d9e3ab1bfca3fe32af07e0c5fef0943438c3e507bd0e08d5418c42b8796c1cfe

Analysis

max time kernel
145s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
Size

353KB
MD5

6c55d515eb2fff46e8f3398e95460553
SHA1

5e4cbcbe284270dfa59cd1ecf4ce2e59306a0323
SHA256

d9e3ab1bfca3fe32af07e0c5fef0943438c3e507bd0e08d5418c42b8796c1cfe
SHA512

279b621d4edf7110ba0b1a28ffe4c80ee17852ed2e6fb063ab6e8b704fabc6423b714a2d772db5a92deb561faf5e91d9e609c3a5a87129170fdb4eb6b2eaf251
SSDEEP

6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyAp0mgl8rhDM/2yT/Cw0B2uJ2s4otq0:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ5

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

HelpMe.exe6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

224 HelpMe.exe

pid	process
224	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\K:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\X:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\A:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\B:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\H:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\J:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\S:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\G:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\L:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\R:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\U:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\E:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\V:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\M:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\N:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\P:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\T:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\Y:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\Z:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\I:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\O:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\Q:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\W:	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe

description	pid	process	target process
PID 436 wrote to memory of 224	436	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe	HelpMe.exe
PID 436 wrote to memory of 224	436	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe	HelpMe.exe
PID 436 wrote to memory of 224	436	6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:436

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3124,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=3908 /prefetch:8
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.exe

Filesize
353KB

MD5
7a55caf96158bc789908e07e5335e7e3

SHA1
b45372fdd552069516ce6ab960b07d93b40ea071

SHA256
77bbdfda9f79018506666218212a1efc23698f11a57e7d3f9f79165136cc953c

SHA512
8b53ddabe795386dff43f5f68d8047ac859e1641d2a0aa0c808c2d58a95d81815231d1e304fb36de62cd787815617b554a9c8581aed58187bc3be99089b03cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8c2a9066a6f1b3ef1d2b1bf213dd24d1

SHA1
be2284dee1f58cf76c3f70213d874e2c265d5270

SHA256
9ddcc0ed33ed3128aa29572219eedd38d941cb99e6d8212a3125e23a8b4b1d32

SHA512
6331d588349d2267b10f691f98a255d38511165daebfe182db8dc49e92685e81882120d3d5b13b7133ec43964bbdf3bbeb56730b69e6e524337a9d88b65b1a27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b002284b1471644c6da326076c9a2275

SHA1
abd2d722e5a2b52db167c9088073e851c2153a72

SHA256
4febfd6e02ce7804bb32afdab23c2e1e18339dec12df05ef2d3eb58b2a1ba67c

SHA512
e95ce38007a889488b18cb6349b7eff754f24d0e1bde048b99ebb6fd668c3cfbd34429836738fe81cd9d9d3bea638a5c91c08d5fbd09c621504d31498043b953

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a4199d673914e90e2e41c9f8ff6938f7

SHA1
e91271be446a50852fd70c99be9d6ea9766bf311

SHA256
7fc8385e5ce425cddb501e7cb9b27d4ef2f00bc79ef923f88aa07a82d5cec549

SHA512
055a6cbe5c2f2273766d9cd689028a30e59bf41aa809af7c2ebd43eb30e6658ed99c2599714f015e269cff5deb4cc33aa6884e79f5df9a3f5561b9bcb194f5d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0a4ebf1d351e5e16095b7761d496a0c5

SHA1
3e90c516881a2c3b8c08735df4093fdd43d36f5c

SHA256
55c93276b3dff70b3b61f2672707809884c6fb7f680d4c77ad295aa6a1ec403b

SHA512
a3b66c53670f65790f0ca0e309c9c6198133cb3148c54c42b78bbc4ea4428419ffa562aa2fcfe3092bb721c8769897c5e96b5a39706bbdd32e1e3a01bc9cca2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ba0630771dc6587aa60aab2b22e8598a

SHA1
0bdee81716c9225c59bcc4274a2d8ce38b466361

SHA256
1caff3c12cca0adcec67fd30df5bc5938863ebeff3f39c32c90c7e6737fb24b9

SHA512
136aece241f82c5cc9eff16f5f8d6645aa8350d758f58b65d12c4076d1cb247b9a8800c61a925fbfd66d831f40808e1362541ca9431aaed642027acdc0cd5c57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8b3175e7bce42eb976864e837a996066

SHA1
7a6ab6cc0d5bbf8e3497c054058f862f7acb1eba

SHA256
7a4c98c8d826e5628879da5d3972ead656663cedba95bb7cc0fa778e12c89607

SHA512
5fa9df3d514d2ac687124b1d4d49bf5367221f5f6ed82f46548e857dcab0258c8255b9ece989625a69d6c244443e84422f9cf621a871b237a7d066ea43ba6825

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
589f7658adf8521807c90aff7a08bcfe

SHA1
e2260ca51347508626cab4e3bace21dc0e41ccac

SHA256
244ffe3ca6c9b145b65973467e57984e0890caefe5a9ebae7354fb64d5b23232

SHA512
36807a19f348145d221b13266a7bd8ea33cc850b1faa441ab0cfa0aa82a5bc1104fffb415e2404574ee847e257d2889a7f62e0780bbae0d767091ca54b040015

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
63fc9c95fba1b68de4118fe4fcd53c10

SHA1
a2b4e94c11b83b0e14dbbf640e0d58d1717c3c6d

SHA256
ccf48e59d654dc42ed0eebc5798839ad0f4f56c29ee2633f1611b6f3308d900b

SHA512
569e5f452c48d163c58004544a734f145efe868442669485d691bd0d38062152f0a5ab9f318b1774806b038c0846d4c90ea2bf11cb84bf2b935855f812af0211

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e76f3514d7937500839b984148a935d4

SHA1
26c1cdda6682032a5fbca788a430c9f9baf172aa

SHA256
c9020f0a011e189809cf5d771a628bb1f1492b1707d6f77c307950cea5f4a6d8

SHA512
bb81dc91b9810037cb6dd4824bab6390a75e735aa4c1f8a003d9ed0955ad1f5f5185dfa03bc97b9125de823dc1fd1b97e3d64095c1c8f6c2be21e77678818507

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
286111f66caf2f64a530db14fbac735e

SHA1
f2992815a1dd23e45d7a62d3a5fbdfe5907a5097

SHA256
c7fbc8a7257c10cb04bbc65bff848eec8433f7ba84b3ce2e7e45c4700a15a94b

SHA512
c8b401060c6300fc7f430a70730311aab40c455ab767934e9070330bdc7c20a7009f5f3783b0bfc0b1a77dee7cc98f5e1fb1c876f29e89a63a3d844928624897

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ba1e82b32a12658af71773eeff1e11a1

SHA1
b834416d1eaf36ed579b16c71dc3988a63a81100

SHA256
6d0884d5b286dd458e3cc5d2caf7509bffb75fbef4bd1a1c36986fb3e0a2f266

SHA512
4f49d2620680891cac2a2f016fbf9d61561f4d9c4daba483607ec4b72790f48a14b37ed1c4134514b97662cc5ee9a74821a614119597608711b58d859ce25cbf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
11b22d2db808f98fafa25520c7ee6de6

SHA1
85adac1ff06b49965e87a0345b779ba92f5289bb

SHA256
c2cdef62bb3a87717dcc74440a3ed0508b289262dba0af0c2c10dd80ce933fac

SHA512
e489ec9fc77ca3e886573c6eaec9f6e1601a78789d35a5d7b5a74012f83a859c81603b2c3ad2b3364a546b0b4233fd8bc4486112e70f5d8f0fdffa5ebf4ca068

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
846943d76070c429f5863b17cd0f5019

SHA1
83fac6deb1046751b5dd44a185079731a2e72fa8

SHA256
649fb311f8a276c8a69dafb3259c0ca423dea28e5756619c4588a779a67ba78a

SHA512
f1c9c5a794f1e76da2afaed8b03b638e324796f84151df38aa7abf3486726da1a384bc91751bee7e40200b42e22a455dcbbc3074af0d070eaf18b09dbd5a6a48

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ba1932426c585142c90b286fdc2ad7a0

SHA1
77b1e6320975dc6a0a256c9dcb4280169971049f

SHA256
c1451a9c59574fe4c83256fe7bfa8ce3144e396bce79f7f4810f5853ad3d6ccd

SHA512
3c2b99b8c735caca7b2a63301a68c703286c3c8645f7b54e581dac14ccfb6bdaaee8e0eb522a6fb0fd8986f7c4bac2276199fed0d6f9206deee36db661430888

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
21a07ecca5877c7d273caf051c31208b

SHA1
9b38fca8cc5dced9076e9f157877efab9e6ab1ac

SHA256
c96415bddfc848c10ab92087335d63ca8ec2e4589fa032a4fa57757d69052573

SHA512
e74e17afcc95e435b3aac3adcab1e96ad650fd1dfd9fef1247c2520ab7fc158f8efd541c76ce5ed12915fa19f92068cacbd0081069ae76b5b67c68d93534f3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
29a252d4f3ad6b20f6493b2e8ef647b9

SHA1
28be98eb6198bef4d0f8fe7631e50341de0e28a8

SHA256
fbe3a0ed5d116a340f97387f0afd61c6ebadb61cf884e78eccbcf45a5142fe48

SHA512
2f0db5ee6843b64b900e6c4f647b0093d65cc78a2c098fa1ad49042493c9871787c10538dcd7ac92be5642577c7d3422c3bc234a94f4badb86ab6319fa413cc7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0b1c6fa80e3e64708a9f094433c02283

SHA1
502105b5748c969b28a74e781dfa35ee8c4ca7cb

SHA256
b636d09222772851d8911973526c329dea2a989f5e65237a08b51180f93daeb8

SHA512
bbc0af6c1ac1180504046f05210307c815be8cda55de76d365f6bc41385729b2b33aea615043735cd2b4a65958a05c3c6c2194541e658370438c9d57416b8c42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2e87ed059a9e5690aa1d305274cfe4c1

SHA1
956313547c86e4c4d6d5747e74f5be7b059fe202

SHA256
51e8e9c2aa845901e0b122b050aa8325792eb66a97c01ca050317d45b2ce0577

SHA512
f2791b7ec1c596b1cf2084d2e73afabf0b9beda96fd9f6e2a4463efb70efc2ad4f3f071f41016eeef67c3fa1cd2f7ab68e575ab7cda3fdad21ffaa130c066467

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c60f6a7cb4640123286ec461d842f23a

SHA1
ee975408b0ffe9b14c2bc185498b17d63698a809

SHA256
77997d4017d893d28c87d25f1cb91af0839881bfc972558227e9639dd9e27492

SHA512
0b30084d36b81d13798d95ada89dcbe208338becb30bab9324c7346e52f66ea770578b4f5e1700bde5cf8c8bafa0a0a1647ea2efab41260d556063e0233fb296

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d4ac5931301af5895cefe481441adac9

SHA1
91615409b7396c4afe2f3769f567298b63c4c3d6

SHA256
5b525750ff031fb75c25d32357224bab2a0c4c1e0a5623c2932b0d15770e9364

SHA512
3cd019f1c5c21d5fc9a31c5fe5b5161d5974338d151360dd59eb5628f7dfef3d57343d5e6afcb95731613dd8c1d1122ba6e9b599dcd282a5efeb480c0734bf9d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0218fa0f521ff9096fa3b3d65fb0ceac

SHA1
d840c6274bbe88de53c9a5d142e8c3d85359e17b

SHA256
96090a4b465d1eadbde1ede9d58de8b07ff5bcb34f685eb0d7696f21a3c7e5e5

SHA512
c18e32be1a91d061257c70280621ed2f535050c6e7b298527a26fbe8b9fe672d1095e8ffc53ef3c30d22b7fedb33c60a400739e31785e69969fb717457a6330a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3057fa6f8a83a51d184f4237229be8ed

SHA1
f4eb66708f554990c10ee6c5264a43739658dc37

SHA256
51f4cd280d6c7718aedcf8db533c12096830a49b9fd1c60c6a3b156fa9f8b6b7

SHA512
e5833f398a649f91ab288f6a2225106f00aadd8c7c896879c0addee4c8eee7167c8623acac89c7b3a84a9b611da1b10a12410ca7317c5f354637f8275c97c500

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a04e55079eac28702b8a25dc45c4b1d2

SHA1
111bc4b5d02fdff2d47f3bc78d3474af9d611ff3

SHA256
9071c9edbb8515ea40dafbb121eabb6e49f3e077dacb801e42ed97d790766903

SHA512
c897aac8bd8693df13b13aa8d33be9d210b58cb7cd8b7c18ce724671ce0f283f011f334f328163d24589b742abd904602901b8994e55bb6be049a803aed7b960

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
94ebed9f7c322b2b00e8d11ccfae5131

SHA1
36c6c0f05d9f19c3ed06eeefbe011fc4b3e658c2

SHA256
c3f078a9b60054c252dc3e6309ae575058a8671d0b677f5ed1779682857e1840

SHA512
5d406391b0f703faa798e169a7a358e57f857c440c41ec6ad6801760462f0761ff7886f84a34ca05a311b4482f1d29c2f53def5415c1984f967a28df8492d8b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e23daaf51aa44ba007a6f6a6f82ffda4

SHA1
b5f8d64c4829547906eac14ed9103c9ed4433733

SHA256
a83c9b0659a019575e6d7efdafba516d68b13e78d2da6675b19a75a4cddd3d2b

SHA512
cbbc2800296811a6d4d636e03e847bfff176babba345f56b648abad979a847b891f4eb19d3f6c00669e39d66cf0c5d7169b1166076dbef4b96a27176a5c641f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
caaa1da7a20df7d97a7adb0a92bfb979

SHA1
34583f0f0406adeeb5aabd07d58dccc4cae7534d

SHA256
be5d4570d7bee07b67c9085701fc86b1b6045ad563e0a7ef9836f9c7d122f894

SHA512
2d930809a95dfa180aa2f26213df46f430a8cb286fa8263ca5a93c2459e8c7d48bacde5cbcacd5e11ed58fcc57fb6b69719f5905b352230c5901f824f638f689

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
960f1fda3449f8773f559bbfcbb3cc34

SHA1
f5afcd5ed2302c6bfc8ca09acb34d448d855d3c5

SHA256
8547bec37c6ca6a1e4903aa4cd6a2d4b397b61d93f3a72b7b084f6c20b1cb267

SHA512
859784478b42dd5cf3120482f62975d001fd11ccc69ae1e4a2848e82849b3a066ac552da21e93869e95309a94149d79c4d1ba6c02fb8da0c144bafbe7b0f3867

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7039aa5911706ea4aa4299c768122fed

SHA1
a2495722a2966999f9f530ddabc0fd2403bbdf3d

SHA256
3e99bf79907346c5371011e5e1fc6d67f99ed30b099acdc64934532312eaf8d9

SHA512
52dae7961f01f25851ce4c96da0581f48d7c2de3e11ebd5b6e6057fb95394073f8f9a511b9143481f5d7c570a67f368285752bb4daaf570eea66359dbfe1066e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
42d9a7bddfa9d6ce83b39b8e9007f79a

SHA1
16db1dda8f94b4fd00d948b60ebd33b1b89478cf

SHA256
877fa719fc4698292f1fbdb4dec70307d55b06a270bda16d9d6156ae2368cb25

SHA512
3f4463d9adc07fd92a77be64dd303d6c0084dc8cc41f6d9776d1121251acc9693a437c135999ba8b48bec7e1b90b1125a9a49f3cbd67c50cb6312c55bcf8072d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
025189fb06150a9969852cc1626c2728

SHA1
6b1820555eee51f2064dd653f3178916763e8534

SHA256
642651b7c96555241296d156bd1dff3db4248db31bd96cd12dcb02ca8e0ea20a

SHA512
370fd03ed11febd54d1929d3938ad77c4f7ef6abec3054441eee89805e8f9477b1425fc00a5ea0f6ea57543a9e6e673bb037d5d90b7760494e2686795924e90e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
32cc44275391dbd1bbc213587f274df6

SHA1
8fecf99ae3a79c10763f1d6c838ca024e2dc83dc

SHA256
6440ef32bfac9b2ed3b396b0066a788b175e0ce08847830d849b5463417f816d

SHA512
0c45bc85a752b9b82c6a1ece00958f034b0cf324b6f57eda4f04bd0de604258e1d3c57581151e78bc8ee40fec06d22af7a7ac0f4fb27839ceb37d749fd6f2336

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0fd5af3695c9a5de6d23442931190531

SHA1
30311e56c53c3fd528c6f9a121d0c4372ec35f51

SHA256
b44c9178c45395d06a400547b1ba4570410e7389515149b03d937aece4671e7b

SHA512
c3317f2dea72d3d44c594bfbf11bf66fe47f635aff574e7f55508faa3e941ce62bde1ca2184492859d0e3765a54a1dcc7a61fdb89c88af1b6f0e998c36024350

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
54a63a49ee4afcf4e1f40402252cf26f

SHA1
f32a29d9b20690bc7fdd2ed0dd9452154629de27

SHA256
5ced084f96628f0d03f52764a91ce6b0e7a0601a314cdb35a62d5e08cb1cfd29

SHA512
1899ae4416a55235a7d9d4bc2e34a6b144f52ee8dfc9c6d76236233a2ac49c5473414770565b48921733522d99fe97ec1b279a17fa98e98049a5ef22140d2718

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8591e8932fd92d1155697bf9ab5d1c1e

SHA1
fa257bce4eb4b1ef5adb516a7d0d37201c7f7dcd

SHA256
f13eed5a38cb30abc7aa70f5ac1b9fdca12f64f1a8f84cb111695317c9f7edfa

SHA512
986bd06dc4da9c4f489b0a177bd29dca2d5ed1a85a606d14f49bb04685e157148efc99f3686e59bde2a661761001e5413ab20661c185e2dcdebf84cc4da0269d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1083b47cc49b160a1365e29df8160e2a

SHA1
6c737e978be15bf2ee8a6e823db1c4eb5cd69641

SHA256
fdd9d57e027c1691860dc2d3ee2893522ccbb1100dfc54b927d17aff7002fba3

SHA512
e0b51e0956e6f486e99d1c66aec4726febcbf80ba332a15b295ead715aac2348243bf068fef0d3afeceb39d0d4271f4110d347ada2079e60b3e4ebdfaece039c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
20afc9f650ceb883edccf1bdee9ceb90

SHA1
9723b9519ab2a0a813d53c3fd680040907db455e

SHA256
838876c6e3c49bed0a75a4c8bb6482eaf8de78610c1b2a57402510b608053392

SHA512
d45412e82fdb7e8b9cadc6f96c81a81b27eeb388be47909f13850125bde6744cea9150c332b3bdcd1d194243752186d6331bf29b99d948ff19f8c80d7390abb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
00f34186cf8b43c9d070d4f4e8b093c5

SHA1
2eccd02504d6ca8cecf2cb7f126e34e59666cb6e

SHA256
a3747a7495422f293666892c78f39d1830446604d6bcc70b5d3b5765b827531d

SHA512
3a2439c195e927932823dba97948d1cd8484c56efc6b0018f92de92695b8b341ebfef612137858c98aa6e6e340342c0cec39196340cde45a9ddd960ed0f1ed1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
094785dc17b87af154891efbed3f483a

SHA1
3673b2bf77cbb82491627dba634209b2f86a7f06

SHA256
bd06119a0a9af350506b29eb0c59761b930ff72431fb1e84f5d08c12f6ea3ae8

SHA512
c21de17e5999701922fb1601dfc464029c70fa15b3cfe1605e37b725b0c691e206229f787d5a016630dc2e446119312dee1e86739a89d2767d7a4499d9036774

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
77973ebe1e6b246c2bf3bc37a84f5a17

SHA1
337cf02ee768370e57d19c82f4c05a2795484381

SHA256
6a871b6f1b117e6f3e25101742bd223060510f67e6b48be0cd905a840e637aeb

SHA512
842144ece99c4747fc54b9094b240e82e4003e1856c9e439c06affe3f8d21f9bae34454cd735cdfa124da51e1a7db8f3500c26bd026985c49815127253e1f441

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a65a57b02d5e12f7ccf6a250060f5bbb

SHA1
4ac7dba8c8f7c0c74062187430b360d2ccdda263

SHA256
76e7820734f1616f1d5caa43a958114e524f991c5b684ae9c4e7490b90a904ec

SHA512
ac5843c34e04e7be08ff07a2c7768531a2ecb9da9d465c5b61131689e9b95f3e8726c3f046201b3efaffa0d43b9473a83526a4780305dfb1207ea832005a3613

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f60c7f988451220a7e1aff83be9a0e2a

SHA1
03ea700f57f82b79cbf562cd4ba674343d445f34

SHA256
cf7248731ab27df67d31329ddedf8fe778a4a71cc136a1fa2394ee200de64537

SHA512
47f6b84b3e79590bc79ee72090e8f7402c1e1e43c7320651c2d7566ec3b4ba4eb4c419daa6a02b5c24adbc1cdd99edfa51eb35058e8df58ede279e1d0b5e41d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8107ef2196d88b65aaa4d14c198be05b

SHA1
b0fe0d3d9a56ca424cfb3a035a61d6bdcbfef005

SHA256
df6913ebf9f4fd7a08de8a580b8c39f359277c2f16642a481932210a2db4dd0f

SHA512
e26a5fe14a6cf3bdba298dc1b06157544e7b98be8936d515eabe6ffebcfafeb281a382655303fe93be079f87100ebf5d5c2d2ba07bc16142d3a714cf92425513

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
32a9c7f1fd8100112f66553f8fc38457

SHA1
1afff11f423e32676801d3475ae84f19f89fa3c4

SHA256
fac03284fffe0e190d971ad9dce6c23e798da3766d58096c0e26a261c15fd040

SHA512
d91a1408d207c7dbc909c100321bba2f2d2d62e770387c0b276f02d8a2b0e527396f7ba55e11e83692dbfea932508e367309ab69a9dbb7dc0fac87d0be3c3d81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cb5cf48d410dd5922097820a6e394ef1

SHA1
0a1a8e17536ba48c83705ace89a800396265372d

SHA256
b75d1dd6ec3c607e7d53350152c4ad6f3fe611e134c15948664160a0241a5045

SHA512
2bbd95f652de77f0c007785923a29474d30899a1702fe40c35eea1ec87b2d1b39649264f2db45549d92787713cbe7a1783b7b96cb6ed2edea1b36f931f14fd92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
590f6e306e88ff9411fa030054be16a3

SHA1
45b86dacc3ece7fce4c3913fd59adac241c27d34

SHA256
92da8d005f184da700c376850ee87940421819284358e68c7a6828cdb0d28dfc

SHA512
2ada221a270112caf6ff6e036116fe28b1a6a7536f28f56c883d138afcc5064982178be458c43d8864ea0a962ea5048137f44abbe43c76a2efa61138e73c791d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c83c245e78fbe37625a2a496fc20efba

SHA1
02c52af92566eaf4f6a7269b57d4a46cfd70962f

SHA256
07ac02b8f8b6c16501f81a77ae92053d7eca2b792a24c8aa1e462eab834613a2

SHA512
dd1c1ad8e185cb3e087cbb4fe24d23698595f17489dc2b4ac3542e0c4dce76ba59e7482a62b74529ebef4ba66bf59706b493ae0339ef0fdf41479c00828637b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
8b4842e47a7405e14a8ee25b972d0234

SHA1
20e145cf6c7bbe4ad150d7af410908e493e2c700

SHA256
b805f399e645a77b118c1d1b62d1163a35ffe02ac3749aa9d6569b995678d264

SHA512
8c2d4898a8a95c1623e9a02c25a9b8d1032a55704a02918fa7faebcd7a593606a4a2db10f2e3d8063cfa682d289bfc680cccad069912fbc6332a5df9e68f8ca9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fa9c555953c7e86c35f1f8bc4d41fa05

SHA1
8edfe7dcb1838da1a331c6e0fda86c78c5c3f069

SHA256
7ec895fbd7a799d4b7723a27f4ab24fd5d694ea9e0f45badcfaeb7972a70f6a0

SHA512
d1788ef3a841a548856201e3b1409be3f3024d31d018a4bf521e824ca511a472a0d1eca537d77c5f47e540bce3006bd8185b677b2a09e21e53a8a35344ee6059

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
82dc8eecede46da01c45d820cb65da5f

SHA1
c19b2dee24aa833d0c405e6d2a3247b0ced33f0d

SHA256
421f56e32523461768bfaf8ac1a8425eb77b53ca6db42a98953dea843404f5f4

SHA512
ec61ce9b7dc41d651962fe39dbaab47d733bbd83a7e442b176ba6a895e97b3a31d58c06f8d7805f4aa4c3cd304cdf35c1e536b9f6d6950906dccaa3081d364e1

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
352KB

MD5
9e510de3a52aa2d6130d2bacd8b85219

SHA1
4aa8146a39285ffe7142bfb42e6a8f94b1dee44a

SHA256
73ac0cc5b5c1a36fdd1265134d58886dffe312f6ad1a12c4d31560ce72d4c5c5

SHA512
20e756c18b9a4766fe409c9007d48848d63328ac0fcc04b3bb4c837b1f51a41610c8ccd2cf1aa0cffc3c287e3073d271d45c5182579c928edc416b4c2e7d93ab

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.exe

Filesize
353KB

MD5
13cada48851c8ce1d5775805e434a990

SHA1
7d22bd4ad25b5ebe2f5d71884b02d3246e9672c7

SHA256
057f2f5179f795868b7be312eeb16d7aedea83f5cf1e3d0e91a25ca6f0f4683e

SHA512
9e0fe7a8b1e67be779b099ad19bb374909d2655126523eafe91f5823ee0f585b9df5431720de95aec88b0cb81ccc5b0c6c0a6ec71e80dfa3890fe6b6b6d010d3

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
353KB

MD5
6c55d515eb2fff46e8f3398e95460553

SHA1
5e4cbcbe284270dfa59cd1ecf4ce2e59306a0323

SHA256
d9e3ab1bfca3fe32af07e0c5fef0943438c3e507bd0e08d5418c42b8796c1cfe

SHA512
279b621d4edf7110ba0b1a28ffe4c80ee17852ed2e6fb063ab6e8b704fabc6423b714a2d772db5a92deb561faf5e91d9e609c3a5a87129170fdb4eb6b2eaf251

Download Submit
memory/224-71-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-153-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-181-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-5-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/224-133-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-103-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-81-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-113-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-123-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-172-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-143-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-91-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-61-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/224-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/224-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-70-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-90-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-58-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-48-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-152-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-162-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-0-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/436-60-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/436-112-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-171-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-142-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-122-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-132-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-180-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-76-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/436-102-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download