Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    134s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 09:40 UTC

General

  • Target

    bb370ea3fd978255c46f678901f07933_JaffaCakes118.exe

  • Size

    175KB

  • MD5

    bb370ea3fd978255c46f678901f07933

  • SHA1

    a2860e35b6d2aa5a38b9669b69cb66adffcd6330

  • SHA256

    9e2a733100cf0950a930b85c3846a67f18b0a51e76a61abc13c5b7597a7053a1

  • SHA512

    9cf74449d94864c17d2fe1555154f38c9607deaba74eac3f1e8cadc94d38e9a71afa576968173443a16f3309b732639e27427c6825cf7a65df2a2324e940e711

  • SSDEEP

    3072:29r7km1Sihv1hfhxefD4ODtcvGia4WExhqCeiRJhPh1egYXea:bmLhvDhgbJ4GPCV3h1

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb370ea3fd978255c46f678901f07933_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bb370ea3fd978255c46f678901f07933_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4320
    • C:\Users\Admin\AppData\Local\dplaysvr.exe
      "C:\Users\Admin\AppData\Local\dplaysvr.exe" C:\Users\Admin\AppData\Local\Temp\bb370ea3fd978255c46f678901f07933_JaffaCakes118.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3076
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 3436
        3⤵
        • Program crash
        PID:3760
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:748
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3076 -ip 3076
    1⤵
      PID:464

    Network

    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
      Response
      73.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      0.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      147.142.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      147.142.123.92.in-addr.arpa
      IN PTR
      Response
      147.142.123.92.in-addr.arpa
      IN PTR
      a92-123-142-147deploystaticakamaitechnologiescom
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 534196
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 65DC43FBF2294D34B0B6322F9898B714 Ref B: LON04EDGE1022 Ref C: 2024-08-23T09:41:51Z
      date: Fri, 23 Aug 2024 09:41:50 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 640361
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 785ABFA5BBF94E62BBB56B679FC5D01D Ref B: LON04EDGE1022 Ref C: 2024-08-23T09:41:51Z
      date: Fri, 23 Aug 2024 09:41:50 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301185_111IP3CQWIM3YFJP7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239317301185_111IP3CQWIM3YFJP7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 539839
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F30AEA0B576A46CEBED6B5E3DCF17030 Ref B: LON04EDGE1022 Ref C: 2024-08-23T09:41:51Z
      date: Fri, 23 Aug 2024 09:41:50 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301594_16P5W3HNTIETE3DL8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239317301594_16P5W3HNTIETE3DL8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 628751
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B571309A380F4D54803AD3EE94CE1563 Ref B: LON04EDGE1022 Ref C: 2024-08-23T09:41:51Z
      date: Fri, 23 Aug 2024 09:41:50 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 491307
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C8A3E601A7184E88AD58EBCB39D4ABB0 Ref B: LON04EDGE1022 Ref C: 2024-08-23T09:41:51Z
      date: Fri, 23 Aug 2024 09:41:50 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 522409
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DBCF16F5F1824BBE87E3979ADE6D72D4 Ref B: LON04EDGE1022 Ref C: 2024-08-23T09:41:51Z
      date: Fri, 23 Aug 2024 09:41:50 GMT
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • 190.9.35.199:80
      bb370ea3fd978255c46f678901f07933_JaffaCakes118.exe
      260 B
      5
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      6.8kB
      15
      11
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      6.9kB
      15
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      6.9kB
      15
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      6.9kB
      15
      13
    • 150.171.27.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      136.5kB
      3.5MB
      2526
      2518

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301185_111IP3CQWIM3YFJP7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301594_16P5W3HNTIETE3DL8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      0.159.190.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      0.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      147.142.123.92.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      147.142.123.92.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      29.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
      170 B
      1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\809A.tmp

      Filesize

      75KB

      MD5

      03a57fb675ac8eac500e588c83a6186e

      SHA1

      209d8719f03ccbce0daf172835b9b85b03979f81

      SHA256

      173bb029fc97187ea38e58d4037dfb9b7804ad5de4d62b9e3c10321c4ac4aedc

      SHA512

      4b03b5ef0d5c4f7933155731f791ab6c00920883a94bb69efed498aa581fe91d8f0af64a9d2fb17db7b466818b98eaacd744eb4f941b624113c38a36592e7c22

    • C:\Users\Admin\AppData\Local\Temp\809B.tmp

      Filesize

      53KB

      MD5

      970e3284abe9de5b5a7a03062d9c63c9

      SHA1

      563cbf9569dfc6a8d33eeb5aec257ea1ce25abbd

      SHA256

      a66596e160349d90817edd42a74fa0dd3660e38a46520d4a54e7aa225cf355f2

      SHA512

      1716597fed66b66db185494d199739e6255d24c4e0ec652256f0bd49730a2a1e77081f3dd788f64dd46a559acc6dd74630a2fa58dfaa55573bbb836999318053

    • C:\Users\Admin\AppData\Local\Temp\809D.tmp

      Filesize

      884B

      MD5

      04bcae8a7bc7c9a45bba0c385e77120a

      SHA1

      342019562da65dd0290466c6a1d00392d51b6b54

      SHA256

      954eebeea30d81be278baeb2c8bda672ced4714b5d5906e270317ce44f512c88

      SHA512

      c42f845a33a70b88f6e9b4b2e4b77f1d952108579d4db804c403394873e4967f57815021e89412030bc14c10b4b6e67a3ae46c0ea18ef6c8949a6a79c554e5c3

    • memory/3076-20-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

    • memory/3076-23-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

    • memory/3076-24-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

    • memory/3076-26-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

    • memory/3076-27-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

    • memory/4320-1-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/4320-0-0x00000000021B0000-0x00000000021DE000-memory.dmp

      Filesize

      184KB

    • memory/4320-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/4320-30-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.