Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows10-2004-x64

7

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-24.04-amd64

8

The-MALWAR...caa742

ubuntu-24.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-24.04-amd64

8

The-MALWAR...257619

ubuntu-18.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-24.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-22.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

The-MALWAR...us.exe

windows10-2004-x64

7

The-MALWAR....a.exe

windows10-2004-x64

3

The-MALWAR....a.exe

windows10-2004-x64

7

The-MALWAR...ok.exe

windows10-2004-x64

1

The-MALWAR...y.html

windows10-2004-x64

4

The-MALWAR...ft.exe

windows10-2004-x64

4

The-MALWAR...en.exe

windows10-2004-x64

6

The-MALWAR...ve.apk

android-9-x86

The-MALWAR...ve.apk

android-10-x64

Resubmissions

11/04/2025, 21:31

250411-1cz7lazpx8 10

Analysis

  • max time kernel
    29s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2025, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Email-Worm/Axam.a.exe

  • Size

    11KB

  • MD5

    0fbf8022619ba56c545b20d172bf3b87

  • SHA1

    752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

  • SHA256

    4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

  • SHA512

    e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

  • SSDEEP

    192:33K8Vn5fAIBkPA9tQdEnhAv+mKqh1RwE9gCOMv8eIry2aZoa5qq/:33X54IB8SCY2W3qmSgaIrTDSqq/

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Drops startup file 64 IoCs
  • Executes dropped EXE 63 IoCs
  • Adds Run key to start application 2 TTPs 63 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe
    "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:844
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3488
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4728
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5020
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:552
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5536
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:1348
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4928
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3236
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3328
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:5828
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5184
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:4308
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3696
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5736
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5884
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5140
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:516
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4292
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2172
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:5056
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4276
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3940
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5780
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1016
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:816
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5300
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3508
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:628
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Users\Admin\AppData\Roaming\Axam.exe
      C:\Users\Admin\AppData\Roaming\Axam.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:232
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
    1⤵
      PID:5688
      • C:\Users\Admin\AppData\Roaming\Axam.exe
        C:\Users\Admin\AppData\Roaming\Axam.exe
        2⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:6016
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
      1⤵
        PID:2688
        • C:\Users\Admin\AppData\Roaming\Axam.exe
          C:\Users\Admin\AppData\Roaming\Axam.exe
          2⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:1868
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
        1⤵
          PID:2660
          • C:\Users\Admin\AppData\Roaming\Axam.exe
            C:\Users\Admin\AppData\Roaming\Axam.exe
            2⤵
            • Drops startup file
            • Executes dropped EXE
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:2600
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
          1⤵
            PID:2240
            • C:\Users\Admin\AppData\Roaming\Axam.exe
              C:\Users\Admin\AppData\Roaming\Axam.exe
              2⤵
              • Drops startup file
              • Executes dropped EXE
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              PID:1872
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
            1⤵
              PID:4356
              • C:\Users\Admin\AppData\Roaming\Axam.exe
                C:\Users\Admin\AppData\Roaming\Axam.exe
                2⤵
                • Drops startup file
                • Executes dropped EXE
                • Adds Run key to start application
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:3364
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
              1⤵
                PID:2596
                • C:\Users\Admin\AppData\Roaming\Axam.exe
                  C:\Users\Admin\AppData\Roaming\Axam.exe
                  2⤵
                  • Drops startup file
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:4544
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                1⤵
                  PID:5272
                  • C:\Users\Admin\AppData\Roaming\Axam.exe
                    C:\Users\Admin\AppData\Roaming\Axam.exe
                    2⤵
                    • Drops startup file
                    • Executes dropped EXE
                    • Adds Run key to start application
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:5212
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                  1⤵
                    PID:2536
                    • C:\Users\Admin\AppData\Roaming\Axam.exe
                      C:\Users\Admin\AppData\Roaming\Axam.exe
                      2⤵
                      • Drops startup file
                      • Executes dropped EXE
                      • Adds Run key to start application
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of SetWindowsHookEx
                      PID:4452
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                    1⤵
                      PID:4764
                      • C:\Users\Admin\AppData\Roaming\Axam.exe
                        C:\Users\Admin\AppData\Roaming\Axam.exe
                        2⤵
                        • Drops startup file
                        • Executes dropped EXE
                        • Adds Run key to start application
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        • Suspicious use of SetWindowsHookEx
                        PID:5080
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                      1⤵
                        PID:3724
                        • C:\Users\Admin\AppData\Roaming\Axam.exe
                          C:\Users\Admin\AppData\Roaming\Axam.exe
                          2⤵
                          • Executes dropped EXE
                          • Adds Run key to start application
                          • System Location Discovery: System Language Discovery
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:6028
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                        1⤵
                          PID:4992
                          • C:\Users\Admin\AppData\Roaming\Axam.exe
                            C:\Users\Admin\AppData\Roaming\Axam.exe
                            2⤵
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of SetWindowsHookEx
                            PID:2572
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                          1⤵
                            PID:436
                            • C:\Users\Admin\AppData\Roaming\Axam.exe
                              C:\Users\Admin\AppData\Roaming\Axam.exe
                              2⤵
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of SetWindowsHookEx
                              PID:3596
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                            1⤵
                              PID:2932
                              • C:\Users\Admin\AppData\Roaming\Axam.exe
                                C:\Users\Admin\AppData\Roaming\Axam.exe
                                2⤵
                                • Executes dropped EXE
                                • Adds Run key to start application
                                • System Location Discovery: System Language Discovery
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:3220
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                              1⤵
                                PID:5588
                                • C:\Users\Admin\AppData\Roaming\Axam.exe
                                  C:\Users\Admin\AppData\Roaming\Axam.exe
                                  2⤵
                                  • Executes dropped EXE
                                  • Adds Run key to start application
                                  • System Location Discovery: System Language Discovery
                                  • Modifies registry class
                                  • Suspicious use of SetWindowsHookEx
                                  PID:468
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                1⤵
                                  PID:3692
                                  • C:\Users\Admin\AppData\Roaming\Axam.exe
                                    C:\Users\Admin\AppData\Roaming\Axam.exe
                                    2⤵
                                    • Executes dropped EXE
                                    • Adds Run key to start application
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of SetWindowsHookEx
                                    PID:3104
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                  1⤵
                                    PID:4548
                                    • C:\Users\Admin\AppData\Roaming\Axam.exe
                                      C:\Users\Admin\AppData\Roaming\Axam.exe
                                      2⤵
                                      • Drops startup file
                                      • Executes dropped EXE
                                      • Adds Run key to start application
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:6128
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                    1⤵
                                      PID:1488
                                      • C:\Users\Admin\AppData\Roaming\Axam.exe
                                        C:\Users\Admin\AppData\Roaming\Axam.exe
                                        2⤵
                                        • Drops startup file
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • System Location Discovery: System Language Discovery
                                        • Modifies registry class
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4432
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                      1⤵
                                        PID:2740
                                        • C:\Users\Admin\AppData\Roaming\Axam.exe
                                          C:\Users\Admin\AppData\Roaming\Axam.exe
                                          2⤵
                                          • Drops startup file
                                          • Executes dropped EXE
                                          • Adds Run key to start application
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of SetWindowsHookEx
                                          PID:3268
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                        1⤵
                                          PID:3612
                                          • C:\Users\Admin\AppData\Roaming\Axam.exe
                                            C:\Users\Admin\AppData\Roaming\Axam.exe
                                            2⤵
                                            • Drops startup file
                                            • Executes dropped EXE
                                            • Adds Run key to start application
                                            • System Location Discovery: System Language Discovery
                                            • Modifies registry class
                                            • Suspicious use of SetWindowsHookEx
                                            PID:4580
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                          1⤵
                                            PID:2472
                                            • C:\Users\Admin\AppData\Roaming\Axam.exe
                                              C:\Users\Admin\AppData\Roaming\Axam.exe
                                              2⤵
                                              • Drops startup file
                                              • Executes dropped EXE
                                              • Adds Run key to start application
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of SetWindowsHookEx
                                              PID:804
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                            1⤵
                                              PID:5648
                                              • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                C:\Users\Admin\AppData\Roaming\Axam.exe
                                                2⤵
                                                • Drops startup file
                                                • Executes dropped EXE
                                                • Adds Run key to start application
                                                • System Location Discovery: System Language Discovery
                                                • Modifies registry class
                                                • Suspicious use of SetWindowsHookEx
                                                PID:5320
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                              1⤵
                                                PID:3452
                                                • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                  C:\Users\Admin\AppData\Roaming\Axam.exe
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • Adds Run key to start application
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies registry class
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5288
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                1⤵
                                                  PID:1740
                                                  • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                    C:\Users\Admin\AppData\Roaming\Axam.exe
                                                    2⤵
                                                    • Drops startup file
                                                    • Executes dropped EXE
                                                    • Adds Run key to start application
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3256
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                  1⤵
                                                    PID:4676
                                                    • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                      C:\Users\Admin\AppData\Roaming\Axam.exe
                                                      2⤵
                                                      • Drops startup file
                                                      • Executes dropped EXE
                                                      • Adds Run key to start application
                                                      • System Location Discovery: System Language Discovery
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3528
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                    1⤵
                                                      PID:6160
                                                      • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                        C:\Users\Admin\AppData\Roaming\Axam.exe
                                                        2⤵
                                                        • Drops startup file
                                                        • Executes dropped EXE
                                                        • Adds Run key to start application
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:6204
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                      1⤵
                                                        PID:6244
                                                        • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                          C:\Users\Admin\AppData\Roaming\Axam.exe
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • Adds Run key to start application
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:6292
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                        1⤵
                                                          PID:6332
                                                          • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                            C:\Users\Admin\AppData\Roaming\Axam.exe
                                                            2⤵
                                                            • Drops startup file
                                                            • Executes dropped EXE
                                                            • Adds Run key to start application
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6376
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                          1⤵
                                                            PID:6416
                                                            • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                              C:\Users\Admin\AppData\Roaming\Axam.exe
                                                              2⤵
                                                              • Drops startup file
                                                              • Executes dropped EXE
                                                              • Adds Run key to start application
                                                              • System Location Discovery: System Language Discovery
                                                              • Modifies registry class
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:6460
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                            1⤵
                                                              PID:6504
                                                              • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                2⤵
                                                                • Drops startup file
                                                                • Executes dropped EXE
                                                                • Adds Run key to start application
                                                                • System Location Discovery: System Language Discovery
                                                                • Modifies registry class
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:6548
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                              1⤵
                                                                PID:6588
                                                                • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                  C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                  2⤵
                                                                  • Drops startup file
                                                                  • Executes dropped EXE
                                                                  • Adds Run key to start application
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:6632
                                                              • C:\Windows\system32\cmd.exe
                                                                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                1⤵
                                                                  PID:6676
                                                                  • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                    C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                    2⤵
                                                                    • Drops startup file
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:6716
                                                                • C:\Windows\system32\cmd.exe
                                                                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                  1⤵
                                                                    PID:6760
                                                                    • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                      C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                      2⤵
                                                                      • Drops startup file
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Modifies registry class
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6808
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                    1⤵
                                                                      PID:6852
                                                                      • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                        C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                        2⤵
                                                                        • Drops startup file
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:6896
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                      1⤵
                                                                        PID:6936
                                                                        • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                          C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                          2⤵
                                                                          • Drops startup file
                                                                          • Executes dropped EXE
                                                                          • Adds Run key to start application
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Modifies registry class
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:6992
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                        1⤵
                                                                          PID:7036
                                                                          • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                            C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Modifies registry class
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:7080
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                          1⤵
                                                                            PID:7120
                                                                            • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                              C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              • Adds Run key to start application
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:7164
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                            1⤵
                                                                              PID:6240
                                                                              • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                • Adds Run key to start application
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Modifies registry class
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:6400
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                              1⤵
                                                                                PID:6500
                                                                                • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                  C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                  2⤵
                                                                                  • Drops startup file
                                                                                  • Executes dropped EXE
                                                                                  • Adds Run key to start application
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:6740
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                1⤵
                                                                                  PID:756
                                                                                  • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                    C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    • Adds Run key to start application
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Modifies registry class
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:7192
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                  1⤵
                                                                                    PID:7308
                                                                                    • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                      C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                      2⤵
                                                                                      • Drops startup file
                                                                                      • Executes dropped EXE
                                                                                      • Adds Run key to start application
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:7376
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                    1⤵
                                                                                      PID:7460
                                                                                      • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                        C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:7520

                                                                                    Network

                                                                                    MITRE ATT&CK Enterprise v16

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      436d3e0573e1398b2cd5c7af5801f1c4

                                                                                      SHA1

                                                                                      8009eb08e42cdbc56f1c0e2065cd7f9aea65a651

                                                                                      SHA256

                                                                                      cde1c360f055821f22400185e3fc5249cedef04f546ef22429a2470fcdd45008

                                                                                      SHA512

                                                                                      1b26a69d14e6ad11e0016e702fed4a6a7fb944bda05979f74d0c6de9d11920c868fc3f1668ec251c38f1e36abfa1264a5e0b9177eaf4ec11dc9bed9a609d2a4f

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      b205896ae8dfb8a6555d9b30c42df5aa

                                                                                      SHA1

                                                                                      5b8655b0d723fb76be55263d06c23e718722d8f8

                                                                                      SHA256

                                                                                      73c74d0cee9fe87393bc541fa0a72d236b75313bba930a065fc40792aabf3a33

                                                                                      SHA512

                                                                                      b517a5fbf159848974762ca9e7c5ee2dc5cf8325943b61f320355df756312dead13032fe4016b565f54f574ddcb87c8c66612114724add202ffff0ec1bdfebd8

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      63e9a842a85de2d8086b5db2cd458d59

                                                                                      SHA1

                                                                                      5a43699b6df5d809efe5d24990966b686019422a

                                                                                      SHA256

                                                                                      676900bc9e9d7d76f94b7886b3b9002bca8438b571399baffa7e8946d9f8a5b7

                                                                                      SHA512

                                                                                      5f369fd5d65adb05bacd4e33ac3ad5052f174d0eab109bd8366d6b11316caab13d378c29038e632bc4526c2e03bd3946ff26c3f4d305bbe0b078237fcc12fad0

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      04ca432da2afac48d0966b8fb6ac7ce7

                                                                                      SHA1

                                                                                      4964c0fea6a047062aab5130631dd677168c28b9

                                                                                      SHA256

                                                                                      45328828a672f35f61b929d3043e629c87bbaaf97a81c0056d5ce9c0a79ef88b

                                                                                      SHA512

                                                                                      9ffca7271da9b5f2c9f16cff6dc785a437bd6a26f060840c06fecdba21970f9bb98c1e6c69edaa699893321a427a48f40774c15c164db6c513124754f0e4214a

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      440601c6a277a4ad4d649faec3ae7c9a

                                                                                      SHA1

                                                                                      c952797c87aa67fbbd9ffc274c8e8fa7c8a003f3

                                                                                      SHA256

                                                                                      6a3c2855a2f051552b4dc8d719fe988c399437096fea1e8bd8526966ea546516

                                                                                      SHA512

                                                                                      4cb35fe7a8c18005536aa658d55a5c8c613d9e272459f053bc031251f1f8d2917a9fa6a5ed4b1a485f06082aac7c2c8f3f4647fdfc934da711f3b5fa0ef9e84e

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      f206bcefb2719cc2c2fe9540b9c45a70

                                                                                      SHA1

                                                                                      887b9f325b5518ecc27b068a6df5fa9f47260747

                                                                                      SHA256

                                                                                      7d089c8b2f2186b692f4f48d0457ed00a2d06b7bb482a0fb4da0430994ad1851

                                                                                      SHA512

                                                                                      28f63f9b2553d8b6a57530e66a4b00461f4341c2b9ee6529552f1be583649cf412dce48f1c0558933d3e02ab3e1eb04e287a7a05b5a934d7d86b3cc640f28462

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      abef3da6feb9e60a7758f7ce808f4782

                                                                                      SHA1

                                                                                      057a11219286d56d2d48c19f8eecc4b0f402256d

                                                                                      SHA256

                                                                                      8770c93da26e2215348872ab6ef77552c1f9d53e136b59e8e1ef006f9992dc25

                                                                                      SHA512

                                                                                      959698d7b6f0daf0f20754c07b468656cc80aae01e771404f8a6cbbc49c0904f1d3a17538867bc9f95fd900a1d15e9d32833941693c17b3fd45ad79d28d5b1e6

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      d7f04cc8bb06a522d7d30908443a0a82

                                                                                      SHA1

                                                                                      b52281cbdfa7108844fe43fd8f991e47c51e20cd

                                                                                      SHA256

                                                                                      5dac62c3dadfe2646f24e302feed75130b7f75957410140d0bc4dbce035bf2b5

                                                                                      SHA512

                                                                                      e04ffe7b9337729f8fbe69241d199e9c17e329dde0b8191c2c44bad3174fde7bf0fdf3720bb5b2bc3e3c0954f59018e00fdc88b8978669f19c55ac3104f5b12f

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      e557f0074b95001e9a26c74a388a73e3

                                                                                      SHA1

                                                                                      e52e9e834004de054155ea44310737159ad79410

                                                                                      SHA256

                                                                                      57531aa0e67ab61fbf415cd0b532986a4fe3e308499a55052af9c933578ad270

                                                                                      SHA512

                                                                                      2dd0103317a6ed64d3de90a8cf2b2c8f11990e1a47fba936eeffda89eefe1c187d417f926d7ba3867b2836ee2ad57048ae898096efe7ca67433d92741e6137f8

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      302B

                                                                                      MD5

                                                                                      3565a089a0f8b2b5afb04ec4379b44dc

                                                                                      SHA1

                                                                                      4075ac633db35b158e4142860a2fd4f331780f9c

                                                                                      SHA256

                                                                                      941689078f2ed21767fd0aa5ad330df33b8a0ac96acccb2020f307558d6087cb

                                                                                      SHA512

                                                                                      112538d7d1af9c02536db20acfc6cea3225341d0f1468ad49ab980a65c74c9111fbf2514776e4e40bd2fbb13d1703dc47cc647b780dc503be99f6fa712c925a5

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      4b82dfa4c3c31d68b00df1708d41ae86

                                                                                      SHA1

                                                                                      a20dd432aab6f7d25be44fcc54539be6c8295339

                                                                                      SHA256

                                                                                      03ab30dfd4769c3ffdb26142365733abe62e4e67dd4ec5555b3a125737844ef7

                                                                                      SHA512

                                                                                      6bb6aac5dcf175cb02abc2c2920418ad73a720570cafd9b1ac15a3d0c6a366e89d9f3f970d58169247e7e6d8e33279fe655ea2dd32dbdda45bd9e9c5ce75de2e

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      581a202eaa8aaa4fb6918c742e6badc0

                                                                                      SHA1

                                                                                      73d964d25adcdbfd82211e83ab84035e49c893c6

                                                                                      SHA256

                                                                                      cd5f5ac2c3a1e3610bf76901d267452abe766b3dd006e7c534d37b60fcdb0a80

                                                                                      SHA512

                                                                                      4c85be6e6d8acf2b02a93de9e20dc838767796d58330cee787ef8c00475c26d393657c6f1ef2ee5b03ac1a0855882603f3ea470d29caa80e60188d6f32ed8d97

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      725e7d6c5bb04bc1392a1725170e1a7f

                                                                                      SHA1

                                                                                      6a1a466b1f8397793301c9fb20ea80134d264245

                                                                                      SHA256

                                                                                      0cfda8ea2931c88dfe3b81f21bc398d36cfc1375cb20414b69f841d1557d9cd2

                                                                                      SHA512

                                                                                      b5e38bd8a31621e6aa2fef2be5f25a120e43909696de5e168ccfad093f00804f4e1f3fb405fdd82f0f90015384555766a643dd143cc40e8626fd941110a5ca0d

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      8bbb23dff2488bc8796e40a2dd927a14

                                                                                      SHA1

                                                                                      712a5f527ea16f32358d66dd07f583468a5f610f

                                                                                      SHA256

                                                                                      0d2621c79e94185f07d591ab234209a1d37ad8ae5b84c530bc1b911d651e77f0

                                                                                      SHA512

                                                                                      64eb0307b27bfccd47ed8829762f77bf563ad14c742874cbd6153d9915eae45de2f0600bd269833204820692359eeab1c7b1465904165d12ea49f609207e19bd

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      23a90978322cebaef72441e6f1c6222f

                                                                                      SHA1

                                                                                      59ca290a405b3865af530350bc4ce141a1fefc83

                                                                                      SHA256

                                                                                      0da2882addd91f02887c327defc1d3c5cef47e37063a0038c7feac27e4c20ead

                                                                                      SHA512

                                                                                      c4bc0477029e571ac9b92ff568e0555837fccba0ed2af4d5c251698ca00b78b005c091405bbf0e8c72895134585c00e4903405bb1b00b25ffba21c3ef4286ed2

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      4b41416670d6c87a837a7bbbb429087a

                                                                                      SHA1

                                                                                      c7c2f28c59089a95948d71237c1c0a622459195a

                                                                                      SHA256

                                                                                      5517a9634665bf10f467d540f678bc5dfe5cd7feb71e16c9c99ddbd1863e2e29

                                                                                      SHA512

                                                                                      a42fa26e5bd4043dbe8f280ceb9de3222461c38a70f7d5b2537ffb95c3283e2e1aa7aebc67bd5fd35cb003da6fd6de9cfa20466c082e676112ebb14f4f65c95a

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      453B

                                                                                      MD5

                                                                                      3c134fc18e7bdaf02d63571d193799ad

                                                                                      SHA1

                                                                                      7e6f22569d16202195410f29e6c74d093f1fa930

                                                                                      SHA256

                                                                                      087f1acb6ed4d7563daaf6f0e1110dc7b3d5b4d6130ba19389cdf3eb90e9d347

                                                                                      SHA512

                                                                                      5b02fda689e01d570fced10841daea8f543467b9a0ea138149c486c6d9fd56a0684901af16cbf2b3ad7f1d0b6cf6b08bc36288afcec4d5552b5863ef854570d6

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      604B

                                                                                      MD5

                                                                                      9ec5dcbc21f0309fc9c7c545063986b5

                                                                                      SHA1

                                                                                      eaea4f607aeefc9f6081d4b122ebaec421e7029b

                                                                                      SHA256

                                                                                      273c2c218dd1d27bca1ad23115deb50ee860332b724f7a1b1aa906e055d0d38d

                                                                                      SHA512

                                                                                      e2044e50dd09b7df76b76ae96f1fbfea85a73e5055891df4b464b8cf981f5ef623fa660f6b5c3beda289d4166cb39a38e3153a1ed6e4e74fda7ea0914a3ea935

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      755B

                                                                                      MD5

                                                                                      c73f3203dbe2960f84a494e1662db2c9

                                                                                      SHA1

                                                                                      27835a0be12637153e54411bea70546c1de82770

                                                                                      SHA256

                                                                                      60683424722818828849fcd2e3893265de28c94d660d64b8cb1d1f31a20026c2

                                                                                      SHA512

                                                                                      4cbb057b8d9760f0e16bfc110405f2f239c52b0559a59759e310266fc6bf96e84fd5798a30bcbea56e748890ce335825845e0df1c269ca03501cf7f32e0cb1cc

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      906B

                                                                                      MD5

                                                                                      73e598672cece33b0c27f3a2f8d3501d

                                                                                      SHA1

                                                                                      cb1955298a70cd5cc2f55fe127a56dfc6fbbccfc

                                                                                      SHA256

                                                                                      0250e34f90f6e94dde2cab734f5ac2cb9c6aa9fe1b91d7e9e651f20645296363

                                                                                      SHA512

                                                                                      4094ba8f8b335133b836702d58c6660d2edc74d869f5bbcc1bc5a4a30f4f60e79ed4937464f0ec2f10daa4b1d866ade04c179b14450d0cb3f73ccf4b2c00fcb6

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      3b1cc48b2addf796ebde1c6d0c020bea

                                                                                      SHA1

                                                                                      53b249bef441ad8dff4f5a90ef149ab10803cfdf

                                                                                      SHA256

                                                                                      d8c19dae05edffa4dd0957dcfa45eac44273842b1364c5a999a0a21c1108ccf8

                                                                                      SHA512

                                                                                      525cac7d2070540abdfa8b6ea43631610f9c7440346f319b90c1826d73d7d125d165a2718a04f82eac1b47202afa1b6c6f2576af0fa76b03f9058bd21fa90f77

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      64fd1f107fe39a118a1e0df6a2231c21

                                                                                      SHA1

                                                                                      1757c6e25e245eebd74994acefc148a55ca85675

                                                                                      SHA256

                                                                                      a671cbd881a552e34f8c7594f6dbfd1442d5a702ed914fead3cd0fcc5f37d51e

                                                                                      SHA512

                                                                                      450e1a6ef677bd192fac285af9aa2e71267d1a8ba138fd3a5a1da9f3267540fa951a1e9c4e2b3bf724f326d5c20eb51113005660c7865158ad0669089c16b53f

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      d1a3d2a396b79cd871f99665b134a49a

                                                                                      SHA1

                                                                                      2ab15e630b751e94d72362f2b55f60c4d7f35f40

                                                                                      SHA256

                                                                                      7ba07c3784813a0f9cc1ff90f54c5517e288bde40d5ccbe8b098af4975c16ee6

                                                                                      SHA512

                                                                                      d88ddaa9e3e9213e7f9bc19da72011e51c66199b10557e79e2edc5e50f0879a51216817a9dbede8807c8ec8b8b9457482f49ad00576c0c214e0bac2d034b79c7

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      865a45b31cb7baefb3b71ae51eb67308

                                                                                      SHA1

                                                                                      42094765f9627e713f573b2e6a203183068a6159

                                                                                      SHA256

                                                                                      99f2f70a9e34a9c63f6107b8308e41b83139f62b72a2f2ffd2394b0063ec79e2

                                                                                      SHA512

                                                                                      70ba8d348e1954b90a078ff47b9d63ca7663b9ae7c0c8e32f50b53acfd928465f91cb36760a1560d80d33ca07e7e815e18905b0b104ae52de80e5a58fdc73d1f

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      f66b8249919fa2b7bb00beddfffa2f9a

                                                                                      SHA1

                                                                                      321e81d7eead2350c57600ebc6ff0a9b4a4e06b2

                                                                                      SHA256

                                                                                      8ebb03500bb9833bda093b9d8ababd2bb633a0b97913765e05191ea51ac4adcc

                                                                                      SHA512

                                                                                      1034bb1e17c26c928a9b2cbb5f7615754af844883980922adf7f81e10821e6851780d49ee4edc8de955cc3d50e84f4ad7b57b90c96d9ca7f4f63acabd9449d9f

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      b7922b0709a026f2188f725dae20b6e8

                                                                                      SHA1

                                                                                      4b91513018aa95f062f4ed4b5b9f88032b7ccbe2

                                                                                      SHA256

                                                                                      0e81b90f3c97c85cdd3b4734667ecd140045cd795e89b6b3fb28bdbc1d0fc015

                                                                                      SHA512

                                                                                      02f6afa56f7ec2fb4664d0e9522a5a5d0a1912e4f830d8b4bc9c186322d0fc21cfa0f2e65567057ba8da1cf1dbd44e886b9b393a0fe47a7b60665d36b6790fe1

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      f97e2548b10247a8f61605db9a7f5946

                                                                                      SHA1

                                                                                      6ef69ffb824a6842f6bedb2f800cf3e31ca0135a

                                                                                      SHA256

                                                                                      3cd268a890a1e10796a4d9c43e7d678baf8ff25b614c8cf45f23f18c0bd3fbff

                                                                                      SHA512

                                                                                      e4a68819058b08e55000462a177f137575ebb741c021ce8ae471335bbc0678e095e6fb4e499ba7e3ec18deead014d83b2fea7c2f378ec67888aaf0ebef0734b0

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      70f1b79dbc67e18f03a8ccb43fd1f26c

                                                                                      SHA1

                                                                                      17810bd14fdf097d6cb6b33b5e8f91506c0d5049

                                                                                      SHA256

                                                                                      c7745cfbe269513787a15c12e8e660b604733ae13f3df90b932c9d2aad827300

                                                                                      SHA512

                                                                                      c6483cb7eec581a248e810314b67b81677130c8b4e29688911cb3a2b1c967242abed36d3c0c8b971fee67b7198b1c988dfe8bc16eca89f7413ff40151c4b15d6

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      778dde4a011f182dcb7c714c44eb476d

                                                                                      SHA1

                                                                                      ea5e86c47b4446f1e7cd3fecf31572af0a2c46b5

                                                                                      SHA256

                                                                                      99714f76e76ce0ee69c5b26a88e795a9c100856131226e12e8b7894bb9fb26e2

                                                                                      SHA512

                                                                                      3b9cdc4f025c6e3d7fa61e2d6aafb7d2f796bbe01c7a4561fda0890c37ce281b76fa175ef7fc7f4f92d868e2c8cac5a4fd1b3e664ff5a93670c778ed86032952

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      8ded210487270f9a7481f9c588ad6c73

                                                                                      SHA1

                                                                                      e0cf84eb5c3b7e5860fee3a3632431c21bd90b37

                                                                                      SHA256

                                                                                      2a1617e7b39e564314c792a36b8fb20df3af55cd0b3ce9d7753081c991ca0855

                                                                                      SHA512

                                                                                      1701aa2a480b44e90af73983dbec183d110007f9e8769c3620b8727224fcf38294049a5d743a824dd121f26ea161c3fd8d6c3af4fbc9fa75119f132b0f9c30cd

                                                                                      Download Submit

                                                                                    • C:\Autoexec.bat
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      d0b1ee2ecc4a5d54dea73d0c669c92bd

                                                                                      SHA1

                                                                                      b915d8b32b5b9f5679ae062551010a4065ccc18f

                                                                                      SHA256

                                                                                      2ee3bf2afa69f4a4021694da532e989f3807d1cbed4ca3b0a64157dcf06496c5

                                                                                      SHA512

                                                                                      88539faa41f78d135ed07db77d1903fc2c1008fdc6f5db224ce91347af4fd1e2cfa2c18d39d8ef0f337e5e059e34415111b50e7c9d90cb8674a33614e01a8ebe

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Roaming\Axam.exe
                                                                                      Filesize

                                                                                      11KB

                                                                                      MD5

                                                                                      0fbf8022619ba56c545b20d172bf3b87

                                                                                      SHA1

                                                                                      752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

                                                                                      SHA256

                                                                                      4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

                                                                                      SHA512

                                                                                      e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

                                                                                      Download Submit

                                                                                    • memory/232-201-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/468-265-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/516-132-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/552-77-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/628-195-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/804-298-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/816-179-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/844-0-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/844-59-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/1016-172-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/1016-108-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/1348-83-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/1868-211-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/1872-222-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/2172-145-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/2572-253-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/2600-217-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3104-270-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3220-261-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3236-95-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3256-314-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3268-286-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3364-227-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3528-320-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/3596-257-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4276-158-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4292-138-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4308-114-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4432-280-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4452-241-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4452-187-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4544-233-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4580-291-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4728-65-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/4928-89-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5020-71-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5056-151-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5080-245-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5140-126-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5184-107-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5212-237-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5288-308-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5300-186-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5320-302-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5736-120-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5780-164-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/5828-101-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6016-139-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6016-206-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6028-249-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6128-275-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6204-326-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6292-329-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6376-333-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6460-337-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6548-341-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6632-345-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download

                                                                                    • memory/6716-349-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download