f921b1b35bf223d2d4bfde2ededbfe5135fee668b30ac27018e9c2432c2e281f

Analysis

max time kernel
147s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 18:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Size

291KB
MD5

29439c13ddf9e9fe7a0bb5aa4218a043
SHA1

4c567cecacd54bd7d49198cd1f9d6ac8786e86da
SHA256

f921b1b35bf223d2d4bfde2ededbfe5135fee668b30ac27018e9c2432c2e281f
SHA512

c36619598fb84e9aac2afeda7cf0a01e08838a55b59cad693a87276a0aa232c9f91471fbdcf9c8c063c2e4ebd64f9846bd9719ef0b1af3014c970e12d1bc7ee3
SSDEEP

6144:STkUHKB523NwosVHx9d16QcKuiMIGg9bnXZEhDNlsjW1ZjJ9:SI4G23+osVR9b6EGKUAjUl

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\TABCTL32.OCX	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\VSListview.ocx	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSINET.OCX	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSWINSCK.OCX	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A81230A-B360-48FD-970A-3221E4BF6A00}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ = "vsListView"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E33C93F-C525-4CAC-8A46-B9EAA303B20A}\ = "vsListViewXP.ÊôÐÔ"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\ProgID\ = "vsListViewXP.vsListView"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\VERSION\ = "1.0"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vsListViewXP.vsListView\Clsid\ = "{FF95099A-7236-4E65-A271-FCC284DD9EAF}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D05C3AD7-7EF1-4749-885E-A2006408FC13}\1.0\FLAGS\ = "2"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D05C3AD7-7EF1-4749-885E-A2006408FC13}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\VSListview.ocx"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E33C93F-C525-4CAC-8A46-B9EAA303B20A}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\VSListview.ocx, 30000"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\TypeLib	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A81230A-B360-48FD-970A-3221E4BF6A00}\TypeLib	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\InprocServer32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\TypeLib\Version = "1.0"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\TypeLib	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ = "MSWINSCK.OCX"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A81230A-B360-48FD-970A-3221E4BF6A00}\TypeLib\ = "{D05C3AD7-7EF1-4749-885E-A2006408FC13}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\TypeLib\ = "{D05C3AD7-7EF1-4749-885E-A2006408FC13}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vsListViewXP.vsListView\Clsid	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D05C3AD7-7EF1-4749-885E-A2006408FC13}}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ProxyStubClsid32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E33C93F-C525-4CAC-8A46-B9EAA303B20A}\InprocServer32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "MSINET.OCX"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D05C3AD7-7EF1-4749-885E-A2006408FC13}\1.0	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\MiscStatus	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vsListViewXP.vsListView	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D05C3AD7-7EF1-4749-885E-A2006408FC13}}\InprocServer32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\TypeLib\Version = "1.0"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A81230A-B360-48FD-970A-3221E4BF6A00}\ = "_ÊôÐÔ"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\TypeLib	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\TypeLib\ = "{D05C3AD7-7EF1-4749-885E-A2006408FC13}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D05C3AD7-7EF1-4749-885E-A2006408FC13}\1.0\0\win32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32\ = "TABCTL32.OCX"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\ProxyStubClsid32	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ProxyStubClsid	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\TypeLib\ = "{D05C3AD7-7EF1-4749-885E-A2006408FC13}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A81230A-B360-48FD-970A-3221E4BF6A00}\TypeLib\Version = "1.0"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\TypeLib\ = "{D05C3AD7-7EF1-4749-885E-A2006408FC13}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ = "_vsListView"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\Control	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\MiscStatus\ = "0"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D05C3AD7-7EF1-4749-885E-A2006408FC13}\1.0\HELPDIR\ = "C:\\Windows\\SYSTEM32"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E33C93F-C525-4CAC-8A46-B9EAA303B20A}\InprocServer32\ThreadingModel = "Apartment"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E33C93F-C525-4CAC-8A46-B9EAA303B20A}\InprocServer32\ = "C:\\Windows\\SysWow64\\VSListview.ocx"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\MiscStatus\1\ = "131473"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF95099A-7236-4E65-A271-FCC284DD9EAF}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D05C3AD7-7EF1-4749-885E-A2006408FC13}}\InprocServer32\ = "VSListview.ocx"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD6C9867-7A85-40A6-BC9C-B495EE4B3643}\TypeLib	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\ = "__vsListView"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E401C2D9-92D9-4ACE-823E-7D96F076A74F}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D05C3AD7-7EF1-4749-885E-A2006408FC13}\1.0\HELPDIR	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
2352	29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29439c13ddf9e9fe7a0bb5aa4218a043_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3988,i,7761714625659357865,10802238739796857379,262144 --variations-seed-version --mojo-platform-channel-handle=1272 /prefetch:8
1⤵
PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\MSINET.OCX

Filesize
129KB

MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
C:\Windows\SysWOW64\MSWINSCK.OCX

Filesize
121KB

MD5
e8a2190a9e8ee5e5d2e0b599bbf9dda6

SHA1
4e97bf9519c83835da9db309e61ec87ddf165167

SHA256
80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

SHA512
57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

Download Submit
C:\Windows\SysWOW64\VSListview.ocx

Filesize
88KB

MD5
09411b401ac53b113d9492ce45186380

SHA1
15f4c683ba317bb0b54b335755721fcc2d745cd3

SHA256
e4f27ba024f2ec6be12d94790b7d07f6245dfb75339bad6969fd311229d1d326

SHA512
65a68e8d1dd46e498ebe2e07b6c81078605dcbe5271dfc3364146f298b170c5bf2c68b307e3267505b6ea0645d4a1cc0f5780b6de3f640a81829ea13797f0efa

Download Submit
memory/2352-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2352-28-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download