Analysis Overview
SHA256
d893c67791b97ddccc765bdb90b19041d518a5ba2793057169dd480e68a6b74a
Threat Level: Likely malicious
The file 0477c3037164924dea29a1a930f3ef90_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Loads dropped DLL
ASPack v2.12-2.42
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 23:55
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 23:55
Reported
2024-06-22 23:57
Platform
win7-20240221-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\system32\drivers\etc\Hosts | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\superecwFpM5.sys | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\ESPI11.dll | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\superecIac1t.sys | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\Prefetch\360trsy.Dat | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| File created | C:\WINDOWS\Prefetch\ZJZHook.dll | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.73ty.com | udp |
| US | 8.8.8.8:53 | 52wg.free.mingyao.net | udp |
| US | 8.8.8.8:53 | www.xp51.cn | udp |
| US | 8.8.8.8:53 | www.kun0.com | udp |
| US | 8.8.8.8:53 | kun0.com | udp |
| US | 8.8.8.8:53 | dnfqd.com | udp |
| HK | 202.165.123.47:80 | www.73ty.com | tcp |
| HK | 43.129.181.123:80 | kun0.com | tcp |
| HK | 43.129.181.123:80 | kun0.com | tcp |
Files
memory/2344-0-0x0000000000400000-0x000000000059F000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
| MD5 | 638e737b2293cf7b1f14c0b4fb1f3289 |
| SHA1 | f8e2223348433b992a8c42c4a7a9fb4b5c1158bc |
| SHA256 | baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b |
| SHA512 | 4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12 |
memory/2344-18-0x0000000000380000-0x00000000003AA000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\eNetIntercept.fne
| MD5 | ca08022deda03a89eb0f3232b265bca6 |
| SHA1 | 29a3585b6c524a28fd272214691b65a48b7027b1 |
| SHA256 | 00a98605d8ee60639c8de56862a50f1adf3f83e265ab636f98c017b719b013bf |
| SHA512 | 65587c3c0a3d0feaf1aa7c676626ae0a8bd158595af4e855cf7588ef8a831903350a756dd2f8010dda10173abdb1418751e92c509c6b74a3b829465ab5030c15 |
\Users\Admin\AppData\Local\Temp\E_N4\iext.fnr
| MD5 | cba933625bfa502fc4a1d9f34e1e4473 |
| SHA1 | 5319194388c0e53321f99f1541b97af191999a09 |
| SHA256 | 25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013 |
| SHA512 | f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142 |
memory/2344-24-0x0000000002740000-0x0000000002784000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne
| MD5 | 4c9e8f81bf741a61915d0d4fc49d595e |
| SHA1 | d033008b3a0e5d3fc8876e0423ee5509ecb3897c |
| SHA256 | 951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129 |
| SHA512 | cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7 |
memory/2344-28-0x0000000003070000-0x00000000030A8000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
| MD5 | cbd788f4c71b9776660d6e8473ae0e09 |
| SHA1 | 0189cd47bfa5d1cac0d7f1a33953d279f60b02bf |
| SHA256 | db0a6d7b75503daaf93c8e62ce67abd3afd57daaef4a448ec25a43d1de69e47e |
| SHA512 | 84bc02c67e3a3a9f77418b25afe7ec55e5bb5ca5a6c05503d94dffa57a30c7608e79bb4f83fe91c39ccce16872df2b3f9e7e5a8eafb4f563b1f961b93e9b8c94 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
\Users\Admin\AppData\Local\Temp\E_N4\iext2.fne
| MD5 | 6eb20bb6cafd6d31e871ed3abd65a59c |
| SHA1 | ae6495ea4241bcde20e415f2940313785a4a10d2 |
| SHA256 | 2b3fe250f07229eaa58d1bc0c4ac103ba69ad622c27410151ce1d6d46a174bae |
| SHA512 | 562edc1f058bc280333a6659fceb5a51b3a40bea7aca87db09b0cc1ca1966f26f2a7e4760b944e2502e20257544f85cf9c32f583f1dec06271a35dcfb8fa90f4 |
memory/2344-68-0x0000000006E00000-0x0000000006E83000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\xplib.fne
| MD5 | 37a58e1c5ce48e401ee8dd1d1da54814 |
| SHA1 | a87d00d78838c2d968b72330ee6f21f69b2caae5 |
| SHA256 | 1c426928fb90bedb31fcffa0f3fbe7bdbca4259f93f5abdefed6a9a089f2982c |
| SHA512 | e85052fc305040bdcaf47262e0ce6eef0848b319baac72a076dc94e7d20ea7ad8fbdd7d5381606a3154ab84fe81429bb339123ac1cd94551b1dc9cecfb7a08bf |
memory/2344-72-0x0000000006FB0000-0x0000000006FBD000-memory.dmp
memory/2344-74-0x0000000006FA0000-0x0000000006FA3000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\internet.fne
| MD5 | 0503d44bada9a0c7138b3f7d3ab90693 |
| SHA1 | c4ea03151eeedd1c84beaa06e73faa9c1e9574fc |
| SHA256 | 7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e |
| SHA512 | f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8 |
memory/2344-76-0x0000000006FC0000-0x0000000006FFF000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\EXMLParser.fne
| MD5 | 6cdb86e0200849f6ad365a36b2c0e5a7 |
| SHA1 | b037180c1624f6f6cbaa2b73abc1d50a49ecfeb8 |
| SHA256 | 5925038dc68aea5e9ef509bc05d26d9c9c170c868843076fa2d4f0021a99f74b |
| SHA512 | 17b41bf8616b8244261d7978a8d2501bf5bf87770895c0c26c96bf7dd5f1b94b2de864b0728ccd101b67ad3f444a77550dd315e535a4975dc543090793d6df0a |
memory/2344-80-0x0000000007000000-0x000000000701E000-memory.dmp
\Users\Admin\AppData\Local\Temp\E_N4\PBShell.fne
| MD5 | ae663d23828e2c0873fb294a8a2a21d1 |
| SHA1 | 2edd95515215170f2e5dc2428ac631b5aa2ab681 |
| SHA256 | 21970bccf9c8dd23cbf36b5f5bca9e6bc32335bcfb5e19d2f97a1b2ee2eefa96 |
| SHA512 | 70225619899266d7a307f6eeab2f4c709f48b66c57a2266143c787b984209d454634daaaf9165025e850fc3de8e10a968b900c80d89389ef848551b0701ef311 |
memory/2344-83-0x0000000007020000-0x000000000702C000-memory.dmp
\Windows\SysWOW64\ESPI11.dll
| MD5 | c3adbb35a05b44bc877a895d273aa270 |
| SHA1 | 8afe20d8261d217fd23ccfe53bd45ad3bec82d2d |
| SHA256 | b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c |
| SHA512 | 614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc |
memory/2344-88-0x0000000007030000-0x0000000007051000-memory.dmp
memory/2344-99-0x0000000007020000-0x000000000702C000-memory.dmp
memory/2344-98-0x0000000000400000-0x000000000059F000-memory.dmp
memory/2344-121-0x0000000007020000-0x000000000702C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 23:55
Reported
2024-06-22 23:57
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
63s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\system32\drivers\etc\Hosts | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\superecVL7sg.sys | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\superec2vArr.sys | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\ESPI11.dll | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\Prefetch\360trsy.Dat | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
| File created | C:\WINDOWS\Prefetch\ZJZHook.dll | C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0477c3037164924dea29a1a930f3ef90_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.73ty.com | udp |
| US | 8.8.8.8:53 | 52wg.free.mingyao.net | udp |
| US | 8.8.8.8:53 | kun0.com | udp |
| US | 8.8.8.8:53 | www.kun0.com | udp |
| US | 8.8.8.8:53 | dnfqd.com | udp |
| US | 8.8.8.8:53 | www.xp51.cn | udp |
| US | 8.8.8.8:53 | kun0.com | udp |
| US | 8.8.8.8:53 | kun0.com | udp |
Files
memory/4648-0-0x0000000000400000-0x000000000059F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
| MD5 | 638e737b2293cf7b1f14c0b4fb1f3289 |
| SHA1 | f8e2223348433b992a8c42c4a7a9fb4b5c1158bc |
| SHA256 | baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b |
| SHA512 | 4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12 |
C:\Users\Admin\AppData\Local\Temp\E_N4\eNetIntercept.fne
| MD5 | ca08022deda03a89eb0f3232b265bca6 |
| SHA1 | 29a3585b6c524a28fd272214691b65a48b7027b1 |
| SHA256 | 00a98605d8ee60639c8de56862a50f1adf3f83e265ab636f98c017b719b013bf |
| SHA512 | 65587c3c0a3d0feaf1aa7c676626ae0a8bd158595af4e855cf7588ef8a831903350a756dd2f8010dda10173abdb1418751e92c509c6b74a3b829465ab5030c15 |
memory/4648-21-0x00000000025E0000-0x000000000260A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\iext.fnr
| MD5 | cba933625bfa502fc4a1d9f34e1e4473 |
| SHA1 | 5319194388c0e53321f99f1541b97af191999a09 |
| SHA256 | 25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013 |
| SHA512 | f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142 |
memory/4648-30-0x0000000002610000-0x0000000002654000-memory.dmp
memory/4648-37-0x0000000002920000-0x0000000002958000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne
| MD5 | 4c9e8f81bf741a61915d0d4fc49d595e |
| SHA1 | d033008b3a0e5d3fc8876e0423ee5509ecb3897c |
| SHA256 | 951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129 |
| SHA512 | cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7 |
C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
| MD5 | cbd788f4c71b9776660d6e8473ae0e09 |
| SHA1 | 0189cd47bfa5d1cac0d7f1a33953d279f60b02bf |
| SHA256 | db0a6d7b75503daaf93c8e62ce67abd3afd57daaef4a448ec25a43d1de69e47e |
| SHA512 | 84bc02c67e3a3a9f77418b25afe7ec55e5bb5ca5a6c05503d94dffa57a30c7608e79bb4f83fe91c39ccce16872df2b3f9e7e5a8eafb4f563b1f961b93e9b8c94 |
memory/4648-44-0x00000000044A0000-0x0000000004501000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\iext2.fne
| MD5 | 6eb20bb6cafd6d31e871ed3abd65a59c |
| SHA1 | ae6495ea4241bcde20e415f2940313785a4a10d2 |
| SHA256 | 2b3fe250f07229eaa58d1bc0c4ac103ba69ad622c27410151ce1d6d46a174bae |
| SHA512 | 562edc1f058bc280333a6659fceb5a51b3a40bea7aca87db09b0cc1ca1966f26f2a7e4760b944e2502e20257544f85cf9c32f583f1dec06271a35dcfb8fa90f4 |
memory/4648-52-0x0000000004510000-0x0000000004593000-memory.dmp
memory/4648-55-0x00000000066A0000-0x00000000066A3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\xplib.fne
| MD5 | 37a58e1c5ce48e401ee8dd1d1da54814 |
| SHA1 | a87d00d78838c2d968b72330ee6f21f69b2caae5 |
| SHA256 | 1c426928fb90bedb31fcffa0f3fbe7bdbca4259f93f5abdefed6a9a089f2982c |
| SHA512 | e85052fc305040bdcaf47262e0ce6eef0848b319baac72a076dc94e7d20ea7ad8fbdd7d5381606a3154ab84fe81429bb339123ac1cd94551b1dc9cecfb7a08bf |
memory/4648-59-0x00000000066B0000-0x00000000066BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne
| MD5 | 0503d44bada9a0c7138b3f7d3ab90693 |
| SHA1 | c4ea03151eeedd1c84beaa06e73faa9c1e9574fc |
| SHA256 | 7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e |
| SHA512 | f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8 |
memory/4648-65-0x00000000067E0000-0x000000000681F000-memory.dmp
memory/4648-69-0x0000000000400000-0x000000000059F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\EXMLParser.fne
| MD5 | 6cdb86e0200849f6ad365a36b2c0e5a7 |
| SHA1 | b037180c1624f6f6cbaa2b73abc1d50a49ecfeb8 |
| SHA256 | 5925038dc68aea5e9ef509bc05d26d9c9c170c868843076fa2d4f0021a99f74b |
| SHA512 | 17b41bf8616b8244261d7978a8d2501bf5bf87770895c0c26c96bf7dd5f1b94b2de864b0728ccd101b67ad3f444a77550dd315e535a4975dc543090793d6df0a |
memory/4648-74-0x0000000006BB0000-0x0000000006BCE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E_N4\PBShell.fne
| MD5 | ae663d23828e2c0873fb294a8a2a21d1 |
| SHA1 | 2edd95515215170f2e5dc2428ac631b5aa2ab681 |
| SHA256 | 21970bccf9c8dd23cbf36b5f5bca9e6bc32335bcfb5e19d2f97a1b2ee2eefa96 |
| SHA512 | 70225619899266d7a307f6eeab2f4c709f48b66c57a2266143c787b984209d454634daaaf9165025e850fc3de8e10a968b900c80d89389ef848551b0701ef311 |
memory/4648-80-0x00000000066C0000-0x00000000066CC000-memory.dmp
C:\Windows\SysWOW64\ESPI11.dll
| MD5 | c3adbb35a05b44bc877a895d273aa270 |
| SHA1 | 8afe20d8261d217fd23ccfe53bd45ad3bec82d2d |
| SHA256 | b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c |
| SHA512 | 614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc |
memory/4648-88-0x0000000006BF0000-0x0000000006C11000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\dnserrordiagoff[1]
| MD5 | 7e81a79f38695e467a49ee41dd24146d |
| SHA1 | 035e110c36bf3072525b05394f73d1ba54d0d316 |
| SHA256 | a705d1e0916a79b0d6e60c41a9ce301ed95b3fc00e927f940ab27061c208a536 |
| SHA512 | 53c5f2f2b9ad8b555f9ae6644941cf2016108e803ea6ab2c7418e31e66874dea5a2bc04be0fa9766e7206617879520e730e9e3e0de136bae886c2e786082d622 |
memory/4648-108-0x00000000066C0000-0x00000000066CC000-memory.dmp