locky | d905b57d7913430f33e03ab345a0d10f8d64b2132622de69905e631aa74ec9cb

Analysis

max time kernel
139s
max time network
140s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe
Size

395KB
MD5

4702bb70196fe10d61993bfe8f54da76
SHA1

e546e0859edfeaae9a516d57a1b934c75bcb74b9
SHA256

d905b57d7913430f33e03ab345a0d10f8d64b2132622de69905e631aa74ec9cb
SHA512

1634cdc2c2f8971f48369af01f70aaa45aff00d5f1e9f6d5009e998fb7d257b242ccc3dfca91ac677bcef07577c0ece30dec3d77bad68b39128103ca6d948d22
SSDEEP

6144:VG4GadNgCZtHYi7S82RRxysGFH4Rexnkqn1DPVGN:A4fdNjtHYXHlGV4arn1D

Score

10^/10

locky locky_osiris ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
ransomware locky_osiris
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1224 cmd.exe

pid	process
1224	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp"	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

Processes:

4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop\WallpaperStyle = "0"	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop\TileWallpaper = "0"	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D58F9C51-12D7-11EF-965F-FA9381F5F0AB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421952236"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306e09aae4a6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c5d424bdaf9c02433087403f54845f1c4f247d2f8c1981f49998bad987e0163c000000000e80000000020000200000009d0b805e9920ea62a4c07daf543377a50a5e83e5a475436fabc557b4b673f50790000000a70adeb985fba490537922332538b0b0ec6f06a8a724e8ac0ceec70da85a7690a4c94096548aa240021d79a390340e6fb662c62b99902cf081ce7b2af8e197a0a8d22b5666dfe8aee65f89c778f4fe8b1cc1b60b381824158751d7e525eb6c641b05b32136fd0bda2ed1265942187834e87b3677944c8c02df9f6775ca74b00abe961f6e3b924026112869a59b8e60524000000045dd43cfbe95447a244c50825e11773660b26e2b1309e3c1ab67b4b1673935adbc3d8e8efef0248fe687b218bd1e14dc23cba51937610d90344ec27edd83b499	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000006aabcce23c75a30f1f532c595479b00f5ed68889bf4e175bca4b1985a96c7a22000000000e800000000200002000000084a7abf513f6f9f485f367cd82984ce2b5fca12cd7ac014ccaafe8c9214e100a20000000cd1cd11c428edfc6c785da7eeb9a01c7e2f6050f9d1b29931d2725cf16edab344000000043f16ab296faa2f00f395fc71019853017e7fa26f204eeda488945c7db74774c404a74aba54894d13ce5141481cce1856e5ee92840c069031deef9f8d4ddc2c6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeDllHost.exe

pid process

2016 iexplore.exe
1296 DllHost.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2016 iexplore.exe
2016 iexplore.exe
2792 IEXPLORE.EXE
2792 IEXPLORE.EXE

pid	process
2016	iexplore.exe
1296	DllHost.exe

pid	process
2016	iexplore.exe
2016	iexplore.exe
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exeiexplore.exe

description	pid	process	target process
PID 1264 wrote to memory of 2016	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	iexplore.exe
PID 1264 wrote to memory of 2016	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	iexplore.exe
PID 1264 wrote to memory of 2016	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	iexplore.exe
PID 1264 wrote to memory of 2016	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	iexplore.exe
PID 2016 wrote to memory of 2792	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 2792	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 2792	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 2792	2016	iexplore.exe	IEXPLORE.EXE
PID 1264 wrote to memory of 1224	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	cmd.exe
PID 1264 wrote to memory of 1224	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	cmd.exe
PID 1264 wrote to memory of 1224	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	cmd.exe
PID 1264 wrote to memory of 1224	1264	4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:1264

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\4702bb70196fe10d61993bfe8f54da76_JaffaCakes118.exe"
2⤵
- Deletes itself
PID:1224

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:1296

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\OSIRIS-b503.htm
Filesize
7KB

MD5
706694783912c7b19acf7ea61ba06d54

SHA1
8d2b6cd452546a47f3c4f41f072987078336d9e7

SHA256
d18cdac72f7271fdd8252e471755983764fd713b4aa90c08e90c3f7a5259f26c

SHA512
87488334764ed59c129a96f5429b86632dcd2f12065ecc498a53d1c154cb2866024417c9563b5622127ee24503a72caa2f57fdd2c75cd67d597002b57f8115e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f1b27b18a2911db0f32b67a3d4dc4a7c

SHA1
09bb5cfbef604d2bf277887f5fbe976a1d7a1267

SHA256
f87053e29c2508c65d3c01e56bbe036849a64f0c4d90bfed9e1700ceb46a5839

SHA512
2ea41125cf005de54dfc876035a4d89a51758fb50643c2ef7c2e441c51c6d19f01aec3f058d6960e1747eac8819b824c0aeeda9b2bae16e33b0d3f7cdba59930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
64905b927774844da2e8c89fae382d7e

SHA1
ad829bc6d018fa45e86f0b6f3e6f6f6dd866d381

SHA256
d77f17f1c299bec083d54341cc120269899bad8ddf4469df79067c91b1a88208

SHA512
c577358d573dcacbebbea779f4a77b824e777e91cd4809f4ea35ee09770d7c72ffb8381655a8db16eedd0b306979a2b2f7bfeb0e7687959b3c7bbb8fd30e885c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bc225512b42393ac5a1777d9b9d7ef57

SHA1
daad5bc15abad2b947ccde3daf8e54d6265201dd

SHA256
92c92da49936966651a50405302766de6f46a95e33ffc813b5c5edbd2132e535

SHA512
095274cd779fe61e09de7402cf9bcaab8c30f9bc8e1a9e11172e5ab6877782afff33483fdeba5a10dc7e50024796ff0597dee93251d3977c7fea4f343b3abb30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3b5cfe41b5ef16f496219d2aa0f70b52

SHA1
e3133e0527e6080b598629c93e69e873ba63f4fc

SHA256
c6a74506309f4d80c6ede6bf977afa2897c96c0bcf0bbc9f06cb53a370632ca9

SHA512
3b0ef0968f269966237350500ad5bbcbd4f7b70a87c944e8089c993338a9ba8606272545844da63f3daca8a99c56ca484c17ae40424a7839a654a6ee85ce75d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5c2a5d4a0c2ea0d6e431f7e42bfe9a5f

SHA1
56539d54f240b336ac39edb1bb5ca6759aaf5aaf

SHA256
2dde1c4478d70fa069fbecdca280d280b8b3ec5a5629b1f37b7153d7e1cdf2fb

SHA512
035ef8b15fa12be621bbd5c08c274b64cc9d88a4a97a4eb0d2ce886467e4fb9c8c43da4b434a8b71be4a6dee265989942d1d4e685344d99b20df4e6858ff3a16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5f3bb3e0d705deb72539c5602944171c

SHA1
9994164d868364337c269adb53cb4e43f87ba97a

SHA256
26b39a2d9f7c2837a98c650574e6960e632ee6bcd53d474d2f9853bcb5c9b44e

SHA512
4c5ac54d9f6150192b73aa32ccae908fe20240d00db728fc1cdd542587553c1e062eed41e623b56ba00d7f7cd7b88eac6b85a04482e99be02913b0a1048171b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
693cf4185f91dacc14e8a3d04c63cadf

SHA1
013395f39766529516071a3755410202b9f89db9

SHA256
c8154a04525c9d9669d36bdd4c0849922903f1854128082b37e06f11f81f941b

SHA512
528d6532e71543189f4821c910d5679c1696710e745395f391cace558f0f744c8fb5eb3b9be3dddb15ce2b6a39c3c0471b632cfc0581b47b351fce95b1ec5ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2e78858843f801fc53201ab31a022af1

SHA1
573a00fdb9489d968457d5e41077935e863531c1

SHA256
b05d700e6529f1d7befe712def20917c81df4e308ac6d20a58206bd78d3a7ff4

SHA512
748afb05c2036dc25566f322a5ce913226df54a607601eff2b52b5f6e85ffaffec1da6abd64a7709e0d3cb09d86e319c49fdc08c3b7edfbebad17675c118284e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6e6493f1091859e3d23137845a0e4292

SHA1
bab7f548a3bc638c7e3597d2b8ef4918f3ccafef

SHA256
6e6b5ce6f278beabc612e499e927a5aa920101cdb1f6d8d215d683730745a29c

SHA512
040eb205e489c02eda629213f1a236632359f46a9e2e37c2934a52750bf9b4842fb61832dddb49244f7ac7d4b365247e85dcf84badd9c55869e9b4b43edf4c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a3ce294b9a359e366be6b2995dac41af

SHA1
24d1482b52704266405ca0e78783fe98f5157934

SHA256
ba9277f0e4a5f5468bfec54fdcdc979e9fdf095bd91bce9658469506c42fad59

SHA512
29aa3ac090acf11009c293f0140cac2994d082cea7a9a3c2b6fda7a0515aa1b871083a4b9572bcd1a1d2e7b9285fcb0b5eb57bc5c48df009c8cc144022059362

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5A82.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5AE5.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\DesktopOSIRIS.bmp
Filesize
3.4MB

MD5
ce9ebe605ffe48484f08cf449ec1051c

SHA1
c686f2ef7666e0ac4ebb05ff159c6b86254fa100

SHA256
c00c688e4eab24b270e6b73d306d08b18ab83944394f1759afedd8514fb87542

SHA512
703d5afeab3270b9ec517fabf7682f841dc16c3094beeccac846f5f6350e48d12762b58136c1c0df27863bae39bcaab0bd3e5cf8af069ed121401eed7efd51a2

Download Submit
memory/1264-9-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1264-10-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1264-351-0x00000000029C0000-0x00000000029C2000-memory.dmp

Filesize
8KB

Download
memory/1264-346-0x00000000024A0000-0x00000000024C7000-memory.dmp

Filesize
156KB

Download
memory/1264-18-0x00000000024A0000-0x00000000024C7000-memory.dmp

Filesize
156KB

Download
memory/1264-19-0x00000000024A0000-0x00000000024C7000-memory.dmp

Filesize
156KB

Download
memory/1264-17-0x00000000024A0000-0x00000000024C7000-memory.dmp

Filesize
156KB

Download
memory/1264-1-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1264-0-0x00000000029D0000-0x0000000002A41000-memory.dmp

Filesize
452KB

Download
memory/1264-6-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1264-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1264-4-0x00000000029D0000-0x0000000002A41000-memory.dmp

Filesize
452KB

Download
memory/1264-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1264-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1296-352-0x00000000000B0000-0x00000000000B2000-memory.dmp

Filesize
8KB

Download