hxxps://portal[.]abicarehealth[.]co[.]uk/client/

General

Target

https://portal.abicarehealth.co.uk/client/
Sample

210722-ym5e1jer4n

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 55 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3866101268"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30899947"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000971b45361cdba54097784e512f279b08000000000200000000001066000000010000200000000d4a37565017523f2ea2a0f89dd2735ed667574e7f0e19f7f1d66a632bdb2fc8000000000e800000000200002000000021c1e8223b384599b301ca3fe84d5759fa02061652a6bb3b01dfa0a32e2211f920000000dcf6667c140ab2ff313cf582b63224d68d319c3e266f3f5512126fc0cd31b78840000000f836164ea7a9205966af04d731c627a32c9ecbd4083986f2812d2db83b6bc30d76bb779c3643a8e175286ada54faf23f3fb077f306eccfadb5ebf40fb4a438e6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "333766497"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "333734505"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ed8102ec7ed701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000971b45361cdba54097784e512f279b0800000000020000000000106600000001000020000000ea7faefa10eaf168bf5c40ad9c428001992074dce4590df94a6e7a76ebb502f8000000000e8000000002000020000000280892790944c316147f219d7da2da31f6f1cbb7e82222191893375ee8dfd73ee00000008134c9603d3cd5f527a8e98a62701a6495f8c2dea1ef42895544212f55644e4b99312bbcb52de199e4f5afd4112183fd787d8d807d145b76f8948cae6d3a3750e1c4a07eee7d2d38f971914dfeee3b06400bfe43f3de71a99acb056e6883b926601ee942bd58cb07b5c488454649fba9b0b9ccde0d3c155a4f0fd8a9f3a6fefb7e7270368edf733917dd5e2e5b703ae9024969ba45feb49eb6654b3010ba6082be6e2394604d92a2c254a69486c94ced16b958eefd784d8dadbc396b557b7cbcc3d7bb441f2c77631890a81a4186b5596e88aa186fb264ca0ac3e4966df6e2164000000006dc513b76e7019ad7855c5e0af214ce21b1c5e033cc0ee683384eda5297f634848da62f1d3ab7e601e21081f5dfdac5015c7a1a3d9ffb7d1980cef69a9142ed	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000971b45361cdba54097784e512f279b080000000002000000000010660000000100002000000039201f7672fe9fe99963945ff35df356041c3c54eb43fedeea0e73624b53368c000000000e8000000002000020000000819cf97e0a0e36c5e02473681b7826a36b7ecb8a22d8940ce13583d0c1c0f4a5e000000000a5af40b7e7dacca450faf1150ff5c70854f395f3aae932c983af1b3611ef8721bf15cc3c1b16653684bbe9eca54e870ff899915984922173c2912b3bb272276ea2c926efb48e58a2e5993a88563c6c677baaa946d6e07edd44d2f8bc49d99477ef3facfaf96299bcfa1f0b387eda2868a204022024408b98f7bc91b8d1f9ab2540a36fe5a7a19571d937e2b690f149bd39bb9589ae6a96d79c68edaf113c95f73641cbda7c03c3b7198f9af42e8230592dc71b5d6841d2e9ecafa323cd7bde9e4cd71907c8716c4ed7a3bf5fe6bf5d962327c2ed976372728c239358ec4a2b400000008f343dbf76e03c69de8f39ec41b5a31e5a8782c5bc55116fa47c4bc4aaf919001f12acd845991d7c3f9c26d78a8d1bd330b4fb6cdfe23a392514aa0988601e86	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30899947"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000971b45361cdba54097784e512f279b0800000000020000000000106600000001000020000000f84a429af7f66d2a7ed6b172b39b1703e3d725cfdedc2452b0b21fdce65339d3000000000e8000000002000020000000d9e1f91384e7bec4bbba4f764c5753a7198abbee68d2f9ee197f0b5a7dd254d9200000003e9f58a4e3c5781ab884027c03f591dea8d326447bca8d08ad565fd5a1eaa76d4000000072f6265be7808d0e036ead8ba12075a5abe2ab3354f4252bc845d5efeaf00de55cafebe36838ff60cfd27e8edbbeb95c97ef65be6870711958dbc7c17c645927	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3866101268"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 204da8e7eb7ed701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30899947"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000971b45361cdba54097784e512f279b0800000000020000000000106600000001000020000000c85e01bae352aa3f62d53490033eb4225a8898ec73901a86f0e057f2d479445f000000000e80000000020000200000006788d5b06e86884e53553baaf0d1a21efb4e71e1a6341d90fe4c2141cb096888200000008326e2701df7703869ad311068c7de4148ac460e86a5ca12ca3e0a7ae3d2914d40000000951212ddf74a7552b0f7bfef0b714075fc9a032ebfebe32e8b4bc56be2db895e7500023e343eba228ec56354df88e4f513070406d55fef22d76203660d29fd78	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11C179A6-EADF-11EB-A11C-DA8E4795D742} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3874850783"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "333717911"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a5b6e7eb7ed701	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1564 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4056 iexplore.exe
1564 IEXPLORE.EXE
1564 IEXPLORE.EXE
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

IEXPLORE.EXE

pid process

1564 IEXPLORE.EXE
1564 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4056 iexplore.exe
4056 iexplore.exe
1564 IEXPLORE.EXE
1564 IEXPLORE.EXE
1564 IEXPLORE.EXE
1564 IEXPLORE.EXE
4056 iexplore.exe
4056 iexplore.exe

pid	process
1564	IEXPLORE.EXE

pid	process
4056	iexplore.exe
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE

pid	process
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE

pid	process
4056	iexplore.exe
4056	iexplore.exe
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
4056	iexplore.exe
4056	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4056 wrote to memory of 1564	4056	iexplore.exe	IEXPLORE.EXE
PID 4056 wrote to memory of 1564	4056	iexplore.exe	IEXPLORE.EXE
PID 4056 wrote to memory of 1564	4056	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://portal.abicarehealth.co.uk/client/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4056

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4056 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1564

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\709A8EC0F6D3194AD001E9041914421F_4029168BA919BC698BD90F215995864A
MD5
a349d07eb499a4def8987dd4e8bd43d2

SHA1
122e76d94c34b038e2f4787f9f7e94f056557184

SHA256
05813aaadefbaf66d41ab4307676a3fe7c3cb9b5e403da0a47a9d7e1c0c896de

SHA512
c75cf339e66f19a6d64ac349739bcd8e494615e53a98019dc644d51f48613545a5cbd773a750784831e25c8fe409546d42ae26a2c0dec298a78b10d5c29afaec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BB
MD5
20364f905cce81ab9d8a66566e50766e

SHA1
fda9c1dfcdcbdbf5064b66c00641267c3473f9ff

SHA256
61943311435615dc7151d16620bc8f57267e3fb45235247b45a96423bc839afc

SHA512
f6e31854fb988bd48dfd167d38d30037984f0cd121cca5ab5b593f81b1f922027d7c5c4412c706d146a2e47f1e1b16c29daaaae878b51421ba4535b8a7eaa19a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
4b8ffe79016c051a1fa57e4ab8ee0e0b

SHA1
a06394b4c74aad7d296327a942729db01486ea26

SHA256
75e171759473658cd648f09d099b249f99a7cb139732201576b07c4554a9c4b9

SHA512
6a057cc6cc12715d6324e0cb8c22c3d1ff5a8bd20c5ecd10e64ae155a5a5936a972374fa8005d9cf195fdd44deeb24e54f27d3eba78aa0f3a82e03e272e39091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\709A8EC0F6D3194AD001E9041914421F_4029168BA919BC698BD90F215995864A
MD5
25b6a6304a0923c2996573ea6c6faf4b

SHA1
9be2c665553160eca80d32ea087c93ee529891f1

SHA256
a0546b68f3f49487b789a01f584fc5c3f7d2b89714e3c8869e554a7fa9d41371

SHA512
14b4ea86a9c59295614218432a57c85c515bce74f1964a376b173d92e4abb931bd1b54776bed5ea10a64e6fb2f5c99c4b718b20b650a09c62bf319b2ecee246a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BB
MD5
19ab3e5adb0e5fb392e278267e946e35

SHA1
ba5735f97025264f4dac2964b0265fd8a28a461b

SHA256
5fa6ced9148f1ea94a8a9a3ed373e21bb1e7f84a7e7f48e6ac2e4a08f22aa250

SHA512
8a4bafcc3f00ddfe194b6b1b430e51f61279711fabe553209404a909201d3a9246a2c7dc146b6da51dea94173371f507f8321800da613014ebc9cea65e22cf26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
fd70bcfcb639fb150b43450c64122da2

SHA1
be11178b68d970b87f5227d119c2acb7ad100a41

SHA256
0178e7f4598c3685ba52e0a04d09b25609a53e2afe37d72c93c33718c4970e49

SHA512
2e3793b31a208ae1d61b37ab3dabad36450da63f1ab62306bacf42993c08fbf7ee102c9e1840589e58253f2a7661d5ef20802c973eb45564ada84dacc6218b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\CM94U642.cookie
MD5
69f6f019478fd03d1322828a06236eb3

SHA1
30e1f8fc9f89ca3c2e43d6d785b40fba05f30704

SHA256
00fca6ab44e8f48094b01bb2ddab144779c6e1fae64099df659cc5c939321616

SHA512
866baf67a0268b731f4c8ca34d1864ff3a0ffcef1814cc5e153a62c44a95b1c26aadb6f5370cee75c30cd1ccedd7fbe7068cab542b57affbed78a3ae1804c0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\EFVR7HDA.cookie
MD5
48102d80b5b3fbd7efba081a22d2b279

SHA1
527e3943be942dcc8b5561e3469b2cf72e31ca18

SHA256
953a7e6f5eedfbc58ee13b970321aeb2c43470210ba054c672dd44429f1469c9

SHA512
d9655ea8f8f581dc4fb41082918ceea555073c7cd5d4bbdc91d15506de05729021e3584b28b5ef768c94d8e54ff1662030eb82a6634ad69f9abe2b05332268f5

Download Submit
memory/1564-115-0x0000000000000000-mapping.dmp

Download
memory/4056-114-0x00007FF85CCD0000-0x00007FF85CD3B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing