Overview

overview

10

Static

static

6

516874.exe

windows7-x64

7

5479329c03...a2.exe

windows7-x64

10

54ab323053...1f.exe

windows7-x64

9

5600.exe

windows7-x64

6

56a9736b82...7a.exe

windows7-x64

10

59ddf36a9e...ws.dll

windows7-x64

10

5C53687F73...ViR.js

windows7-x64

3

5bfae47c9f..._2.dll

windows7-x64

1

5c6416f819...be.exe

windows7-x64

1

5f1fcdfb95...1c.exe

windows7-x64

10

5fc9230812...e9.exe

windows7-x64

9

61318fa1f1...5F.exe

windows7-x64

7

61318fa1f1...5B.exe

windows7-x64

7

6184f1def4...ss.exe

windows7-x64

7

61bc10e8ed...3e.exe

windows7-x64

7

6217ea6bb8...f5.apk

windows7-x64

3

62ebcfeeff...C3.exe

windows7-x64

7

62ebcfeeff...BB.exe

windows7-x64

7

647f242.exe.vir.exe

windows7-x64

9

64bfea1efc...99.exe

windows7-x64

9

64f540a7c6...B3.exe

windows7-x64

7

64f540a7c6...77.exe

windows7-x64

7

6916a006c4...9a.exe

windows7-x64

7

69ee634973...df.exe

windows7-x64

6f772eb660...bc.exe

windows7-x64

7

7077437251...e9.exe

windows7-x64

1

7175d6bb11...2b.exe

windows7-x64

9

728733095f...on.dll

windows7-x64

8

73c3d88d0d...5F.exe

windows7-x64

7

73c3d88d0d...BF.exe

windows7-x64

7

74add6536c...ef.exe

windows7-x64

10

757a661bcc...d8.exe

windows7-x64

7

Analysis

  • max time kernel
    835s
  • max time network
    836s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c.exe

  • Size

    160KB

  • MD5

    f3d9b2cb51e81d12ff3d5faaca231041

  • SHA1

    ca7cf9e472f34973216781c3a1e269c510af0300

  • SHA256

    5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c

  • SHA512

    e723241f1bb0db93712fcd298bb7506f414e78dfea8b3360f3db80456ead79e16b0a99a9c101efb891c41482800f4a6752aacb19942eef3143dc536ea78cd856

  • SSDEEP

    3072:ho+Z3+yf/xg77QtPrn4FAsm+Ro5nLAdGkk3JIFBKuHIGQ5Nxb+b5knn:2o+yf+Kn4FAsm4MMd3kkKuHINLZ+9

Score
10/10
defense_evasiondiscoveryransomwarespywarestealer

Malware Config

Extracted

Path

C:\Windows\ReadMe.txt

Ransom Note
jaff decryptor system Files are encrypted! To decrypt flies you need to obtain the private key. The only copy of the private key, which will allow you to decrypt your files, is located on a secret server in the Internet You must install Tor Browser: https://www.torproject.org/download/download-easy.html.en After instalation,run the Tor Browser and enter address: http://rktazuzi7hbln7sy.onion/ Follow the instruction on the web-site. Your decrypt ID: 1498806328
URLs

http://rktazuzi7hbln7sy.onion/

Extracted

Path

C:\Windows\ReadMe.html

Ransom Note
<html> <head> <meta content="text/html; charset=UTF-8" http-equiv="content-type"> <title>jaff decryptor system</title> </head> <body style="background-color: rgb(102, 204, 204); color: rgb(0, 0, 0);" alink="#ee0000" link="#0000ee" vlink="#551a8b"> <div style="position: absolute; top:0; text-align:center; width:100%" > <h1 style="font-family: System; color: rgb(102, 102, 102);"><big>jaff decryptor system</big></h1> </div> <style> .center { width: 1000px; padding: 10px; margin: auto; background: #fc0; } </style> <div style="position: absolute; top:15%; left: 30%;" > <p style="border: 3px solid rgb(255, 255, 10); padding: 10px; background-color: rgb(223, 213, 209); text-align: left;"><big><big>Files are encrypted!</big></big><br> <br> <big><big>To decrypt flies you need to obtain the private key.<br> The only copy of the private key, which will allow you to decrypt your files, is located on a secret server in the Internet<br> <br> </big></big>&#10102;<big><big> You must install Tor Browser: https://www.torproject.org/download/download-easy.html.en<br> <br> </big></big>&#10103;<big><big> After instalation, run the Tor Browser and enter address: http://rktazuzi7hbln7sy.onion/<br> <br> Follow the instruction on the web-site.</big></big><br> </p> <br> <br> <center><h1><big>Your decrypt ID: 1498806328</big></h1></center> </div> </div> </body> </html>
URLs

http-equiv="content-type">

http://rktazuzi7hbln7sy.onion/<br>

Signatures

  • Renames multiple (4057) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Drivers directory 6 IoCs
  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c.exe
    "C:\Users\Admin\AppData\Local\Temp\5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Internet Explorer\en-US\ReadMe.bmp
    Filesize

    3.5MB

    MD5

    c01e6f827d2716267170dae1654de1bc

    SHA1

    f37a8600ec9120b54ace3fa9adf59e2922fa4f58

    SHA256

    3c7952d6ff406e1d59cd5b214970f188711404d6c1240a99d1cdec9b1cbbf2e7

    SHA512

    c26c44d7280bc810da2a1c393cbac5461a2e260d077036aa51b14cd01448ef71bd76df4992d19dfd5f91a68de7814fd28f7edc4c5b7d2cee6daccdb481795a6e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.jaff
    Filesize

    617B

    MD5

    30911b9be17152eee3877a60bd9bbe3f

    SHA1

    5d8024fa5f4d7a8ca76554be7701b3578c3e03ad

    SHA256

    23f9be97c7cba6c973dbd7125672a18891af2ea5e17243eb21ba8992569b5318

    SHA512

    4b729419905fce2fc137dbde0aafdac25e247cdedc4cf5464dd2cf90035e5592020a850e442a9c57c2501e9be6ece0008ebb947b4285ef6474975e43fc0a0e3c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.jaff
    Filesize

    489B

    MD5

    bf395e35fb3807b9018c7a3abd2a8be9

    SHA1

    8458b63f9a29b00f58561d8851757e206d9c6420

    SHA256

    5c5b8a98d508793e509cd1bbc160ae568ae86913924be7a0ad17f6cfdf83293d

    SHA512

    dfed98da65730d0a3cbf30d61a2ed2bd24b991af3155dccfb66db8ddb4874c0607e23a39372b7d30fa5d6e5f7adf17abf4f451c4c4ef531066d88e82d7ab7c7c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF.jaff
    Filesize

    457B

    MD5

    bc4c6f41d60e53493c85c6e53995b475

    SHA1

    6225c71167d65fa5c7615a9f4c83129e9dc81d69

    SHA256

    c670f6841faa29ebc4edeb8f3d240312a36a1dfeec0dfa5dd842db10916b3a4f

    SHA512

    d70375ac66e910e2dc0976bced1b5245a029a3376c466bd666c4c2310763bc4a9cdf12dfc1e79893d49d2abdd1b1e066d5026ca509a77f58b91d3da82f850514

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF.jaff
    Filesize

    777B

    MD5

    7be2458ee5d5f5e27272ebf5e76348e1

    SHA1

    7023274d3b97f453669762cb7b10c76bc1ce8742

    SHA256

    c0a5c9eb0a5278251e2c406b6e2ab8e05c70e847c9e5fcc3a6c667482fde49e3

    SHA512

    70c69d2c07fd9237ede0a16fbcadcb774077de72f18ee6bd0ef2cde9af3055831a508e06f1a79b7024ae9b41ad8fbe99c6a88f588043772c68d848e63a8bfdc1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF.jaff
    Filesize

    1KB

    MD5

    8d3e70fe698f1a2ea30655758e392609

    SHA1

    c7eb7d02bd8eb2dd1cd5467f6ec906e59e431b04

    SHA256

    f6fb0a01a40d0639e89bff18e474ea21cc71cab10eee5901c4b89c27a8759c30

    SHA512

    a2349557f9a6df7d1ded4b7a7181ac61cdf0a267080617d8c67687a903d2210a46f3aa2e1d69d483bded8742daf4d68c12a5d077919646e11ac1eae1b0c43ddb

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.jaff
    Filesize

    1KB

    MD5

    821ebf9e3a29af917e9efd4d11918e1a

    SHA1

    e9dfbb9e0c88e1e2a5e73a4c0cdeccad4b29877a

    SHA256

    82c8393a955f66c433da6eed95b0c091a7c45daca784934f6c4c3e87a1e72560

    SHA512

    31dd76ce6dbf24651804523da203a86f183322d3861b7685587cface499eeadf6bd80ca8fede7053812c38d9edd07fa21696d1138c92675cd446704999b1ba49

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.jaff
    Filesize

    425B

    MD5

    1780b2ff88639c124adf130db725688e

    SHA1

    e162867a7f7d16a969e80b40cd3e010ec557b1fa

    SHA256

    b9f976ec1308fb228d8671aefe52339ae9b40784e13b36761f1baac61c5573c1

    SHA512

    8d10dbb869b4605a3d109f46d6710fdbfe9a8b9e37e53783621afaa4fb3c42b2343581b8cfd9edfc812927a9b5d0a623d65117046a5c7204d4a95e431f89e80f

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.jaff
    Filesize

    9KB

    MD5

    39b25d60113d7f6c00007c2dc3c93f52

    SHA1

    617cf115ba1ba373bc1408e5d1a698398ba38182

    SHA256

    9675200396d40f32d9960addd5c6e2362d38fb7dec43ffab7f4b01349daa38f3

    SHA512

    46dde88cae4abfac96c30319c669936cf1956491a02869ae7ec0ea62b369fa2e3c382c4897195a078f254dfea26d566cdb45ce4f20c1450ee3498f88ddc0f9ab

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.jaff
    Filesize

    12KB

    MD5

    87cd3b7b21322080d9e0ef6885930ca6

    SHA1

    0322cc48872f9307823bde72f95cc5841b0ef7e0

    SHA256

    6a55f97b066faa73cfc2add867e0b918ba53ebbc696fa851b81400ee74c013ff

    SHA512

    b3d296389293d4f1e1b27f876bbbdecf08cb6e6b57afd0c69706a24d6b185ec4a23183d716b6830cbb3393c8d5ea387c392cdd06a8659092c4340331eff86527

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000006.log.jaff
    Filesize

    281B

    MD5

    a69052c1ce5f723116175dd4d10a097d

    SHA1

    ad829af66553912abe2bc64808d8985c0f9c094b

    SHA256

    991f82f75631212f813a4645da91f27f1673c9865b06f7c34454de727dca2dcd

    SHA512

    73820ab212155f030b2208be78e1c4617f1fcd6e241519d258d970d7bfeccb27babe7f6485a83ca853f29c0e044e45e3f76bcce554a5ab3161a909b6d70c5ed9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.jaff
    Filesize

    48KB

    MD5

    013e7ad0571e5fddc72c40f1419293aa

    SHA1

    b19d1e58499d393544910e1374ed3ca3e226eaa5

    SHA256

    11d378aac5259eab56e49ce817304cb3e5ce2a219f28e8f3239747ce099fa759

    SHA512

    b486889d2be9842a9c779e3ff9c97ff11ed927066b74c52a9a9e7e6ca97f3e946b6a70a34db82c3982d3a3973cba865d008181c08c849ecb05bd59744bbd9000

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe.config.jaff
    Filesize

    457B

    MD5

    5825a1532522ba711d8a29f2b9e86ec9

    SHA1

    8ebea0cd2c1bd5b1ddf4d08221b498471acffe63

    SHA256

    24a02a5ef27c8a2de32850506a674d2c237a8e639dec08e8d2d791bae8be79ee

    SHA512

    4a61fd3c33cf001cd1ad7af43b66b998f17dc5ba765e9f6aa81cadb373da18559dbf112cd44cfc62d573f1b2e4447a65fdee0315136b8e180dc6cee774390df4

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.jaff
    Filesize

    345B

    MD5

    3a08d407d255dce8756fc1d5a382ba84

    SHA1

    c72cef9397f5dcf383b6de58859a383ec247df84

    SHA256

    b734324734cff089f0290529c0a531aaddac23b26134c95ef95e9eba208f7ede

    SHA512

    0f51691f050c5629c97a801efd5dafae578d0e35e68afbd73d4e30082d6abb4fab6c909fd973956f1e20b3f9bff6d570ac231ff9c37bcd69c22de8ee878f2804

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.jaff
    Filesize

    345B

    MD5

    0d22ff7acacecd193a03ba926e88fb17

    SHA1

    15cd9508ab6ec046d24f4cb43ba4e6e34e2df30e

    SHA256

    ae6639c3ab5b3002d6da6ebf142df07ca1788857ea782dc854e141faa9e23144

    SHA512

    59ae299213fb8d713e4f58ac62169f7b3cdda4482011a0bd281bc6a5cb866a07ee62a9aaae69cba214425b06f08c753acfe6e2b805d067186d0912c1a25a1121

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe.config.jaff
    Filesize

    425B

    MD5

    c823d49aa1c02bad2ff2016b5c917e07

    SHA1

    90264dd524b78622eab7a0ddfaae1ebbd770f8f5

    SHA256

    31c0c24d7464bc1f2f4ec66366ef157f1fd743df00e59159fddc088c251c447f

    SHA512

    0f1ad5adcea37d68433f1d24c8106fe6334818618d5848ed19e2b2170998e5dd2444e6a2d2736799ebd9680f8a14e51f2540734edfc4b667011d7dcdc1231256

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe.config.jaff
    Filesize

    457B

    MD5

    0d6fb3d1331d3068c114a88ef609eb11

    SHA1

    0e13a42cef47944650ffd19a12c3e5b4803bb62a

    SHA256

    c90817959e5b6ed0378923c8d6cf0b2c26020b9e0b7a2b5388e424b14636ec5c

    SHA512

    be01a5638ad320255c1f5bcb680494cbe03926fa16e90f0ee68af5bcf00b06acc08d9e406e6342dd303732e53109624c6be437f1b9194c439309235777545764

    Download Submit

  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config.jaff
    Filesize

    489B

    MD5

    ca2ed5be14fadd86c96753c390270d55

    SHA1

    43b05e3af604bb681189ad13e21dd519fd40ff46

    SHA256

    2a5d2551b9c0cce93d207385ffc4d78c80cda8ddeee02e5fbe24963c4e7c22a5

    SHA512

    a6e6fb6864ffaa90009c32820651b16cb9b6581868263da87a75ae8ab097c0d90dc2d9fde8e7453ac7060681018d450504e175500ccc8554b08cedecf223b07d

    Download Submit

  • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\it\SqlPersistenceProviderLogic.sql.jaff
    Filesize

    13KB

    MD5

    98f7e97654d5b106c2a73ae5c0affac6

    SHA1

    d0011d7d573db52533b6b6fb6f1b96dc456aa90b

    SHA256

    9f8e81d946216411247a677cdcb4357d8e35fe8c0747cd4c04b7ce311cd3c439

    SHA512

    6424cb860740e5e2c1f69ac62be14ec91ce22ea7df6cfd4f463980bb71a1728d38ecb2d51b225fb1286571e5bfd2110dcff98e03f926415deb79b21ffd21ceba

    Download Submit

  • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\ja\DropSqlPersistenceProviderLogic.sql.jaff
    Filesize

    2KB

    MD5

    539a1b1d8c5ff391c1c0511892a15805

    SHA1

    098ed4bb113f032af7ff8b62c042be23400dc215

    SHA256

    73af997b692f36b09660e62f02bf49d4fa74faa27f0bcf3b640c7d44cd5c1488

    SHA512

    360cc956edabd5628c2f92630e62f264dae1ae8b9b9733090e1664b33902b44c5bcbdb5b422845109fbed8eefa750261f2c57f6c2c560fdcff9e24d741b77966

    Download Submit

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif.jaff
    Filesize

    329B

    MD5

    785d033cbeb8777e942acc2d7f5aa015

    SHA1

    5ec358de887df455ca946cf4f54d63d6effa99b9

    SHA256

    6cc908b6872957334f3edb0e724ea4d2a3123cb8db62dca3871972d2262d0db7

    SHA512

    091aa659fead447b347f8502a0f364cfc3505378f825e609bab22b350c3b9ae6fb4c9432202c9d5c73cd4af1335739182b214ab5265ce835b2ebab0f9af472c8

    Download Submit

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config.jaff
    Filesize

    553B

    MD5

    6e81c469e865ae93a8a1bfc13f20c568

    SHA1

    bf65ca366c57d9d3c4f485227fc6aa0a21999044

    SHA256

    1b8d17ea2e73e2fd3ce2bb2446ce60bac72553714584aceed4bb89e86d8ae25d

    SHA512

    2a45c4f60c5780aa7cd1039e2a502c6a2a216493f5041b07a684890e76d9e1ff518d6b799a9e45fb8db3c4611ad3eeb898134506f49d6cd5f4b4b06a8ab389c2

    Download Submit

  • C:\Windows\ReadMe.html
    Filesize

    1KB

    MD5

    6eccd40a77478245a591f13b3fd66789

    SHA1

    16643653f9c5abb20c8cf1dc1a1c57bfab05601d

    SHA256

    2bb32e84fb4dfb3225bef7ef5624e439e5d3985d710d1700ab66410d7f30e6de

    SHA512

    2b507eadb9d03ec69bf25ca7a32a94b866f2e561e0461eeff7de424241e1dc0aafbccb6996288403155c8f79768dee987332de84c8fabfdf75294f57d0b872ab

    Download Submit

  • C:\Windows\ReadMe.txt
    Filesize

    482B

    MD5

    6c0206fe3a3d84580fc5aaea80694183

    SHA1

    1bffc31dfa6c9f82a3e7c7a8bd8187f1977a28c4

    SHA256

    35f5eda766ba1d49f38336054afa75e903118c110f88d5396d05ea283d319739

    SHA512

    03799e96ca414520a00a9f67e45a4df2f9d6edee3d08cecddbf535e643581136a673c9fb7230a91c04edb793eef085ba6aa84dee31c89ebd7ba474b0c97d311a

    Download Submit

  • C:\Windows\SysWOW64\en-US\ReadMe.html.jaff
    Filesize

    1KB

    MD5

    b76331466873d1fe480bdcb48ac18e95

    SHA1

    513b375470cc9f21db0f2e281f982464cd46f25f

    SHA256

    2f48bae64cea5567dd3273ad2cec203f9526485360da5eea16175e0e65d626eb

    SHA512

    6185c7aa5be1a9ee992186087a42c11b4037ac05d04d84770437148be118d39e48d00312d639ef42362bd44c826baeac22dc252be609f22603e7d83f421df3b8

    Download Submit

  • C:\Windows\SysWOW64\en-US\ReadMe.txt.jaff
    Filesize

    761B

    MD5

    35198e8185ae9e3e18c775e889464f34

    SHA1

    f3d2c365d0ceeb43bc20129d00bee01eaf1ec835

    SHA256

    bce309bf04f9e7f4654a4f3cfaf207348f9fb84bce90e644e3b06b4f5d80c4f8

    SHA512

    e47d24baa773343c15e4b2dc3330bb5f2a68646ce01b583e5e1f4caa6bec468da70d2d19a2c3cb4bea1106ef64042df006ab7d283567c4b026e8864879dfa4ac

    Download Submit

  • C:\Windows\SysWOW64\ja-JP\ReadMe.bmp.jaff
    Filesize

    3.5MB

    MD5

    4249c202d6897fcde29fb4052315417c

    SHA1

    9ede6f8e9fb5aaf2c0e978af5fc4ab484c7a3405

    SHA256

    94351483b45329219eaa923d9a1daeef44472023dfd667d5f3c932ed30540e80

    SHA512

    07a45f80e6dba7fe22f6eba0b3957fc4c56bfdc6a8212dfb39566192d517b628243bd569d443ef7179edfd862aa149f29c44c928eaf3d09fc0e5c73e6ed7ce3f

    Download Submit

  • C:\Windows\inf\PERFLIB\0411\perfc.dat.jaff
    Filesize

    31KB

    MD5

    e2c783eff52b693433b99ecd13e82058

    SHA1

    0ccad5a6b928280a98bf0b53b72b88c5a0d305f2

    SHA256

    da06abbabfb6ee84c5a744325883d0349debc9782e01b6fad0c648e07e29697c

    SHA512

    904d87c91d47b85b8839ecfe27e8a07fea3b0d6a0550943d9b501b1a40cc71707ee4c5b185a699745a31781a4db9c93495f7f30b4b64259b741036a0501e6e80

    Download Submit

  • memory/1992-2-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1992-4221-0x00000000002B0000-0x00000000002BE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1992-18-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1992-0-0x0000000000290000-0x0000000000295000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1992-4-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1992-6-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1992-1-0x00000000002B0000-0x00000000002BE000-memory.dmp

    Filesize

    56KB

    Download