a92d97fb7a8d612e1070e584550240e7ab7b497ff329cca0d5df1ce0201eb90f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
Size

488KB
MD5

71cf98c82961d83d08279eb8233de701
SHA1

5e026feb4eb5f9472ae51131afc69893c7a09bd7
SHA256

a92d97fb7a8d612e1070e584550240e7ab7b497ff329cca0d5df1ce0201eb90f
SHA512

4cfff9664be73559cf8f5b0c1295765406e2b791d7a62db9063042b9161da619cfbe2c7b750688b0b2040af64cd614355dcf12d931b0519ada719eb9b8985972
SSDEEP

12288:ZMMpXKb0hNGh1kG0HWnAlUoU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAG/:ZMMpXS0hN0V0HZZSGB2uJ2s4otqFCJrr

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

4048 HelpMe.exe

pid	process
4048	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\N:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\R:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\S:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\U:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\X:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\A:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\B:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\M:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\H:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\Q:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\T:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\I:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\J:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\P:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\G:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\V:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\E:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\O:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\Y:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\L:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\W:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\Z:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\K:	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe

description	pid	process	target process
PID 240 wrote to memory of 4048	240	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe	HelpMe.exe
PID 240 wrote to memory of 4048	240	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe	HelpMe.exe
PID 240 wrote to memory of 4048	240	71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\71cf98c82961d83d08279eb8233de701_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:240

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:4048

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe
Filesize
489KB

MD5
0fb7035d5bb4dc56b77f1defa5df01c3

SHA1
9ffb66e29d9d8a2b9cffcf9bb43c3afc7a374558

SHA256
edad1793c5f64bc91e0f89b4426e61fae3c4042778627cffd093d42a7cc24719

SHA512
84331afc0e2c7d50c7591bbeeffdd00211ae1d6c05d735c24b5750cc62ca3bc92230d8fc86384a96f610726b0951c700dbf538d4ea4b8724bf74503ed445b89a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
943dde0a132bcd18e51469bb8e64085e

SHA1
95f537fffadc42f9b58dd219b95649980d92d5f6

SHA256
f23799edd6bfb5fdfdcf0587562e9e592b387e123311ccdb33f9ad042384e0a0

SHA512
cc0466ba44d9b6640909a8db1e66713e60bbe39dd0ae873ba5078e55a095b2eb96dcf247d5d567c6106715a2bc9dc9cd1c40596eea378ae4f9b802b197429689

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3942f7afc52482b191631f30b68806b0

SHA1
8f6e3df3c9198b45d4ad77a77f80540f144bb81d

SHA256
c0b60b6d6453b8071a832cd5473e7eda719e2f16ff4b51fe8ee1ea0088dd73e0

SHA512
fcbad0c5ef2a15238947db52a180436a30bf3bd5a4a9d42021013efa68cc57f2405f867ba553c24206750dabf698029e0d2849ba90b6e38a9cc86de0c1cd6dce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
25e5e00b4a8fb5be2eae8d640c209807

SHA1
16c987771e62b9e0b3abdb89a7b535ebe1cbc7b4

SHA256
405b21c5ba4b539d6e1e54c1c693618d9bcb268972d1a930685edbb2ebe59d60

SHA512
fe137a3e5dbe980ce06cd9f7c3cde6081b4962aaead39dd4d30cc7a32cc1302f07aa42cb5271682d2df1a0a66f616f44ed37a38a777e62f8cdd4c8496813e2cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c59fa07047c20a3a74ec541d2ad65ad1

SHA1
4e12cf373ac5f5dc7f41a3e73a599d74909ffae7

SHA256
4bd98db09c7da09c43d64c6710ebfdf2075300c977b16fb9739d0542f4e1adaf

SHA512
bb9069328f6f1a9319deb7ed76e3e601c249c36da47006a2fb21ee3d1b42893ddce80d2cfd30ffd08c4172071b9d0d02e108d22ba949ccbd0524777ac82dfb68

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5eb2e532c3ffb01d316c4e8b877a5942

SHA1
ec5c8b58285986963aa54b82fec83ff8888c79a4

SHA256
bb11611f1838e293f2ac534e4e8f823c2664f231c0c212b091c2a78fc0a458f8

SHA512
11a78da292bb196cf4d6aeab37226a6d84b911636ed04d31c054ff6c55bfd1a466eba8fa919467744c7066fa0bd870006a0b75eaad4e665699c1b97ff0e3a362

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
eca16deacdf8a727ca44e3563b8619f2

SHA1
cc179a8e849c3b2a08b235f41afb77e1ff0853e3

SHA256
36427918c2fbb65d7bef24ad08b18db1fb6837c540ae1d844582d421e415f380

SHA512
4321e5a1c50e80fb4586c246d70380aea59b2bdeed036e88efbd5f998624ebe496f83c8fe3dad094ad8619bedf7419080a41132c2e86529bec82d6bcf29a47f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b7edf017c3bceb88ee705952b7770625

SHA1
0146a9a00731e8c1fc8cf688dee8da0cab31940e

SHA256
f2791e6ec64386c21bf8d5a37fdc17e5631dff06672bf916eabf12572a5de903

SHA512
507b3fd63f74ea0103cc142a825a31781fcb4b23134378c2db1db2a08e2dc2f860ccfb57a948ad4b5da0eae9d29072faf2d9208b6c836371392ad2201dbba344

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d4a0ba42eb75a67ec42f65539cdbbb05

SHA1
192f84c53414976e3515eb0a6878395ea37ef9fa

SHA256
35e3adde0eefe5fdb0a7a06e98ed322b40ada412aa93884eb26d5882517f591e

SHA512
5ec8c8e57c5be947048ea42ab183f2f1f116d988e0fa1101c75ef7862007d80935e5c930e73bfcc5752ab0cc05cef8e85de6899df579f7a62a1d7fcecd4491ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b8d1558899dc772f8b504783a7798213

SHA1
e282fb75f8236b93c38642dacd75b25db275ff3a

SHA256
13118cf32f80c34eba4bb0d3542b88372d1fc921930e3f6e13267b2a7d8e33e9

SHA512
c3fb8ed3676c074cadbdc19469ccef73252109da98a851221368f43849a63a91192bdc5dbbecf091766290eaa784869c9bed8a3fc04c1b0a0c8335da8f098f9a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
75f9ad2972beecf88f95972e00aae61f

SHA1
ca59a47d0e9c5cac11171c78d81da306bc825208

SHA256
92e744d75ded60a95dc81b9597b2e7bf916bc5f4210ff188fce18c9e27102ce9

SHA512
92d14e5fb3cdbeddf2cf0950cabe0b4154e716d73afbc1f9190123cba1016ba63dad2122f4c3eb2ea5f97004e43ed65cbdb6d6ea0f1c7e0dcb9d89f74c2408b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
1a308baf86e567a4950c8808bed08717

SHA1
1dbbed96555bcb37455283291506b6e02f920fbd

SHA256
fb5879ff67ff3f356e7f814246c951cef6aec25d001d77327880a75c04f3f19e

SHA512
e19153386b60db03ee103521a8b8eb7bb68ad6857f9e3b39db4cd3420dbf5df52b141be6651483f5946a4d4375bea24f6670d940689bab8ddc278da2422cab7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
bf2d079dd3250099c729c77e4fc1a94e

SHA1
f6ed321f5c222620078ed7cd902896a9ddbcd990

SHA256
a81c40d12c9847c2bed2c4a249da1eb82dd697dfc29a3a13184804fe18a7081c

SHA512
9d7ee6a4bc07b82c4f977b9f97c18b6ba8a4e9ca3f65fda77783a5a72732cd99af87b4d1335e9f34723cf9fb394209bc5f345a30fbc8c996537849771ae1e791

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
7a06ecc1dc6e1267234952fb57a1df01

SHA1
3410119cabf6916c64833ec8d21b6090a7937ac6

SHA256
464056bde72c0b3fe88cbf3274849ff149d9507c5940629f526065d0f51e8b43

SHA512
09b78cca518207f9f99c548541b51e25f93620e95806dae0e56b1c38314e23094d75040859812f9a14461a376c79f6fb8499402d6f00150047698b2c19ddb143

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d98944ea89b17cc90e8d6be62cff3fed

SHA1
e7f68ddce31b5031b641ce055abc9ef3628039bf

SHA256
1d004a216b5627ddbaeef741dcb7ac65a7c02f34dfb5a6f6fffcdf6125ed839e

SHA512
9f1b0db87731635686eabe120478f411cc496fa046ebebcc567f3f80f9fcbb28cac380d91b09f6fc9e260d4b684dd244fba31dec334295a62fe0346fca3804d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e68f42780f95735123fcf2bf59c9011c

SHA1
9f5e5a61645699829094ba457a3232b1aa1213d2

SHA256
5cb685825e2cbcabaf26ac5d86cc1482ba3799e890ab8fbf6c9e3a22a906cfff

SHA512
f8355d958a32018d8ed2459561e8f38059743ef5df2553b221fd42eea248bb8cd93ac141ce17a7fea6116551aa6cb6c6ffdf52dc012df472e3207ff5041fff58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5a5bae488bc536aa74545722f4a42c53

SHA1
78a0241aee8bc8d30cf5584eee787d0f80f7e2ed

SHA256
95752b32970736933085ba8f179f7b13ddbbe0c4de71f90860cd5295b50d4e9c

SHA512
8909fb63ecdca0be904269a3c769b23a69bf7c5a8fb2da6d8de5ab4c20fecfee2a9b62cf4013196c1c9b6ab5e06f4fd8c9ec40abce05213221d7a783f65d38b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7641140ab47cf47c4ad96573dc04803f

SHA1
e7396b683eb2363212019a436398e251e879f1c3

SHA256
51b8f8ab66debebc0f82bb5885f34fcb3c9a1ec014fed6687500b89d8af8a0d7

SHA512
fcbd7484fe4a0b92140bf2d4e6695895e5e8eb071be35fa5f18dbe7fa794ca359d2445d2dfb2e64b61d445bd5485a63bdc9da3370212b8ff1ff546c5ba966718

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
910437be74868724b20fc6c8a105e459

SHA1
b677197868747a663492c7ac1c787f5cc6fbd0b3

SHA256
dd1aab7eb236bd5a998842de69876a241d01d2242ee861819d47391c779e919a

SHA512
f4f0bdc76a2e8b674af4a0d4d96a2c01f8ac0547833bd3315190412ceadde7c55047323e14e682daf73f80543d6b077d63037ff40295b083d57ae76556f5193c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
795706c12f663cb7404013e499b43418

SHA1
2fb0c75c4f3ff9e8909881ada8739c5fa539f4e1

SHA256
bb3150234c47fdda26c20fba21f792a41ad6acbde00b5527b7479795d51f18a2

SHA512
845180d6f7685a7d350f6a1c00b23968ea13b69f577635fb6d39907fece64c6274894432c5f746ab41b7808dddd735e2a57062a96b05f71753b98ab84da37840

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
033dc807e6792f19609cb721a6c19423

SHA1
5d141aa6bf4559f1f5c09871941934c7b5172f56

SHA256
4514f7c0c9529d023426a2ac8f9512b3811e9ff22874548311703f3c22d3cb28

SHA512
807960138d42820f4600a6879019dfa22333dd02ccc4196f79fce7cb2c2013ebd60d40580cd66bc1a4314d8330c7c4a4be162f885b36f57fe737593fe1909221

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
8f50fb1b60fd638080fae53976cb8b76

SHA1
d47b5389afd8b5d1abf6645ad5137862bfa5b6f6

SHA256
68104ac1c9733d25108d24685432f5a608e002f9557094df8efe389bf93abb99

SHA512
68f0430dc04fed5b2b538cb6c69650c43f48cbbb5b96a8918e2e5014a1cee973f14c4cd3a771fdfe57368a01d6babf643fde5c0128e45638dca5b5f85fa0cbd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
392f26934b3052a2277ab0c0a3ad12c1

SHA1
b727ce10282a1f45511e0e1375bec903757a830e

SHA256
5ff1e2132adab5238ef25295700289051b15d97d31ffe83829a056244b1402ec

SHA512
c7053b185e8372f9daf212b3ffacdacc059bf2306d7bb6a902a337cecf08f690a31f9470132bb1b31490f36290efe3e417c21d0243d6671294cbaa8cb2af2f67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
681df8fdb37c9153f1185112881cc411

SHA1
172bc3f82de932abc22fffa8f9e4c40597203bf5

SHA256
c16aca8b0c03387611ea8fcd7b6a58a06657ff5c34d798a7b46855e75efa9b83

SHA512
9e93e3ba750012094fe65241e7d60ba6b6414f1c8897ad4fb85ee4dffb34ac5eb45d555697239c8f70f70cb4dd41bffe59a0cd87dba48533cc34059832599d11

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
c676a9a2c6de2a63160095d1bd6821a4

SHA1
07f8e90bdfaa344be20e583e013569d9b85c3dae

SHA256
b8cbce6e51677290fb0f49443f15c7e7ed8b74e02ba254f5d84d8aac4403ab99

SHA512
50c87672b10588e62bfdae4e809e7570babd8301d6fcf5f9f415450a963af7cf91c877803ad8cabd4f1fe06c1575c08efcb18821260329f3130edcc672118978

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7035e356fdaa27e1b51a7df81c8332ec

SHA1
b0c4bca111d21281cf3c01871fa315f3a3e62ea0

SHA256
5562c654cc159c732f4a0cc32c64d1dd30e4d37f75d992da88c5492c2d1f01c4

SHA512
ec349283a758928d8270e7419d7dedb442108044a5f5acc24253fe1cf1f0ee20a8880c1f760ad3d411abe43fe080ca98fd57f7215e1ec890e4748ffac73da86d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8b216f9fb588118c8032b702d2ac5a75

SHA1
4cc8b7834b88f8e4cc444f4d4efeacf8fb310eef

SHA256
378aba9597f8588a1947e91e27b4beaac5899978fd801af5a46ab44680483aec

SHA512
0d43a34c9f62f0f2a59ffd008c4674d34afc16f00067408c31ec0b7c4149b7e41400e5fb2caae55f01d319d0bfc5be352e83f51cd32b01b849c844901cdc1409

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ec48737e706866219316a5c9c3b373c9

SHA1
e43bd0a0a281e15e0f57246f68a87770285875aa

SHA256
bc746dd2f96d722b3c17e0effccd9e40c1a66b63c23d69296cb45a770a8779e3

SHA512
72262f45a927952fbaecf2a2f1463e2946e90b842e3613bd285784dd65606f0083047aded8d1d4a82119696ee6b23a166a2b3a98f5e348878c85d26400372db6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8feb68f7e6e37d572530b61cafed78d7

SHA1
462d06eb3447dc9579dfd15c359a3b5c14a13555

SHA256
0ad2692d982c76f3ea6470a3268864f5dc4fce93d9f991546695aae55efed3a7

SHA512
089e458e6486159d8389ee7036d6f933ac085050bdb73cc611c243db7d1c2be27b1d5b0b3a66c81ec9b39fef6abddbf828f8cf9fb8f4bc25a87e797bd69c7b92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c7e42329c5d7ad25a03861880e8a0ffd

SHA1
20e365dfb915b89ba3dfed4b0ff99e72ace1238e

SHA256
4797a3f05740fb5e4f1b705d70ea31e654cb107bd9200e346bb75aa6f1f289b7

SHA512
0b7a85e42d60f22e5a0f5e3d88a6b6f2f3278206e61811bd66fd7405a6eccf013a18ae3a3a27a869e9314f90d91d526f05f76eb25c8c8d3f9c94e92999653dd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
041655cbc6e5342f2202c0b298288d76

SHA1
d65d0e4d38bef5ecb686f344dbb2d7b2a3bc8c81

SHA256
4d6fa833f332f7d34d99ec6291c262e2ad5bdb710ee9ae9d3512464169862cc2

SHA512
b368c766f701a13b874440ecc05068178096c5e845e84b679552b45ae714a814c865256b47494831700cbe87c83270e97b3f9abe47c8c637640b5cf88d0ad3a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
cb0adb5fbf379b3ebeaeed5f7313484d

SHA1
cea83d4e3a319395f78fa521254c02529f246abc

SHA256
1e24147f75aebdc3901f5c285e9d9a874521c57bc62334573112004225e07e47

SHA512
ea300697705f53261ead21439e26f9e1cff1a3b0b45e8bb0c0e26bb13d3e3c9dac4f29d83bb1262b8a083b075b45b1853779e3cf2f123ba08903c66f9ac28f5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b8f736a6756f5452592070824edac23d

SHA1
8893681342c125d472e4d22522e88f7c563d4566

SHA256
cf940765f6298980a6e97de59e265d8621e1c5e5943a1dce15cc4281cb758311

SHA512
56d7ec57aa1b8ea20be718962418611ae35c10fc243d5610b484aa8794dafa060b7f4fccff9adbafd3457118ada58b4d68f0dd464b2d18a0069d7d81ea0a3374

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
54304947fed64e75a14c6aa263b84536

SHA1
ca0330ca9dd0e275464e11f5d20ffe24609b4a13

SHA256
aa43140a268905845b418baea61bc59a36d7e7dac6ad7473a3fb5bff5b74d6d8

SHA512
d8fa797e7a369702a2fa547a49f571dd59b9332317e4a3ddc1969f4e23fab3f45f77435773ada30027b9bbd12143166e14df4bf5f30611b4151652f84bbd8144

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
9599abb3e9128a8030ef9284e655927c

SHA1
bf0137e2910463bc271e838612d94ea09a59b17b

SHA256
08f27619816c95b5ede5887300a452052a7bf51c1b37114f795b380366d9465b

SHA512
b92d7ba3f9ba14aefd02d6b41b18889bc58900e52ba9e3b9c335d9ab7f0727ef7605c9b4637a6c35e8ba0dfcab083f4861ef39cc0011c1d1252c7a438fa4d317

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7262b130b370b34122569eb56d61b0e1

SHA1
b81c4dff1637d3773ae92955ecee8806f1b63100

SHA256
09a073395770bf489805c71c876fd67d8bbf7143cd8c4222c28715dab32501fb

SHA512
92c9e812644fdd571ed4a637808f3282d95e756086b03086974f6c0bb7810e0d34c0570f7e412000bcd532c46d188b998d5a703f5b8661510bb8c5193c63c2d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
572b3f47116d6d2e2dd4b075956a5f9d

SHA1
e089390ef20d5a92578b2fd849d32f80c653761b

SHA256
5f84e80731ada7df76acf0dad00a0bf58eb5a58ace2da381b053e664794353d7

SHA512
6e5de9f4b96ecf94e1ce6954ad16838a52d37f447415e3c918a86fd1b7356c6d87a3a72d18951b1b8d48a4c0773f8b89dd644f6a89b3c8a2195df75c1a260d82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c27ada0ef31c4d9584459956919eafe7

SHA1
15fb13b394e829035ba8f9d247f51b31c249b5cf

SHA256
31fede74dc16176db8dc71baefb6af3342dad06f17da2b3f64831ab2da56ef3d

SHA512
bde7bd21e0bf6c9068cb08ea25099e3a049124b43382d90014015be229c47bf6761031401ceef682b1ddebff3baf99c99dc82bff9b5a3f22542835064e0b21c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e0d2ff451253950775671bde45ce2a13

SHA1
2b2c3b256855ac29f2c1ed6aa2f9fe8be4c73d3b

SHA256
e7b0e9bbd957a2c44e19119f43a9bef9a50027a4e968b7b43f53d094dab4fa79

SHA512
038a86ecae21347657503e3ef803647d1d529a7f5d83149634ecdd8cb9c505d114cfa028fbdd0eb7230146fb4abcd29b08800917fac91f9460fb554804d8e9f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
918f4f23b340005b677bbb43c839e5d1

SHA1
a723f3bba0978d4d55852e0c667cad9a58c61b34

SHA256
794838d8ebd5e0d0118fd08f4cf0575f8d1b3e6e980e93887a5f8e2d134057c4

SHA512
d50331eca44f733eca4e275c2b2df380aeee4e690132fb5f66a6474be715f106f1f7a19369c0ed40cf9571b7a616ae674a92860101b2141f499b174a535a0e19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
fd6a62d45700aaad190e80fcbb5760e3

SHA1
0272531cc29397c025e4457499f4c83749b286a6

SHA256
802fa79775784f330282e02d1bd38b6119ebbeb7d323f09d6915c4f74c072869

SHA512
bde80fb934f497af144852e4b5fa3b7014306cc77b00967ad413bf37b1e031c6bfa98629e5a602e35e16bb8f70d8e102c5492f4317a39adf0e7a7884b1120845

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e6965297207c01331a15f74a6cf5f45a

SHA1
92a055c01e6888b00f148bdc5467e3915dc7f023

SHA256
603447992659628ec51e0d0c209cc6ee42e4b1f0fa2db3757b87e9381691b82b

SHA512
9a5450679ee6298c90cac89fb2d579b2f5a9758c34e8379c556a59491c3ca51abc68e92f2453fa140ef9e4079ea072ff5c0ea6a7abcf55c5fab304b51b6c9c6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
cf5eff888a1af8d029589456c098d6c0

SHA1
688ec17dfdc26c793997e5cd1df3eccc85b05e6b

SHA256
4846e4724344566678d54dafd7e1b01b376bcafa1afdae610732a05925dcfad7

SHA512
121858c4249d88e8f10df385972ce7288ac8adadcde0d6204060d2a48ded01c88ddfb5731fa9cf1932070b03731d5ff11121fbb861fa1c41ad987d8e5c64ee7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
098447bf1e785aefe8529474a59775df

SHA1
8d64122e0c6cc25f757c797a61f15b451ab718b9

SHA256
4424470b5ebbd2c4ffc0e271a0c3e7c0e1ebaf4e571d44c274803c63226936a4

SHA512
68afe5310d5b703238a09531cb490058685068a6f7f3c2882aace23e42d39c4a7178a988e8c0f412655c308a640fe2b3f882dc77cfd43fde34e49220a544683f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
ceb476691b2bbd12387f06757286525a

SHA1
37a74d539b149fe7e9029c8076c94b7e45341c6b

SHA256
6013346fdc86592bdfba7282ae5aef043d0426746a18289f50b37c4583528ac4

SHA512
f1d367342df93869a09b02b83566dc308e6200d4c8e30eb56dbe949348142f1cb5c3b278cd12dbfbe2b7932af52c7312ff17c97b65efc7446c31194bf1ab12e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
caea088e567bb8a59fa33c4ef8bdcf72

SHA1
9a18c5b085669f4c4ed453b91cdfefb25aab64df

SHA256
3979cd0abb4e3bc40e93e6e4d636b6920a2bc06a2572c5b66e3ad58098d053e7

SHA512
79029df4d9ead6ec46764f0eec8649ada678a27dacdd1af4a353fb73394d255d2c3e4a21c63d235969476d3464972f30d37f1d530be8a37c80c7e452ce439906

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
ec81a1d0656acd3ab3147b5a12f16822

SHA1
5c8b7d477afcea77ce4a8d01bdc3ee3427699bc8

SHA256
e17295b65b5bc6b1f62a6d255ace58773e171f103d0a41d0a4c0602c41c56527

SHA512
676247ea8872f5f79520a6c2116f771d2f8c8c0ab7233f72ed064fe6e4b9bc7fab85b3efe24cd63c7dc809cf91964f7c5e66d56ab8908f3cced76317e2d04b07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
912a27c986a520df3c4a4d92d960b159

SHA1
334d7253dfaf9d85a6d083ecf39015f93897682f

SHA256
9924451b29b8924baebeb1996b5c92b67093abfa2a61e10f4f8e4417e15edecd

SHA512
2a5cf5e2750ab6587e7fca5e1957871d059839c706efd558713267424ea50554566ad5f080a646d9d5d4a368f0219c2f2563ff2994f406efc6e0e451a18b41f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
2a539b183bb3d5a53e13acfad15f32e3

SHA1
377a7e0dd3804a1caa4672a8d86d1d2c7d2bc0e1

SHA256
130a8af19b1a5904dd330111669e49e44e5850a4061de00e3a1b3b7aacbbc98b

SHA512
683a86002f717a4d3ec67786852698d01d6bb0c24d84be892f032030fb0606047584fb921dcdb3d8078ba7c68b1358db24e58bd608dbb472aa75110d77a1f141

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
16ba6c798a3b73bf385a1701d4dff094

SHA1
81b2a94f9157a94a1c645233f3ada837812ea588

SHA256
a1d270b40279b27a9969302aef079b67624449f4ec5e6f56e0b6f45d1e6fb4bb

SHA512
61b42d0dcd73a876a99fafc17081f9e1751ba5c21ab924175af4fb4e5d3814d9abb6092bc6080e4b5fba5cd20f1be4f805db4f279defe5121fe1503349f80869

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
4934b7e1b6d4ca2473684aaca8e7b59a

SHA1
dd9bb16a433cec6b61e09afb17bbbcf465c5db26

SHA256
809e2adf7ac6e98a474738556f857fd330db0a4dd514617cce8e22f1fcef8a19

SHA512
9a448f5f979837b2c7d62f319b7e69b28f7733c60f29cf7c9f9d5ff2eec172087dcacb43bb54c162c3cb9b690bea1860a560ecc75d407c21673e86dab0c3c29b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a2c2617ae77bad9bec02b34c8457c273

SHA1
25d1558870f2c5971697845d8e7c78985126b0f9

SHA256
ad6b5fc761a39e54cad42d8aaa0401d149c8f4562dd139068a6170a9adb6930a

SHA512
c4fd67295a818a1e0304d15d9fe62e2125dfe0fa102ada98958465d17b2fa85deca6317a1ca72f7ce2fac2d71298b8bff4b8700a75fa90971041f51b44942095

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
021140b6bb0bd1c06b0f1d0eb21efa64

SHA1
164681b4ccdf0d7d1bcf74abbb9e6fa477a4b531

SHA256
73a2cb5bc62c5971106c1036c838173de611c495361317331649d0163271b0f0

SHA512
c4221a3ab57ce3f45a024ab5f2403afe2e2c9134074bf0eaf8badcebaf8c3b51559bdc61bc7cfe11f64d6a590452df67e8ea7fc9b6bb97dc2a8645bf1c5b1dd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c2aa84b3dce29d7f440ac717365b855a

SHA1
0fe0d4996f0d10c303d7861ad3d1f181e758d9dd

SHA256
888013ececfc916c30c6ef8670d70d009ff8456d004c37980e8543609ed89991

SHA512
0716a6f6aecae9d264bb2826b384be11c08216c9fb444f10b9b7e75ec4abb27d712f8458cc626fe191fb9acdeff0043fc9cc28d8f94aec4c72594e508fd67d94

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
68b6e365eb7e17dcb34f5bbdccbbd675

SHA1
ea12389bc4a97c317f1792769e15897876e9b5b1

SHA256
147e23201d276aa658abba7cad0b48eeaa744534a914f23df1cd4ccb3cf61c94

SHA512
fc79c81946aa9f470058825b9497f4a9c45e5624b119874883c2e3b4b36dd40ccc7705471d3991ce1f496f4bed920c223441d28b3e7745fab5da39b73f96146a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
eda8cd8ebb1860d42a1a496b435bc6dc

SHA1
28d76981a1bc04669a0c06bec4ebfd54d45f8ae1

SHA256
395060c3f6aca68e8edee372092570191a43763a734d7a22656844af0867a3d1

SHA512
2f782db0ff6ca24203b516ca3fb23dc6071f874f8ab1c52610ec5db8aa8f7c0b2a9bdaac0da9db18092d3169ff35574dd96ad3e05f5e3fde7c1cdbfecadd3a8a

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
448KB

MD5
5fb5f2c8cd52e4825dd8174382db5497

SHA1
2c2458d0012a9671b402c4efa8478a8cd5a6e9b9

SHA256
1c2c904e3f306a26601c0e221547b579f368bf4a770128515ab59b4b6e624a6e

SHA512
f4f7826cd67c2c4019903bfefedbc4ddebd8b4930b3d491a3db071e5219327e17c097fe2dda2c21af75ff0aa4c1bdc3512ef1ada148389cf10b2d79305b21013

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe
Filesize
489KB

MD5
796278aeb2ce4117511c399eef3702b4

SHA1
16ce53fe65a8ed6613a440795d6b04555aeb9d50

SHA256
f563a7893d5017139590763f9b8a5bfeb4b0dc9737a947fe7a6a99c4a2793ea9

SHA512
e240e5fa2b0795987cf22389d44784a9085792c744979178952909fee623d067a04e7a41a4a18cafdf1ce01fab1407d412b62a5171cd54d6af2239193639e311

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
488KB

MD5
71cf98c82961d83d08279eb8233de701

SHA1
5e026feb4eb5f9472ae51131afc69893c7a09bd7

SHA256
a92d97fb7a8d612e1070e584550240e7ab7b497ff329cca0d5df1ce0201eb90f

SHA512
4cfff9664be73559cf8f5b0c1295765406e2b791d7a62db9063042b9161da619cfbe2c7b750688b0b2040af64cd614355dcf12d931b0519ada719eb9b8985972

Download Submit
memory/240-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-173-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-133-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-71-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-143-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-183-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-79-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-123-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-0-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/240-91-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-153-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-103-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-113-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/240-61-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/240-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-92-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-134-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-104-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-154-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-60-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-124-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-164-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-174-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-62-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/4048-114-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-80-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-5-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/4048-144-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-184-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-72-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4048-50-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download