30979b20bbf2e53cc7a6d0f05dec1b4428960da6abc5c78e9f116b551a267d53

Analysis

max time kernel
145s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
Size

857KB
MD5

70f223cca72acf33a633a0fee099065b
SHA1

102de80692749a34ce0df6c02b64f46c1246e254
SHA256

30979b20bbf2e53cc7a6d0f05dec1b4428960da6abc5c78e9f116b551a267d53
SHA512

0c172467961d62e5cd8be10b8501d0a5d86f2bf6198cdee6c3212c3a72614c21bb0cdc57c208edeff1e4252f675f7cdad649b654141ed7005aa2be2c34538d45
SSDEEP

24576:ZMMpXS0hN0V0HoSySGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63nN:Kwi0L0qlnxz

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

70f223cca72acf33a633a0fee099065b_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

70f223cca72acf33a633a0fee099065b_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

2988 HelpMe.exe

pid	process
2988	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe

description	ioc	process
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\G:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\K:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\P:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\Y:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\A:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\N:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\Q:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\Z:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\E:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\I:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\S:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\M:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\O:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\U:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\X:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\J:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\V:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\H:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\L:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\T:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\R:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\W:	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

70f223cca72acf33a633a0fee099065b_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

Processes:

HelpMe.exe70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe

description	pid	process	target process
PID 2096 wrote to memory of 2988	2096	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe	HelpMe.exe
PID 2096 wrote to memory of 2988	2096	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe	HelpMe.exe
PID 2096 wrote to memory of 2988	2096	70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70f223cca72acf33a633a0fee099065b_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2096

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:2988

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.exe
Filesize
858KB

MD5
bc2aee7514f86a6fd92e94376966f26c

SHA1
5293cd4df89ed3640006154500ac2afee1553060

SHA256
15087e825cbb8f8d9fa83f8473682302deb55f1957ccef8c838f3843afb0ea04

SHA512
33d36b315fed971c98ec7d264560ec6666dc12fffca1880c13b3b5c2216634061fcaadd7841eaa72766706be2e5a0dfd364854fdf70b63a0a79e46e273790f09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7e6ce626c0d46918901beb890a717ff9

SHA1
9db5f1b2866d84302c890ab25b2c6230139f236b

SHA256
cd246f80bda79ddf26c47e7f5d3470c007d13371914b41a4524a3abd39e4be76

SHA512
918dc62941ee4fc3d94d3b3f857fe0f7cbc2e760bd129b344f5f2a9b92b7ae06e387c3e3c0410ab37f3f0be4bcf0a6dcf3f16722ad6274cb20f347c085a5d355

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
85508de1bbea3cc6abcad441ffef70a8

SHA1
f2aca468cd0a06915db88eeb69192a2530aadb99

SHA256
3f44b7bef288809395be579a617741e3e72ec5c5244e9fb4bac0722011517100

SHA512
834c5dbcf830a3c01a9e8648ef70a8b7c1a48bd1b7142e7d606571f745fd09f2dc60bc584a7137196afe53421892d26971eed88b5fb7e4e6d214cdf7efe173d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
8dcea77c0017b8789df85bfac232d8f8

SHA1
5c50468569aa8ba645e00a8812b263d8f08da460

SHA256
7d0d810edca74110c376c280c14867a074b936d9b58857ac00179a435ac957a9

SHA512
d44dba5fcddbe3946938191b7d32db8c70b6488b84c98a1dedbb356bd9d17c351a70ca02914328e1699e2aa703089cf8c92048298ad724f742b3b3d3f560c243

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
9b2b5bd44d8ccef298d16554a8b2f476

SHA1
5755e17caa7db6d232d5f704dae6aea773a58c61

SHA256
c0a91d587db99fa718c56382fa6b229bb08df2eb286c78a79d5d75c3cbe222d1

SHA512
9bbd87fa839ce94fa7fe4e8808d6b019bb07d610fd804a48c9fb3a1e52bb08a4ef3a816f10a784990e6de3bb12bcb1bf2f07dee2a94683756ccb1f9838bb95b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
541c50eb74e25e9d724bc5120c45bb38

SHA1
6cca65506510e5f66b6fa92ddd5fe488cf636eef

SHA256
72ae1d0467822a8021b783976fe7f8815d05e5dc83bcbe4260e8a196fb299ebf

SHA512
3b345b29af8d27956bf39d280fcf58c1c6bb7008dbb2cdb277b5d4f66a53a6206b35997274455b1f2e52125ed5b899242d9a2cbd636ad3e0b68b6277cc994d77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
875da8a244326210e3263c965175f112

SHA1
9c83b7d91a06ea965d514dfb16d9032e2f0c0c34

SHA256
f2323e0e1f2094671afb345e2dc3617d2b6a495eb61f76293a0630c94894afe9

SHA512
4226be11b316aa3579c44d0f8ffe877d3db0c8cab4634feb36454e205db7f7b69ee5ee735aec04959a12c2b4ace267a22313ab3bf51de85fd467661d49612882

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
b07186c47f01f61ff70fc50db6209c18

SHA1
dd3a9febce27b366a4795e9a7f80233890fd3dab

SHA256
578602d222f23f9f404d4f6119f76a555608ebea774331c3de915f173f0d014a

SHA512
e6ad92bf9ad5d4a9c2c08dd10c791335f695988d38e856c69280c6942c30d98f7a8267d16eea472c88ec53b5b38dd7895ff444aa670e3740d6c76bcb93c99507

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8b63dc498ff2766615b7ca388bb16343

SHA1
38fc28f9cd1bbf9305bfe3ed6dc4fcd13e3bdbae

SHA256
020c108baf89216895a529d8185834b0ada623cd2824353bff51822e4ad3f04e

SHA512
13327581eedf6624caf685a0a0e45da6db652379e261cfb2e6fb1415eaf8126f43f92dfef325cb2a71fb5d4077596a523ef1d0f4aeba0dd5daea8d08f6ffbbfc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e187ae4c45aa1ee0b92408122e849c69

SHA1
12b8ce1c5441536fd7dce87b7ba63b4d277d0a25

SHA256
9401570564dd5a3f3c70cf36ffbdc7562eb1b1e3486a8ac9ebe86e1cd76c95d7

SHA512
dc57ea37afc9b9b58a8703348a9d4395469af6ac3fbb1b21b957fc66cb5aa3217d058acf5f143a5a675b52a05b430befc0123fa2d747e4505625d2cfa1bccf9a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
6acfa27c8788cb5488546f0c374b7324

SHA1
6da12dde86e1391daabd7fa73af80caf0bda366d

SHA256
6feb5a6c9907a7fbdbc62012bb8cc8d3cfe73a7318ddb945a95f888a537dbeb4

SHA512
ca6f85dec1a51ff6a63ddd21bf58f19dfe134adf8b4c5e30f03dff479c06580a96ace023ff3a47681665a2c50a83242d83439b9686be7dc214cafb6ccd4a3984

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d90cc1798a85d75a83e677f629c2aa16

SHA1
033e392d3d22008145ce7c9440ebff270c77ccb0

SHA256
dc70462887cb8f21a5c60c164cb3f9cbe7578acd5d49be4bd99108dde1a8b123

SHA512
9cdcf6c11cec9b30948bccf2246a289af8187719a70fba7964b60f3d7faba2b3577785fa8ce405bceabdd8704d12e4f7ca4ba90fb1753b0f5874ed89676aaa06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
561669fe7844564592ea3edf88aa9898

SHA1
0929cbb06da0f3118abcb3a6425b0407a66f7952

SHA256
1682e4889274ac4510cb1dfe1f92d20c8aef8d4118c63e8c3e462c6702ffd93d

SHA512
0de0f56bf885884f5dc8d61daffb11db0bae7b156899c24b5fd707e85669e9b588725052f3133c99533e3247a574b1b38652f26d5ce4bdd5deb3b5adab5a95cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e906f0617c274c94402621ab7f74f1fe

SHA1
a914836158c11253a77b40afd6bb51c29acdc73a

SHA256
02ac9e74a12c9c41e8d84c7a074eaf70b83248863227af75e57dcdf26c51a8b3

SHA512
112278ee67375677fa246048e2be36977b10ea015ed33da39b908bac03ba9e4253f8d8bc4243e64d37eddad9aee7a8c66f3332a2ffec0c51a975a6f52399ff84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
21675f5b6676230b68e9908a27b759fa

SHA1
67aaa3ea179e0fb4fee6ddacad7e1e1e82b82b77

SHA256
ef5c24801ab45da9df497c842569ac4e506dadbc5af6dcb1b531897740d93923

SHA512
faa3f83cf69ffe3225b2a23259a018217730d0c2ec09a60573fd357e8496e91302c79f01a33bf9517e22a350f958d2fac83c1c336f4b4d45932cdde2cdfd854e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
bc74e4dd9173c9e111538692ce894a74

SHA1
e5bbb5b6de17320ee6a6efad3b6bb437edb9dc89

SHA256
ac91081d84af1b4ce1443fbdd5de87ac2c8955c5e8b36a73c0bc711560690ace

SHA512
3df418a96b73edb472054bb2625c633abf401bf31b82f7dfb6558a70e037fa01062e344d4ac18b56388f5d75184262ac9990579a1da377dbdfc191f3f3974e3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
a6547463115c6a8d66f266b76a8d1eba

SHA1
3b2df3589a4a99fc6d8cd86ca3d7fd4f258abfdd

SHA256
b438c2d348eb2e32373c8459a9b0d8e9b8b5d3f0753304104128d45416ec8ab7

SHA512
0c7b23c7b737e7706ab14f76625c2cac9b6f4d872014c4f83b241d068207e52a0450aa667a7233b90ca73288c4ddb4c643e142cc8e5f00088a0a72d72eaaea49

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
65912cc8536a7233e5d2ea831878558b

SHA1
d975799f50f029ff4bc9c5b117bc2d4e6c8ee412

SHA256
567bf0c0ebe543492970d6cb79c6c0f250683f4423a335d7572b76b964ef3141

SHA512
f253847a340f0f7024f452795adb688ff935402523d8c2654dd9c79de9974ed11ec297b56e9ac159e3f80e0f960629eb258738fb50c448f73efebb702550f403

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f1bc6d2d82d2286afb4355219e53fc40

SHA1
d7944cee3f836f076cfa74456367ec7e0882e126

SHA256
f0e4dacd3db8398e4e46d46347dead27a714f5db11ae415be0f2a4f5a71221e1

SHA512
51d5fc4a020e26699af30d3b226dd40b0d222a5dcac2b2e373e39b5e82b8c4d75398134d8ada326e294b59f0f4e98c36d3925260b19d5ad84e3f380506e4de7e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7fbfc001e5040cee98af2bbdb2af2f19

SHA1
fa0790ddaf0ba4745853905b48d053b9dc2d6595

SHA256
49279a7baa1922e4f7bdeb639151dda756f14b2d37cea50d281163f18d72345f

SHA512
3618dd9f3794f1d341d27af0a54c3ac3d94473965b82161dde9fd11e809b410d26224a44b0858435090c2e9d8ee6e879b4a9149cd09e3baaa11edc93ffd95236

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
cfa78918b8aa5f6b9397d821697f68ca

SHA1
4ca98308332764c09c413d930abae409b3b74b78

SHA256
a778d92a7bc9450994465fe6573edf35a0f1e06551dca5d05172588ea8cffb71

SHA512
cf3f7b2148af44a4c2945f64112b5f7fe94713d154b1985f8a1cd30cbeb561b64a9fa1f126ce56c48eadd85ebf5f8f834fd5e03fb1bd1953b8964edbf7845fa6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
96636cad8b1cec830af846dc31473b50

SHA1
1407874629be95630559d7f7aa1b1ccf3ef97c4f

SHA256
7a446f7162b0c23a94e86c7acf8d9b5218fa15f2d35dbae9e7ed44a40ef8157a

SHA512
407ddf9c8845112e880b139b426ebfcb77504729f2ddda7aad9815f1f655a0f1f01a58d8c4dbd27c88d9455a122cdaa3b258f675e2cf79b3d76967e2603af5cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e7d745c1c823e4b3ae1fe7ce27d61842

SHA1
1e03dc2593fd0046492071056cc7190e94e59100

SHA256
d08ade01e81e92fb6774381a9308b1019fe15d433e4f6d0c1a2496353ceff626

SHA512
31e77083c5ee0e9871e6b1a1de0a0f673980284c6d38ff95e1337e004bf0e7c18a7579b43bb13ae9e07f83bcc8cd79d9e0072a84af3d98489a881d30f43b0a3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
687dac1f16ce85680bdd06bc6cf3d1e5

SHA1
02f987cb4a2f11d3a2a675480de43cb89d931626

SHA256
d1852cbf6bd118d9c807b5dfd67441ac79688e39fe05165673c9e82ede483ef0

SHA512
1b3d877013514ca0cac3859e317f88db77148110cc26ae7ce592ca3ed0150a13c38fecfe7f5a7ad9c6fd07ab932621a4c0d8af7a1341d0e7fc8e9d71dd1c419e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
c8b4187648a177a3568d63a97f3e10df

SHA1
41cfe91fb5a82ed2f503a6974f56b0af7d38f64a

SHA256
b55888331a7114574c23a51918d45feb8c1ee1bdade9440cfd2c0d466614080b

SHA512
0b717644e5d043fc664620c896d87c30f7e8f702255643b8f6ee60043adb66012b63e88812d4d50d894931ebdfa11b842823bc3a428809c20cfdf8b0e31b6821

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
b2b6556e243ea007578c25618dca39be

SHA1
c9e44203604e6c42b4074679d84590a8b44fe7d5

SHA256
7eaaed47790749ad25a2971857190f836f6dd7aded17db59b4f35997b5e8d9d6

SHA512
b00229150ea87a4553e9675dcd210fb7cb1e8b1a97d0f85f878fbdbef211c7fe6222a8ab53ba12cff1571213e345f4d0e00808596ed6c5a8baddafeb28c904dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f58db4678add2825e7d2d3af4d5c5062

SHA1
69fcebc23f1b4632428aec995f7afd728466e19b

SHA256
ef0c322af545b6ecfaa63c087c2e624ba4dde0f275ecae1deea08a6ae7acf461

SHA512
4e4cddcba2f05d88671627b0bc18ee73df2bc2df7bd71e1064ba3ff81bbd0dcd859789570aa91c417769cc44d0f204d9aca4a142ef6e6777fa301fef1f3a7fb8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
9cbf9c9fc96e6f49fb6e58559af40ca0

SHA1
1c4f3710a5ad0d468dc1c09c11a01d6b205523c8

SHA256
a53366d299c33b790f997b76fe8c31f5e5cd75e4ea5bcd61133e4b392cc0d536

SHA512
18844746d08e7b54558f54fce4f6b5a4fe99ea9b87ee2469e2e45870057b79b738a5b65805d6fa269b8f549b99477f30fa18cb80bb013c37ca38e8dfdde36191

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8591d7fca9cc77c226fcf4376f0c9d83

SHA1
11beed7e912f1205df5250f67e7160b81d894b32

SHA256
1f832e7055c113543842b457cb23fd53d1f782d8c1999aa6cc50520504fdd146

SHA512
796933d715524df787194b769654df5aa589d056e073f58ec2d4f5dbe19d54eb62ebba45a267d764ff1b66c84d406de22b72cefb643e111765c059e77790ad17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3ac3247466e9766613d0d88327546324

SHA1
4522c6edcff96e51d923a304f8fe1d9c087e9763

SHA256
b8214f1b2794c6a15920f1b9ffa07be39af7c42100c97427092663b1764def53

SHA512
88d550f113c60fdf4f67283c3af0d83be0b61d70b7529b24754254e4721c62aaddc82ea9c16699a131ad9a223e8a2f68e52d70822e029dfeef909424e7adac47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
ec3c938658d65a559f03984da3373e8a

SHA1
2fca66a3eb364b8ce16a9d1dd2edcd1f7f8ebc59

SHA256
c8c06777de696a19aecee2ccaa4c65ca700dbad1df772f31424be1b02c8cbe45

SHA512
7f920b9ff91d99d5ccc63bd448cdd722ccf5fb7ad9a7094845a1508eb1fcb18936a0dafe204c0b5afb5a958c7de5d5de0fb7fdcd5048e935d865e2644a9b1b31

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
9b453ffb635fcfd5a3644d8134fb12c2

SHA1
a61e614fd8056953faad45708622af9cbb7b5b32

SHA256
d01765f14b2166ada66483090208da115afa60e4a9126f6bf843e84b81192eb4

SHA512
4598745fba54270a395254b7efffda78fbabdc910ded2ae577fa3a6856e74584b3556b436154a4cdd386ad8bac61a01bab2c2db7a39d681996c4b3a3edd467f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
c0dbe086913e81cab2331d23be7ca426

SHA1
f877a0476e683f606ae72c5526da7d69869ecba6

SHA256
933b02b16a5f1173a622291646cc5c9780462edaea915ecbaed5cc44dc24e339

SHA512
47a4d1112594419f33fadec96c6126bf7168c66d433a01fc67c1c8b9cdd8f993056edd2a49393de7d31cf706f705a095452e1d3328dd91d89b2f35bf3bb0acc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1be343c66667b57ae42330d396bac4b8

SHA1
4291ee108ae64a22861a60dfe4aaf7f0ff99d303

SHA256
7957f0083c68028721d4badc086ad123c9a6e5b37b9cef817fb7a31b48f95010

SHA512
382686493116fda99f2c832b6a27ab00fe8712643d94428e250006a5a569048c203fe71f3e49349318475731b4d0e28e9acde0916fe124b54c29fb789647fe55

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b8fdc1249c17a652f89f96ced4babbf7

SHA1
48cf22e7efa6084c89411a235ffec56b44420875

SHA256
f39846f9313339c6b740cf135533fe1e184267ce246644c8909d898f1e2ee2a6

SHA512
3e42b35304428da2bea3da86674e5903924495e200e2c42f4a2ac86f0f1904698667797c143ac71b670780f9d13e0e526e03c20100e16069d7638098f849f2bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
cb01b726a05bc0493097401e97244387

SHA1
7dca9214a84d32c9802a8f27e05e57507db7e26e

SHA256
d59cf264ec32397d347a4a3442017f6fd103513e53037072c396a6bf790823a5

SHA512
9f508003d1746bbc51d3b1766e35c3524c15b2692b835a0cf99f12bf42622d7c62df385e06b76bee6a6fe2ba5e1bcc1da393fab67067970552fd6ac45dddd555

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
0063fa807d2a7f3afc7abc3a37003896

SHA1
00b02e435cb3b5f50c7bd1fb0a9e29313b3fc0a0

SHA256
6723812088b99370691354ef79ea6fb66a5e1b76c54cde7e5c16193fd7a9cb06

SHA512
529d3bf13d5fd22ab8e6249bf7b2b8a989cb260535b007d8878f9e7fe29f1e27a4ad9d7af929193ea3c2666cefd1ef961d2008d04edd078260b929ef04c8e685

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d074ae0d3d05f39ca13cf3d58c90634e

SHA1
501cdd3a194c1774f49ad3edefb2f5262940ee4b

SHA256
8e6256bb79e121629c73bd1074ae176f34fccc6c122210d978c496b87f166ce1

SHA512
8cb1fa26529c6a1e59fef3fa6cd69fe10c0d705ac00f435fb04b333f38eefe632909c288bfb91e7c087677e5cab7a2f656f12f86e015ecdf07b09d4d2eecd835

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
dcddd86ebbd528c7e950613b3ec1a511

SHA1
233b8ef502e8a96b503b530985db14282f5d0f40

SHA256
5d1a80588ef4032b20cfac9df277a988eb1d59786567df75e8764d2f3dcce161

SHA512
2cd9871fc1b73e4bc72ffac62eb1176c51b19595bebf50027308fffdce5a8ddc3d291b6499190278b88e36d867b1db938af32d207154d579f053a7b104004331

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
20186db8fe024065988dbd070f4180fb

SHA1
2e6f83fa11497d280626bcf898c46c12a40f8fff

SHA256
915c1ce7016bd65d166a315f382bf6954d0eb930b4a594b928d9f3f51c9c91d6

SHA512
a4e30a911cf8ab3158dfd9dd8d42a52d05b22b37f646353205c6c17e499d0397a90fb445a39bebe3fd6413ad94e5e6e54823dce3c279d705e0172472149178af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f229493da5dd3fb55805ba3167972b02

SHA1
d33835690f5da3053249d9718035af386b2eb977

SHA256
d48f47c21fe2df18041750e3521f9cc389a4c5756128b837845026b9952b2027

SHA512
12344bb00c85b420c783ca4ce9d9041bddf06a532995aa17ce75780098f1e85fea1835e43402e2023348a34bca5834408b4bd16a6aff2df729ff1a91f1a35346

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d85c4501661cd7539e7e97234874c213

SHA1
71610da3f9396e7d25f484c86568f5e52010d1a6

SHA256
f4839b86891ac26755e6de3bc08fe7ac8c6c48d2f75233d8abb9afdf229c5bf0

SHA512
29e8b67cda25c64d125284db567ccdceff385a90d92679848dc29dd75785f659fd2fe6a29c8c6e4c47527dae80f7ecb7bd5ab4baf5ff13f54889f1715332a806

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
36b2c77fd515d5dc83b73fb707874c28

SHA1
045e3ca354685ea09e4e5d305573cbf6db31c80a

SHA256
1407a86ee86b548b8656ab8a310f6e2049b683e2719fa311935105302c9e8601

SHA512
1173c4251526d7e700ed5bb373bcf3abdcf22367342b724b531a1251fd3afed9d9d6c48ced16c09683eac9605f7cfdde23240c96b4b03b6aa3cb0e8fd2c785b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
bfe2817ef9556f072201540edbf2ac4f

SHA1
f0de02e65c93cb74f0d84ca834678a2518999b6a

SHA256
341623c4b820f2f20cb93b8c86c1be840bc41378d02ab96fb58e72924e319f87

SHA512
616e4390b840efb5baa5321ad1faba35e400bfdeb0169d58ded5941fb5375e56eb7c05cd64a165ab7cd6a687447d997255a59fe6b93a4a0c77dac122e1b0d4cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e1df61abc86e5b8ae7125c8adf23fcde

SHA1
d879a18650d6770f8816fedc13a9fbcc1472a20a

SHA256
520d0dc58f6aea623e8fd74ef9a8b153aaf3e8033fe3b9042e65d2e626f6cd93

SHA512
f2f8fcbb8d4a373b578961f1e1be19dc501ae89e539a59ec8f10da07ba505c76cb8a99ca8f368633c55445a8fe4f2e7f99bd4895e53e190bd9a719bf8a9419bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
90860bf06eedc2580df7598e8b5bfbc9

SHA1
435dc9908cd1bf139763406b9c23b5d87fd38dbd

SHA256
8c137e1d1000b718c429695c6d98329092aa14825e2c25fe14153ee72afe0af1

SHA512
7538ed4685aa4ba6d60f924d69809bd2ba5f46e71e6e2f824c8214bc869b4abfc45a4ac74c69894dc62d68b7102697712455924d40c6c87019e8fd6d3ee87853

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
0f39bb4c3adc5b7dc9bf7017639e8254

SHA1
5fd1ec291963721735dfc846742e7d6100a8532c

SHA256
02b4340fcfe2f3b68e4aa081cb7285f7b1538725f9e84b8651ecd9fe8058cb4e

SHA512
67008d43baffba95636c1c47cf52bab6681d74da96c11302df4739acc1f334faf51ba2a548f565aee7deaf1d9df8b20400f7ee34efe23aa61c316e491bd679ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c64ca90d0be79aa1d9f150f667d337fe

SHA1
34edd00d02438ce39e062fda29d0bc5feae3d141

SHA256
038ab422d3edbd6dd52035d30c843a6384dcfcad4aff4b4f196ca55e3f1d273a

SHA512
f10c11499c8b988a82b965fce1ade76b6959b4892cafcdcc5e1457fa0c3dc69d75f76096d648befa82c5e1280e13db3729be430aa901f9ab2ce10f09952b9b13

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
79dec78f6afe4dc96408e2c6a2043c8e

SHA1
4088ab02c5007b0631f1aac8ccac22b8c7f7852f

SHA256
a818dc29ae0cb8358c4576745b331f91a891c23adc768f92cad2a6d9d1f3ccda

SHA512
7e98a219acd47750507275078dc99ea25f89de95e4f9cbaa842b7835454305b05855be1468115c4945eaa96268c86224008b7d80ca8009e7744937d252d454c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
cf2ff33ebc71d551fb4f0bc2e22e895a

SHA1
4ac2568c388dd6635e657841e0240b333be8ada8

SHA256
59d1dd6c6446a104f7aef6e8087ff4ee5020a4d3886872efcae2e91581237850

SHA512
e8d8fc59b2cd7af858dad4b22dcfe231619c10f268163a95a065b8f5bf59f322a9dce5d6acb89e80c687469cc146be7298dd21c4ba9f3e923e3bf0826b8dda52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
2465237d9f99ecf42a10e71d9ad63651

SHA1
406bd53aa374a2345279c09e0aef27cd334b250e

SHA256
4f804531f5f81c98d3ff102ac7d1e4785d78cbac479dece6b5554a974bb48218

SHA512
530c63bf84fa29465b7cff7eb909ead407d222696ce5f8318b515046c8c80acd65b4123e4e843d0a86d3381ca56b5c1d24f747126f1ab30e739d19c99fe7d31f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
14b7dda68510372fa1f91fdfb4fadadb

SHA1
70bd0a09c66b2a62f48ea504d70a2d5fe65fb8be

SHA256
75e9cc16d9a563d9bb96291f0235b3d4825da70cc3912a1443cc1728d8f541be

SHA512
983e1aaa718a367230f200d04f82316a2157855d360cb3fbf9ad3e47c31e2841150e81128b9996e0ee618e3b81e15e4b2d786f0bbe373453cf7b3828c3b9583b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
1c52fd0b76f10b858cba128da89bfbe3

SHA1
b95b9ec6a0e0af62ce11b3818cb6a2c6ff77962a

SHA256
90e1d261d3a2612f0bf397ae13037cff974fb1950b746836399f32a2bb7d65a4

SHA512
9dceebb75f2aa65c2ad3c9f2ad9e19fb5e001247271a2391d4fd9613f2e3ec648b8d6b18d1d76bbf49f08fecf3088ea15a82c7a3bc3a316988a333c48d4484de

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
685KB

MD5
0a4b5ee828025a719ac8f91c4dc2dd77

SHA1
56c4433a5b50007cb176d7a31d23c2dc89cbe1b8

SHA256
9f0c35a8ed7d468314e387fd2ee7677465648913975e5a19e76927d2c292fabc

SHA512
5421873696bbd71368419609cc90390215beb171423c1ac39059b3c13bf842c053fd1699ac208bda2c3ca6dcda25239b53b8dce5a2503d7e2da5779e606a1557

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.exe
Filesize
858KB

MD5
a9edd52bf14f2b9ce3d9cb86cfacc400

SHA1
3f60cf7a3384272819cdc8f287889645a565443a

SHA256
c9be2807da84827d5341cd716b53072a1134b5914ee77ebba86edf7d09bbf5d3

SHA512
fa00eeb3628651bb3d92d76b7dc1992239b82c446451bd38342455c24a99fe7048d32433cac9e0c77312126ab9cdf6cf495281997b7f4341d80c13c601c48291

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
857KB

MD5
70f223cca72acf33a633a0fee099065b

SHA1
102de80692749a34ce0df6c02b64f46c1246e254

SHA256
30979b20bbf2e53cc7a6d0f05dec1b4428960da6abc5c78e9f116b551a267d53

SHA512
0c172467961d62e5cd8be10b8501d0a5d86f2bf6198cdee6c3212c3a72614c21bb0cdc57c208edeff1e4252f675f7cdad649b654141ed7005aa2be2c34538d45

Download Submit
memory/2096-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-162-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-70-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-142-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-182-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-132-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-78-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-118-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-0-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2096-152-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-90-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-112-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-172-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-61-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2096-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2096-102-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-173-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-153-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-113-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-50-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-60-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-123-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-103-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-91-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-79-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-5-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2988-143-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-183-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-133-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2988-71-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download