182bbdf30722b06cd53ce7e8d039650b25ee616f52d6d0a7e2bba398da0e5038

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
Size

320KB
MD5

2567e2e6d613511225fc38dcca7d9eef
SHA1

8965e7706a546960a596dfea480a28c6ec8682a4
SHA256

182bbdf30722b06cd53ce7e8d039650b25ee616f52d6d0a7e2bba398da0e5038
SHA512

35d56dbf16f88187336c226753b929226055ecd5d7979f709533ec36aecc7b353447b2d248274e7cf78ad29619cf4b7ed23b57cd44c4e8b160f88a23e2324aa7
SSDEEP

6144:ElZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lLI0fQgH:EHLUMuiv9RgfSjAzRtyXQgH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3664-0-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral2/memory/3664-112-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral2/memory/3664-341-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/3664-112-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe
behavioral2/memory/3664-341-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "15574"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10734"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10734"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21969"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21969"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3014320848"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "25817"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1082c9b6f2cdda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "37134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116786"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10734"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "37134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DF24BED6-39E5-11EF-A084-E20E9B62A9C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "11768"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22051"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "25817"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11768"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10652"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "33246"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "37134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c8374000000000200000000001066000000010000200000008afc25853b7f6922c183d0f798903140af65e87c8902f2f3617c78d0b8b3b871000000000e80000000020000200000009dc48dfe27e4698e2bc8379b1a4e3e6e34e653f9164e06a9d084c25938b0ea4720000000c60ce5526c045502ef26a2e5cfc3dd8390d47bf9c17d3f5c731280098924ee50400000004aede5e8270fe11ea4dd65c6e7de8e1bae6b8ce5847776600220f77f85238c17a556e4878aaede786787946eb0ff9564f1b9dbe178b3121ec9f784a6467996f7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10652"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "33246"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31116786"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "33328"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3012133167"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10652"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{7E8FC30C-4209-4CC5-9C08-8738BF8DB502}	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3448	iexplore.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
3664	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3448	iexplore.exe
3448	iexplore.exe
4580	IEXPLORE.EXE
4580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4580	3448	iexplore.exe	87
PID 3448 wrote to memory of 4580	3448	iexplore.exe	87
PID 3448 wrote to memory of 4580	3448	iexplore.exe	87

C:\Users\Admin\AppData\Local\Temp\2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3664

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:1692

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3448 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
f8feea5e9c254ea213b816aefce178ef

SHA1
2c2ec3090e27631b7a783254626ae05041cf790c

SHA256
a548854058793ae2d7c8e6306ff490e0065e0bb4bb82292a3f638d4c62961564

SHA512
13e338bb328492a467628eb3d619e3f66f309d5444cff76efb32d5cb2e1fedcf19a717e004e6e80501f36ffe69b33ff271cab44929289be20c8ec4fd55fab18d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
58025bc345dae03c7af98e3f20685633

SHA1
3133a92251a4c4e2c09d17bc70c13fa9fc69b7ab

SHA256
5f86dea580ccf6902dd408da8a1f18a566a8eba839f4b1ebbf8d1882e1f872eb

SHA512
2f7dad7586b2f449c4936eae33fa1fa93d25815a7ea7993d3e65b344948260a9bf2053e3c77c6f23fd2d0ce65fea5b97e3dc37a32ea38c9f4e8292c334470ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
229B

MD5
b81e8e63fce736dee0cac85a4832b034

SHA1
17ac7fd5da3c17b5c5a42320d7251f5751b32a21

SHA256
d5d41a3e72fca43e2912e2b6f3a9acb8a251325656a92acfae04bb38969dd36a

SHA512
e08cd349640ebdba0d48f0e70e242e37f6289565d362aeac74ce2bf5a5da37f2b46d16692f1fe54d2b2b200ebcf623eb03b4fe4e6ca82d7c541cd030fe7bcb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
229B

MD5
a6c997fa08496a9cfd8fb54156f8fb79

SHA1
f7cd548142b1737a8f2856ff8c132c1774370a0a

SHA256
68534b52d913c97754a817de800572c4e9ba85da44f16d041437c0198af8b0b8

SHA512
105a7c3d5aa12852b93b64ff625e9d6e38048a8093fb23b70d5ceec4795e723d0dbc892a21993999c7f9261cac50f51d0b48274f3031cd9780407d93111fb6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
229B

MD5
145fc2fff6e3d132c082a9fe38dbcf94

SHA1
caba70cbe4d7623d7868d6c6b9415e08d36ba0c1

SHA256
fd93dedd51f5581bf2a11c34ddb2ff3fa0efbf0723e25455592e1183f037e66a

SHA512
30d774bd6d1b7076914a3a70dfed2032e3d11775c5cfe55f962e1c39bede88cf3a0fd225c94d82a7b83f373326d4dfdcf1d398c55bff9ea644421de57ec3be39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
229B

MD5
69747548341ee0376aed1405590ef2e3

SHA1
ea54b1f3c6c778042bc8fba876e3da4c724f8319

SHA256
5ca3ea82decfc85b7a8b663f11302029b4a545bcf96fe2c00bdde8f783fa6e89

SHA512
327c774a70d9bcaa93112d285b618aebb470ed26cb50e5b7a7f63019885e9cd188f6f0371e13bec08895767e2f117310f9cc28948ec9401c6993ff9c03ef7a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
641B

MD5
28fb8e15a811981e10c367a1315924b3

SHA1
26f0759dd264b7f5a7058b6b008112125d70e76f

SHA256
db9720a035d76de9911c2b260f614e0f6fa2b916e6641541cd6a819074858b96

SHA512
0efdab65c90bed9de8d50a37e89b9b269cc6a2f4e3aa188c7c208136ceca318e5018c4c007d541b00ae09e30f4baa314b9e3393c1ef1eb5d33acb3088a4fce24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
641B

MD5
28dc3642e1b1a5ca3c44d860f580bdaa

SHA1
1777ccb2f9bc17d33ab9a1c6dfbbc7962125733f

SHA256
9226c2e8d11782c48ed766fabc7ddff54fb5f9eab4230262dea9879dfdedc77b

SHA512
5a54bd7c59cb062946777fdc2521901b0ebc92d5e7c2eff907075b8788952d7c799e281510513e23b9f8811f87711762173b7c9b9a75de6c8d9fb51b3be6e336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
16KB

MD5
f0e456d77ae27b7872417a531747ec9f

SHA1
d46b7db60d9204796d4a9461c2ee0a581434c43f

SHA256
b265f6d88e667bc369abddbd0d17e982d7522cd79470c8ad3583acb6414957d4

SHA512
dd11e7de6e4c9d30870489735fa36d546459abe663d89c62afa7d34089a19757f1a9fbd375bb78e08ba38bfcfd7bd70bbb7fb66410433321db0f15101242a19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
50KB

MD5
13eb3cc54bab4d0e0ed899d27c2ec2c7

SHA1
54a9a17d15deeba835209ff6340a56d4d8896dff

SHA256
0987b672455b05873159501477b29008cc269c1888a744b3b9380e1d6a48a8e6

SHA512
dce36ee93f2bbc03665571ed0381858623e1e87c121cd406d4551dab2f66b169f9ce6137bd40d13c82e6346e90f40cb78b4e38b1662d2f24106f99139cdb83dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
55KB

MD5
5baad4f2ca5a2bec3f1367813cb21979

SHA1
181d1461a85930bb54a06dd309c37f24b8e647e0

SHA256
8ba098af02b803d3159c2cefa8671078e656f1e5ca95514aa42cc7957a6ab83f

SHA512
b6841c8916128a28da97820dfec98e7a89c4bc40c9e1dad41ed52d0c38912186b612c34a2209f3c340947b675ab8e5ed9380d461f891391cb93bbf08180e5683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
23KB

MD5
8d69e6776d67f9b314f3acea21061a08

SHA1
da2b804811274acc539f2439a5a57dad99bffef1

SHA256
a69e1bc94240a038eb885dedade8d1c3c7bfd92b98a9f35ef63aaf6e014a495c

SHA512
da1746260afefbcac6d8efc6bb9a9a1b04cdfa53ccde530a6884a914880096490e5e4498b29320affe4c140e4860bb893e7ec552bd32194b0b5eaea38a390d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
876B

MD5
acc2b677b946859b8923ecbce8ca352c

SHA1
cb99d2ef5da0c83ef8d1c4fde4137d935d59e06b

SHA256
93f99ad0dfed0e37fc0665626e8715aed06adb6aa368b3b9eb67883e5b54646c

SHA512
eca409c554534ab05d64b30d5d7a46ce56ae88260355aadbff01e5852b4e74cf2f6b15df4c5c98b0c375da0843b68ef66917b1cb86a89f21325cb0116d59c718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
1KB

MD5
6e4ea471695bb54815cd0a165a6b9b63

SHA1
6df854a4bd9cf4ac97488054ee57b28dc6068917

SHA256
0a95a61133295236c901c5aed9db278bfa32038bcced475ff6407e3ee6a379b5

SHA512
eccd39b15a1940670cd39b60bd52a7252692d5890c715dc53c5ade2d097902acab93e854ef5b74e3b7df5a5413d524d8c20a9729b2a71a3643a0c4bfbcbbee3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LFH0UZ4M\www.youtube[1].xml

Filesize
990B

MD5
28d061a15cc967c05a4405bf759fe861

SHA1
19beb39048311dd6463f818dc02f4926aa1e8fca

SHA256
12a8b0b12f9b50e5d08cd2dcce668fb51b67c2df37c500d78399720bb1a23297

SHA512
e086338f2f71c45f29d3149e89dbb0a0276edd806526be27940cd08f8ae515c2ef68af941853b13b4bcc5a3a8de2b1f8129209f9643009fdd9342677d91ae435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1m6rheu\imagestore.dat

Filesize
19KB

MD5
6dcee0b843d8df3273bc0ccb5da69cf5

SHA1
e9715e44a56fe22af892e977bf7472f20fbc5cb6

SHA256
3e55082a4230bb186bf575e44e4169a463f79fee97233773aa404932530da025

SHA512
f1b9296375b4092a8f8bc7024a136ec540da3188a20052954be84d4ae1b7a8602e7a18bc226008ee5daeca445f25432d3b7b71688a012ff62100c1410e716be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\EhMS5LMWNnx4EI1l5r04sTRhRpzFlHCPrIjK9dYtLwk[1].js

Filesize
53KB

MD5
c377c5fa8e0668b658bd8a64958ebc45

SHA1
d8f8898665e6fc1ab7c4416891d73c34bc31550c

SHA256
121312e4b316367c78108d65e6bd38b13461469cc594708fac88caf5d62d2f09

SHA512
d5d50622ae6a2b4e93abdb409c6ba6440641b7e0f555293fe5ae125e6888f132c57a79d3ca56179161eeef8f3135479d09ab3ffcfc679b42879402d3492a4a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\ad_status[1].js

Filesize
29B

MD5
1fa71744db23d0f8df9cce6719defcb7

SHA1
e4be9b7136697942a036f97cf26ebaf703ad2067

SHA256
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

SHA512
17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\base[1].js

Filesize
2.5MB

MD5
a0955bd75ee1ebcaecf8aa6780d674e9

SHA1
526f291fd2a13fc60d04ed4098d257fa459cd900

SHA256
029445efa2b9fefc24051d5fd28a89c903abf284c4756f0e42a5f4ca99a6ef1f

SHA512
20001a6d54826584291467dd505b2d7806d1b7ff83f379f6f95967e241a3e02709f3509953be918f6fa9d604564299cccd85f996cd437e11f44ae85a8cc281a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\embed[1].js

Filesize
63KB

MD5
b9f9680ef0c18c790f0a1d16707b4e4d

SHA1
8d7fed5d02e45c88483c8ebf2de95ab326d74999

SHA256
e99514b5186f540f8c66c390d19af9006407c31eb83970780f5e22c2171c507e

SHA512
b65edc7e269ff3e12dbb688e43abf6d7c2c28ea20ba26d596dbf74b8ad7238831e2b8098946ee95f4da2fcaf54d907057e4a20726b79398e007ce28b94dae4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\remote[1].js

Filesize
118KB

MD5
43e25947f146dc811f8d587dfcd29c3d

SHA1
1e27c12fe02f0e1b67c3df55f18582a78dc95788

SHA256
af99246283374474c1be3ea31ce96948e4b51e8396f097c04ff577aad36e3c87

SHA512
157dff2385b500761c23d565d83304ab8d555ad9c882592b168ae52af71d72b91d4820dc11d2d4ef6916ba96dd4f66b4ad8c97447f7a45cf52dcce2025021c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\folder-games-icon-150x150[1].png

Filesize
19KB

MD5
9f252fd302bd20e5d6890e23bec2c60a

SHA1
8a9a833a93cb5e58d3dd9fdd8585bfcbbea9f586

SHA256
d8be34ff5f4c52b4284694018b8401356d04259c24a76581e5c584aa74f24c1f

SHA512
243344801ef418d4e09746442e4b21f9409c4c2f793d1e8da38eedbcc0dbf97f462407376a815700bb045b9c6b12f9a3963491583fa138fbe91f75857be5a89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\www-embed-player[1].js

Filesize
325KB

MD5
f65c984d9a1affc72f1e38c1c4db8f5a

SHA1
ed7d6c5f7d8efa327ef8430280793e4898324f38

SHA256
a7f9d511ee07df6991043d2a20d9325420308eb6893b854a993cac7e11fceb97

SHA512
8ac28aa7b257fee70f142f32fb40b53b5385cccee67b7febbf2f7e796e918fcb3a6fd1d6345eaf119b433b905e3b0bf6ea1d55f0c579a6b644548d813498583c

Download Submit
memory/3664-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/3664-341-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/3664-112-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download