6a8425919b1942929fc98d0d8c8777515936042c5499e958304543bf0e8be8b8

Analysis

max time kernel
145s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
Size

2.7MB
MD5

178d180e0c8e7a6bd10fc985f8683131
SHA1

97fbf858a5dad72cffe943c3461410b64d81bf90
SHA256

6a8425919b1942929fc98d0d8c8777515936042c5499e958304543bf0e8be8b8
SHA512

0c04cdf39c7d5ac22f53ebac669268e8804e20848e39e90a8e06fa3cc1c960dc33a6c2db7bd0efb6222815d06743748d8c5e8a7dcdde6d8bb51b0592e65a618c
SSDEEP

24576:aEtl9mRda1VIUSu7KB8NIyXbacAfUSunEp+XRGEUvkXw6z4Et1:xEs12pHB8NIMI8Sfpwotkzvj

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1796	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\W:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\Z:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\M:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\S:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\H:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\E:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\L:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\A:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\O:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\J:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\P:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\B:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\R:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\X:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\K:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\Q:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\T:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\U:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\N:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\I:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\Y:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\G:	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	HelpMe.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1796	HelpMe.exe
1796	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 1796	4112	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe	82
PID 4112 wrote to memory of 1796	4112	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe	82
PID 4112 wrote to memory of 1796	4112	178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe

Filesize
2.7MB

MD5
68c149007c077ed96e0d7375c7f70692

SHA1
8759062c3bcb83802e5e2dd42bf72ec9850b9062

SHA256
cece46c936765d9908b2ef63c8ad426ded6cc36a5e1ae7f66f7ddda7551943b8

SHA512
63c9c978660f453fc47f063bfa1249dd193c9dcd4d5d7efba8d8154ee87af6f6ef97618d601e10c26f4fad565d95de0ce842f08373bd5b795733dd47f5fe691a

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe

Filesize
3.5MB

MD5
ac6cc02fc530425acbb7a8fd8c5f18fb

SHA1
2fa04a08a33af72ad51ad922641e09cfa161613b

SHA256
2679ac01b92bef235d521d6283d8acad82f7ad1700368a42d75261ad15d6d7d9

SHA512
ef9cf526edd2dcbae7328e71964fd4cde4fcf722424db13ee41340b916d21fc446a0d4fa7eaa6fc388d10838833c7af1a22054c3a42cab514e2cd95431c14759

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ff51b18a9389e1aca0867839d4af99df

SHA1
2cbbbc0340ce4c5e3f41fd51d5ee69a1f9a6fdf7

SHA256
65edd337dabc3587c362eb735ffe5aab269666448ce514fdc1d364a06eef3a61

SHA512
5323ab777e3c1d0129662d42e4422c0cf398ae0627d53155c1ad4bf0efd00f7094eedb1078c57bd8c91174c6c1554724ea2492af6d3964436a8cadf72c9f224a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b666e4ab190afd340868262035b8d267

SHA1
3810f326abc83715869e51e42449a152d521c7b1

SHA256
c14105260c5407f0a3e690afcfdd701dc64493ef123e6e20b8e9697380f33172

SHA512
615efda8e5b38bc2e3290bcb2a8720fb2c22187dacabc1a8f440c07a84320015812e0db6dfdb1afa52a66e4a8a57628f5c67d31f6bb52ec03ccbac22b6940217

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
84af86539733dc24d47b2d2cf3c1b1b2

SHA1
307c71fa29839a3d9f41e23c1443951d4cc8ae7b

SHA256
46d0d7b32fc41541105d81b03300064d68653b1fee894b5490ac2924cc3c80e7

SHA512
aa6eddd11a650b5a53573c8ed2df1bff1d3f9313338196ce764566e4a762588455f61bff4a78e6a0e490d35eae1fdbc4db36dedbbfb7c1e5c1185d67b2c922e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
afc927946ec81a574009f3cfdd6c20ee

SHA1
da4d7bc510724c9da94038cdab0853aeee4ce545

SHA256
d0ff6837574fdd53f2946fc3c6b0269c6ef296e77666a86c7e77bb091fb3ad7d

SHA512
1895cca5fe02c6b2cb3a7eeb671a0cfdf05ca4cbbd48cb478b1bd97c026509042e19fd85e39950eefdf1e10b5b9294e00d47fbe4c5abacebb8de4e2a95522130

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d77d5924cf9025ca536958a81d284b5d

SHA1
86723960d1fc4acd46e14d9831a457714b2a078c

SHA256
bed1eaecf9aec07eb3bd2fb218e0ad4dbf0d0a1e1dd88c05852107973649a2c2

SHA512
8e97c8a6737705c99b100394567c27b87b32cdde8e87ddb17f34371290ccf14bb496f942207b23ea8d064f776d4050492ee8649525de23bb59055a0822222640

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a536e02838a7ccb9776848725c988752

SHA1
5992185410760c5adb998d8d18a2eaf69dc3be54

SHA256
fa9d84d8864d4aa775fa079387945d806783eba875bc5f11fc6d4c1bc14e1a33

SHA512
6c6ac9f309ac4c9880558f401c3701986b1a21ae1a4a19be2402ec18f27d9d3906cd10af222529ccbbc465ed1a565fa76a9548cca368d07060879830730ac7e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a2aa5c8998e039936e96d427a45c17a5

SHA1
a12b4c4e717dd27624776a97d658590f13de552b

SHA256
e0fdd87d496ff64cd8756f6023ece5c8471b10493c8fd156fa936f94fbbe1f33

SHA512
684c84ce055999902871d1a8c93dbe031e0febd71f14e6c02bf252b373b62d5cf3ce0de9a2b59bc408b060bff37974b297a2e9c20c1b8be7c20c37485342e884

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f3454e1879d2698597a3750e67a9784d

SHA1
547e41770059ce9d01179aa274c7b8f79db12eeb

SHA256
d31d85c5f1711cc8e5fbedf2eefa99e74bd0fae715dde8d1ee2c55ddcacf1f14

SHA512
2f2ca108e5f23607d549a4113ac41e77dc8ddd3d1912750134043f9fcfb45ae4183385fcd13f0a2e0ee676f9fa7125852e54205aed4aa602ef50125b9b7c03cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ef34a346aa93acfdc28d53d827579b2b

SHA1
3151d66bd0fa8f1f7788b47a9eba11613dc18527

SHA256
33954a57689f6c22f36ebc4de94fd6fcbe6f11fd6e773331a630c205df239027

SHA512
d1ce9530af631f76529c5e8d928eebf9b9b1c45142855b5186be4b78cf6c49e452be455fa34df87014ecff1aee54e010a291f859c1ed1f2d483a20f33224b8e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e76ab3920f3a0105ac1baba07d34ad9a

SHA1
f3c1ca4c969359347736df54ae27cd7097e3e02d

SHA256
a5d4153808a5e2a47935fbaf836916bec302b6d76cacee3dd5966216393b9afe

SHA512
2558238bd6bd7cd2f1a9ca5b3b8969c99de8230e458a5894e4f3b24a2658e23a01c91b32e8da2d1d87ce8086f1da4f92794d6a4411d941cfd8fcc6815639688d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
44b2dfbd7c77f110412f6749b4ba8bd1

SHA1
8bbd9232edba6336814f2667844f3bc2a9a7a136

SHA256
34e42a62f7b5e31a7927161ec6b1ee35cfab88cf62b912c1e3b6d1885b1eef99

SHA512
5d2744a0df0c2aa51fd9c0140a27080d56e8f256506b3825724709c95c194349cc138d97a0040b7f7614fd913c144e94b7854c46e2233f81e257e3ae080f48a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a9fbe79442f10846f8ae745104aded53

SHA1
e473bf75b47f8b13ad8052600e89035562ba8f53

SHA256
719809dbbea1469b0de20a0aad8fc105ab9735c16b6e70c3e251c030c34b66ea

SHA512
afea1e63f4e91d49210bf2575fb767f50a3ebca789b0270b545c6eb67da99ff227539496281cb9b882c939e747aff95c6c20b79b7346b88572cc2d87f06d70ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d9b125e0767447c24e4af9fc1501cb89

SHA1
f57cb3c5450b54b871754b0a602c1f985ff52355

SHA256
2c98caf04203603e8c4abc1bd1a752ba9a1b0157020e4ed4bfb534225f3f7102

SHA512
96f1a6497d08df2ef523648deeb547208e6a83f03b5e50e63853d0ee2ca4688abde97fb53130201763e0ce447853aa2988e98d8a89be5b71da6eb53c7b47c848

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
00ff427dd7aabac46ec20e7c3167eb78

SHA1
a5b28e261d5f6509f2882fe895a429e2d3aa2171

SHA256
fba79ade95cf452b86c449d6c91326453e17193785ce6189d197d56d36e5d61b

SHA512
7332d39b4ff0bbbb59f74982497e110847621548fe5712547fa405939143dc564c56a0653e9fe37c8a65fdd3f5fc2f7887f7d7836b3a2913cb51eaa31fae3f36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7e8f705d91ef7afc271e73c7379dd00d

SHA1
f6033de003a7f514538d8f26a084a5ae5bd73908

SHA256
1c40928fa66a48af86702b4321432f1b8b40ab34b175ca8bba7e295fc0998221

SHA512
9129b555212bf93e17b38a7d32f6c06e0fe06ade9c75678a23d34bf1f41d133845f430a60768bb897028a2732c690be85ca46d2353aae690deedd1737b6c532e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c8a369d76403ffe5f72a022cd4381f8c

SHA1
614fd75553a28171ffd8797d0e567aec8de8a9fa

SHA256
3ef0501b62e99c0175c6c7cb802e21b35b9ccd4cd2ec890d22d210b39f803ff9

SHA512
e7be615fd358997ee9d472c8673846eb042ff9d4e632c358a17d285a8d081892ff10e904e65f01915512b4fb74c479236537d4a20eadd7d251942f2d82c807d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6c2547c796ee83cca3067acb38a8242c

SHA1
3bac3d7398e5e36d8bc841abd3ef66465c9f374f

SHA256
d779b47eb6f71693a7384f14b9b16164af474189ab6b301c80aeea4b98dce490

SHA512
496f687cc3141b31bd713cc2763b7298532941c80982af13408a04157a4b9471e808aa01c07b86d01b846f29c4b147d22b0a63a336b4efed8d2b124ec190a1f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f1d942d0259bbe756ce31520659b2298

SHA1
9944d10ef7b5763715f6542d7bbaaabc066249d8

SHA256
eb8a0b6c294ea2f147d71e7249ea700b1ca1a77226f56dbe90aed537303effe5

SHA512
f8669c14f809c8a144c87bb4d99afb62d76b22b673aa1ea1cafbc6c64238ee76c69923e0a926e8053883f615021f0ee0a1dee4bfbcc712763aa7450b3d29c197

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
27b2b69d7aa95945da4582140386aa30

SHA1
ced0aca8e59a9662ec66ea0c73c1fccbc1f81754

SHA256
ccea3dc8571839bc75ce07eaad69750edfa215727b9a046e4b3c66a9b8c2d438

SHA512
e82cf9d6c13c3aab351d9af13e5f6790c0a8379a6069739361fff3dabbe3e997f12f96a65b9e573ceecdabc3995b0d1020cce6fd9bbaac7626cb68cd7435b95f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
443136ba15ee79e85878d00330f61b90

SHA1
9f9b0f6eb3d9e4bad442fc15596c5fe07aed5395

SHA256
4b47e5740193a8ae63f8d19822f1561d02a7cdb139e2f7b0771da27e9f53d88e

SHA512
814301bc3d53c4f5dd9c4da673c29949702dcd0024b2c99cf813380ca4184c8de157d32018f823e2b7943744a6b81046113f67a6e619bd8463d72559f1b5079b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d851eea5e7265b8f4f96dd858502a020

SHA1
784f24429834a88dd6e50da65aba27fc7a9f9b32

SHA256
53e28a19549c7727cd380d75bbeb6969fe337c4cb502ec03686925807d6a22ce

SHA512
abd9b8379484f2f2944d337c3a2db33afdb8da0965c770f233e2bb2eefa77807df327d50a602af777bc8b755982bebc577b743b930f43de25887c067bfb1f0b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2076bfd6b3f2c9da84a823e8d9a8e5d0

SHA1
28d62b3fbd464bdd2614137a109f1277797085e1

SHA256
f4e2fafae4568c43691565c5894f5bb7ac78f7cf791c182fc8b55f4c98f49fc0

SHA512
51715a804f13006e69e714bf0894ea9edba3be4ac769d7ad87d25b4e1e1e1b8a4777182ce160b0612eed1874fccc01ff79fe81a9a92ee6fbe861b5ac4003e75b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
267e7ef9bac82d7d916539310859132a

SHA1
595cc0459f033c5ee9a5455c721ef758b58ed628

SHA256
6888aaf813c386b1ca1e04d74f455cb2550807aa08342c39fe541dcb038e9b4d

SHA512
f9507bffb17b469f400f5008955e804a8079ac3daa2fbcf852915d6c4ccd7159fa9abaf45731af1c331f56d5719552ef6f1552a5f8c64af7e94cc57b0721aaef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6ebc0c63f7c7bb50ad689944d3a800e0

SHA1
0a79a34d7b39d74cb1ec44c0c512f3dce9de6ef7

SHA256
252319c9a41c6f6bea0d2b371392a4c5c41f9baf2d02b2dd8007bc91089a2367

SHA512
2b70d9a2744dc68ac4333396147dd9ebb85ced80b44111b0fcbc449b7795afb9daab84301e0a222747a825194d1fab42c563931f84eeedd12a71f54165af84e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d2fa1e68599e91d0d025db6e4536d163

SHA1
7d9c4f6debb8c82f5135cb72d54f794c1d83564f

SHA256
b7a8091121f8a4df51f0c2c8bf90a069ffe5306fd68fd8db64f4be282f7ac946

SHA512
5ac174ae57849aad60342f2650e6f6300c9d5eb35e856926848c0a747b6e0a0082532e839444faa10467bbeaeacf19fbbda9e83bac819d79cf4cb8bba28a9752

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2941cded53e52677d148e93c86f69576

SHA1
b65420e4a86c34415bbf053a539f43722cd84122

SHA256
5c51af0e4f42c17246d325413e1dd1f93c75220103f17b5b9f7893c114c55428

SHA512
14281759281ffdc8309cd6f5ebee23693b8d10260d36325f24507695cba577b30e1983e987c3bd68dc3e19cc7a76c0758570af74168e0b28b8bcffb2213be939

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5dc4f129ed061725b1794cc8f08d4949

SHA1
b7ece21b8a3ebc5fc30cc7c6a55ce0e8b069ef9e

SHA256
88d603b6fcf0d7a6c8e789f77248ecea2b78de7287a5160718bee1f0e951eb21

SHA512
c84de353b1410b9a3d698c176fcb2a3b19f21c682704713de9346b22c32206e2db5d7d65d9ecedfbc38350c13b438a66a2a604606145514e4aaefc25f43cd53e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
5a9a9f4b58efce45e46a3ad468d63329

SHA1
a91b9aca77ed35809ece59f9520cfd370221b0fe

SHA256
a4f5424de7bcf46974547825520d9cb718af226dc8dd9c37ebc274108f92ec1e

SHA512
6438661dc41f71c44b1d68e42061e933078c360b680b0044059e4e184be2009ce4557705cc816264c0ed0d3a2bde6c068990d6a432407e6d7eaaaf44d5cbba43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9a1d9fd8aa2cd6a0a70805cbf1d8e3d6

SHA1
de251132e90e0f977f69be2a409b518d3c4ff537

SHA256
7e1563e57b956fcfe4c7379407087c45f6cb22dc2145a3180ebdecfa7e8f6513

SHA512
6e4b1defd84e4ed3f5062350f1e596f6bbce6ba838c290f4deb7419862ddef59c7c0433200538af21315539a2381fc88925930e3dc080fbc1bea75b1934cecd2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7e1a7140381917cfa8f1962a46307418

SHA1
765671a2bac5134b309d2d03ac6639b5bfc9e7e7

SHA256
ade7d2a2c3fd9a0489af02f9b5fe50fb17142e924a25bd6a17d0a6e215119b33

SHA512
71db611767938a22ae5b46d2bd81d475975953b28d8f058be0fe8a19ba433d7a907c7dbae116cf7d04352cf02e6db974aaf8175835a9a1de163652a3338a00cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5ebcf6c269a661211473c25a06bf3d9b

SHA1
8c910caef8ff55d3158fe25e29e4095f1554e404

SHA256
813ddf54de7c004950b402ba975e558cd31fb0cf4fe949acfc1e00a5919d7fb3

SHA512
72013b3c3036653429c72f22114c0cdd3fcf390b439c7812955134952f94b792fbc6df7fed5451748d1a5fa439e82528d21344c4a208077f39d6f546ee67e644

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4a9cff51f7687330fa6a1d943a699910

SHA1
c409bdc7545d351fd949b18ef015e2ccc237ec7c

SHA256
4413b05c4d27e2395a2217b7be9b0620c13d531ee00df173db36c42f6ed073b7

SHA512
3853539635e49e44bc304e9d17123e4658dff07af6aa4bdda86050035de194cc818a1b6e17c2773cc02f8c83f45b5b37fc4cf0d4a9231026aa06de73c492a0cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
01c2a492bf83e19750d998365f7a9404

SHA1
88ecbe81e77992e7b0e596624a8450632b1ba4c0

SHA256
0680f11cc991eb5bfa13f9b1976ecbc502f1542aff38424cbb78ace96f7b3d14

SHA512
e13cd23edd4f845dc10edd0b3fa7491d77a6f0098eaffad38019b373c6e0e23a9100f96104c82ba5d5a793f5a6d48b00b15d73a0630af2e2ee41b684dc627249

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9236a8f0ebce2590b8b039c8c9f01860

SHA1
f0d57ce176c2f5d93f571e3cc2c929ee423e56b5

SHA256
793de8402ff5400d4cd820381b062a4a354864945a8cd45a9fc9846ba08b9fd6

SHA512
53e9382df4fb4cf2c9345598b692f0fa0cf3dd607434b50e656a65acd90a4def75b267c32233108cc8d9b4392e9f6895abf072ae07b570da5cc21c92a3ad818c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e0c3680d29f37851a600176619eb357b

SHA1
29ff023fd1a19e92a56644ea41ea72541d12b136

SHA256
6071b08930a907743b594e84fc4ae33691bdf46128596ee1f6cfabb39a4855f4

SHA512
bb68ce93292392912f4aadcccc4cdbe81d1eb4acd342e376a1ade257846eb431626a5e72bb90fff17500c0bda215d397227a356ef48e4f946da4cd16b8ed28b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
523f2e5386d054188235d9d5dd3a86cc

SHA1
c17d6888052bd41df4702ddec421c2ad328358ad

SHA256
bc9f5804bf80f6ac15b6f9538e27c8da1ff3715f27f3d6914c7750047385fd61

SHA512
dbc477bc5f350ab0240e9573b035907fa0608700d2d7f147757f307e4b58b8856c1d0e9e010428a05a98a0682e127c286044d7901a56913d36056a2a69c5c990

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fbdf25eb870a6923ad3d2d270201d7de

SHA1
44a8fa13ad263b6af8a5689af2263fc072577b10

SHA256
2fb928d1e6c77efffd80359ccaf78941064370db24022b88a15cacbfd9212125

SHA512
f7ad236d99aa7e970771042cb2a08ede34b5a14e16781470ec6aca274895fed463b415394bba84a0047eeae0f71bcf13401bb1d79c7531c50ce69e8af9b87dbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a906c15bd9f96a2d3005dbe1a690d7ab

SHA1
db3454e04d9578822c09e726148f1573f8534b45

SHA256
1e3586e365236386e20f1d1241c2c92bbf01f8fd21031e47eece7398368c9fad

SHA512
28d8b04e5785c161bad940eb22d31c900df3e4af0307d4bf936013a75f7a9335bf936f16ed667789a7772b4e862cbc09b9ad9223bdca62d93cfb7c19ed343832

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1b78c6b5eb1f5dce01f597553ab6d3c9

SHA1
1a4fefbf8a8eeb4bd353c31b9f5f20b72b0528bf

SHA256
ac89b302848ca9c805b07ea66a4cb83b3684c4697dd4f2f5938c6b04f7dd702b

SHA512
192458811e26850bb9a9e85a9f95457d2c55ddba45030c15e132211b6c78e3443fab9d52c0ddc97a4277e7ce6fea9888d2f19f428930b3d79fb40f4f6d733b3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7e5531d392f087aa9595f01ec6588d98

SHA1
63df65c9cf2d4aa8edcd392ef3e7ae4bf2a7e68b

SHA256
c32a4f2cb7ced5575e89dc010aa3b94f439c1e73818c989e88a363ed24e3526a

SHA512
e89c56b9d19ac699a25aa684d04fc069820374bc370cd98d3e2c9b4744ff939de49d313069f28ed7fc2401e50d06d76592dd632244ffaa133fb092a8fa0f051f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
45d8b495abeed516a2e4ebfa93d52739

SHA1
d86ad1428ec45de3471ebcae75d9a78ed005fe08

SHA256
4e0a2877c6a22042ec0163aa97f3e72092cf5ad44c2e26050475f14cb91a2774

SHA512
8ab6bdb418e3d2ed9082970b0f6dd3d8205f865f986fde008c63ff3d10f101d8a5dc6101671d17f0fbb00da1d74d43cba463ea6c388745b39158cf4309aa1dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
bdf7dcc42576a4cb0e753988e3b8c454

SHA1
646a45103b31bda673a5bed9d9c6da8d5bfbbb29

SHA256
00069fcf598bf5eaf4dcbccfd30dea4031308cf18cae32ff44b40f387f7a38a8

SHA512
63f955ffc7653f8de12bd034d98228e21828787d971a3d9f3063277176976d6086ebe2dbf0ffc0aa9b258ef6660af8ef83791deae45e186d5a589b5f6af0b88a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3c267eb0c398c838ad4490f13f158dfb

SHA1
427748c43247a6b6c8945af328d7dccca04e56ee

SHA256
8ed3a0038a1f98b3aa4d2313a6e45f5a7729900aef56e1f74b51ed58e615dfe9

SHA512
5b3485b9bf3a96dcd4b230a38a65efbf110f7ef7d1decfd4a96787dfe969653c68679c874d74b1bda3075e8bf7e5cf129e03ced59a76d78ef23780cad92da76d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
be2f9ffb5b9239b1004f79b28f0e7133

SHA1
722f1b0820708677717d2ec74fd0c1f9a8aa6f9d

SHA256
0fb596257c73c15dd368bb3f9f851a7a09e55ddb307547e5334635109cf06570

SHA512
a8c6458658e5192f632ba5d04b8f0db2c902eb95902ba1f4a63364ead12ad7bdac5430928d623d646b1c1f29f4514b2776e3218441b39d274b25c4b562614047

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
aa2255b173861231f04eced32a369a96

SHA1
6433d10655b74350a3dc5d5b2d9b74d811451639

SHA256
0360ef3ab0e2aecdf8478a7ba2f764337baa6aec9cac5064cce64b64f98014dd

SHA512
3b79ddd976e67f86b5c3992e00c17f592acf1e1bf7250f122adec77236c958e8b73fc323a29d9dd605925f6d670faa10f2ebc461b6e0fe13ec5283d74e4cfe60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ca21c4f5574e55f0775397eaf6c35b68

SHA1
8058e9950ae1e52c45ed0f18354c2026a1633e22

SHA256
cd88c51d13855a3bd69819d7531645af2fd38ef11e2828b9d2416fd6c5bae412

SHA512
906d747d87c683e6851618649946df9bcaa566bbaabb1b08858c24d5484874dcec20be5866ef8a87844c3b999c67de5fbe13ae7d9edb8bab8f9ad52941b406c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
807ff18c9c85594390d98b9a7eec137e

SHA1
9b7ee794d6f51b2ad2843189767e10d474c79a7a

SHA256
bec5a00c84ba234f3f1a201aea5478e73df168ab050dd57e64b3921675697841

SHA512
dac68e19cf7adb2e1c9e6134b24b59868df602af046518b0b98bb3fb041f7ddb8ad7144b5ba849fcf28133419d01be35988de00b011594fd894cbbe4f847e11c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cc56560b4ae2db355ff8d3abd249bdd4

SHA1
ed3a46c9446e84e6d25d3f5aacce09031244fd9a

SHA256
5194bc325d5bc951c4b4af4b2e62382c5d172af1dcfffe82e5cc0879ae751499

SHA512
ac4a0980570a5d882d0b524ce9b0032bd0642e9c58df006fe777e915cf806bfdf74b3f7a4c08dd0ee926ac2253329aaf31b7d8e4f136625137aae6a59a349517

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
910267702c599f8c791f50edcb2861f2

SHA1
79985706ed9e3aed91e214ee2dcc4902a94123fc

SHA256
88e6ebb4c0ffbcd0d719bd36c41f9096ca225bd2b675c2f39af426edd83d0e97

SHA512
ddbff7d4703a2ae87ef04f10cdbc19c1b40a01f9aa4ff836e69e347073ee73b45ffe5ee541ef3a4a64ac9fd50f2d0599d01131d82b1a391aa5e7006a6bc33a04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f760f0bb088b2a0967dcae80bdd366b0

SHA1
c850edc7c2d8f91e021faa76fdc7d3795b93553a

SHA256
679dea3e7326a1c47b6fd1f61388610ed563664cf1649388ced11b6e267920eb

SHA512
fa9e9fe037ed4ab8f03e8c32448cd07d6a6c19a1f0f7d522c0c44b527e389c57e21f80fb639a6f6a56897c1a4c59601d18d6332eb8dbee682c738c65058debc5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
734e4002bde7ca3327e76335de3c0082

SHA1
ab0aec984cf56a09cc74afd2d82d44520ee997ca

SHA256
d880b03e2e845dcd0e91a0adb13b9c56cf6c000256adef057a4dec9ef9471053

SHA512
316bba92b8d68b8c66eaf7bee7f868b254e12a08aa6a9d727db870b0f104918d0b47786cd4c2cd268afd2af12b792996a678c051ad5a698fc669afba3bff315b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c4908f31bb108edf3a93ca93a86f633d

SHA1
54a29eb5e9448134880caeed684928d5ee7fff54

SHA256
42a396337cc210bd9b5ff82172847f8da4d3ce0d0608ecaa1eff54d2086d5fe2

SHA512
cbe87a7ac465c98bb97f7184fab474206b2a757d124e2a2eb198692adb09e8953e3114527983a19ac182a45cfd4476586223bffcf03ccf361ea08d9f811b7650

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3433fa5b221f6d36a908932ea4139659

SHA1
78ec9fe02586849ba99d1b13161e71ac7a70dfc3

SHA256
a449913b8f8c382ce4152e969659fd15ac0265fbfdb445faf9e952c357be82e5

SHA512
08cef8845040399f2827f39ebd2f61c764e58f68449f6879b08d189082269f11b4873d0c7cda6bc4d68d116657dcb0e3b385f28cf2a80f78cc0e7ae261b1859e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ec99cd896a7d257e0f3be679649f0abe

SHA1
0ccb3fd45f899a4cce196e8c6715c910fb1d7786

SHA256
a39536ab7a90c44ba05055560562386c5dc22ca3e44836ee2633e248c9b1a1c6

SHA512
6f56e974a8cf90c41672ccc611b523523b83e3ac3e8a79558f90e2627c69e90e7fc8513c290e2995fd95da1849feca960277b43b9109ebdf03487c1381befd71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9728a68575e2c8c2a253ed41723ae740

SHA1
046b0580b7ee896a38b83962ba59d44cafcf8062

SHA256
21c3f824b0a5496c9e6953191929175df1e9ac300a02b5fcd7ddd4e17e4bbe62

SHA512
ef19aa89f85fd36fc147f420fb615984112ecb27063db6203b3b4fca286032b245804c06e67ca3aa4468587381221bdb1bc8f61cd9c666880e2b985910c91de7

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
2.7MB

MD5
82965e433eb5a238a4799ed73cd11deb

SHA1
01c6fdd542b74e1ca43618f01e28ed8bc29da072

SHA256
eea8932b004270395fc51f2da0451e4adc1f8d17de7acbfcac1d7739ac604444

SHA512
5cac544dd823d3dbd2bd886e8987e4cf2fe276ee2371b15472606162dbdda087ddcc53a6b5e2ef3ddb2434f537bbbed6480aee56e842cfc9f9c306c7569f6096

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
2.7MB

MD5
178d180e0c8e7a6bd10fc985f8683131

SHA1
97fbf858a5dad72cffe943c3461410b64d81bf90

SHA256
6a8425919b1942929fc98d0d8c8777515936042c5499e958304543bf0e8be8b8

SHA512
0c04cdf39c7d5ac22f53ebac669268e8804e20848e39e90a8e06fa3cc1c960dc33a6c2db7bd0efb6222815d06743748d8c5e8a7dcdde6d8bb51b0592e65a618c

Download Submit
memory/1796-53-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/1796-58-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1796-7-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1796-6-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/4112-52-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4112-51-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/4112-0-0x0000000000400000-0x000000000047894E-memory.dmp

Filesize
482KB

Download
memory/4112-1-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download