7230bbf69aea15

SHA512
c26409081d35f89b63316d1dc5f26d407cff13cb52ad59b8e333a98dabff7e643bd4e65e7526f7f4276093c94f3a890cacca72aeda9a33dd6773ffb8532d6634

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
8fdb62222deea9fc3a1ffed2af711473

SHA1
50167fcf74d7f1e6d0167c955705614087101d05

SHA256
9816c49922c8c8870927bea1e96cf86ca9d46cc2e076614e62c6b7a8671e4953

SHA512
34e0fb906f3ffc5cc7d374b602d4a50f0f6646b59e2d64fae7cc761c53c248486e8ec976292161da5dbb70f61e9a5f361ed78ba25e79de93001ad1d37ca58cad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a1f9099af3ae35b85d14279f9160d3e9

SHA1
d5b0ad7bcc164d124b48f14b5f4492e67aa8a033

SHA256
7f9c36d74b88e90bef85aaf368545326795309a46418a338aa6db4814c94d4af

SHA512
e9732361b85cc661f57eca3bf1d9c60a0a127f1bf32996b1908d687954ea9af1e1ba90c104e054e6bac9874273649a6a1e167b9b6a4ab778b858ff2626736fb4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
3a489033caf68d9f41b287b0d3b85b8c

SHA1
e583b333e7674533d31e817127ee113ae7ef4f56

SHA256
ec21657a8b59c92a677e60896c6bf74874a04cf972bbf4729133c2df2c221b2d

SHA512
950e2e5c814be14495b5a66bb833a97bba94befbb053ec785b3634fad18d6fa7df9ca89a98c5a67ba6c2e7c44800e5e563512b1de5aa09350b8d436e985e5d92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7c28373d4663c8fd03149d19021c414d

SHA1
7379f771ce4fe33910b95f1e8267afbefca8832d

SHA256
f8e62c62005b7e50e42d4d26c76cb5eb986697f8985ef7ee799f52dc68de37df

SHA512
e886e872a7bcf1b84a811a95de7650ebe55e4d02d80190dddf7f68fe96aacd4d4d95256d8fb315e856849d2e4ad47d632820dfaaeaea419245b56f32130de4ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
07fbd4da67bb6873264f50b3584a80b7

SHA1
7a538f7b4abebb000d64fdceb705181efa03d303

SHA256
4c8082a3a2f6d1984140716c8162a9d389cacde8178f962cceaeb3d1b8fe9aa3

SHA512
ace03bd99dd72b8384e1173f1bb2c938c2ab6d5b3425107639fef74d8d23af863c108475287ab030e998d0478e1dd9ade212ec14fa4e05a8c5e9de739f9564e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a9d1c91bf084249fec9d79a2f6fc94b2

SHA1
e09e1ef5c44f37900e779f1a92fc44701a43c792

SHA256
454d9927d678a6fc615c6c7645c0e0443994413b05da8add208b93e9baf1692f

SHA512
5487fa22dfd8b18601bd9903b7b90daea18078dc6c7b249616f65194622cc81de14cb560370ae8b664192f95cc10ef67292bfde1f8e5a167a2377c5cf40e30c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
c2e7a897a85bf8d229655b902bb59612

SHA1
4f6a62f7b662046ff19d168462dc54a085c986cc

SHA256
d64af69185ad9b0b94091216994b4f3541ddba11835d78d121b92c2f6433828b

SHA512
8cd16fd697968e6225c9fd2b4a1b4bbda15c362ae4bcf509c587dd3531282c33855e741e030964857c9af484b37835bd34f7f4fe7c5f4bb34e2f3e6aa7666470

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
5ddc7471324e1691e30db13f87060ed0

SHA1
fd03f5110cf4f8f53da87e978f4d7d4244f528a3

SHA256
2fd462f2e7f87b321394379823d03380db5449252ff66687b95c50b5ec663eaf

SHA512
44b37683306452a414cf688660aefcf632b6a2951d51936cc194c862fc489c67a2282f27720faa0d8ffd3291c37e62083994080925f997564b45426db84ca6f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
5be13c9da19399f0b5cd7ed3ee2ae9a3

SHA1
1fda607ed02e354d18079e6ae220232b3ab758eb

SHA256
a88150a604b6f650bc61878976cd1955e7db73e71ad15d4d3d8fcce54e174734

SHA512
c66ebb015ca52c2f152004637d0342bea991484261ba41ed2339783214fd20d6dfeeb64d9fa9838f279a7ee556d9831d48858e62076af29951cc8f2fa3fcce5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2312b99f2107f3b15fb71352eadbaa2d

SHA1
9b079635da4c7403d9a8ff3b9d2c97916b52bc28

SHA256
287b468a4d04374db0ac91052c69e888079e3260b25913206114c753c3fb5e6e

SHA512
f47647190228fb5e0c6026ee6b00b42daec22ee457bdc7403d3d8a35ee373df04a7fa732c44eab75b7f280a0848df13c6bb450939e0b87040446d88cb3310491

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
e5183be9fd553381537888e394252b44

SHA1
6c27d0bc69c8f330ca4e11cf78a3dc505c197de0

SHA256
aa834af4e708c7af40dad8568f9f7bfeaa3f79529b0c38544c33905a343a408e

SHA512
4ce39eb0075023309eddbd2080dfcc62405d4025aca0a77b1a0ddb95c3133f55a3d801c0988e90c955d028d190d92aefdfd3da118de7474001e9ba377e57b09c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
62faf2fc2efee3a37538114845cf8bb2

SHA1
d5032e379ac0618653d29f2c66d86b1d30282132

SHA256
5bc092acc660ac71915fdfbb53c3a32c55fca4c00fb1926114dd1ecce2e1f149

SHA512
b773f361d77dd0b90c8a50d3f01e79dc1bee24aa049bfbcb6ddad71568e9e1904e5ab93bbd716c36de19cccdd05f93bcb311d5677b18308ab3d0ac435d466b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
5cb3c255d657bfaec4bc80e7ae5e9677

SHA1
5f591484a22fca0fdcee4c8b12abe941df919606

SHA256
1b56b1b986563cb2cb117d6d034df929e56d0c1397658ce7fe22495959cd9543

SHA512
a2122739976551e817a00be51fc161f63dd4b6786c588f6cd871b0ac65193a15fa1a9cc9ced199555f7be5ee33c64d10ed1bedcd336e2e7e9108ce4b54c4a8f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
bc3449db477dd67098845eff7d406bca

SHA1
4cd06f1c975b00556a8fb5932f73655aa37cec5a

SHA256
f3de62499de71c5f94a43af14f13c23a6f64f6d8ced306cb20f5c01e8033e687

SHA512
26a290f32276d75725b9d69f9e5005a4bb08cb7df3de897c9f17b653c212391ff6a3c8a2e068cfd49f441f008466a5b934d6455e8807e98119e04a1bf4120497

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
18cdfad0346ee5c5697a4a6e730d53ee

SHA1
0ddb3511d9d689584d298c24e2c4274e983695e8

SHA256
7ea59eda58573bfe3f366590afa64faf12ad0af68cca54ca122d693797f099d6

SHA512
6693cb94a243c959334946c63fef3867ff4fd390638df89cfcfd471209e2edb7e4971ec6b1ff3ecf3828c3e59c33fbc500f68ce1ed7d137ea7ea42c3d7726601

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
0d7df41f2991302531198e62948a9312

SHA1
94e252792ad6245c445beea415253e1255557127

SHA256
06fa3245674e11c9bbdfcac74a46f06ca672b1bcc509638b1c3e5823abae9888

SHA512
8800a0ec71b2d5986b16e4b1b58d836af5843630f6798033f6fa6e8803cd7f24dd9e3e0b41ed6764463a98937dfc74be2d1c7e6324c7010eb289db00577d7bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
720212b4c80ddabece5542d3f5f39819

SHA1
d57ebaf02355f9474d8216d146c03cf36c463378

SHA256
77cd452d609e524c3029e07f020c730d068d0a33e652831e4e43fefb1f094383

SHA512
bce33dfceb7ab672ba31b3c91aca999ebf0ad6ce4387417cdde3f551d12238b5036b7072b8bd1b6363fcb8bab25d46e9312654c297a277dfc777e188891cc6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7a27ec5b708f6a3782f6fc28f5d0ea1a

SHA1
7a240f1469694d2c6de0e4ca6b44bf3b98e2f5d1

SHA256
884c8e52f300d9dad04566955d06075b0884c67b2ab7f57b66cd02cbf5cd9991

SHA512
fcd262234b65f6b5bfc7b732f58a7209e944e47ae020befa1d4881d3771e771c9c276c52e75d2fe90e60c58ce2f93e99261e9ec5111d2f62a0c6fd852ce16d89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1fb1808c34214de0b1704ab9dd245c1a

SHA1
0a9fdfb175f893195a9e2e44916127bb97910c23

SHA256
74117551ca3b11ef248d4446f506c107cde1c1d8856b96856ddcc67edb3562d7

SHA512
1117d743d19dd713bdbfff5a2150c3ce5c1e3a19a56a260088590113c44d4aebfd32118e53593033396dbf0e1dae196fa24d276d5d94da26570b2293b58ad39f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
4d71e48165394c608706787b81c777c1

SHA1
f544b953d5bdf3af631b63e032f587ca11997a7b

SHA256
8da5def485c1da937f5602c8a0e442f45794b908b5fd3714854eadd0f8a66839

SHA512
5f82731040e12e0803047f896c3cc0ac0ad39fa6027a9c8ba7cba2cdc3e9f588ac7b4def5278e1146653cb8b448ad65754629e75c35565ad170851006da67067

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
b36f7da2a09532361226f7756711518b

SHA1
e901e90ccd2945697ee0d2f3a862a139881fb211

SHA256
559b03f52db36b95635974c628d3e69f4ae3e888b1968a3fa3521ce9577276ce

SHA512
ccacf07e45fae94c10994f9b2e24a6804b53460e7be660f308bd0d5c52c63065239858bb82587ee27f0a81f453e765fdb9aa4ffaea38a73c175355075c6bdc18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3420c739d3ec3ce31b3dfb0ce8bccea1

SHA1
856158046c35fdb96cdb85639c16b1b1f99a231d

SHA256
7a2c36b247621d4ec3e96fe73b7e3604e959df4dd49f7c9ee6ef669e6e1b4541

SHA512
6aabdc73c34e5c3c19102831af60652df7895c9740493896f77b06bc1cc08b07889412820d7b213ca5184167e357830d40dd41e787aea15bbac2233b27ab91fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
ce1e71229fd5121712772acbc61cc932

SHA1
5aad5120ea1c09310a85b5e52f8d0e3f5fd97e6e

SHA256
31723e93d7a2709df1541db5f54163390b071ee441d83027be8c386b43384ee0

SHA512
c77c747c59f46dd313675f26076571e65814d16bc3315a39b4ec7e14a1e45b8f90def0cba289061d96af73f4a6348a55d82c47d925eca051272015facd2823e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f7cf6543af0fccf918e7720a2c3e52fc

SHA1
af336d00fe95a31e6f77ac286d87b5b0df661a3c

SHA256
899345445a2afb8918e5096a70706d4a91ed8cda6d947ef58f82dda4546b615b

SHA512
2993093777eec74acb9340312ec69c4b0aece41d6655467bb5108868a06c5dbb6a614ca31ec151f090465176298ffd0f245f3b7024d7317ea3f9d8e353edd2e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
773e901b56f8bc4810f42b0c720085a1

SHA1
1708677f403b0b2571d5f1722cb62c0c6b352a96

SHA256
0a91ae4185fc285ae6cbdcce32b9cdc8ccbfe320cacbc7b51dcccfb5c70dfb2e

SHA512
e1cdbbb029664de5ed3070e4574ccf8e68782bc81ce90f0d84fe2db53a4d574c239f5f2f6579bb17c50ac5288c6b5240a1f0fecc3924caad5ce8145b334f09b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ee77250573aba2fc62468a66fdbec68f

SHA1
eefc4d5c550c2ff607d3b4c3c18d384df6cba729

SHA256
1c4237f89946ec99ebaf0df85c6c07c3318d97c34f80a99ed180a505dfcebd44

SHA512
1eb74e29a7f09520e93efa29f0c3dc40ecf162fbf78432480dbeeb8b3686d6c430738424877ec589823e08eb84e31e28a78c1caccf7b62c9c610b6cd3a19a40b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
0578bf53064037d6264677e8e4f624a4

SHA1
1d8620c7ddf6c437128cbbad1c832113e77cfe1a

SHA256
82081c5f621f94c728863df17083aef23f6623a8393bbad01d1807dd8bd4350d

SHA512
d9d45ecc8efbc1993afcf5b2c5076ee7d6f2466f3d2db0f7bd65356482122e20ff1671ae62f22e1a69bc2a43219083d31e5dd9c5fafc0b493c4650a4e75f8552

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
94ea0d35e351b171be770be0449a6cfd

SHA1
e1e571378c5612e28674184e97d7b23d0e58a1a4

SHA256
a26dc8bf790f62c510a15fb107d02abe629b6fd3b4e0140c15c45cb7cee1859b

SHA512
72db00a671e36f133fcc32c938c34a39d2f2824204d0e46b53c923c40987dd47ab027478ac631c6930f2265841c1033174330a0f687ec9abf215b216e5e85f82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
ecd862aaaf4f583461cee1b64e1e68ed

SHA1
0db2f207a58581b64f12ecadcd8b1c6a40df8107

SHA256
0a242c81d128d8ccf55096c2d701f11c66a27af4002e7686bb4be0a0191d4508

SHA512
071fbc1f8f3b63266f81e3e5dd34d83a22915e2cf24baa03ce5e980e82439c7be3e7ca43501423ef4d4a0e478f5fec2d44a80a1fdae72094d26abe2fdacb3058

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
5273b5684e0c19b3b075f0da4995c208

SHA1
f9b23f5bb1375c1db7ce9cedf3faf15f154e0736

SHA256
e220141b430aad66526155043a303c2a5c65b7d07516895ca69bdb8b9ba9d917

SHA512
24af2b6788a1841cd315cdbf080913d3633ec117a7bbbb60cca3ca8b6c173f51d14c3ade5756ffd2f83603eb989a5622ffbb181a366830676cc250c407734f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
3041aea51476a96104274e83e0501983

SHA1
ed57c74b83278a7dc8333bdbc1adc3beccca4549

SHA256
c931921e67bd82f616e54076e5c35a6d0494631470a8df89f45c514788cab97e

SHA512
18adc98d5c5a6eaecb207fac88818bf420cbab650c33857d16c9fcb2ce4e9d02f9d6eaed69ed58863fea5f16820945a55876641f0e200bd6672789e99c452567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
b4996611f79216e88107ad1acbd07d49

SHA1
09c1d29b4f9c4b22b87eb23c7d50d2b9e58de930

SHA256
422721a351501ec86fdecc4d179c0de8b9aabecb9305a00ada121729dc8f05d1

SHA512
2084203dd81f96a2e5e1911435670f496a6809c4a37b8dab9ec429817a2c0f64e6b639b59e5e0447bb6881ef71067cbb45201a2ad29c73c438bfb0d9e6293c30

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
6c48eaf0a3086655dc8b61de2e390f0f

SHA1
3e9bdc3062bdfae4ff969fd78b2594c7063efee9

SHA256
610dbe6dc1c1390a62b323a141ac389d3d0eae9f0e8e17ce018f8068b80b7a09

SHA512
c83d214bde275aeeaa5e799492f5aa726cb2ff9a108146994d71942898345931bcd9014f6ecafb4f46032c3f289f3d66220ba8b1146a1f82250669273f0427bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
797ab17ed9597c948b74e92cc55aad98

SHA1
0278dc9e1c853ee7f63e3d69a7fac42c4cf2e59b

SHA256
f31f9bd9c4079da2d4f0022005351be206bb034a5f3e62475fdb25efb3b25ad8

SHA512
6cf8ffb0ac37697a3d56dbe40c955d7797a1018a75d520d42ea1a6dc8d8abe1ea6281aa9aac7ae0f1c5d91c265a903c57d63903f149846d90fc937576ceb61ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
10458c866f70c686b79ce6167f531f26

SHA1
f7f203529f2f8a820bdf51e7c9aabad11be2df62

SHA256
2dae68e92dd28dee49cc241db3868a185957de93e03ff745bb45b32c021422c4

SHA512
e4453c9fc792ee97eb40995ef4c4cda3b4cab54299dc17e1075fea4238d2b31f72292bd414fd55c8e2fafc655062380121acb18206d134e673cac76debfaea43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
0726d4a52cb33f0cd71fe6a81ff71668

SHA1
dabce3d2ee7a2227e74c0bda907ffd4f0762a977

SHA256
835a187de6f27877828c4f12e935f47aa4b96506e2f8d1554e0de3ae97c1b4fb

SHA512
38ad81724a4fe28942141e0bf88ce96b74e4822bb1224b72bd7027c0d336530d07ad4a26e8ab16dbe601298cc9bb68725a9279c7dbd56db70237f5ee17b08253

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
30ca203388770054bd7f7197f960273d

SHA1
ba1ec4ab5e4093cc55cde29f7b0373345fcaf0f6

SHA256
f316086df6b50b2f16c0916ef435e2e8179d992d510d49686817d0b10a97f0d4

SHA512
31374713f7804e34c33161e83e464f591c6f97cec4fc0ac22386d123fd6b093665ed5e58320c6f3f4aa0732874ed5f2ca4f711644730220249dc78638b3274ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
9d0cb19e7c573e58183b59c040dad630

SHA1
8ccc50e02c6edbb842a28c452ac3204089978cf1

SHA256
229c9a7585ff42a3d60e8ea8d47a2e68654450530b8f1464a2564d5c16102e4a

SHA512
fa53b68834de664022abcb4d22a95090e8c999566a7157c2b29a05cf4fea40262a2b008499475ba3a5eda3d7fe9c134524b048890720a8c8d9492487f42edcbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
5bba3a76902b236dd87ada18af9b85c4

SHA1
619b89138f2afcfb34df3079f2b15388ee98263f

SHA256
f77ae7f343cd3b344f17c9d774302d28ceebbf64714610700ee920dc07a0be09

SHA512
4eccbd31b7b80001a213e45c1513d19bded32b7ba7c49e393874043c87f1810d957efd050928ca2dc1a295fb8a2e9d2146fa31f1eee5281d133fbe669224fcdd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3f0792fdd68b7e5c351a54b1c4cf4fb2

SHA1
98db2ad307a90438b4e360056460a004eadb61fc

SHA256
0f3629e193b6e3a647b98b2c7eff06c71c94bd712d6f49ffe06a4b3ade8901cd

SHA512
897f0ff44c768dca216657591dedc108ab18ff1eca161de203a5aba70642d22ac5524ceeb64f520aa73f70463b709bb92d6b07aa2add10c576d08e3ac25d05c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
2b9a459d786d1087b6351137dcd034a1

SHA1
18d68cbd39ab935faa8bdd9eeae24e349058c822

SHA256
838e36ddd6bf2925ed3031a0da1ca8d7924c94b6f59e746f8513ac372bfa5b71

SHA512
30a3e47595b9d06810fd4bea076c2b580021cff41389a022d353782af10564e861df492b4a4016e389e3e5aab838211d418e4dded388377312cd32406220a1ad

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
463KB

MD5
140a2eb3c4b566de65be175ae34e65fc

SHA1
0f9adeafa1bbd2a16ec50c607ae6b48bbe00a986

SHA256
bfb35fd73bf7b0a0582da46a1b6fa4398535a3ec42717cb1c751ec7ce6da400e

SHA512
f7c136e722cc1213ee32672227e7063ddd64b8ecfa720e46bf160284dd76a7ec24d801acb96439b984767bf7ecafb1d2af26e732f32516c59498e6143fdea76e

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.exe
Filesize
1.1MB

MD5
574d44b08d820adf65b9dcf1f4564b46

SHA1
c285b4c4149bb0f937d0ccf2e1442bc2f9f734f1

SHA256
8ff831f1ea1221bee053fc932d2c32fd7a2a11ad5b9aa8800d717dabdcb3ab1e

SHA512
8c5bf171e06a6490dc3a5cb546d16ea8381e5d4c90639598587ab660b55d208d33ee7ec45f2aeb278f388cb4121c347480aff1d7f680e18bf7ae2ed2e0afba06

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
1.1MB

MD5
01dacb4881715814e99dd9333b5616b6

SHA1
e542473ed025c2f2ecab8f9bcc09f4fdb1702a4c

SHA256
7df4b81f94e23dac8d6bf5dab2871c23af2b9d24a073f3ec6abf03bcf061bd38

SHA512
c74b2760b4242da68c3e548dc227d31195829a2794713ca686ac065a25139e8ab47c3802da2e14830532be8de78064daef524f81b323bb3f01990d4fbf95a3a5

Download Submit
memory/2316-91-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-61-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2316-183-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-5-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2316-71-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-143-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-81-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-121-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-173-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-153-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-113-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-103-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2316-133-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-158-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-172-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-58-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-112-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-102-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-152-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-90-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-60-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4856-120-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-0-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4856-80-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-142-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-182-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-48-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-70-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4856-132-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download