Overview

overview

10

Static

static

3

yfga_game.exe

windows7-x64

10

yfga_game.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    412s
  • max time network
    307s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yfga_game.exe

  • Size

    46.3MB

  • MD5

    14b51172d4f9f29c2478c8316b4cc5dd

  • SHA1

    fe9f4e65ffd203192859988e232407b62d2dfd61

  • SHA256

    b504f25f7354744305e326bf74567fff4021bcdf54e30d69e4404b3fa4d2eaaf

  • SHA512

    cff063623701d5d0e7f960f08da81731821a8427fa45c88affc6adc46828fabbb526fa41c58d180604b98f0e7d56f6bda6cc1eb30f2224106f44471e18537a16

  • SSDEEP

    786432:G7Ud58tChs1g2uzRL7KPB8NUc3sXEPeEwkHYvgctIKpJZXnfsrQl92Z3tHDUOsj1:yt96576B0HkGUvgcaKpDPBl92HHDdsGy

Score
10/10
aspackv2discoveryevasionexploitpersistenceransomwareupx

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Drops file in Drivers directory 62 IoCs
  • Manipulates Digital Signatures 4 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Possible privilege escalation attempt 6 IoCs
    exploit
  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies file permissions 1 TTPs 6 IoCs
    discovery
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 39 IoCs
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 54 IoCs
  • Delays execution with timeout.exe 7 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Kills process with taskkill 7 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Runs regedit.exe 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 8 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\yfga_game.exe
    "C:\Users\Admin\AppData\Local\Temp\yfga_game.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\YFGA.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskManager" /t REG_DWORD /d 1
        3⤵
          PID:3680
        • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\screenscrew.exe
          screenscrew.exe
          3⤵
          • Executes dropped EXE
          PID:5080
        • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\flasher.exe
          flasher.exe
          3⤵
          • Executes dropped EXE
          PID:2716
        • C:\Windows\SysWOW64\takeown.exe
          takeown C:\Windows\System32\logonui.exe Admin
          3⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:2996
        • C:\Windows\SysWOW64\icacls.exe
          icacls C:\Windows\System32\logonui.exe Grant:\Admin
          3⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:5048
        • C:\Windows\SysWOW64\takeown.exe
          takeown C:\Windows\System32\calc.exe Admin
          3⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:2032
        • C:\Windows\SysWOW64\icacls.exe
          icacls C:\Windows\System32\calc.exe Grant:\Admin
          3⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:5092
        • C:\Windows\SysWOW64\xcopy.exe
          xcopy calc.exe C:\Windows\System32\calc.exe /-y
          3⤵
          • Enumerates system info in registry
          PID:4528
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /K hydra.cmd
          3⤵
          • Checks computer location settings
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:4540
          • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\jokewarehydra.exe
            jokewarehydra.exe
            4⤵
            • Executes dropped EXE
            • Suspicious use of FindShellTrayWindow
            PID:1344
          • C:\Windows\SysWOW64\WScript.exe
            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\annoy3.vbs"
            4⤵
              PID:4836
          • C:\Windows\SysWOW64\takeown.exe
            takeown C:\Windows\Boot\Fonts\* Admin
            3⤵
            • Possible privilege escalation attempt
            • Modifies file permissions
            PID:452
          • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\walliant.exe
            walliant.exe
            3⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:1452
            • C:\Users\Admin\AppData\Local\Temp\is-QT4D2.tmp\walliant.tmp
              "C:\Users\Admin\AppData\Local\Temp\is-QT4D2.tmp\walliant.tmp" /SL5="$70064,4511977,830464,C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\walliant.exe"
              4⤵
              • Executes dropped EXE
              PID:2432
          • C:\Windows\SysWOW64\icacls.exe
            icacls C:\Windows\Boot\Fonts\* Grant:\Admin
            3⤵
            • Possible privilege escalation attempt
            • Modifies file permissions
            PID:2124
          • C:\Windows\SysWOW64\xcopy.exe
            xcopy C:\Windows\Fonts\seguisym.ttf C:\Windows\Boot\Fonts\segoe_slboot.ttf /-y
            3⤵
            • Enumerates system info in registry
            PID:1572
          • C:\Windows\SysWOW64\reg.exe
            reg import reg.reg
            3⤵
            • Sets desktop wallpaper using registry
            PID:3848
          • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\YouAreAnIdiot.exe
            youareanidiot.exe
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1328
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 1580
              4⤵
              • Program crash
              PID:3888
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /f /im fontdrvhost.exe
            3⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:2212
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /f /im TextInputhost.exe
            3⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1924
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /f /im explorer.exe
            3⤵
            • Kills process with taskkill
            PID:1200
          • C:\Windows\SysWOW64\timeout.exe
            timeout 5
            3⤵
            • Delays execution with timeout.exe
            PID:4784
          • C:\Windows\SysWOW64\shutdown.exe
            shutdown /r /t 30000 /c "HAHA I HACKED YOU AYFGA ROCKS YOU"
            3⤵
              PID:1648
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /K spam.bat "forkbomb" /min
              3⤵
                PID:2680
              • C:\Windows\SysWOW64\timeout.exe
                timeout 5
                3⤵
                • Delays execution with timeout.exe
                PID:4372
              • C:\Windows\SysWOW64\shutdown.exe
                shutdown /a
                3⤵
                  PID:4468
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 2
                  3⤵
                  • Delays execution with timeout.exe
                  PID:4948
                • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\win7recovery.exe
                  win7recovery.exe
                  3⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • Modifies Internet Explorer settings
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:2508
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 684
                    4⤵
                    • Program crash
                    PID:4252
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 980
                    4⤵
                    • Program crash
                    PID:3236
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 988
                    4⤵
                    • Program crash
                    PID:4220
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 984
                    4⤵
                    • Program crash
                    PID:2796
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1008
                    4⤵
                    • Program crash
                    PID:3848
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1048
                    4⤵
                    • Program crash
                    PID:836
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1056
                    4⤵
                    • Program crash
                    PID:3168
                  • C:\ProgramData\WbVhxCIDDK.exe
                    "C:\ProgramData\WbVhxCIDDK.exe"
                    4⤵
                    • Modifies visiblity of hidden/system files in Explorer
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2128
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 504
                      5⤵
                      • Program crash
                      PID:4812
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 588
                      5⤵
                      • Program crash
                      PID:1268
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 620
                      5⤵
                      • Program crash
                      PID:1228
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 512
                      5⤵
                      • Program crash
                      PID:4940
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 604
                      5⤵
                      • Program crash
                      PID:3768
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 604
                      5⤵
                      • Program crash
                      PID:2996
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 728
                      5⤵
                      • Program crash
                      PID:3952
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 720
                      5⤵
                      • Program crash
                      PID:3964
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 720
                      5⤵
                      • Program crash
                      PID:5076
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 916
                      5⤵
                      • Program crash
                      PID:2820
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1172
                      5⤵
                      • Program crash
                      PID:4780
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "C:\Users\Admin\*.* " /s /d
                      5⤵
                      • Drops desktop.ini file(s)
                      • Views/modifies file attributes
                      PID:1572
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "C:\ProgramData\Microsoft\Windows\Start Menu\*.* " /s /d
                      5⤵
                      • Views/modifies file attributes
                      PID:1628
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "C:\*.*" /s /d
                      5⤵
                      • Drops file in Drivers directory
                      • Manipulates Digital Signatures
                      • Drops desktop.ini file(s)
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      • Drops file in Windows directory
                      • Views/modifies file attributes
                      PID:2444
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "F:\*.*" /s /d
                      5⤵
                      • Views/modifies file attributes
                      PID:1620
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1312
                      5⤵
                      • Program crash
                      PID:4376
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1320
                      5⤵
                      • Program crash
                      PID:1936
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 696
                      5⤵
                      • Program crash
                      PID:1228
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1344
                      5⤵
                      • Program crash
                      PID:4448
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1356
                      5⤵
                      • Program crash
                      PID:4872
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1312
                      5⤵
                      • Program crash
                      PID:4852
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "C:\Users\Admin\*.* " /s /d
                      5⤵
                      • Drops desktop.ini file(s)
                      • Views/modifies file attributes
                      PID:1164
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "C:\ProgramData\Microsoft\Windows\Start Menu\*.* " /s /d
                      5⤵
                      • Views/modifies file attributes
                      PID:1972
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "C:\*.*" /s /d
                      5⤵
                      • Drops file in Drivers directory
                      • Manipulates Digital Signatures
                      • Drops desktop.ini file(s)
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      • Drops file in Windows directory
                      • Views/modifies file attributes
                      PID:4312
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib +h "F:\*.*" /s /d
                      5⤵
                      • Views/modifies file attributes
                      PID:5084
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1212
                    4⤵
                    • Program crash
                    PID:2792
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1496
                    4⤵
                    • Program crash
                    PID:4948
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1580
                    4⤵
                    • Program crash
                    PID:3544
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1780
                    4⤵
                    • Program crash
                    PID:1684
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1420
                    4⤵
                    • Program crash
                    PID:1932
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1844
                    4⤵
                    • Program crash
                    PID:456
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2052
                    4⤵
                    • Program crash
                    PID:2816
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2192
                    4⤵
                    • Program crash
                    PID:4152
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1084
                    4⤵
                    • Program crash
                    PID:3012
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1560
                    4⤵
                    • Program crash
                    PID:4592
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1384
                    4⤵
                    • Program crash
                    PID:952
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1292
                    4⤵
                    • Program crash
                    PID:208
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 988
                    4⤵
                    • Program crash
                    PID:828
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1012
                    4⤵
                    • Program crash
                    PID:3656
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2204
                    4⤵
                    • Program crash
                    PID:4208
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1304
                    4⤵
                    • Program crash
                    PID:2708
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1020
                    4⤵
                    • Program crash
                    PID:4372
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1548
                    4⤵
                    • Program crash
                    PID:3616
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2256
                    4⤵
                    • Program crash
                    PID:868
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2204
                    4⤵
                    • Program crash
                    PID:4088
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2268
                    4⤵
                    • Program crash
                    PID:4360
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2276
                    4⤵
                    • Program crash
                    PID:1288
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 2028
                    4⤵
                    • Program crash
                    PID:4536
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1516
                    4⤵
                    • Program crash
                    PID:220
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1996
                    4⤵
                    • Program crash
                    PID:4540
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1912
                    4⤵
                    • Program crash
                    PID:1800
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1776
                    4⤵
                    • Program crash
                    PID:3456
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 376
                    4⤵
                    • Program crash
                    PID:1496
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1952
                    4⤵
                    • Program crash
                    PID:4796
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im WScript.exe
                  3⤵
                  • Kills process with taskkill
                  PID:2936
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 12
                  3⤵
                  • Delays execution with timeout.exe
                  PID:3632
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 1
                  3⤵
                  • Delays execution with timeout.exe
                  PID:712
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im explorer.exe
                  3⤵
                  • Kills process with taskkill
                  PID:1844
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im taskmgr.exe
                  3⤵
                  • Kills process with taskkill
                  PID:4896
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im WScript.exe
                  3⤵
                  • Kills process with taskkill
                  PID:3600
                • C:\Windows\SysWOW64\shutdown.exe
                  shutdown /a
                  3⤵
                    PID:4344
                  • C:\Windows\SysWOW64\timeout.exe
                    timeout 1
                    3⤵
                    • Delays execution with timeout.exe
                    PID:220
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /K bloatware.cmd
                    3⤵
                      PID:2056
                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\useroverflow.exe
                      useroverflow.exe
                      3⤵
                      • Executes dropped EXE
                      PID:516
                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\programoverflow.exe
                      programoverflow.exe
                      3⤵
                      • Executes dropped EXE
                      PID:2440
                    • C:\Windows\SysWOW64\notepad.exe
                      notepad.exe
                      3⤵
                        PID:3068
                      • C:\Windows\SysWOW64\regedit.exe
                        regedit.exe
                        3⤵
                        • Runs regedit.exe
                        PID:872
                      • C:\Windows\SysWOW64\mspaint.exe
                        mspaint.exe
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        PID:1324
                      • C:\Windows\SysWOW64\charmap.exe
                        charmap.exe
                        3⤵
                          PID:3348
                        • C:\Windows\SysWOW64\timeout.exe
                          timeout 21
                          3⤵
                          • Delays execution with timeout.exe
                          PID:2996
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1328 -ip 1328
                      1⤵
                        PID:3824
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2508 -ip 2508
                        1⤵
                          PID:1720
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2508 -ip 2508
                          1⤵
                            PID:2060
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                            1⤵
                              PID:1448
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2508 -ip 2508
                              1⤵
                                PID:4584
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2508 -ip 2508
                                1⤵
                                  PID:2984
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2508 -ip 2508
                                  1⤵
                                    PID:1572
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2508 -ip 2508
                                    1⤵
                                      PID:4724
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2508 -ip 2508
                                      1⤵
                                        PID:1552
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2508 -ip 2508
                                        1⤵
                                          PID:2256
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2128 -ip 2128
                                          1⤵
                                            PID:2192
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2508 -ip 2508
                                            1⤵
                                              PID:4372
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2508 -ip 2508
                                              1⤵
                                                PID:2560
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2508 -ip 2508
                                                1⤵
                                                  PID:4576
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2508 -ip 2508
                                                  1⤵
                                                    PID:1196
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2508 -ip 2508
                                                    1⤵
                                                      PID:5100
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2508 -ip 2508
                                                      1⤵
                                                        PID:1436
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2508 -ip 2508
                                                        1⤵
                                                          PID:1568
                                                        • C:\Windows\system32\fontdrvhost.exe
                                                          "fontdrvhost.exe"
                                                          1⤵
                                                            PID:4776
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2508 -ip 2508
                                                            1⤵
                                                              PID:3488
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2128 -ip 2128
                                                              1⤵
                                                                PID:1568
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2508 -ip 2508
                                                                1⤵
                                                                  PID:1740
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2508 -ip 2508
                                                                  1⤵
                                                                    PID:4784
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2508 -ip 2508
                                                                    1⤵
                                                                      PID:512
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2128 -ip 2128
                                                                      1⤵
                                                                        PID:4068
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2128 -ip 2128
                                                                        1⤵
                                                                          PID:3096
                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2128 -ip 2128
                                                                          1⤵
                                                                            PID:4052
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2128 -ip 2128
                                                                            1⤵
                                                                              PID:2708
                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2128 -ip 2128
                                                                              1⤵
                                                                                PID:4572
                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2128 -ip 2128
                                                                                1⤵
                                                                                  PID:3548
                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2128 -ip 2128
                                                                                  1⤵
                                                                                    PID:1156
                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2128 -ip 2128
                                                                                    1⤵
                                                                                      PID:1408
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2128 -ip 2128
                                                                                      1⤵
                                                                                        PID:3552
                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2508 -ip 2508
                                                                                        1⤵
                                                                                          PID:3596
                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2128 -ip 2128
                                                                                          1⤵
                                                                                            PID:4928
                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2508 -ip 2508
                                                                                            1⤵
                                                                                              PID:4560
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2508 -ip 2508
                                                                                              1⤵
                                                                                                PID:748
                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2128 -ip 2128
                                                                                                1⤵
                                                                                                  PID:1844
                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2128 -ip 2128
                                                                                                  1⤵
                                                                                                    PID:4556
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2508 -ip 2508
                                                                                                    1⤵
                                                                                                      PID:3648
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2128 -ip 2128
                                                                                                      1⤵
                                                                                                        PID:3952
                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2128 -ip 2128
                                                                                                        1⤵
                                                                                                          PID:4144
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2128 -ip 2128
                                                                                                          1⤵
                                                                                                            PID:1688
                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2508 -ip 2508
                                                                                                            1⤵
                                                                                                              PID:3668
                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2508 -ip 2508
                                                                                                              1⤵
                                                                                                                PID:3264
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2508 -ip 2508
                                                                                                                1⤵
                                                                                                                  PID:2760
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2508 -ip 2508
                                                                                                                  1⤵
                                                                                                                    PID:4904
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2508 -ip 2508
                                                                                                                    1⤵
                                                                                                                      PID:4736
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2508 -ip 2508
                                                                                                                      1⤵
                                                                                                                        PID:4464
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2508 -ip 2508
                                                                                                                        1⤵
                                                                                                                          PID:824
                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2508 -ip 2508
                                                                                                                          1⤵
                                                                                                                            PID:4400
                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2508 -ip 2508
                                                                                                                            1⤵
                                                                                                                              PID:4388
                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2508 -ip 2508
                                                                                                                              1⤵
                                                                                                                                PID:732
                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2508 -ip 2508
                                                                                                                                1⤵
                                                                                                                                  PID:4560
                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2508 -ip 2508
                                                                                                                                  1⤵
                                                                                                                                    PID:1716
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2508 -ip 2508
                                                                                                                                    1⤵
                                                                                                                                      PID:3224

                                                                                                                                    Network

                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                    Replay Monitor

                                                                                                                                    Loading Replay Monitor...

                                                                                                                                    Downloads

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5G8JI3LV\531-direct[1].htm
                                                                                                                                      Filesize

                                                                                                                                      114B

                                                                                                                                      MD5

                                                                                                                                      e89f75f918dbdcee28604d4e09dd71d7

                                                                                                                                      SHA1

                                                                                                                                      f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

                                                                                                                                      SHA256

                                                                                                                                      6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

                                                                                                                                      SHA512

                                                                                                                                      8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Adobe_Flash_Player.exe
                                                                                                                                      Filesize

                                                                                                                                      114B

                                                                                                                                      MD5

                                                                                                                                      d725d85cc5f30c0f695b03a9e7d0c4c0

                                                                                                                                      SHA1

                                                                                                                                      131b68adcddb7ff3b3ce9c34c5277eb5d673f610

                                                                                                                                      SHA256

                                                                                                                                      4d4588c42fa8df0ea45ad48aca4511bb4286f0deaa41fdf188c3b7ab9e1b698a

                                                                                                                                      SHA512

                                                                                                                                      01f270a15aa10e60e14ac140ccb54e38cf8e57833ef1c0db7d36688a93ecdc0a59ecf9ead9366a5920faac7e28a2e0ee03759eb0fa92d455abc72f406fe8775b

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\is-5401N.tmp\_isetup\_setup64.tmp
                                                                                                                                      Filesize

                                                                                                                                      6KB

                                                                                                                                      MD5

                                                                                                                                      e4211d6d009757c078a9fac7ff4f03d4

                                                                                                                                      SHA1

                                                                                                                                      019cd56ba687d39d12d4b13991c9a42ea6ba03da

                                                                                                                                      SHA256

                                                                                                                                      388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

                                                                                                                                      SHA512

                                                                                                                                      17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\is-QT4D2.tmp\walliant.tmp
                                                                                                                                      Filesize

                                                                                                                                      2.5MB

                                                                                                                                      MD5

                                                                                                                                      62e5dbc52010c304c82ada0ac564eff9

                                                                                                                                      SHA1

                                                                                                                                      d911cb02fdaf79e7c35b863699d21ee7a0514116

                                                                                                                                      SHA256

                                                                                                                                      bd54ad7a25594dc823572d9b23a3490ff6b8b1742a75e368d110421ab08909b2

                                                                                                                                      SHA512

                                                                                                                                      b5d863ea38816c18f7778ef12ea4168ceb0dae67704c0d1d4a60b0237ca6e758c1dfc5c28d4fc9679b0159de25e56d5dfff8addacd7a9c52572674d90c424946

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                                                                                                      Filesize

                                                                                                                                      5KB

                                                                                                                                      MD5

                                                                                                                                      3d0abc5db28a548a715a24d6c5bf9158

                                                                                                                                      SHA1

                                                                                                                                      fcb85475692c6fe339f8d7605fee5b96c6795c4f

                                                                                                                                      SHA256

                                                                                                                                      107d40225e12a7cdf7d9d18717b4a252c50e45965392e573a4677299b640c8a2

                                                                                                                                      SHA512

                                                                                                                                      604562d6bd6fd136aacab54fea6d51c53834edcdad2499a65b5a5eb94038434308909b750f7838c7b43c9efbf3ce16e400449c0d100387ec1f6f54ddd787e4f8

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                                                                                                      Filesize

                                                                                                                                      5KB

                                                                                                                                      MD5

                                                                                                                                      ae681a8068e875eb4d226a0cd01b6f45

                                                                                                                                      SHA1

                                                                                                                                      532b71536a869e975be767ccd256439d109f97c6

                                                                                                                                      SHA256

                                                                                                                                      7f19230562267b38abb9d4a0f1d175aa5ded4b1dc0ae751d044fdf914c6e36d9

                                                                                                                                      SHA512

                                                                                                                                      10e2d0ddc4eedb645e32ff0ad78b5fe5ccc89112c03d7f57d7745d1a5e8126c1620cd30087aa890c0e1dbfe4e342f00c171affc4b9f414834893b94feb1e72f0

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\AxInterop.ShockwaveFlashObjects.dll
                                                                                                                                      Filesize

                                                                                                                                      17KB

                                                                                                                                      MD5

                                                                                                                                      451112d955af4fe3c0d00f303d811d20

                                                                                                                                      SHA1

                                                                                                                                      1619c35078ba891091de6444099a69ef364e0c10

                                                                                                                                      SHA256

                                                                                                                                      0d57a706d4e10cca3aed49b341a651f29046f5ef1328878d616be93c3b4cbce9

                                                                                                                                      SHA512

                                                                                                                                      35357d2c4b8229ef9927fa37d85e22f3ae26606f577c4c4655b2126f0ecea4c69dae03043927207ca426cc3cd54fc3e72124369418932e04733a368c9316cf87

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\Interop.ShockwaveFlashObjects.dll
                                                                                                                                      Filesize

                                                                                                                                      21KB

                                                                                                                                      MD5

                                                                                                                                      e869d1d4545c212d9068a090a370ded3

                                                                                                                                      SHA1

                                                                                                                                      a6a92f108bba390cd14e7103ba710efec1d270f9

                                                                                                                                      SHA256

                                                                                                                                      63af704211a03f6ff6530ebfca095b6c97636ab66e5a6de80d167b19c3c30c66

                                                                                                                                      SHA512

                                                                                                                                      ee108b0ebefb476c5beb568129da7ce058229fb42ad3500c6fc37a36d718eb67a17b331d73f6920a5290c3977be2eda96aa057533c3344898d161cb464c6ef76

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\YFGA.bat
                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      811ef8f7697b43732afc1e72f608c7ff

                                                                                                                                      SHA1

                                                                                                                                      94d74eee87d85af865ac53380826f4bb38218866

                                                                                                                                      SHA256

                                                                                                                                      05551370b7975f4007a165469981820be03376e0cc75b0144c0295b28a9326df

                                                                                                                                      SHA512

                                                                                                                                      86d32ba942486ddb6b0ffe44dc2f6bae982367903459fb07bcce070cd624ec3c311a38b3ab0804011f162c22867a7615afe46e71780cd7c69adc6b12040d5310

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\YouAreAnIdiot.exe
                                                                                                                                      Filesize

                                                                                                                                      424KB

                                                                                                                                      MD5

                                                                                                                                      e263c5b306480143855655233f76dc5a

                                                                                                                                      SHA1

                                                                                                                                      e7dcd6c23c72209ee5aa0890372de1ce52045815

                                                                                                                                      SHA256

                                                                                                                                      1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

                                                                                                                                      SHA512

                                                                                                                                      e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\annoy.vbs
                                                                                                                                      Filesize

                                                                                                                                      50B

                                                                                                                                      MD5

                                                                                                                                      3167d161336cbd296dc579d2295b0f22

                                                                                                                                      SHA1

                                                                                                                                      53253e5841e6a7a7a1b8bd08378af0a96b2f9a98

                                                                                                                                      SHA256

                                                                                                                                      307879bf0d9bec07bab240b5010434801fbee520c99c5a617e8ac630f42dde80

                                                                                                                                      SHA512

                                                                                                                                      62af8fa0c9a30ec6aa9b552fcac1879af1f00f5ceb48a77718b2a8e042e3524e2cd299f26fcde31ad8abf2dcb94d15cf45ecbce0bd5f9f93f44aca6327aa53ea

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\annoy2.vbs
                                                                                                                                      Filesize

                                                                                                                                      44B

                                                                                                                                      MD5

                                                                                                                                      9a2ccbd3e2f1a2382fed7674c28dd086

                                                                                                                                      SHA1

                                                                                                                                      b466bdd2079575c938de65285f02739143ecb170

                                                                                                                                      SHA256

                                                                                                                                      4519cd5997afce27129ef943f121972f7b0b34aa018e4dd408892fc5c39bb59e

                                                                                                                                      SHA512

                                                                                                                                      8929493211c17a8e99b908a8305dbebe2d96e1b54426e89ddba84c2010a86d7f6d0983080f29fa1ab7a0687d536c0546278b9fffe4560d84e4012f243f344d78

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\annoy3.vbs
                                                                                                                                      Filesize

                                                                                                                                      56B

                                                                                                                                      MD5

                                                                                                                                      19cf22e8d63e787913b6617542211e19

                                                                                                                                      SHA1

                                                                                                                                      8c3d2f43025e5c4ef70e0c4d1f36692361f51b1f

                                                                                                                                      SHA256

                                                                                                                                      dbec312d736f8a56f94ace99986d95d4355ef644a2fd908da1ff4c8b0a003979

                                                                                                                                      SHA512

                                                                                                                                      8b9d192dd7f175e63aebcdfc8426876fa8bf3ae00d3cf10bb8fcf0d0c262b906de28784f5b97141f656e87bb548d343b8d5a127c06ecb407289e91f3fc199608

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\OperaSetup.exe
                                                                                                                                      Filesize

                                                                                                                                      2.0MB

                                                                                                                                      MD5

                                                                                                                                      2d183522f195d563fe2a732363b8f757

                                                                                                                                      SHA1

                                                                                                                                      8b4ba6716e8e635b2b35ee64134784c788fa1b0e

                                                                                                                                      SHA256

                                                                                                                                      4b6d2615f53454076b996a91473287e5fc882ce266933cfbe815a63477ed8407

                                                                                                                                      SHA512

                                                                                                                                      2c37e38214ed90d21345a8675424cfe3086cce34acd19972081479946c541b747b97cc722910189f9b5e7e8bcd56de0b2326407b3008de6763c40366ceffc67b

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\bewidgets.exe
                                                                                                                                      Filesize

                                                                                                                                      843KB

                                                                                                                                      MD5

                                                                                                                                      ff508ab78289efa35e67a05d6cc20717

                                                                                                                                      SHA1

                                                                                                                                      174f616661b53371fe93fa5cc4ec4b6e233abb43

                                                                                                                                      SHA256

                                                                                                                                      eca41ee73faaa7e85ecf4d4c6d4df0e078c36c6554f25142b5e68b2b6cf68272

                                                                                                                                      SHA512

                                                                                                                                      f94fd558e34589c8b0f3da7d20bbb404c4dc6e560aabc5f7e702cdf6a6b8a7870d63d8fb667f6324461ed37c32f6ff8abb0cee65317c6ad745e61c1fc7c80811

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\bloatware.cmd
                                                                                                                                      Filesize

                                                                                                                                      140B

                                                                                                                                      MD5

                                                                                                                                      85960c66edf9a8db4e5a17d9f15b6ae3

                                                                                                                                      SHA1

                                                                                                                                      fb27f19a4e8f55dc2c77d7570d472e8df801531b

                                                                                                                                      SHA256

                                                                                                                                      81a20f21135c05252a3dd2042ff39bf044624c79f6d9ec9fd412a8c9b38d83a3

                                                                                                                                      SHA512

                                                                                                                                      c8b81cb4901039c5ac26bbf2e98b40db60bfd6ab37d7abbc030d1ba11f78485a148935539c09c2cb5c983f14d66b0fdd9d49c138a1340690b2aa69de35d4975f

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\fontcreator.exe
                                                                                                                                      Filesize

                                                                                                                                      25.2MB

                                                                                                                                      MD5

                                                                                                                                      14cebb6187a53864094293d616e9af4d

                                                                                                                                      SHA1

                                                                                                                                      47b89d897f432002520fb4a9c0c862df45257d36

                                                                                                                                      SHA256

                                                                                                                                      1e3cf9b81993ca63c3da99c4ec29d8826d5ac65be4088b4e4fd52f11224be96c

                                                                                                                                      SHA512

                                                                                                                                      f4bc7cb3f602ac686485ee5b23a856b49ce3e3b73325cc520a728a723d014785f2091905f676312ee7826740f184b074458a31018d3c7d27a6ce2a219643195a

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\iconchanger.exe
                                                                                                                                      Filesize

                                                                                                                                      1.1MB

                                                                                                                                      MD5

                                                                                                                                      3b89914c7bfe5487af38f7bd8dc31bb5

                                                                                                                                      SHA1

                                                                                                                                      7204cce974e02495f58731e961e4cdc49a2f1ef3

                                                                                                                                      SHA256

                                                                                                                                      14068d0948dfeedc5908573fcaa2704536faa8b0fbea8caac61b9fb264cc204d

                                                                                                                                      SHA512

                                                                                                                                      73735b965a0c948a4126bad31ea54fb4aa31b2c8877ab772f7596a27e821be9f6bba17ddbb9f4e87c6c70bba93375277008e4fa354bf1504e1cd2b9b190d45f8

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\pixelsee.exe
                                                                                                                                      Filesize

                                                                                                                                      4.8MB

                                                                                                                                      MD5

                                                                                                                                      39490d6ae5b10a8cdffecd71d05141dd

                                                                                                                                      SHA1

                                                                                                                                      450da6260c6817aca8d9444831a48439ba45785c

                                                                                                                                      SHA256

                                                                                                                                      a9427d47bf1cfadd009990ca09feb2af88823f5908b17e2afa70c8c49c95b3eb

                                                                                                                                      SHA512

                                                                                                                                      7ffb9cb6a53cf233b6ff396eeb6193e683aed75001b3f73a1bbadaeec3ff7dcbce9b7e215d1743a4374e488185b824b90dde4afe93a8d93608b6340af07c14fb

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\bloatware\qtranslate.exe
                                                                                                                                      Filesize

                                                                                                                                      908KB

                                                                                                                                      MD5

                                                                                                                                      e23ffecb44c814aaa4708d56ab5b144b

                                                                                                                                      SHA1

                                                                                                                                      202311d615685e7baaa41dc149b5a76a69c05a0e

                                                                                                                                      SHA256

                                                                                                                                      d395af3c10e18c944cf8ade76a650623dc23e050eaf652ff31056c84077a013c

                                                                                                                                      SHA512

                                                                                                                                      4ae915fb4cb00e30a215ddd439c6e254fb49ce15c4d53000fb12a0cbf5f68820bc7dca6b840a620351060101c6995fd9429ea91f9682503f01ec001f213cfdc3

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\calc.exe
                                                                                                                                      Filesize

                                                                                                                                      112KB

                                                                                                                                      MD5

                                                                                                                                      829e4805b0e12b383ee09abdc9e2dc3c

                                                                                                                                      SHA1

                                                                                                                                      5a272b7441328e09704b6d7eabdbd51b8858fde4

                                                                                                                                      SHA256

                                                                                                                                      37121ecb7c1e112b735bd21b0dfe3e526352ecb98c434c5f40e6a2a582380cdd

                                                                                                                                      SHA512

                                                                                                                                      356fe701e6788c9e4988ee5338c09170311c2013d6b72d7756b7ada5cda44114945f964668feb440d262fb1c0f9ca180549aafd532d169ceeadf435b9899c8f6

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\flasher.exe
                                                                                                                                      Filesize

                                                                                                                                      246KB

                                                                                                                                      MD5

                                                                                                                                      9254ca1da9ff8ad492ca5fa06ca181c6

                                                                                                                                      SHA1

                                                                                                                                      70fa62e6232eae52467d29cf1c1dacb8a7aeab90

                                                                                                                                      SHA256

                                                                                                                                      30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

                                                                                                                                      SHA512

                                                                                                                                      a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\hydra.cmd
                                                                                                                                      Filesize

                                                                                                                                      47B

                                                                                                                                      MD5

                                                                                                                                      5e578014c7017a85ca32f0b7e5d7df7f

                                                                                                                                      SHA1

                                                                                                                                      c88d8e7179fcc070d4419be9f4d8647354c2f6ed

                                                                                                                                      SHA256

                                                                                                                                      a964a717e3c47cb7d274e98928ca1271377d0d76a8908448e1b70e63af4082ad

                                                                                                                                      SHA512

                                                                                                                                      7eb206b0cbc2a9b744246d8a83b2fccc70204c6e777b0fcbb838e63d477fe047d8827f3c0de823d55b9ab5cba2ab572ff3f543f76a3451fa81b31584cc767106

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\jokewarehydra.exe
                                                                                                                                      Filesize

                                                                                                                                      43KB

                                                                                                                                      MD5

                                                                                                                                      b2eca909a91e1946457a0b36eaf90930

                                                                                                                                      SHA1

                                                                                                                                      3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

                                                                                                                                      SHA256

                                                                                                                                      0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

                                                                                                                                      SHA512

                                                                                                                                      607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\programoverflow.exe
                                                                                                                                      Filesize

                                                                                                                                      566KB

                                                                                                                                      MD5

                                                                                                                                      c4aab3b24b159148d6d47a9e5897e593

                                                                                                                                      SHA1

                                                                                                                                      7061c2e85de9f3fd51cccdecb8965f1e710d1fe5

                                                                                                                                      SHA256

                                                                                                                                      03a4d3563a7519542c662b5fd5d61215f3d76a3902717efe11230292ea4bbafc

                                                                                                                                      SHA512

                                                                                                                                      9bc522ff0d598a1f1425a09a2794584c4991a99bc382b0ee9135311950cdbf2f5331ae041a4b01052735b5fae3a2763ea1b5c01ce679b07fba73c6f75cb4c252

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\reg.reg
                                                                                                                                      Filesize

                                                                                                                                      25KB

                                                                                                                                      MD5

                                                                                                                                      aebe09cd7095ec201dc8acc350443242

                                                                                                                                      SHA1

                                                                                                                                      df7337e051bd02e1fdd4005b63ed45b8ca3d9726

                                                                                                                                      SHA256

                                                                                                                                      405d47dca73a5d6180db42e90c35931047c666ed1f1d6fab5ead6110c2356cc7

                                                                                                                                      SHA512

                                                                                                                                      ffc658faf04fee47c1284d439a4c5b3931d2f9bcac9b40e36f59ad0ed4917f0252e639284f817ca84a6da57552f8e0fdf96936987c3f5cf689a537e42b47288d

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\screenscrew.exe
                                                                                                                                      Filesize

                                                                                                                                      111KB

                                                                                                                                      MD5

                                                                                                                                      e87a04c270f98bb6b5677cc789d1ad1d

                                                                                                                                      SHA1

                                                                                                                                      8c14cb338e23d4a82f6310d13b36729e543ff0ca

                                                                                                                                      SHA256

                                                                                                                                      e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

                                                                                                                                      SHA512

                                                                                                                                      8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\spam.bat
                                                                                                                                      Filesize

                                                                                                                                      158B

                                                                                                                                      MD5

                                                                                                                                      4af4ab45205580fecf659dd857522f6b

                                                                                                                                      SHA1

                                                                                                                                      78ec5ff7647ca56d8c8d72b4da551efa86e53675

                                                                                                                                      SHA256

                                                                                                                                      b997f3a0d79493418f3e9da03dd95aea6b45b8a8c454e8e7d1f06de3ad3e1111

                                                                                                                                      SHA512

                                                                                                                                      f77c7b4d034def85c363805fe625aefb4e461770418f9015d4d5241fb8d09707b9918d54e9b2cc35d06008097174cdda0bee9702466fe7e097014794fe4d77cb

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\useroverflow.exe
                                                                                                                                      Filesize

                                                                                                                                      578KB

                                                                                                                                      MD5

                                                                                                                                      533d78fdd538bbeee31fb0b72a8cfb7c

                                                                                                                                      SHA1

                                                                                                                                      cb0e46804e784525f5bece40d51772bbdd9a5dc4

                                                                                                                                      SHA256

                                                                                                                                      b7a4fcc7f474c091edc09349af5e53915d23f14071d78a3026c92c49d2467989

                                                                                                                                      SHA512

                                                                                                                                      85e393cbdd2b20da8892173c7951ddf8e75dbfa29cf81fa725a2da56e606b848ea8a6636528d4fe26eca5e6b251406ec870242fe0d44e7863bf22c739d7759d5

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\walliant.exe
                                                                                                                                      Filesize

                                                                                                                                      5.0MB

                                                                                                                                      MD5

                                                                                                                                      929335d847f8265c0a8648dd6d593605

                                                                                                                                      SHA1

                                                                                                                                      0ff9acf1293ed8b313628269791d09e6413fca56

                                                                                                                                      SHA256

                                                                                                                                      6613acb18cb8bf501fba619f04f8298e5e633cb220c450212bbc9dd2bef9538d

                                                                                                                                      SHA512

                                                                                                                                      7c9a4d1bec430503cc355dc76955d341e001b06196d4b508cc35d64feb2e8ba30e824e7c3a11c27135d7d99801f45f62a5b558563b4c78f89f5d156a929063fd

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\wannacryptor.exe
                                                                                                                                      Filesize

                                                                                                                                      3.4MB

                                                                                                                                      MD5

                                                                                                                                      84c82835a5d21bbcf75a61706d8ab549

                                                                                                                                      SHA1

                                                                                                                                      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                                                      SHA256

                                                                                                                                      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                                                      SHA512

                                                                                                                                      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_70d00016-dcc8-4d22-b6f4-65282883f55e\win7recovery.exe
                                                                                                                                      Filesize

                                                                                                                                      467KB

                                                                                                                                      MD5

                                                                                                                                      ab65e866abc51f841465d19aba35fb14

                                                                                                                                      SHA1

                                                                                                                                      ec79f1f511a199291b0893bc866a788ceac19f6e

                                                                                                                                      SHA256

                                                                                                                                      2ac0ca4ffda10b1861dd4ae0c2f0131a6400214cb4f5fa33951f3062b784a755

                                                                                                                                      SHA512

                                                                                                                                      2474905f174635b236e5f6e8f8c497e44435c94edd02ec47d3440c9a216f6840d040e6acc5fe2ec301ada80467f6cf55225d6361c1e7c6c6c7edccb9e7b5a35e

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\debug\WIA\wiatrace.log
                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      5f2237caa87bf7bc19cafa69e6637310

                                                                                                                                      SHA1

                                                                                                                                      47ee05c5e020a8536012007d346657019e828170

                                                                                                                                      SHA256

                                                                                                                                      9aa12d4575d71a93afeeb68196570505a49fbf8bc666e10e88b35dcc96bbf216

                                                                                                                                      SHA512

                                                                                                                                      bee0030b68d146911d6948e12c601a0351bbb6abbb729079d25dcab1245ff4841b062391c8629777c4799eb8a45024d70b97a9a6cd9640557704572d9d15126c

                                                                                                                                      Download Submit

                                                                                                                                    • memory/516-120-0x0000000000400000-0x0000000000650000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      2.3MB

                                                                                                                                      Download

                                                                                                                                    • memory/516-85-0x0000000000400000-0x0000000000650000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      2.3MB

                                                                                                                                      Download

                                                                                                                                    • memory/1328-69-0x0000000005420000-0x00000000054BC000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      624KB

                                                                                                                                      Download

                                                                                                                                    • memory/1328-74-0x00000000057C0000-0x00000000057CA000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      40KB

                                                                                                                                      Download

                                                                                                                                    • memory/1328-70-0x0000000005760000-0x00000000057B6000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      344KB

                                                                                                                                      Download

                                                                                                                                    • memory/1328-68-0x0000000000B50000-0x0000000000BC2000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      456KB

                                                                                                                                      Download

                                                                                                                                    • memory/1344-48-0x00000000009C0000-0x00000000009D0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                      Download

                                                                                                                                    • memory/1344-54-0x0000000005110000-0x00000000051A2000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      584KB

                                                                                                                                      Download

                                                                                                                                    • memory/1344-57-0x00000000052B0000-0x00000000052BA000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      40KB

                                                                                                                                      Download

                                                                                                                                    • memory/1452-49-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      864KB

                                                                                                                                      Download

                                                                                                                                    • memory/1452-62-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      864KB

                                                                                                                                      Download

                                                                                                                                    • memory/2128-98-0x0000000000600000-0x0000000000678000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      480KB

                                                                                                                                      Download

                                                                                                                                    • memory/2432-63-0x0000000000400000-0x000000000068E000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      2.6MB

                                                                                                                                      Download

                                                                                                                                    • memory/2440-121-0x0000000000400000-0x0000000000649000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      2.3MB

                                                                                                                                      Download

                                                                                                                                    • memory/2440-87-0x0000000000400000-0x0000000000649000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      2.3MB

                                                                                                                                      Download

                                                                                                                                    • memory/2508-119-0x0000000000600000-0x0000000000678000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      480KB

                                                                                                                                      Download

                                                                                                                                    • memory/2508-78-0x0000000000600000-0x0000000000678000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      480KB

                                                                                                                                      Download

                                                                                                                                    • memory/2716-61-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      656KB

                                                                                                                                      Download

                                                                                                                                    • memory/2716-134-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      656KB

                                                                                                                                      Download

                                                                                                                                    • memory/2716-101-0x0000000000770000-0x0000000000771000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      Download

                                                                                                                                    • memory/2716-39-0x0000000000770000-0x0000000000771000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-4-0x0000000005CC0000-0x0000000006264000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      5.6MB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-86-0x0000000074E30000-0x00000000755E0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      7.7MB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-0-0x0000000074E3E000-0x0000000074E3F000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-83-0x0000000074E3E000-0x0000000074E3F000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-3-0x0000000074E30000-0x00000000755E0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      7.7MB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-2-0x0000000002FD0000-0x0000000002FF4000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      144KB

                                                                                                                                      Download

                                                                                                                                    • memory/5040-1-0x0000000000C90000-0x0000000000D1C000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      560KB

                                                                                                                                      Download

                                                                                                                                    • memory/5080-102-0x00000000005E0000-0x00000000005E1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      Download

                                                                                                                                    • memory/5080-60-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      296KB

                                                                                                                                      Download

                                                                                                                                    • memory/5080-40-0x00000000005E0000-0x00000000005E1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      Download