551bc49b5bb9a078a63d0241f068f2b88cd55a294be05bca5618c5615d3a61f3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
Size

860KB
MD5

7463420a02870fbc6318386de4786dde
SHA1

20f763fbbb4fc322939d225b764a230e38808932
SHA256

551bc49b5bb9a078a63d0241f068f2b88cd55a294be05bca5618c5615d3a61f3
SHA512

94aa58f9c6439170fea4c911423b162a8939cadf9cde69f5264e4d3fd15f8fb850590dd7a7056284a8b5a17310425a90541f9d3912de86b03a674c6265f1ce3e
SSDEEP

24576:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NI:Kwi0L0qk8q

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

7463420a02870fbc6318386de4786dde_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

7463420a02870fbc6318386de4786dde_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

4700 HelpMe.exe

pid	process
4700	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

7463420a02870fbc6318386de4786dde_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\G:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\L:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\N:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\S:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\A:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\E:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Q:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\V:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\X:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\M:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\R:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\W:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\Z:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\I:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\T:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\Y:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\H:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\J:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\B:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\O:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\P:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\U:	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

7463420a02870fbc6318386de4786dde_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

HelpMe.exe7463420a02870fbc6318386de4786dde_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

7463420a02870fbc6318386de4786dde_JaffaCakes118.exe

description	pid	process	target process
PID 4364 wrote to memory of 4700	4364	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe	HelpMe.exe
PID 4364 wrote to memory of 4700	4364	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe	HelpMe.exe
PID 4364 wrote to memory of 4700	4364	7463420a02870fbc6318386de4786dde_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\7463420a02870fbc6318386de4786dde_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7463420a02870fbc6318386de4786dde_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4364

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.exe

Filesize
861KB

MD5
22da09b4e3497469b67f151750e02acc

SHA1
052e0ad94bbbd113d17205330c9f491a20b45246

SHA256
8500cb46cff7374886fe757693ce5c7b2719f4e5f91e8f60aea3c52ee6ac0bc9

SHA512
414d52ebbcc631fbbfed02318662e7a0af34ab339fb7b666047f6070ee2efecdd1b49fc83d2e581fc2c75b5961ac16b737f12a551043643ff3444d23e9e42036

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b75723461ac50841381c17b25d065532

SHA1
6f2a7167a7834bc504a5ee1ddee594517ebccc46

SHA256
07eff04e1c448d1ec7d7226533410fc626e2d83a635e6c3e21d9ec09084fbe01

SHA512
847a7207c193ff5f9fd18ce2f0a8ba58d9be1b7dc789887820f42846726ff49c877592cb604d53083f490c96069ab186b268f24e4954c4a9c4634e4f8fdda335

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7e54448bb46f94e73af3b0fd2f425fc7

SHA1
dfa24e8b78f2bb6d453cf05892f8825bc5811eba

SHA256
a2d23deebd28540280bdbb2679bbe5de45f84e513e345144002a5e04ed097499

SHA512
1d89aa08c62683ee2ec1ac2f44c210bb2f2749e4e49c26c073b014c3b0937bf0e483b419a96d4217b311904091e5bc659fda8c907aad950fcc492a4404041239

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3e3d2890dc905fcefbc531301c1aab9b

SHA1
77c040a6ba69aa9652acbbc90b7b2da212e4eb1e

SHA256
11bcfaf11af49b07a8bed2240166c1a9cb282025b21f80c99892d252cc73ab58

SHA512
fdd742e2c590423b95ffca982e3ee96c596cb49e66bc0e0d74ebb13d0e2026621d567a27426f829cdb1ba58e810986e44638014eac03a9bd40e02a513984a66e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
cb23f44962971ed607de47e8eabc6e08

SHA1
066237da66218a95e82146c437d6212f5866db4e

SHA256
042df6c1ba6b04876820e376d6cefb661d49fc9110bcb0006c180f2de5fb7aef

SHA512
20106c349bedd4034979c0d98fec07946b49f495f148178e12874dd5daf0e4e7282b25d1326f7ecf14cc155f6a46f6fce1f4c9b5d8b4972b5f19826220b2b880

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c5f96d30241f1a0eacf90dd19bc6e6ee

SHA1
ad9f0594dfad5e0c98d95ba8e203bc17f9a3f80d

SHA256
15e3f0220ea096517e38f50401719bcd0b5ae8a6df58ab7e4d83bae47f6f0c90

SHA512
14e7b204ae346aa71413d54f9e4de5c412319a7035af2fc2e359fa9801b3c9814bfdf221ae1f6c901dc863ec73ae97b8be1f3087c32c79f5f7d08c8db4129bb3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7611918d5b49f7b5311277d1b0a974f3

SHA1
d20f3a5ec32a0e6a5cf5531412d5186213ffd93f

SHA256
63048823f70cc93a462bd8111763b92c6b2e5f67f47c5ba41e0fc334dfe48486

SHA512
7915994a3d9ad811730864154b96db92bc91b7a0c42be9ae1f96fe6f0a0eb53b2880ed94265fa7e860b9a75452db915e7be69bcd1089505c48892945a49e17e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e48949dc6542a3d565bc72684a2bcc71

SHA1
f60a37938fc56d271d66032e6a7968957a29b0d5

SHA256
02361d20003df1116c19b279bfc4d94749220f10121b462295d0ae6138a94825

SHA512
3e8948ff27f57fb8727825163adea831968dae777dd657b4d3a9035103e3b1fe347b41bbcd5164717403e7f06af92ea45125e9a51e94cd7956dfedd034e7369a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
ef5ced977b8b42b8b9094cd8f3daaf52

SHA1
a75e49b29e5c5321b3811a75310ea13d5c13fdee

SHA256
307085fdd724c38a5fc3d2b3aaa2d97cb1a6e34b429d25f4a865bf1b764f60b4

SHA512
89c1d6dd6ece2dcef7f154ba70500708821eaf0b3c0931ebce999ea3ad0ec8d3f4e007ad91534df8b31de0d5a7278e65bf078d893b2ece280d6b81f611772832

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1b639f7e1bb78e85e0a28778d01721f8

SHA1
ca5e8fe3dc22fb96edef732d7d700178d221de16

SHA256
4b9d8d44549ae773707312481d9d88f5a616b6eaa531b3180f69be5e10b971a7

SHA512
dc645320804ade89438dd849d4f471c3d7528aa1a9fb1886705de2af8fd2349492bac87661df2f12e512066e8da477da9af913286cd0d47444c86e572622bf4f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
bf20e0c9f12db315424f880414a01b51

SHA1
56f5c3a6e59df941dbc401574886b9af74260e6e

SHA256
54f404844dc39bc448547e6d122471b87bb35fd1ed53884de31fcd9541cf8fa1

SHA512
0e03a7f64d9fd59c399296f4faaadcf376d3ce82d419fba067d60985725ed136d768fdbcb9ce0ab4606c7ff493f699e4e123f8837da841bf886e90afd6955ca4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
45d968e4736818c8eb4eb41bd21d92fb

SHA1
d71cf7930dfc280c8b3aaf874afd2eef86d31c1e

SHA256
f3c89d578e1fb25b9cace6a6a793133f193ca2d2f6c49152382d719b6127d1e3

SHA512
156bf4a6ed66b5d0c09a7e702283f16855bb6c5896950cacf532d666b89c36070febbb2b5685449b428db6e950fb5551069516fa75fc0976fa70d5c71b222fec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2b4905a8811d190305a63b89112d2b8d

SHA1
9e914c72bf940b697ef733994612f85d3ca4d94c

SHA256
90d430575d81c5a4b770f588392f6d2916e04683e10ee86ffe55b73b3918aba0

SHA512
a68c18cac0532e94448313f0a477ad0d0d55af078df0ffb8982d871a9f9175dedf484dfa0a98deba878d51a616bde76b5e81d267539a433311a794da51dcaf46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cd8e0a7cd6904a1ef8dd1cfa8e5db58f

SHA1
2e293c15dff910d3f277987aa8d37c7cbad7e66d

SHA256
be6f968c9ee787f5df84474be437f8695c396341183a2f104ce9bb527f71e23d

SHA512
6596d162ef148ecbe39482a7c3c082b1c35941c6d2b36f544d552639fb046fcc2b3b4472528bca61a4380be9dc2320de985dbc33d21698062139e26f436c09b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1aefb6a76324ed914762b980eebcd7b7

SHA1
9ccb0b1a4e716e501469b943f1bd5f8b0b0e252a

SHA256
e2ab6f0d686b072eeb3ee6f4db2ca82747b07c076396d18145091624932a61a0

SHA512
97e1c81b766c2a1cb8460f762f12f197d115a98a209949a3e8caa9c9e17b3b59559dbb618292f1f3c2fdd696d3437dd7da60a0921820629c8d23d7ff2817357e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8ffbc4557f6cb5b8a5e01c40114f200f

SHA1
c12f2fbd3ac9a24451707d709ff823c9aeeeac5d

SHA256
ebe6519d46beade6189557594dbe90a9792e6a94569e4bc38990fa5963d125f0

SHA512
4a5e6c749c60955007b5b4925a30f86e37a8bed14372f2dcf72b00775fc7de972be356c36af4848a6990fa06ec513b32afab06cc42455c0f89ff743673f908c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b19e87d8de7a87f6d6fd9215d5a8ec6a

SHA1
25c4281e5973609871e9adfb38a3177c08c2b5a8

SHA256
00f2c521fe983d6ba87e76817868580474fe3aeda5430308717cfd9f7a0edec2

SHA512
32c840333623177b08a6fa11b17bcd86a32a6b489c611c79512cfc23c2e275c95854afdf0b9c878adf7205c0da4e26c8dddd05eed88dfafb9b12c33723704b89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cd170a9e9f61c45b88cbb614df19af2e

SHA1
3aa647f62b04ef800d1c2f4a3eda9c0a19e78b04

SHA256
5b824744eae89c8a6a51d5a9d06c49200f0fbf9ed2281abb9420160d17a72e70

SHA512
ce199c304b27ebae6d0acaffe656a88b8d10a3ee449e1e04587dad62f20d532ded5edf94c0d0be5f636318560862602cf13ad2a95aeb06381e31ff5e66b1d6ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1678dc6a48f2d8c8b056e18a92617c6b

SHA1
7774994edfa6d4f0e7f0cad3b2889ed4e2063106

SHA256
e32bf16f087091363ef2d5af0ae5900c14b426c0b6959f055715344d643b96d0

SHA512
37250a77b93535a9da7f11afac5cee8fd4360e1059ceb304c271d6a979bc5bb165ab1e290a7348fad695ca81aaef47e4a16f99801d26e05dbb620767c7cd0436

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b278f49e963327aaa67305b066696e97

SHA1
6065d9d0144ed93a5a64750a72f41940273b01c0

SHA256
cd3e3a02cde1580d47056da14d29ed9cf23126cde71f30b0b4fd8462c3befb84

SHA512
2ae99772c6055524a18df4474963b4388d6d76a126ee7b4c9c280c566fb01ec600366bbf021df77d618ca9ced33e9b1887cc34a92174bdf851150acb8480550e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
d2c80df2334aa666edba7cc13f1402a4

SHA1
29632fe7a11bc566b2af01ba4a83cf51b115d1d1

SHA256
82afa7e45aad6b6bc0a5b754062cb59ac8657b5ba372be513896dab9ce293738

SHA512
30f840657cc89883eb6d40ab52157f243d75edab063c59c62eba6e2727109853df8384405bacae705f4f619f19292949d9f8666cab252dc319ba31217b969123

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
018c133dceccc964304e4685a56a7d19

SHA1
4b5b6408d5c1c79887fd8b5b9ef7c26512d266e8

SHA256
931e1a112878693a8be64383d709590605f895e0e9b2947f76c6c3706aba9241

SHA512
e007c5256df04cd1bc76014ea9c9c05511af20faa5ced835919fca330de377ff68c8977d4da2589b68907441d03d9f147d0b8f17d1ff43aca27e10bbb075cb3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
65372f681f87c0f1051e465c7eb2be1d

SHA1
dac53503ddfc3e4f996765e42116783a60525abf

SHA256
e67f3967f15af600074413a8513d01b828cc444785f796ef08c822c9c216f5b9

SHA512
e819bd084eb2fd442c45a38079775a3f212163d90122444191eed7f3972a5ba32e2c4a5dcc03370b97e9315d6dbd2ff2544a0eedc9bcee9d129f4dfab52f25ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
855a95788bcd791ac21d625c6bfeaf7e

SHA1
31bb8778c173e41be3d11a61edc0e6857e02a388

SHA256
00fbabc9661338449755443ccf3fae9624b94119a9c9b73e279bb36084b78e45

SHA512
9c22be3c1a07d303ab4aed791022f0e6da34b6997e8c473ae0aa7d3efa57754a4bd2d874bcb3f7c20ee87b21d84b0f0e0e944e5adf0136708dac207ae10d8edb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
110619e7bc000143737a667a92228472

SHA1
22fc982193368654371abc6f4f18dc8ed034c5f4

SHA256
419c8d906d98ee9e58d659c845fb040dafa7e82bb4c2ee383a2cee833b434fc0

SHA512
d9dede307128df04443ae41cb22964b5421670157a599f0b4e2393bcd670242fdbb413d841bdbc949a3849de32d35beb86440e69ec300f16dd740f6b94342134

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
747aa358258199c6428995a97233f0e6

SHA1
e400ef858ceecab85e32ecac50df786c4226b969

SHA256
117f162a735b412fc172a63456808d9b19d833d87e94f581ed515b1603c6ec4e

SHA512
c2d0bb71c1f16c0940fc54b03dde021505b8bf376912e43ecbbd7851adead4badea847a1b7b08a9e14e7bace1c42400f9cd5f0a01f70547597860562cb666397

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
69ac7760ce0cd08167e1403daeb8569b

SHA1
75896f8bc79999e2a9667ca3dec6317a8c59a5ee

SHA256
47b01fe46e02579fb92cf9e2a703a1823a5054ebacf0bde340f1ded5d6ac2390

SHA512
9bb9df76fa97c6999d5c3e4663a53178bba31066336b03169b38210b26107272548be43bae7f286f661c6cbbc4c1a060b09a8420034ceaf0cbd9b4092ed742f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e9e8b525431d284ce3391c82ca4b0d8a

SHA1
964dfc9471c9cfd7649933f5b14910906b8cd3ed

SHA256
71839d9964428afe5166cb67a3384ce92381a82e616337969a0b9bb1396bdaa8

SHA512
787aa4757e9b0bcd1e2a4b4b29a3642cf4bf0315f499e03df60ba15c5dfacb49296d7826a541f1e8d418347bf544fd4fb35dd50ce294fddc404dfc411bd0cfea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
416af63899a6fc6193ba779bc5fbb536

SHA1
772491e0e81d48e559ba3940aeab7ebeb8898041

SHA256
97b42bcc64d5394fc40c23e7f355ec50b6b96f9c9e40f45351294372474e80fd

SHA512
555323276bac7e5c07a284ad2a51e9a4326c1e26de27c5aea0e54aae6dbca9061edc04860a1e614bbfc108dd43575de6ff0266bb982f44bd88dad674b4ff1e91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a5f68fc97423bd6e49da687fa2e35801

SHA1
08961292a6cd938f9cf8521b4cc4284b635910a4

SHA256
7d506ec1817d255323589f349f4082c741ab41fc3d50397de6e9c79b25e4a0e9

SHA512
75348553b3ed3b6b0b5fd147f9e0d0890c485c2f1d7bfd02e36bfbc805aef67d61c4e24d6d71bf6c660f5b0ad0c304e4af09a189bd01604679a5ac3d453011e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
28cdffcd8a8685c2edbd94608fd650eb

SHA1
9c9117e6a6f96a215c87a236482de0efdf781589

SHA256
694ab6257d2d4ed667afff16c2c242363b2bc36f3acaf7e1c92fd1b89a35942d

SHA512
e3a2275b348545577bdc7e3c87e84dfeb31ad7f66f4b1aa398892338d8b5d8a929f57afc0460deefe52b2da4f388891345052812028fce91100eb4db4cc55305

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
9220b6ee25aa559bae69ccd42b8603d4

SHA1
fede50231d6f27f891ef90898ba42d2f82a4f9d2

SHA256
ff74659de23127a2a22ea8708b5ab6c69dc7e35ff4ac610bebe4af87740f3069

SHA512
5b36cd62d2d11fb3702c3b8fa5070921ee286cac3999fe8670d4632c3c712a9caa25e4b5fe33a389ec050424eacb93d788d90020d3279428db307adf810955e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ac7ec82bfa44e40b603d622923af0674

SHA1
1a1606ef1a85c51eaf672c0dd8017b96d9b4437a

SHA256
152bd712a0f7efb2194eba760b8879b01ae26a110f31ef1bbb82eb6e9c2117e5

SHA512
8154d485d0eaf8d4404243151148e9dba2b70649e4a4529fa0337967d4cf7627bfe923243ec643c2800cadd9cdbe12ac00706b9e831dceb29a0899c06f822820

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6d2518323c4e22c0f1e4f0ad42f19601

SHA1
fb82efd3849bff63b9df9eaf489cb6762fddaed6

SHA256
388023b425a6e0d2f567cfec3e2cde6d43cf8d924a0fc6b7f6f71f1b0b738e8b

SHA512
b327cd47d700389a7161dec7a6415ea59cbe3f5c9a7e00dc4fffd78b36aa74185cd0cdc8b7d4a6d7f7acd6319b1ab63f25e317521f754b653a49bac71b5edff8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
71120002e19e083f4a87642fe2a732f3

SHA1
250a8693b0114a293c2c5e50c22e3050b0878b24

SHA256
9f98b6bf3b33c2fc58688c1e7074eeea7041fa56b0e0996d757943e252952bb6

SHA512
b4259b071593e62d4ab5a1640cd07de215985ec7d486a464ce55ff76e64672087324a3f81966cc7f62816e5f04ca831f44bc9905b99db2a3e5c946ace33f8355

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
dd8553251f44988c982fb8ba07cc6e7a

SHA1
9901924abe9fcd92ddb17810c0a1bb8e3e9ab85a

SHA256
281a3858512fd50c7767353672fef516b8a66964d597e051dbd86023c55999c7

SHA512
c071f1a8aa461865aee73d79117cd36e8bf84008b436096a2bfbef9b5530be5c07ad105b2ea1e8233832db88609ae1e6bea2159f4bcb9633419a43c6d3dae908

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
72ea6ca30fdb7b899de341426ddc6597

SHA1
780397082010972ebba250168bffb668a29607d0

SHA256
42a8a15630f8242f72dd08e1499c772785ca4e021be640c687d7e22bdc356330

SHA512
0280d0383728f26eb793844de672adef8eed3894bccdf759fc78ca49a7d2df94e4ada825688a20913e0c8ff2c7af70fa93ac5862385b12d3ac9ccc23bc1597c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
b60d88bd5d84033d8bba955b71bfd7cb

SHA1
3704207f843f567f8c843e46f751a31b6a114e5c

SHA256
dd1a50e8c37ecdbd3de10d094d7985c86b2c4656291708dace9433075393c814

SHA512
fca65c9eb5b154dd19f4f98a4adbfacf7271943725ab184ccb6dc78f13b3b28166755176d9c30e17d7775b12aa3d8869d456ba3e1b6ddea9cc0e8f04c7423798

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3775ef955909b9aadc3de228ceb175e0

SHA1
d1fb82eeca22658a5a9c0dda2b43393067aa726f

SHA256
8cf61940d0a9a569753da47290a18e29f146bccfa1dac38cab6aefd488057a2b

SHA512
b5aff78514ef015484bb25aca424d93e3440431db8fe88feade8b6b323249c7e7078d4ae9c088a1cccf8a137dfb455ddc9f3fff4f648b9330e9e54b0065c458e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
313da5b136d8a28dfab6e3e46d2c6cce

SHA1
cd822964c92eddb83425db0ae4a7f2a530d6b5c3

SHA256
84336c39cf150d73c3d23e497ce49bb63395b1c09ded3e16242b0b8c0b365bd7

SHA512
457fa9042ea9b500bd507f62937b8818b978fb80123f79cabbf736096d7af14dd62f42406b470c4943ca38bd33fe4d0510017ce7ace38dc94dc0958185701d83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b79a4d1d78c0a3edc114a27783d06180

SHA1
434e462a330f533d1188391cb9a630a44fcf2df7

SHA256
9eeb08529bbb67127af160e2e4a83fa76724b576828f8e5b428c0b5389267bcb

SHA512
9e4a0176bd05305c86552c0408c27d46bdbcf94881dced250115ad427414ce1aedbf2fe7475a633a01e5ff964895d6fd55ba2ed23674a4a69dd67f2e7e9dad49

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4ad738a1d5a76fcba512be5ab7aec852

SHA1
66b3f7cd78273a64d2fc3ffc063f6eaf232d465f

SHA256
b6f709d2bd8cb55498a5d058165d605331fa9888f6b39a999923bd07f0b725f1

SHA512
1f4ee865207bc2584cdc1abdd12bc8f628387d2b0bb10a91cb6c35bfdaeecf1ae336ac5aef86e7b096796ffca18fda814a164356864c2c4fb390a8cdaa8ae9cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f509194f801790cd9724f2c9933f5014

SHA1
1bd23ac4a1ba7f1401d66c5e0c839f85ee4f9b67

SHA256
e3a1fffb507c903ea60da71b9d70dc132977626426c6829109efd26b66f210c7

SHA512
658678bfd2f2d75878609f82afb3f6f0082f7da66d975d4506987cc972bcdc1bdd9133c87e70c55966602d3292583a77dc8680a61810ef2b80a8ca4edbd95f24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
90cb9a606a6b8a8aa0b864c57e52a59e

SHA1
8d00b014f84b806ae86900a42222d2e0f4c6515a

SHA256
609fc4940311731d194306aaf6177a7700a37899f13ee6e46bd3bfe6e46fad97

SHA512
87b6d872ade628fb50cefe1ff5afeece1a699a84f6132f02a4bc501e04ee6acd2991e21e5b965101969c8f4ffaf920ce0025e74b6402ae0211b1b58e72c2e247

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a5bcddd4546b6d73fac29c81d6546044

SHA1
c7d7b72e75c7b07d9085134fb963150cc678add2

SHA256
d3daa51fa4e8ce6618da747687c673d3dec3002558ccda951deebe90376a35b0

SHA512
1b42afb8d09a0f1f59b14cc1a47247432010530b2e976f5b9d2a887d1074080421ba8f7f78588f9679f4436190c91a7c2a35907f42ca318f128051111c43bc02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e6a674ce82fa60d2f626a42cbbfbc0de

SHA1
23b6a79775b1e326cae3260a7c907544ac6bdd47

SHA256
121e982395f44350de463508f1a5e35b980e337db3d1eda15b01acda4828c1a1

SHA512
b1afb10640c0c148d4a75e19738a4f6b33dd2fed6f0155f5fef4f25edddab43ba50dcde84fbbf4ac8c20c360c52ee03432e0b21ab29fc5f22330a76a50559661

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e79837ab377d2b48f8a5bf0e78fa25fd

SHA1
1773fe08bf11e10e81d576d8dc6cc3f076a35a1b

SHA256
83610b50bb7c8e6f6737a580921e6c802f886ff39d0715ae3006815d0b5c7dab

SHA512
528a68632fe77137200c5a5b3402d120bc5f479168963c0c7fcc7ad9afc198fe62fac0a57fec82203475c0fad96623aec21f341250563c0212dddf503da96670

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
7b0aeef9d03d889a25214fcad488a05e

SHA1
e7978cb1f51802f2bd98e9ed9aa434a3fc67835d

SHA256
9ca6f462163ff6021af82bb2cb0bc196ff87c77bd2eda4c308faba813a81d4d0

SHA512
beb5906d1dffdf859e497142ea3d548087ebd24a5015cbdc3f75418651360db080c64eaea1e52d230eb1237f75989b1574748995c42f34ce798f124ac22e6775

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
64e692ee4e71ab183479fb68d35c1546

SHA1
be24904bf4675af831deb5b40b1810b8095da309

SHA256
b566785b389c451b6052d8ceb197c9175bc8fe8398aed7e9ce74c79d62f83945

SHA512
9410ace0307d9149764f53422adcae37f4ac1139ae89da00640e5b875d29527c4193aece936a60cc0305e6d877e7029aec850105f696df7ad59442d1acc95c41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6af411087cf28ddefb64236ae56247d2

SHA1
b928362334fc87fc7bb2dfdd4c4e2cb711ff7bb7

SHA256
06d3ac9333a49e3ceb8ff6492af9d6cfba67cc3ae32025b387d2aa9f768e06ea

SHA512
4c2a91bdc23e5e84165a1bc84bb2c3b248f202f52378605b19328090d413c8eb13e7a3145bb8f29b15b9fc5921e28a3e1bd7e660635a111ba773f106abf19f1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
511d32dbe1b5fbd122ae443e85a9a0a4

SHA1
8fb84bcae9a2a902f2be5185afb71ad3ab58c12b

SHA256
23e0a5db82c881a854c92c6c1274a05beb5d9f699577a998cbd3d3678b6d72f8

SHA512
f4acb916e161bbef951a6bd3f875e2c6f32dcc39e1584add493636d005aaf9072af383a2a3b9a6cb003f34deb3d8af0a625af53b2a80f77a000e71e7014fac8f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6b67cf541f95979356ed26ceb0f2527b

SHA1
4eca177a74e495c66bcd0108aee7b542bac1e43e

SHA256
4974dfa2ede36cf09d451af070c0f974bd82f6984c9de7c0c027d2438b156acb

SHA512
b81247d7eb794e46a3facd079a8bdf757e92931951c8b021c1b390179e52257a1ed9082dabeb672184a8f5e70318e65e2e7389d669d7b757b68f1a3df2397d1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b76a66afedad96fe1a9bf6964c462ffa

SHA1
c9bf1071c471290c3531e978822b139a7ac455bd

SHA256
85249cf7efb96c6abd1cf5e380efab8e57caca11311109947a627e38a07e4669

SHA512
32e8a51d625e66ee45877ec69c6b941bb0cab4a26eea8e138fa21e7ce66600b8b784905d17198cebf43cb3031a8ad8a7c4e260045459fbfe9f9208287b1fac81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
a9797dc5e88dc13b9bcdd04043703003

SHA1
b72c5ae8d92f326367cab843e3c8c3a82ca20bf8

SHA256
b2890790de4ff8a29d7ef2488b6a9524f0ee1aa3192f132ef9519d9a95eb40af

SHA512
4808eaa930934c11da209165f80d197c99d0a696857eaf3c00e087c392a8c015b28baea89ea19ffc72cb5c838def6c93b69627dc987e1e8ce395aacb22ad036a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e622bda1c06e7193fef3e4bdd0ee192f

SHA1
952a83c464773e419cae419696a954d095861adc

SHA256
ae62e2ce984d9d11ddb742447c9f25ba7e5937b779228241f691524de156c0de

SHA512
1430cf42c844b755fdcc22ac9b34eb551094f0247d79eaf80daa9f6600431c1fa583353c50ab16a55e8e328e75dbd67ca1a260a8801d8b72033bda7b2c6e5660

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
dd4689745d2e25b75999d0fcc31a38db

SHA1
cfb69acb3900ed60d5514ba929f46a05fa1e6441

SHA256
75224248ef0dfc0576d242c50010a7e640714bd891de90303c6515eba668e247

SHA512
704c6f3b18fbaa5bed0692d7ba27639e16999f9b7ee3e845a9817ca0cf88ff5ab6c24c5a9d44bca7186b104164e6701c9568a2acb1473088dc2d16bd0e295c8d

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
817KB

MD5
74e3a4384b66904fe0356cdaa482d0f6

SHA1
2a8d5a983a4f993a0ccabacc90acb47a9a41e804

SHA256
be0909b607998ca4d1f62db7182aa2101673d14899b28a1a355eeafd19bcdd90

SHA512
ac11f6185f9c262640ac35bccf6536cfd4e02ae18114cbb6db8c3ed23d373e02dc77406225d623de265724aa368bb7c524af227d4a31fd8a6067379efeca6c37

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.exe

Filesize
861KB

MD5
cdd62e7431979b1eac55d88feb99d5c4

SHA1
700af8672befa8f68b3f274ee6ec6d309a46b842

SHA256
4e4868b892c64be07626bfcd89814152df9d6e3a670984806c1fe71760fa7380

SHA512
5f37deb4cee7855f56f1eb8671a83612607fb499d715ee0b83954bdeab513bda2a9b05cd63382662a8f8b983823f8b2aaef878a8a35d9b767af78de7453e8cfa

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
860KB

MD5
7463420a02870fbc6318386de4786dde

SHA1
20f763fbbb4fc322939d225b764a230e38808932

SHA256
551bc49b5bb9a078a63d0241f068f2b88cd55a294be05bca5618c5615d3a61f3

SHA512
94aa58f9c6439170fea4c911423b162a8939cadf9cde69f5264e4d3fd15f8fb850590dd7a7056284a8b5a17310425a90541f9d3912de86b03a674c6265f1ce3e

Download Submit
memory/4364-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-122-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-70-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-142-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-182-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-80-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-130-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-0-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4364-112-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-152-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-90-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-170-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-102-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4364-162-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-91-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-171-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-60-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-103-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-50-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-61-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/4700-113-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-123-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-153-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-81-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-5-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/4700-143-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-183-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-71-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4700-131-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download