Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Instagram ....1.rar

windows7-x64

10

Instagram ....1.rar

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/01/2025, 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Instagram Account Checker By Amir v0.1.rar

  • Size

    1.3MB

  • MD5

    a881a88cc642bac36123ee7ab3ce377d

  • SHA1

    d9a33f01390f6a86eebab66201db22b1d4e92684

  • SHA256

    418d91aa65e3ab38c3c95015d986684ee9c7bcb326f186ad0fba5c12dc77e8bc

  • SHA512

    852be83f0a19f368d7e0051fc4663ecfc5f1ae5fddbeca31027ce8eafe4acdd7808f9b3203d8a78c0c3b6b485231e07fef1ea0386f1b5bded4444d1d556bb9bb

  • SSDEEP

    24576:Gp7XinQiXwC6KsZ+RMwuMzp/o1ZybvIk05+He1FSb4pGXsZ2+GE+oTd/N:u7IdXwkHR1uM9Q3IvIB5+He1FSb4C22G

Score
10/10
neshtadiscoveryexecutionpersistencespywarestealer

Malware Config

Signatures

  • Detect Neshta payload 49 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Drops startup file 1 IoCs
  • Executes dropped EXE 38 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 39 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Instagram Account Checker By Amir v0.1.rar"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2716
  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe
    "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe
      "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1096
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Windows\IMF\WINDOW~1.EXE" {Arguments If Needed}
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1228
        • C:\Windows\IMF\WINDOW~1.EXE
          C:\Windows\IMF\WINDOW~1.EXE {Arguments If Needed}
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1496
          • C:\Windows\svchost.com
            "C:\Windows\svchost.com" "C:\Windows\IMF\SECURE~1.EXE"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1660
            • C:\Windows\IMF\SECURE~1.EXE
              C:\Windows\IMF\SECURE~1.EXE
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:2088
    • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe
      "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
        "C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2424
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 584
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2432
  • C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE
      C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1828
      • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe
        "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1552
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2728
          • C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe
            C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of FindShellTrayWindow
            PID:2752
      • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe
        "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:2624
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          PID:1460
          • C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
            C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2236
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 576
              6⤵
              • Loads dropped DLL
              • Program crash
              PID:1240
  • C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:1420
    • C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE
      C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1928
      • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe
        "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:2776
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          PID:2928
          • C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe
            C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2372
      • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe
        "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:2260
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          PID:2008
          • C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
            C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:344
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 580
              6⤵
              • Loads dropped DLL
              • Program crash
              PID:1736
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4fc
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2524
  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe
    "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:1564
    • C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\INSTAG~1.EXE"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3008
      • C:\Users\Admin\AppData\Local\Temp\3582-490\INSTAG~1.EXE
        C:\Users\Admin\AppData\Local\Temp\3582-490\INSTAG~1.EXE
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2484
  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe
    "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2668
    • C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\INSTAG~1.EXE"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:1748
      • C:\Users\Admin\AppData\Local\Temp\3582-490\INSTAG~1.EXE
        C:\Users\Admin\AppData\Local\Temp\3582-490\INSTAG~1.EXE
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:156
  • C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2852
    • C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE
      C:\Users\Admin\Desktop\INSTAG~1.1\INSTAG~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2856
      • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe
        "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:848
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          PID:2312
          • C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe
            C:\Users\Admin\AppData\Local\Temp\3582-490\Launcher.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3036
      • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe
        "C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:676
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          PID:2552
          • C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
            C:\Users\Admin\AppData\Local\Temp\3582-490\xml.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2664
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 576
              6⤵
              • Program crash
              PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
    Filesize

    859KB

    MD5

    02ee6a3424782531461fb2f10713d3c1

    SHA1

    b581a2c365d93ebb629e8363fd9f69afc673123f

    SHA256

    ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc

    SHA512

    6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec

    Download Submit

  • C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
    Filesize

    547KB

    MD5

    cf6c595d3e5e9667667af096762fd9c4

    SHA1

    9bb44da8d7f6457099cb56e4f7d1026963dce7ce

    SHA256

    593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d

    SHA512

    ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

    Download Submit

  • C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe
    Filesize

    186KB

    MD5

    58b58875a50a0d8b5e7be7d6ac685164

    SHA1

    1e0b89c1b2585c76e758e9141b846ed4477b0662

    SHA256

    2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae

    SHA512

    d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b

    Download Submit

  • C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe
    Filesize

    1.1MB

    MD5

    566ed4f62fdc96f175afedd811fa0370

    SHA1

    d4b47adc40e0d5a9391d3f6f2942d1889dd2a451

    SHA256

    e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460

    SHA512

    cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7

    Download Submit

  • C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE
    Filesize

    285KB

    MD5

    831270ac3db358cdbef5535b0b3a44e6

    SHA1

    c0423685c09bbe465f6bb7f8672c936e768f05a3

    SHA256

    a8f78ac26c738b13564252f1048ca784bf152ef048b829d3d22650b7f62078f0

    SHA512

    f64a00977d4b6f8c43f53cee7bb450f3c8cbef08525975055fde5d8c515db32d2bfad92e99313b3a10a72a50dd09b4ffe28e9af4c148c6480622ba486776e450

    Download Submit

  • C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE
    Filesize

    313KB

    MD5

    8c4f4eb73490ca2445d8577cf4bb3c81

    SHA1

    0f7d1914b7aeabdb1f1e4caedd344878f48be075

    SHA256

    85f7249bfac06b5ee9b20c7f520e3fdc905be7d64cfbefb7dcd82cd8d44686d5

    SHA512

    65453075c71016b06430246c1ee2876b7762a03112caf13cff4699b7b40487616c88a1160d31e86697083e2992e0dd88ebf1721679981077799187efaa0a1769

    Download Submit

  • C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
    Filesize

    569KB

    MD5

    eef2f834c8d65585af63916d23b07c36

    SHA1

    8cb85449d2cdb21bd6def735e1833c8408b8a9c6

    SHA256

    3cd34a88e3ae7bd3681a7e3c55832af026834055020add33e6bd6f552fc0aabd

    SHA512

    2ee8766e56e5b1e71c86f7d1a1aa1882706d0bca8f84b2b2c54dd4c255e04f037a6eb265302449950e5f5937b0e57f17a6aa45e88a407ace4b3945e65043d9b7

    Download Submit

  • C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe
    Filesize

    381KB

    MD5

    3ec4922dbca2d07815cf28144193ded9

    SHA1

    75cda36469743fbc292da2684e76a26473f04a6d

    SHA256

    0587fd366ea7e94b3ae500874b1c5d684b5357fcc7389682d5a13c3301a28801

    SHA512

    956c3a1f2689cb72600edd2e90d652b77592a8a81d319dce026e88f6c02231af06aebd57d68460eb406de00c113522173423cb1b339a41a3918f379c7dc311f7

    Download Submit

  • C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe
    Filesize

    137KB

    MD5

    e1833678885f02b5e3cf1b3953456557

    SHA1

    c197e763500002bc76a8d503933f1f6082a8507a

    SHA256

    bd9a16d8d7590a2ec827913db5173f8beb1d1ef44dab1920ef52a307f922bc14

    SHA512

    fe107e1c8631ec6ac94f772e6a7be1fdc2a533fe3cfcf36b1ff018c8d01bd7f1f818f0a2448f736838c953cd516ea7327c416dea20706ed2420327af8ef01abe

    Download Submit

  • C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe
    Filesize

    373KB

    MD5

    2f6f7891de512f6269c8e8276aa3ea3e

    SHA1

    53f648c482e2341b4718a60f9277198711605c80

    SHA256

    d1ee54eb64f31247f182fd62037e64cdb3876e1100bc24883192bf46bab42c86

    SHA512

    c677f4f7bfb2e02cd0babed896be00567aad08304cbff3a85fcc9816b10247fedd026fee769c9bd45277a4f2814eabe6534f0b04ea804d0095a47a1477188dd6

    Download Submit

  • C:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE
    Filesize

    100KB

    MD5

    6a091285d13370abb4536604b5f2a043

    SHA1

    8bb4aad8cadbd3894c889de85e7d186369cf6ff1

    SHA256

    909205de592f50532f01b4ac7b573b891f7e6e596b44ff94187b1ba4bcc296bb

    SHA512

    9696e4f60a5b1166535ca8ca3fb495d718086463d1a12fa1facc08219ad5b918208ddd2a102f7955e29153b081e05985c4ae6e4302ab36d548bb62991a47db18

    Download Submit

  • C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE
    Filesize

    130KB

    MD5

    7ce8bcabb035b3de517229dbe7c5e67d

    SHA1

    8e43cd79a7539d240e7645f64fd7f6e9e0f90ab9

    SHA256

    81a3a1dc3104973a100bf8d114b6be35da03767a0cbbaf925f970ffcbe5f217c

    SHA512

    be7fcd50b4f71b458ca001b7c019bf1169ec089d7a1ce05355134b11cbe75a5a29811f9efec803877aeb1a1d576ea2628926e0131361db23214275af6e89e80c

    Download Submit

  • C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE
    Filesize

    2.4MB

    MD5

    a741183f8c4d83467c51abab1ff68d7b

    SHA1

    ddb4a6f3782c0f03f282c2bed765d7b065aadcc6

    SHA256

    78be3aeb507db7e4ee7468c6b9384ee0459deebd503e06bd4988c52247ecea24

    SHA512

    c15dbecc0754a662892ecaff4b9b6c1bad46f710d8e1b973f86eaee467444f8e5764b31ace8f5a9a5e936947cc4dcb97cb1b14a6930c1025f38a3544393b6b18

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE
    Filesize

    571KB

    MD5

    d4fdbb8de6a219f981ffda11aa2b2cc4

    SHA1

    cca2cffd4cf39277cc56ebd050f313de15aabbf6

    SHA256

    ba3dc87fca4641e5f5486c4d50c09d087e65264e6c5c885fa6866f6ccb23167b

    SHA512

    7167e13dbcc8c96114fef5fc7ae19afa31173617db153dd283aa6d8256f6b8c09c8f906f5d418efe9f7f242cdfaef24b93c11c451701c4d56eb48d18de4e88bf

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE
    Filesize

    157KB

    MD5

    a24fbb149eddf7a0fe981bd06a4c5051

    SHA1

    fce5bb381a0c449efad3d01bbd02c78743c45093

    SHA256

    5d13230eae7cd9b4869145c3280f7208788a8e68c9930a5c9aa3e822684a963d

    SHA512

    1c73b762c340a8d7ea580985ba034a404c859d814690390a6e0b6786575c219db9ca20880ea20313bb244560e36cf24e4dda90229b3084d770495f4ceedfd5de

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE
    Filesize

    229KB

    MD5

    28f7305b74e1d71409fec722d940d17a

    SHA1

    4c64e1ceb723f90da09e1a11e677d01fc8118677

    SHA256

    706db4d832abdf4907a1386b917e553315660a59bfb4c180e38215b4a606d896

    SHA512

    117de88d0bc437023ca2f1f54b1f2cf03b00c8cb52e4b728cabcb3140659c67cdb6d2c203d3ca13767312831c6308622dfa65d6c5361ec28aaf4ec0870f9ba6e

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE
    Filesize

    503KB

    MD5

    3f67da7e800cd5b4af2283a9d74d2808

    SHA1

    f9288d052b20a9f4527e5a0f87f4249f5e4440f7

    SHA256

    31c10320edb2de22f37faee36611558db83b78a9c3c71ea0ed13c8dce25bf711

    SHA512

    6a40f4629ddae102d8737e921328e95717274cea16eb5f23bff6a6627c6047d7f27e7f6eb5cb52f53152e326e53b6ee44d9a9ee8eca7534a2f62fa457ac3d4e3

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE
    Filesize

    153KB

    MD5

    12a5d7cade13ae01baddf73609f8fbe9

    SHA1

    34e425f4a21db8d7902a78107d29aec1bde41e06

    SHA256

    94e8ea2ed536484492d746f6f5808192cb81ae3c35f55d60826a2db64a254dd5

    SHA512

    a240f5c59226749792cfb9fbd76b086d2544a493b834a72c0bfd8b076ed753ec8876ff056fc35f63f5497183d985f8f8c5c7b6abbcad70981f1ec83af1b3bd76

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe
    Filesize

    539KB

    MD5

    60f6a975a53a542fd1f6e617f3906d86

    SHA1

    2be1ae6fffb3045fd67ed028fe6b22e235a3d089

    SHA256

    be23688697af7b859d62519807414565308e79a6ecac221350cd502d6bf54733

    SHA512

    360872d256ef91ea3debfb9b3efa22ee80859af9df29e0687c8e1b3c386d88ff1dc5635b86e714fbf1a7d4d6bc3d791efa31a9d9d13e0f79547b631bddb5108d

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe
    Filesize

    1.1MB

    MD5

    034978c5262186b14fd7a2892e30b1cf

    SHA1

    237397dd3b97c762522542c57c85c3ff96646ba8

    SHA256

    159776d43dd2a8d843b82ece0faf469f9088a625d474ce4eea9db59d94a844e6

    SHA512

    d216e757616121d9902b0db2669b6e2aa9eb2697427c9ea2804ebda9690abbf9219c6e603d63ff19dc6115a072985ca862499b5f8319ca057a16e81aec9ea949

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe
    Filesize

    205KB

    MD5

    da31170e6de3cf8bd6cf7346d9ef5235

    SHA1

    e2c9602f5c7778f9614672884638efd5dd2aee92

    SHA256

    7737ab500cbbd5d507881d481eef9bd91cf6650bf8d2b41b47b1a8c5f2789858

    SHA512

    2759d938d6ad963e0bf63481a700f7c503d06011a60bcfc1071b511e38afa87d903deb36f9cbfa0b3fd08f1ecb88d2c0bddf0d3b5f2dea2a0cca1a80471669f3

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe
    Filesize

    1.2MB

    MD5

    467aee41a63b9936ce9c5cbb3fa502cd

    SHA1

    19403cac6a199f6cd77fc5ac4a6737a9a9782dc8

    SHA256

    99e5bea5f632ef4af76e4e5108486d5e99386c3d451b983bcd3ad2a49cc04039

    SHA512

    00c9ccdbbd6fd1be0c2dafd485d811be9bf2076d4efeabc256179befd92679b964e80edcb90ef21f3e874578fdb0003878227f560ca76498865770280f87113e

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE
    Filesize

    125KB

    MD5

    46e43f94482a27df61e1df44d764826b

    SHA1

    8b4eab017e85f8103c60932c5efe8dff12dc5429

    SHA256

    dc6658dec5bf89f65f2d4b9bdb27634bac0bf5354c792bc8970a2b39f535facd

    SHA512

    ce5bdd3f9a2394ffda83c93fc5604d972f90bd72e6aded357bdf27a2b21a0469f6ac71ce40d9fb4ed8c845468c4171a3c5b4501edbae79447c4f4e08342d4560

    Download Submit

  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\Instagram Account Checker By Amir v0.1.exe
    Filesize

    214KB

    MD5

    061683b79c9c654a8eb5e81c3b1f4de0

    SHA1

    02cebcbebe06905fc80f1a459a673b8317ebeb80

    SHA256

    19a099135d5248a219e7b13b74b6a608de4db082638dc566d012153406f86c3d

    SHA512

    080d5a29e722dc3e020a7582c592d36f4ccb64b97008df24d5c89b93a2ab4afb3295cf5ec0826ec78c7ef85e5a3d6927038f99a5fcb328b487d216573a42193d

    Download Submit

  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Ionic.Zip.dll
    Filesize

    480KB

    MD5

    f6933bf7cee0fd6c80cdf207ff15a523

    SHA1

    039eeb1169e1defe387c7d4ca4021bce9d11786d

    SHA256

    17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

    SHA512

    88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

    Download Submit

  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\LICENCE.dat
    Filesize

    68KB

    MD5

    8c75cd4d284ce9babef8db2e69b6923a

    SHA1

    cf2a3800e62d5e8144f1d525927fbd2c94a7a55c

    SHA256

    613bbfa0f4e7548fb835898a950f4d1fe104a16ac7ad49e459ffaa85d95a53b6

    SHA512

    46eb3c8e9c71fc8b33ee3ac79ef4ef28d513ef9d120b32f14a2eb05de317ec7361a5efd7b814dfe1fbdac32a4ae6c7126c03ee9fe3d91589e7913548d798b569

    Download Submit

  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\Launcher.exe
    Filesize

    53KB

    MD5

    c6d4c881112022eb30725978ecd7c6ec

    SHA1

    ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    SHA256

    0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    SHA512

    3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    Download Submit

  • C:\Users\Admin\Desktop\Instagram Account Checker By Amir v0.1\SHELL\xml.exe
    Filesize

    285KB

    MD5

    0a77cfe1308dbf869c62560a80a1ab57

    SHA1

    8f8fad37cb455d79477ea63b9e33ae364327ced8

    SHA256

    322bc1db23aa000b478e488cb7683c67f98b60a2a92683e331964b6505b452a8

    SHA512

    e76ce13f0a5bb4452cde9f9210e632a0a9836c57b8374ebe82820a518ea6639b87c8a1b4dea39b872535d514b66281faa55d7ecf017237cb1a98256d7cb7b598

    Download Submit

  • C:\Windows\IMF\Runtime Explorer.exe
    Filesize

    128KB

    MD5

    48ce06f77a388b177c1734917c90680b

    SHA1

    90535ec2ab9335e02c322353dca8fae456ad9932

    SHA256

    4b18fc549b933c2d202a5ce684a062cb4c68c3ecdc695b83b365e0149c2d2a25

    SHA512

    64c05e79886af83d123c29dfcab40dc979e4aab1869543fbf97629fa6148eb5c08233b0cdade82b7c96db51d9b073b2712e5f044cf6ee9619bf9307fc71763bf

    Download Submit

  • C:\Windows\IMF\Secure System Shell.exe
    Filesize

    45KB

    MD5

    7d0c7359e5b2daa5665d01afdc98cc00

    SHA1

    c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

    SHA256

    f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

    SHA512

    a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

    Download Submit

  • C:\Windows\IMF\Windows Services.exe
    Filesize

    46KB

    MD5

    ad0ce1302147fbdfecaec58480eb9cf9

    SHA1

    874efbc76e5f91bc1425a43ea19400340f98d42b

    SHA256

    2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

    SHA512

    adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    29B

    MD5

    1ff5bdde7b10deea76c2190473ef25a8

    SHA1

    57649ccf42e8d4dfba1a9b23082d90c5761d95ae

    SHA256

    377db3613419586b4c47afeea8c911617ecac325767a1fd5b8824dabb494f5d4

    SHA512

    366c03698db2497acb96be5a4ddf3016bc24e8e455ddaa7ac055cf8673fe73fc72eacdc382f7e42f0b237659699d41efa49e2402840db90c80578952d6956a1a

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    48B

    MD5

    ae630ec64a57de04d04cbcda3a514deb

    SHA1

    b522a20f7baa5e6c4517d537b4011b2793b0f56a

    SHA256

    555c98a235e25a8d02a37c28f9e7f09542021a019d4c1d1f658abc6565ac299d

    SHA512

    a09ad5afc05ec32c16b254ea67544cfcbf5b165679c31842ea065936cc8999bd95dded8c668864a0c46c78c79992ec4d4145f3363cbb66eb488501c6be4b0f0e

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    100B

    MD5

    6d412012d77737da5c4fe7ab29c655b7

    SHA1

    4f51a5b5f18aeafed7bfb58f3aca9ebfa65e5629

    SHA256

    6e87962ba6a3346f908574f9c1559a6ca67c06ab2588546ec4199565c1d2f23a

    SHA512

    499f4b064bc5067d87a3adb99e4aa1bb4308eb178644b808d629c86159868ddb39d7d7a89173962576bab23ac7882c035760ccddf5047e10611b67aedbb8e016

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    105B

    MD5

    29261ba45de955f19031ebb2af078534

    SHA1

    20dcc44b2b2aad28387d3a8770cf2ad62bc8ff85

    SHA256

    e30c1aa85d2f050c4d45efddfaad2c5c69d221ce0ecbd5827f8d791a01e42aae

    SHA512

    5c3e191bece3b8e39afd767240031a8e3cf420ad96cc172dbfb4437c61bf535fe141c08e6fc4752d2c903e411fcf93305b0b256192fda9478750a211d5d0b825

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    52B

    MD5

    8746004660f9fe900ccc72c404992837

    SHA1

    88bf33248fe0c08747374f0975774d9b7596c2a0

    SHA256

    a5e2ee1f3daa1d281e3d122caf1f93a0ab243583b7b2e37865d377c065e98e27

    SHA512

    0fbd9dfbdd52a46c4d9f2a9cd09e7dd56b87bec61065bf2b6721d237787e2075a47805a9e9f38ed07dcd8069ce65c00b30484dac2f528654399b5d3dca06356f

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    57B

    MD5

    70aa0fd68b5e470f8cd32f2232781ac2

    SHA1

    19579e3e1cf21f852a6e085eb267d61e078e35ea

    SHA256

    2ab4fda0427ef62ec071b56e29368f4fe001fc4c075c6a4b891f4bf4180d1c40

    SHA512

    4922f2b5d8cf3ba04b08f435f45552872d74c1de06d348afcd22c4087d2194984d3c338084b475fbd8a5f0e9c07cb8d62a34bda2403b78bade04a17f52aab248

    Download Submit

  • C:\Windows\svchost.com
    Filesize

    40KB

    MD5

    dda6d3b34324c22b3dd01251c88d8c27

    SHA1

    add6f628b67f7d1a10c1f1db83157d1d7d2bbf61

    SHA256

    ac6d2f3fd8cb6d4ef7fa4619c49be549bed547b1b47b4982e61d469f4c132064

    SHA512

    9401eb63a7de04f3ff1de356a165dfd73142aa262c1682f687403c2ef07293234c1a426424547051057643c1c525a1810d307986ed6caf3f46ead6e8d1934a9f

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\xml.exe
    Filesize

    244KB

    MD5

    49876bdea1929c82619ae2a5e16ece23

    SHA1

    1a68c0be3941b55d1762968b6b530c5601ff6275

    SHA256

    f9c74be6531c208fda82bdcf9951a6ba41e4983a76a24922aa2378185305bfba

    SHA512

    e0998c974a2bd6402ebe236d7824d33e4391c41cecbc0b318bc1e990d30e4407ef202d5f2055fce9054451203a7670cbefb836d5454773e30e5814b8ed150f95

    Download Submit

  • memory/156-312-0x00000000010E0000-0x000000000111C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/344-289-0x00000000000C0000-0x0000000000102000-memory.dmp

    Filesize

    264KB

    Download

  • memory/656-32-0x0000000001320000-0x000000000135C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/676-334-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/848-326-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1228-256-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1228-242-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1420-271-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1460-257-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1496-177-0x0000000000360000-0x0000000000372000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1552-234-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1564-295-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1660-216-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1748-313-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1828-229-0x0000000000D00000-0x0000000000D3C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1928-270-0x00000000000D0000-0x000000000010C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2008-290-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2012-219-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2012-254-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2088-192-0x0000000000E90000-0x0000000000EA2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2236-252-0x0000000000290000-0x00000000002D2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2260-283-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2312-332-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2424-62-0x0000000000A10000-0x0000000000A58000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2424-61-0x0000000000FD0000-0x0000000001012000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2484-301-0x0000000001140000-0x000000000117C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2552-341-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2624-246-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2664-340-0x00000000009C0000-0x0000000000A02000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2668-306-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2728-241-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2752-240-0x00000000002C0000-0x00000000002D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2776-273-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2852-324-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2856-323-0x00000000009D0000-0x0000000000A0C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2896-230-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2928-279-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3008-302-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3024-40-0x00000000008A0000-0x000000000091E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3024-36-0x0000000001370000-0x0000000001384000-memory.dmp

    Filesize

    80KB

    Download