be320e20f29e49ef90082f84fed1736dd2434f1bd9d222b2ba76030ad92e93fa

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
Size

1.4MB
MD5

70d462fc99a5c81c15a0738faeadd584
SHA1

6babff7528d909326ada0cbcff5e280485aa5eac
SHA256

be320e20f29e49ef90082f84fed1736dd2434f1bd9d222b2ba76030ad92e93fa
SHA512

19ecd315fdf0f5a390b3343f1b4e5169986ca9b0dcbcbc19e77d6c8f124f369680a6c1a99b8df1fff87a3d59e5229ee8500ef070f2261f23dc47bc63367eac04
SSDEEP

24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvM:oEs1ha

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

Processes:

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

3992 HelpMe.exe

pid	process
3992	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\T:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\E:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\J:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\P:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\X:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\Y:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\O:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\S:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\W:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\G:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\L:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\R:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\I:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\K:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\A:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\M:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\U:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\Z:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\H:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\N:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened (read-only)	\??\Q:	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe

description	pid	process	target process
PID 4288 wrote to memory of 3992	4288	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe	HelpMe.exe
PID 4288 wrote to memory of 3992	4288	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe	HelpMe.exe
PID 4288 wrote to memory of 3992	4288	70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70d462fc99a5c81c15a0738faeadd584_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4288

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:3992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe
Filesize
1.4MB

MD5
24bb44085a46f73d20b1ee289873a5c2

SHA1
e6a87a733d4a86e2e9ae4662664f0c41e958e566

SHA256
9ca9a09c239c111ae87a391b274953a35461774bb9dc141b46a81d06ab234229

SHA512
aea90e7ae2021bf7a2998cc41f5a19c91ae317a8f21910cf62d2e292203ce642d01cc922bf83865db0fd90345dab1d03d6ef6466304c00652da364a47c1f6e92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
2a61c73259f05742cf95c97e5f9ba53b

SHA1
61b4c5f35ddad0cb92f138a3498e3c71401b7041

SHA256
6615d35e8aaeb72c58a16594541f0355d01909ec969e15e48115816a82ddedc7

SHA512
34c96c80744643f179ef09a046196ba2de09f630d66af973f0608a3ad85a0c4557502461e26d23493c75a5ac60e3da598463c938d72ebd77ed3cfbdd993fddc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
8df9565fb0efc6fd4fcd3123df782fbf

SHA1
0724afe65abed5864cd6c11a894be2dc509919c9

SHA256
352cf1b07544bfed7af003d11ff4dc6869e71fcb23ba27fcd5b9046181313f48

SHA512
86cbc341847e18e6e3d13c4df6775a92ca16ef9ffe1251619a376749d1e0999665d20162a1fac38312f82741330ee50a8b43a75bdef5737db4147fb6b01d608c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
3d932a507758e5cdbb8279def6c141c6

SHA1
10f1ca52dded21778d23fb7ad475c3bd175ce3db

SHA256
7402d0f9a669ffcfbf3fe0dc548f239461dd00d0d0da4c5098fadacc9843e2e1

SHA512
80c711d8833d1337e40b958414d6e7855fb0d94e723fc54dfbc7fee084d562d61da69040859f010eaedc175c16698ba433262e4bf5c00102dd40383f42588b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
69779433e192e6d2ab2db3bf6caff3fd

SHA1
b95a3efc49f6043257c7624d4cbe1e9ce80a39d6

SHA256
79755c4374d11bdbc2707c2887c9a13e97f51161fda2ca4edaecd733d050033f

SHA512
4546377b49769cc9ba5d3f71ca2f399c315f6105a1e8722f1a8256315d394d642fd52a41b39737ca515992d43f09706b02c69ddf78d49759e2085f5784a4754c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
82a20430925ddfc28dce5cd378045922

SHA1
857a8c9ea39816914deb52b585b5fc3585611946

SHA256
9b625cee20794744070d527205139d692a3d543a3e4ba178cfc5b9424a209d34

SHA512
3bf0becaeef3a2b16438608a7d0e374f502b8d9cf52f7477bf5e1f652214af5f23c96391468c69fd85d1ecd41b37ee4faecde72606e37f7772e06f0d9b226997

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2ac10a526a7fcc23474689839ef62342

SHA1
cb521bddb55d2ad9967928a4e497fb417c5fb54e

SHA256
28ade75d0fdbcaa4d269930c1f3635a44a6727273217d8be6a1185d493464239

SHA512
1d9232b9358cc1aff8d6b5e99d0c430fadfbdaae906ce43d0dd4e7385fd37a09bd31d5da605ae009a8d15c484a8b8fe972717d31264d396d7f95461b0bb8e8cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
a157f45bd88c12609d2e9e7f0201a451

SHA1
698496e4c59e4752b35e79ada5c91eea82ce750f

SHA256
06c25f9024395792df589be0abcd9201fbb2d57c7a911dfbda364069ba954f03

SHA512
1de06fadb32f4d98f0f6cca0ab5b3db9df7f2b6232c1926d3a9679d88f89e6f34c71006250c7882903063b558f923ce579c5d1bb752ff6c30f6d47aea2e4eaa8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7b6678f61bc0f7e9d3f8abd808c047fe

SHA1
3a7aa9337f591dc35b69bd75fe511343ed7baa35

SHA256
ad8cea8d233b6a508f7cc04c125bc17b25468092d198089d18c97212196b6ab8

SHA512
d545b36533059ff0c5c6a6b76b73a3b4702a8eaea33c7ec31c182ed83fd82538e42e4938ed6d484e7513c97af05a229145a7e5393dab6e873367b8527ebb882c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
638fc673d645696cdededf587ea54753

SHA1
ec84e230534e4a31fd42398d2bf77553f04aea0d

SHA256
7187d5aa216d94a1db99004b9a203a7b163556b724845e3a975d6147b28d4f4c

SHA512
4a8469b9de6c325c4bf130cb35caad4afbd19edbe78c89653bbcada59b8b7c5bb1ce6abb15e9981f5b16bac1432872b0dff07dd18bec56e7b28bc7e77a1c516f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
40c991c2b0eedbca821f4b4769fe0674

SHA1
e17a7060346b3376c738d065755a8ea887ee7c37

SHA256
7382f142861011b63254c7198eb246bc2022c65db63b7fbdb10f5d2a05882a8e

SHA512
cc7d601cea5423de2573c7731c7c76694d6d78a6c38d1bf6c59ff901af95676995b6a9d866c657ea710c63f604bab51d0d59bf00e951ea3d3871473b0b0e5b9b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
27b7a5b0b91dec153a21fb5512741701

SHA1
ca3d6ee1486bb043fa960e6e3c0771aeef73a7a1

SHA256
5a7a2923da8c6fee9445598e5bb46296e60dca857990bfcbea169f106a058d80

SHA512
f928d1d2b07807d961f14be81e3346f1c5ed32054628c5d051f51dd025dac70020b6fa0d57fec32096e2cf11889fc2cbb55e78184ca9e5f4c226e5a3f7b1a7d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e5258ed78835e1cd5649ddfacbb4c0a0

SHA1
0d34c9de9c76fbf2f3ab2cbef90692ae1cfadad6

SHA256
7b46f2a0f11ce65f0edfdc4af8c657f1cf32b72557a827ed049180eaebfbfd5f

SHA512
6c0e576080855e4cd50a20ae47d372ec7205ab75d01a4c0f65530395fdd0e34c721ca80da6b31a8f1844d048494dda749f93348159e73ca52a35aa0d3f368eae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
99822d5b8db043376ea17527c51c3f05

SHA1
2942ed8fe65b0d685670e17c77a9c8bf40db9105

SHA256
43d17997816a3e31850ae8e307b262d017be3a1eec77566e778a5428c42274e2

SHA512
a8421608ccf92d57dbea3242a44b47a830b015de85e09ee45b6c6509ae825954fd626a3b033e531dd38a582a66c7e29976228ef6bc742ddcdf3aaa085d161fde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
550d45914349746cd456c2e89b4825b3

SHA1
0725c34aff6e95e51ab2f69a18adb7ce350858fe

SHA256
bb442267bae11a4ff5319a12ede6457704ea913507d7764b005e1882c0a477fb

SHA512
35ec4840e91c2a5836fb03532bb8c941272aa58f40c5f1475ac17d01787cdeaada7c0383ba9343c74667fcca93d0a2555d0411c9ff06a0739dc6c3e9a0597dc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5b075f12d1b7bcb5f3ab340136df4d43

SHA1
e904f9e8d9fb0aa74cf50422bcf89ecaacf442e3

SHA256
75054b0fa39a0296fcf532e4a64ca5f9277e795eabe48bf3ac7cb57dd043be55

SHA512
f8e195675dab85b61a6cd29006145aa241272d84b916660a3704a22de565be46edce56690025ba8406d41bd1cb1d9f25f13e6e76cfb0445cec250e1fa5fbf1d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2ee085cee7a0a55ea9cb7e64ca73821f

SHA1
7659c804c41bdcb7ee988001d93fae5258f431fe

SHA256
a9c0f1ca09cc40d6d977b2d6b14bbcf7facaf9ebc6a1cf796ff21ade96a1683d

SHA512
d8d578197ef6124e26a9880228b0b99d8dcdd4e6d2ee467e8ac0558cf3a3f7cc08988750b3e06b79be592d8c76150879aebb6ccf4470e3553656236355c6dc63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
00a336bc4f2d49724294853abece0486

SHA1
3ddb9e9fd4313fb25a30330191d90d31b5294ee8

SHA256
f5fc57fcd042d2d9351784ac475b79ada60ed91a1545410a06a6861002758e09

SHA512
5be67d1156b14cdee3ed866a09eadc8d168be5c0127b5b04493873f73f1104624ebafd11b785e52cf1f3bb73ee5070c11da0a50c4db08e24d4f9cc76aee5265e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
bdd1447c6f775bf7981350628b3aa1df

SHA1
0431fcfbb2ea6dd70d9f5302150408c6a9b991f9

SHA256
542cbcaaab8cfe4f346fdcd1de51ac99b37727c76a06e380e5e6d0ed973a9927

SHA512
70048e19f5916b164998117378e8e5416c41b8c4a2afeaafe587f8ed34e895aa13c5da3bb3cc84bf8bd34759985d4c1e3e8400bd8d681bcfcdd22f887a6f45a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
c6174aa4f41a881b4ef69267a907e079

SHA1
03d1fa0997698138bf587a7a39324c97d0e3d391

SHA256
0581a4f96ebc2529f33e201abdbb40ca8bdb38b674027ee386188eb495f8f240

SHA512
2ba2bed6c8fc8166b53bbc5f9c8e8c51b0b50e467148c0b5f73b3d4560bae660b68d659de052a01d089fb001d6872af6c07356cbe5565c89f291c879b97f4b7e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
377981a9fcd89f21c9050138f6451f55

SHA1
ad7a4eb64631e3bdad93e2e1c3903f9624e14353

SHA256
8ea3d4800503864615bbf52b4c8341f88983c1ce2efb81e460a496185dc97f73

SHA512
e795fdf2513222b4fe64a864178f3df94ddd7187805fc68da9245de3d8dd6d05e191c177334e96c919bc057d96cea3790e64f6effd2cead4895ed7d0609dc368

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e2baad558bb72230475b6cb0ff78535f

SHA1
99d7f5dd191e9f97fbaac4907296c6ef8fc623dd

SHA256
46473ee4af3045b09342b4d957ad821e35b6c09fb467bad5be7c0b09364038a0

SHA512
c67d8188bd1cbaef95b99bcce2733484da4a0e04c1fa260fead0f1f5f187c50bef89f49e5508e8260a6a4e232302773b2c7afb706cbdca21a02f2b09febc41cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1a1886eca5aacf5c27783e823a70da97

SHA1
eef34db08bc8cb951b7adb71c15755761cae28b9

SHA256
23bc790264b6e5d95469319b615bf6ba4def4f50c22540e83f4e32f62d668754

SHA512
032d6b709d7163e1b9bfdf75dd468672d01d1e955b9338db74fab2f66cad20ab21963b295d5cbe5042ecc194c2ec34abfd6ba8258c8f17f38204892f17bbe5f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
7ea9e143fd324afb5685c52141a7e11f

SHA1
5c55c77219c1c83cfc3335dff6807e1cb2791956

SHA256
a0dcfdc973743370725e153e11eb3f3656e560c6efe9e89715f59b92462fe6c8

SHA512
d30864869c1bdc01d4022765d3c4c697f5ef0e39b0d069087fa81f8620bd734aa6c668029b82027a465cd8ba5d273d9f8b70d111c9dcb8b493c96be961a29ca3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ad7826a6e40a7868411b63054e53596f

SHA1
2d47a72356ae66944f0e5262f37f3d9ccde9ae73

SHA256
b108b5dbc2741f95bb2c352ebf572521ff1efe05dd60eac3f4a53c0c1df2bdc3

SHA512
fd151471ee09a66a189a3a62541918efedfc3b60e3c0ee07caca0e4dce32db3d61de147979cd784372ac2a70ef60ba10ef1614a5729b3492eb401a24fd12130d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
59b79517dfdab8ca06d15ad83230abcb

SHA1
ac5ce50dd3953cd25db4be17df2764f3123981f6

SHA256
d7a46cafd98c874098846a0be928c314badc7efd2ef1d25304656b82bfd2fc31

SHA512
882d96feeb3b753343c8c65820ac1f9d072c446b3edf198691ea2d6be290852429f89437ba3ff3ccaf591f3a50617614fb479a84d337f129d0916927b409f2a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ceaae20d41c3b158ec9320672d16edd5

SHA1
3c547f591419cbcd2f01a97a8e0da7558644237a

SHA256
f833e1a4a8be249d645a8935d6f80039c10a4a6c1ec7614ff32aa95258ba74ca

SHA512
2be8bbc38e962d1814d89a77c93539f3dfb34a494efab192526a8306647865284235d808c8bca18c75a8a0680a25cfc1319a2cbfeb50a9694df12b326daef2f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f48985703d44818d3089131a32ec7e12

SHA1
320663f93f05e9ebad53abd1e50a2ff49cce015a

SHA256
c3725642e921237e1f1cc53e7f9c955a21468a8d4dfed5d858c7a44b9df6c8e4

SHA512
4a5b4d5812854a572938a2776303f865b957f6a8f812049f9b3c6edda943591c2efa1258a5a712c404cd95a51751de7a3657b4dc9d1e7ab027dc2fc34053f8df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e9d534c6fd837857ae17af006db83832

SHA1
8438a764af7cca48f0185d1880b9df1586d7727b

SHA256
425265e238f550a161e8a0798fa70e0fbffaa4f1c66334c9a92683ef34f9f6a4

SHA512
f3da12bb1fd59b62455ea970b659a52d1bc44ec5f230815dcade3448d56541ac67a65bdd3dcdfbfccc975843a2d0c3a23303d6fef32f511cee965a992aefb1e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
285958ac73790e26b60037868d978d73

SHA1
79078cd30f9957ee994d2197917f234f706db60b

SHA256
135f257d0f2405822e66d1ce9bf0c384f860fc4237a07f503b19ed25853a2795

SHA512
0349859e078e96fabb02c8692879a1f2f0bd4d1799380ae479235c2a87e38fc10b1e9bcc8454ea5c4c10fbda5767d46a23d083b83dfc014065f0cf0b00ba2b2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
043ce481d6b8c88c0e005d2550e81151

SHA1
7432b06c5068e9fbd47e60019bcc001dbadf3c43

SHA256
2af76acd3410a287dac7c7d6901b9818fc9680ec9b6656402d1267749bf7db46

SHA512
7ad7ab09980500efc648f16267e4a0c299d630b99eb08a15b1d796f821d426c7ba24d7939ec4044dc81abcb65e5f63d02bc41ba3cb33f71575f3e82edfa7b635

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f5f80c8efbab0556aeb7e22792359f93

SHA1
95d42a844289af81d133045473fbabaebfad25e1

SHA256
d23b4dc66704154b3a4b3ddab06948f8f48025989486caf07a04797001d8cb28

SHA512
8bcfe5d8c08aca4beb2d3ccd51d5e43291e2993d3c0396923e197d41f2a301ea5dea8bdb27dfc5731f226dafc90261a1510ed22197396d47c523e7b670ba6592

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ab9cd004775a5c3c8e1d4d287e80292e

SHA1
eadb5d36b826b55a5c0bab68faf876cf0066d22d

SHA256
888bed1423cf9aef6d84562353d77c1df3b062b607114560ba83b5306c6e607b

SHA512
4dbc7336aa35a57f839b1a920c5552c4686352345d74849bc875766ca1e22d0b75e0ef15eef5443b1d753491f56a913a56f091aa10be42cc7a238fa73ad7e8b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
80d527933cb91958536c745478eaf0c5

SHA1
107d42804954c2fc4609d30e9bc7672fa984b55b

SHA256
1d0be6fc0b35efdd95cf3ae7198d244bcca2968463ecbd1c3a37459b83aa1bad

SHA512
5dea5f14d721e4336f05a4f3de0f8e0140b46d7911cf422dd08c2c3e2fba74418cb36ff95a966efd5eb34beedbf6615ce1c2ea53f2dc4aafc823b2c8b715e205

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
eb8f51069a832146baaf60b59a368b8e

SHA1
6117f2bd8f45fe1ddcf9a07db86181ca95b71a40

SHA256
65bc8f1a9d708c7360074921717e43949343f6ac94f5c3667bc8acc68658a49b

SHA512
01deaddb1f3f467b05d23dcd06ae2fac63716375f4dfd316bf054d22ac4e3c6fde96f246a4804d506abbbc3ed3db61eebf82b80de7366074a195b98aad582117

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a21bee8540092fbf2536c19fc0af0faa

SHA1
93d696b46d41114da55d2eb792aafbaac4cb30fb

SHA256
c3d864278e5ec729bee03ea4956b9526b205ae7bcd3a8eb0dd46ddf1bf99d42d

SHA512
c50d556d55814d616ee68b31d992ad3b71ee8f74ebac9529e9d45e40da6484f1be5585647deecd272d8212ac211b01f12e251779bf2bb2243a97fbff19e7b4ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
a45ab0e37b90c7aac3f2c5c26df44225

SHA1
37d3427e16d831cd7837a55f2090ba2dc859833e

SHA256
4b44c29ab9a6e8e94d00c45e21616a71272105e2408d00bb4c34b3999a675605

SHA512
f5aa20ad900520772cd12a68a849b8b21c69a69a5a96fe8d6fd6f9689be0c51fc8c0d635287bc0194af9420d013132cce1b22948ab3ebb2a742804d0b53bd1b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e1e2c57b3d6ad0dd22526b5960b50af6

SHA1
a7d6b12c1632cf354a51a487654122180de9c1af

SHA256
2f29ada259aeaa2a1c8ab22a61d79b722269913c5946a84324de75f32ea41fcf

SHA512
9ef6cce37f5b45b125518a3b39a08f8707749f4cf33fb9be8ea86756af6ddd1872e35d79190d9f98a03376399f8f7b335473a3ed6975c189585fed89680cbdd1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
aa168b84fa148640f5f795e0307c31a5

SHA1
ad70c3b55f99fe95ddfc7b0ea712c5af5c7d00c8

SHA256
e009dcbe591533f69cc23753eacead6f53a77163d738698a007e5f4d803aafe2

SHA512
cf8dbc2e2357ca0a6c93d2b4aebac3c174ecd7b81f6d9005d212a49de5f1dd3de57f7f62addf2b78868828a79e6e48aa14bc1768f2a83c9a6f550e3b7cec11ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
62e1812533136ad5f7d3be4753141065

SHA1
c2b49fe4a080dc0c479d3e0c72555079b834aed1

SHA256
d437b4dd7eeb29c00a1fab29f7dd31e24f2c6b16432539fb89a2bd03515c2ae9

SHA512
c070ba6a9016d31cf7657792e48ee735277de51b2018895a3ded5f63506b106d9fa3a8d19d24109862689d738c1cbc684d45c8afa61d049374bc81999e9decf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
154e0b2b03fd86c7f9b64d67b005427a

SHA1
f77800dace19864550c79fc46094eb66dec05a70

SHA256
7fdbba43251d3a5639abc9b7b6808bcf6741da0c35cd944d514455754390a4fe

SHA512
0064a7ced782fa2458466764b0f76d6e50ec7625b5d2e9293971f1901623a9cbb89ebef3f2874385a947650ad3c0964caff1a40746a1b62737883fbd9cee6d86

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
34861438e48e1c8800b21d1992067da4

SHA1
590ed817638bf382af014fbe83fe8c8d549b41b5

SHA256
3b53655d5c864a4c8db4f520406802bb0a83ae70884f110200f1551bac01461f

SHA512
bd059f9a8a914a24a6d755564007b5df5eab18f203d680158da5be7a23ded2f4afd1c4d74942a91932fabe225694192eb8d220a6d5d92647ec87cc467e70a7db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b22cf35a4341bcbeb03e2f91180ceb93

SHA1
431e3ba9c4048baaac999b62f8990e786363935c

SHA256
02fc33564a70d485a97cf56329c307b4ecc78ea32a948ca95849702568646daf

SHA512
d0b2695d570e22fc0221e3bf6cfe83151a482bc59755c06d6ba860f013899a38c9ee6f1165ce15a26f0f6106b1f16dd92cd22576f36515c1a319317f80af56bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a35aeae2098116e187f3a3c3c18ee80a

SHA1
ac9d2d08c0c6e5054c5e6b7a3a4fd3f0ce0b840f

SHA256
3b2557ee619cabdf9986b3ba7a6e54ffe6ef76793616a1c8c9fc68f753782022

SHA512
9fbf6e1b0b85a4b85d2116b38b1d9bb125ee16bacdf5ade4837209d80268ab462c5125bb1d4aa60bbb20ea0fb1df89a481c07f676cab968329fa1d00a434b0a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
73f6a389f21d103a5929984d6835db05

SHA1
0ed59f90f4e3dafd748f5ea70c6a8401089bffb1

SHA256
ac185ce1b2ef06748757b835dfbe83efe1aab08902378ffcf881d7c6fdde594a

SHA512
9a59f3496960a7a65a61942ac00f1b6694a6b3e1554a12ff24cbb11f37e028ab742dd90eceefa0f3f2a0a7e1c10bc5657cd5a8d72c279d4a9ed83a1bf17b2ee8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
17f0f84a499eb223ba6e2194e67c15bd

SHA1
1c5c1020986273216445f38383cba1ab3509b880

SHA256
ff9e41a4a0fc6bbb32b7980c6e605b96b2f7ead067dbfc38bbdd29b75d04586a

SHA512
513ef90ec3bc2c7e2e300763bd41dbc7f3e079a50da40a47377ff880f13371d698b62fd02aaed55adc8b99a0958741e309e06cce75436e7e99921e7effde1799

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b5d129623f70efc524c9e91eeb9f4e53

SHA1
f64c760e5115abacabdfc3207db96396a97479f1

SHA256
7e210fa51cb6751aa3a6df46d2fc79fed2b542c7a8b1cfa603d2a35318a5afa6

SHA512
7683ebd859f58e22b040a99fb112ed845b9e89fa380a61c9ad517171e4b0e406b6a14d5cd7deab020319d6d13e78859d13ad542a3bb0f217d2670b724ff4726a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
247d72c23317b36eaf890e73a2211b2e

SHA1
91c75a22045b1450cef73b893af7209b560d99ed

SHA256
880e6608fbbc11736585e29e8a8fb0a02d3f8df6b7257688d71d17553214e22a

SHA512
919149e5360b9b84427d2871464bd2c9d3e7005ff8db1cca0325311df547100474ffc32e714ad62e6c91ccef3be246124e87b78902b64ae45f66f85b3e3f84fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
2a892c2ad19b6e0b6e4155be02fb358f

SHA1
a003c0ff192ec49b569f2a08e6c46f0a525c07b8

SHA256
49dfb3b16b76213fd1a9b3f42e7aa8d1c1675ddbd6dddfc8da2e89fbf3422958

SHA512
f24aa24bf20575a8ce06d6baef48b3cd03008ca680c3e4b7b816727326de68c98a36d226f33fab8caeadef27b1da7e98b302c01fbadbe23eaa7e8a6091e4a33a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c5b9cbd03a488df51a50e8eaf0b3810a

SHA1
7c32bfa36cb45097872055a15b451af10f151f2e

SHA256
fe0b6d682e36454a81fac83b12d3d420d8e15e785c98ec1d65c6133072b8feb7

SHA512
4085f496d36bb8f2a23eac074a60a5a66c4c358daa6413aba865c5de729befad2d42d78943cc0844551c000260fab485c2d3262a20c33c8adc7c4cd7fa93f68c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
3594ef52505f3fcd6ea020eb20b6b464

SHA1
20e615ff69e8961933a51979dd90ed9c3927763f

SHA256
e6c660c5d408ff9c0a275831481cdb525f3e609098a51723ba047d922264901a

SHA512
b106942bdba76ad25e18899539006f42a89d7af6eea1434e480fd3f72da1a1b61e4d464fbe29320597210c81d03602b8e9071cb9f847f008fb82a46ce32d7c79

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e34873f3d5e35b89404db2ce56a77339

SHA1
a6d360b775105863a8554e16e162f986a582dc23

SHA256
14bc914fbf0cb119024948068d4f25a4e2b48d42592094c9d1db9925c83e8edd

SHA512
ebc4cc9a832152677317f3a69f511fe125a10dce6bbab5d596bd697d13e781ff036fe66d8b8805dcde45bdfcc693bf74926ca50de6c1fa2b3fe5827f58b8b1a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
4ea43ae042000e079b7db9ea530229cb

SHA1
07212145c6ce679b3b0a8d49e9c24f7478fac545

SHA256
5e894d93c05e6e2dc3e500defc43a2dfe24e57b45be96e116b742c1a5d2d621f

SHA512
93e48c2f1b678692663f4c99ead8b4e046ab486eb1e1f39a5e277eacb92f9efa1285be3cf936f2bb7ec626c926f6f777a0e91a55ace8441565376240d994ec84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
5e8bccaa85f7a711c80190939753efae

SHA1
0cedbc0bec8cfbfc156b6e571a3d36f33f1e4c4d

SHA256
25f1db654f2c58caf7ffa76254b1e2e95aa3c2724c9c2d80f947a852a660a600

SHA512
dfd426cc1adf35d224d57a3194f9d8a06dc195a0408a0ee6f24e03380b3804530d79d05f2f62da87ea1b875aae0b1f3485eef9991b2e8e558cfcf2f6d951f361

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f70bd9c546ebabdffda9da64839355b6

SHA1
c1d73b0097cdf024a04a888892afd3d19858bebd

SHA256
618481df1a046fc1a6496adbe458fac5ae0f316f7e75caf3bd66a086562f3c9e

SHA512
b00d86e19fd93895b4beaf7877115a17913097bdef0bf3101313e9ef9ce5cc97335baf5d3030b70d18a83cd6b8ac58d04fcd5faf74813f477ad9a15320b64056

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2ae44d7308c2a4dcbcc2495584a0a62e

SHA1
a16012cf13bdb3a0e21f5ec6eb8d5a443fe2a151

SHA256
9b7081791b716db6e93e88bd4e46f8ebcd1309a3deb368036b8956d5aced8538

SHA512
d956758e2895dbd09638ef502e5e019d281f4eb8f126863cb88bc44f9cb95cdf38955e6c1d6e3f55317c41cca9e4a84148649162672578a83448e7814eb625e3

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
1.4MB

MD5
3e51d60fde771db71aa37ff81bc88c84

SHA1
e82205dedb9e1606df254fc0db3dec3640f4d5d9

SHA256
c45285cb849a2aa19e733d7fe4de8ac987d1ef31154274aa866e609c61a8c0d3

SHA512
b6475d5fe532d06e1dc7f8c818fb7a066ad253d6d1eca2b9f81baf3d413acfb41eb5cb72798aa8d5a04cc853727bfbddabe1db85a3601afbd09649752c04785d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe
Filesize
1.4MB

MD5
d777a3e13b8f816c2682c15a00dc3921

SHA1
0a89b3c1091bace55a64da4b2cc5f71a04d41951

SHA256
fec2431413cbf817354d8211ab6df2eb645f09ad49ad5dbed9fee7758faa785b

SHA512
89be9cbd4122719a718896b216dbafb7c390138c5352b2613ff10d1f376af3df264d7fce3bb3b1fad175995d27ee220a678d271e23bfec118d4ee7e0e867d43e

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
1.4MB

MD5
70d462fc99a5c81c15a0738faeadd584

SHA1
6babff7528d909326ada0cbcff5e280485aa5eac

SHA256
be320e20f29e49ef90082f84fed1736dd2434f1bd9d222b2ba76030ad92e93fa

SHA512
19ecd315fdf0f5a390b3343f1b4e5169986ca9b0dcbcbc19e77d6c8f124f369680a6c1a99b8df1fff87a3d59e5229ee8500ef070f2261f23dc47bc63367eac04

Download Submit
memory/3992-146-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-162-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-136-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-106-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-84-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-124-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-74-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-186-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-5-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-7-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/3992-94-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-176-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-116-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-52-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-156-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-63-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3992-64-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-161-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-93-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-62-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-57-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/4288-155-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-51-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-115-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-175-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-135-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-123-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-73-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-105-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-185-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-145-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-83-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4288-1-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download