a5c53c31e7272a608140ad2c995a00871f086c4a3affeeb36365fc56f58ce9cf

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Size

712KB
MD5

c01d540c5de9f69399a583c7263112d6
SHA1

bd936f36d3d41634bc75655fecb4c5f17387733f
SHA256

a5c53c31e7272a608140ad2c995a00871f086c4a3affeeb36365fc56f58ce9cf
SHA512

3062307bdef11bdab036e33d9afdfa6fb94d20c5cce466bec26a4fe3bdb2c11df9125bbd5e7662f26aed78f5e832f67b0210d8341de354f99ab62211a14ae49b
SSDEEP

6144:nAm8by/KTnJCtaf6+Gurz41NKDrb/D4lYj2c+Igvp4RvObDLLgJN0lwFOHd1CWvW:nEAKT/Pzrz41YX3RgR4RvOfLLAOyz

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2076	FP_AX_CAB_INSTALLER64.exe

Loads dropped DLL 1 IoCs

pid	Process
2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
File opened for modification	C:\Windows\Downloaded Program Files\SETD6A0.tmp	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\SETD6A0.tmp	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
File opened for modification	C:\Windows\Downloaded Program Files\swflash64.inf	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FP_AX_CAB_INSTALLER64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430728005"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e24259b5f6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000cc101d91e354a09f58732434ffbdc5ba70c7c331b1d624d8ef0b27c86c1f5da0000000000e800000000200002000000052eebdda0880053a5f7141e61efce2434a67e81edfd8798004031e3ed8b93c9190000000b2cfffbc1069e140b60ad20850cdf1ee771799628562b404af38fd18bf950fbc9e4f82945df593844d51cb05efd0088b6710ebcf505676724a83cacf8d9d900ec19cd4c76d0fc4922d582ac56bea223a34ac07e44e0f6a26ee054cddb7f774a6d9013b8f9f99ddfb8af0d14b3504b9ead796ee1799f3a41145d946486ba28e676015850fadfe21c64bd5a3e38047a79240000000fc878cf17f8f4bee12ce764bdd4b88b6973b01a62de20ef83a51eeddf77635a555ffc8867229bf4b3c1acd1818c3f1d29270b579569e867451f6fa0031f8b23a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83C4FE81-62A8-11EF-9CA2-E28DDE128E91} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000004fffb963543927ab688bba5b135a4572178e0087cd6f8977a49466c3404bd05c000000000e800000000200002000000010e7d8f42bf3ca359dab8f202007e9021faea996a440e00a9242a730b4ca4c0a20000000fa8155f3bb251d85fe86f0f1c29a79401a52f84a58f60a82f70dc9a925c7e7b840000000fae3c1d4e09dfcf3b9cce02099b867758eb2376397b2f4c4c79482198e57b0bcce2bcb11dabd41ef5ded838771f22e52c95b8fddf3ddae83e91a83a6ad9095bc	iexplore.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2076	FP_AX_CAB_INSTALLER64.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
Token: SeRestorePrivilege	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
2980	iexplore.exe
2980	iexplore.exe
788	IEXPLORE.EXE
788	IEXPLORE.EXE
788	IEXPLORE.EXE
788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2076	2308	c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe	32
PID 2076 wrote to memory of 2980	2076	FP_AX_CAB_INSTALLER64.exe	33
PID 2076 wrote to memory of 2980	2076	FP_AX_CAB_INSTALLER64.exe	33
PID 2076 wrote to memory of 2980	2076	FP_AX_CAB_INSTALLER64.exe	33
PID 2076 wrote to memory of 2980	2076	FP_AX_CAB_INSTALLER64.exe	33
PID 2980 wrote to memory of 788	2980	iexplore.exe	34
PID 2980 wrote to memory of 788	2980	iexplore.exe	34
PID 2980 wrote to memory of 788	2980	iexplore.exe	34
PID 2980 wrote to memory of 788	2980	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c01d540c5de9f69399a583c7263112d6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
  C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
24cb0c0a7fe2c8273b521d4630f87e67

SHA1
410fa7d2402120f9d92b2b584c918e2591cdaf97

SHA256
716393abe4c95cde7770fe531d17c4da7284dde95657b83f613f719a1ff759cb

SHA512
66d822ad76dee8af62ce48e47a01ce5c3b038f41b723b9633bf84a9dc561c6e4bcc206522929cf9498efcfafcf043e20038480925878f61c93f5712dda62f9ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fed6470ed6efe28c7bb4dd94536546d

SHA1
5d3430458c1b5662db627aca56575c30fdd93d88

SHA256
4e6bda3d9108441eb69279bd5ae0f9df727bbef21fbb654efb9cec0393e29777

SHA512
085dca5356a47fe945f5a91741895e8290f953e01a7e477f73233141888b386c5ba78c32cd038a40f2b2b3be6d2443dc8794d5749bfaa41e3afe893fed15cf73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc3fc1f63b8df46b5091e10ae8bfcda3

SHA1
05daca5c7df2426b9ac11111716dcc05ce3d6235

SHA256
4f63fef0d2dddf658e6c767e1fddc7f857e628889eb9001b573fbd7eea95c705

SHA512
5315c839435acc73d8835b509726c73e9fb35898e7f534b3a592ac351cb6db09d3b0cf3a21c79da5e46deb95167e7a3db18d73d98536b5f6f7d16a4485292fa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05a8ecc19bd9a071a50f44468fa29df4

SHA1
53ba161a5272f565116d1279f92939b4424f2ac3

SHA256
e5b84103d963da027ef3244e93c01da4a93f36375a077d1190fb5bdc85e0ec98

SHA512
ae67542fba40f7795466a4597232ccbcd18d9a199397e19591c3b1156b3528374c84fb2f10b74a990070521f57c3f4023b3648190ece0b28e4f95936b16b8189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1772dd48f5b8a8945f3911a865689489

SHA1
3faca1cbdcf3cebb546876a02dc8426d3f59e33c

SHA256
4bf325e7190901a1d01fedea6fd171511ff383b364e42f1f10b08b7942920c88

SHA512
9072ef2d6493a314a4355323c6d47bae01d08ee2036de21287946fe1e684e411e2fd777f36cb6454b38ca82673b7c3e567c696b92765d11c6e3083a8c7b8345f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c36f2a9bb9a06fe5dd4a5c6b60e6b0eb

SHA1
b463997424c37d3b43132881a2688a8547696843

SHA256
98cfc2959cf50ec349c7e4a7608f86c15c516eccb944e53ff95546eba240cdf7

SHA512
60cb7361f13d2459ef1eac1ddbc94bc28419e9b45539c52eaadfb90149eef44b3fd883ecf8810ae820f2ea82f241d09cd7a3c77d15d29f1c7801e98b0f3375a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a849a73d35cf7e61fd4f5caf097a94fd

SHA1
90e3131d3b387613c7d212be79b58467fb94f648

SHA256
dc75284834e2a6600c0feb7b475f4b16b4b5d8f8fd9867fb7d4c0d4429152748

SHA512
d5b9837e1873d4c36336945ad38a36a3409176a1139892e13330a40363027ebc77fcc3f122d6a6b153318fe9271dc33b45e0395c75766c0c812e4734eaceefb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9272e571be08032178f7287c092372a

SHA1
118532de7c136fbea799ee0ee15ccf47027ed1d2

SHA256
55a324587c79a5fea08c39d3300a2ef339bc7c3135dea8223ab80274d1e351c7

SHA512
542aa5b9d2eea511b8b7a41664accd97d90a009431e6b6a4585e1326f5973e3bf38b357de566de41735b23a262e90c4b03a1448bf13af27ce0579061be3d1c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc665e58c05d163d16b9ef7dc89abeed

SHA1
55591540926b3964ac569d8ee05d711814492ffc

SHA256
b306f17328811d5b1de1a32c4ef102495c850d79203bcc52175667760a0b47d6

SHA512
f78486f54ff22b34e204980cfa75518570dc41d3fd3c4009329d186116e9682c8c2fadeea952a3014f3aa32bb83aaf6dbf7490d50b401784be984768ec66036d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c7aae91cabace272cfc48d205c6754d

SHA1
cc38fc4cf508ac369b001a2f2f6e3e5c9f51d36e

SHA256
eba9f905184a9e848d152ed66affa47b592b8570e5822fafe60e5fa52c19f502

SHA512
72b66f4746e65db446b00c4f9fa3d69f175fcbfa0cfc32cb798b256f31115bbe2b54c28e602552c6177b993a0ff71d3639281fecd7eafbf3ee0a214bda7e51c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b610222b7e2238b3fa5bcffe62a26b2

SHA1
820a03125edd3bfa513f7331bb7635e1f51a99da

SHA256
8d11a52f4906b5ae86f0e64ec58acfb585e265994c9257f37fdcad80866581d1

SHA512
d5f8864bcf7d7d446d9f0b5b8e2504d6fca96a474fca22e6c1a6b48a54c04d6879f72e2cf659bcf2f46e390d6dd2b959925a22de98ef7908bd68e0b135b0b741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef1898cccda3f2792cbc3f0bd3e825fe

SHA1
22ed05b1d6d3e22ba2ef2fd6c02bb5dba53c30e5

SHA256
095b8313a47a487e56412f8fc0fabca51d4ec5fa46181ae5c617215c7a4ee278

SHA512
2c5854e8510772346eafd65b35b24159a0723774c2e2221dc7493f3b4dd9bb9b618cde181f4a17f9ddf8cc06365d19a0efbfa0f837e2965d4f83f08a4c6f5c1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
702ec48d09ff83ff7b416ca60131cdf1

SHA1
769b4acdc9a2bc37e1ce1c6e9254c40c48114130

SHA256
2639fae5a5adc81c246dff8571be74b38b33e29c533e54c898b8cfd6ec09d3dc

SHA512
6b85c65183a53c4823338cb8ded4c75770d2aab78ec815bb7089c2100b45755e48388e8ef16c5efb23e9f03c50c80a1dbbe1fcfacb9e7739f5a84a8d54486c63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50e7c17e6a9bb1905079a55b669bbb4f

SHA1
59dfc683622c35db0ed8078aa10f1825bddb3fc0

SHA256
b6c18898c6b6d0975600a3464106344a683b553e35236df13d4c290623826f50

SHA512
43e8d52f06e4f943fd93c042c24fec1d4be0bd8cfbcb52b438c9d91246d3b8e92114e2c80d7ca0236579117670147b81f72b1b785d74978bb9cd0d7590c13a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c6d2c26bdd5cd5253afb845b2fcd538

SHA1
d608fd89b208bad49c2cef23715158e6e8871d35

SHA256
c079e806dfbfeb3693d6112166e5ed96281fb0fa00730ecc5b8fb7ae8da8e3ca

SHA512
684234392673832a7576c85878697c395e9d7fce07afe0b5691c8a2771325286cd9f19d381ca68141f26b5d89f90932867e031d25bbaeca53b6989596200fd86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
589aaaf00d2d0bece29f0fcb0716d56a

SHA1
6cea243bc3ec97680b8ae08ba30d7e26e389a892

SHA256
8c2e4b22455efd3d219f959142564ad594af7ba3002d22b53ca2604d3d1bca5f

SHA512
ca1ec5f95f2c7c1aa2ff104689caea9b4c0f3792f21609b18d88b13e9c541233267c64f0415931c39f7e01e24424558d70982bd765d5413e89b45cb105c7b2d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
034b30af0fbb12fa4e9f7de52ff76b24

SHA1
1086a3e4b9be4349da4572a60e1378aabd9d5ba6

SHA256
ffcdb6f2a6cb39dda3e3148f65c1fc48b6e01f39700d3cccc181c8bcd28b73cf

SHA512
742511d66d9d2df81fb5b20ed3028f218aca019f326f27284def11c8689cf1500266dee94e6e65d3a12c3409accd2e790bc60c5a2d2bb138f7b27c9fb39e1c3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17fb03cb7822d4add9b00d631329e193

SHA1
182bc324d384316eb3b8657fdfc6a97850cf4376

SHA256
e0c12dc86515d61c3ab31173ae52e7cbf3f3c4365cf901552e08b7898c48f698

SHA512
163b8efb37764bb9ca0d87299171ca2c62341cdddce0467f059ad7bf993c43ac142522251fe2d08d996b19a9c3606317f2d75da993f018afdba7fbacb785efb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91a5991ee03f7cc6f2a1a2830765b95f

SHA1
bfc815aebc9c96acc5f319d8bc18c2b8b58102ae

SHA256
e91f0e964d4dce2c932119c75288e2b02ad388f423023c71594448b7870a9cf7

SHA512
f87b1855aae09a482dab2317bea2d415557d43990dcd48280ce5222aeffba842b2ba055c1bc887ace7cde27aeef1c5cb925c32755e1e22b67605d75180a06029

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d256eca31135f2754729482daf3ac854

SHA1
0d2be1916e3e39484e3665f444c59dd74c048a41

SHA256
f38ebbdf8fa6b797b1dfede22a3f2b52338bec9a65817125b1599c582e6054bb

SHA512
6a5856e4b02c31f01914b9ae0662b9ecb34990d2874357e8c6518023eacc9f5edd733602a9d45b6960dbc3c4c201502e0f6d1df4ab03a8a6adf516955279b0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4040c8efbe89d30066088492c62141b8

SHA1
f8c00cc8af45fa7888bfca49876c38a4fee80a1b

SHA256
3c7ff9fa7025532ad0495fa05fdd7eeb5d0a8571f936d2c85dcd86379d9485d5

SHA512
d67a97282f36e4c73db2c6901b27fa7e7f11f6c41f40cf9f639ba3d6602f3d019f2b73f9298aed025a77e5dfc0411dce69c5771c20e67f03f915c717bfe23213

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72d81ef38797e80b80279c57df1071e3

SHA1
3346ce754e7db1ad1b8497ff2f1b887e3ead74f1

SHA256
2929ec90e7fa44d222c8a6b3a753a4b50afa76ef0bed306b59317249dc9fd735

SHA512
be76bc1de7a04616c91a63ad878bce512fe43b20d79f3e5ecfe72381c295f9ce85d4ae8531d4b0df78b0f4ef25a9c5bbfa3484f39c876d8f921309b7b31b4493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71399b1bbfc20f1974a96bf19e128be9

SHA1
508d78bd01b984321006a2e3a130182ad00549f2

SHA256
3878281ad236f960f53a837a0d91b582ae30ee131a50d4b7e5d1df3f69ed9717

SHA512
75090fa23c8d19a2a738f07827d54f7a0b6daa5f02ddfd925b5a11d9dcd9813153e1f39e95f82a475f3a319d440eab9bcec0fbb75474d3d5ceb63fe4dd79c640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9603400f956ad206acd368a77b0208cd

SHA1
0f57f828d5bd69050f26ab1b53aba6552cad7d06

SHA256
90a5405965652ed6bf121047e90d51fb879f85f3d710e10ef227ede888a5d943

SHA512
45d45a1b1b70866c23cf9ffd00787ad014b3c18f85b847127d1b6abd4ebb0705f5fd88c6827397359e11171a710a18babf18160cd120c25b23d9aa76e2d2de13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aad890c6b7d3f3363ee51bf91c0c605a

SHA1
a2d9983c9aec0e036111c407ac6bad87175c418a

SHA256
cf950db69b9569c8461b95424b7a271e254c4841900f61bfca9b301cc58e8bd9

SHA512
a30b816c41f0625e41ec68e9d9236565f5da6cffb8c752cb8bb25b3d2649189d270f2d2b47a175dc9766d1ee824276f97560a1164f239bc2243a4df9ed5e1c82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3b08549a462194b88e492329b1e60c8

SHA1
be3598017e411b685b50072a0d02c7244d2df84c

SHA256
495440491e6461b1e112344cbc9885f4982bc4f43811acd0e816b59eaf2e659a

SHA512
dba27ce9fe2f68484827123bda1c00484622f3b85a29be4c22bb9b47c1f47b3c73ebdacc2e8362936b87366b96bf76e30e3f8e108d13d4d894b6f59ad5cd0ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5073d01db1566aeea03aa1846342364

SHA1
bae7be5e12e680959e65349c5c2dd85acbe4d784

SHA256
df9714d2df599d826b64eb6673359806008bd6edf3eec9c0651cb76b19f06bef

SHA512
d3c07623a93bbdfcf53cec5981cc7208dcc1133fa6a972178d7c3eb9995740df0ffa771364bd42bf65ef4d2e2ae3fad93e3b02dd9449b82df9bea998e1c454da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91a00c3e279a7dcde133e16510c69d40

SHA1
87cfe5edf13605fe5f6c442d546da29113a14cf9

SHA256
53ead890666715b50a02ea1dc1bf7a7f01b1d27d5bb3f79abb539c65c95a74f3

SHA512
fcf16f525d2c847963613133cc9b458340495a1cbc35bbca8bc08df15a1562f20acbd75fc11545a2b5620dfb7f1c49abc2396d4551843520b710a148f9c4189a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d438a81492074b0bb0821bbc6776e23a

SHA1
cd4b31c4acac565e97ac273bb30c0d69b34f44aa

SHA256
ce759f1da2e57c905c3e24ccf78f7485c81039e3e2910f9fa6202a554e96ba36

SHA512
c8b4d73d21b287a0af5b8ff2f88fdc9cb3be1efbecbbb27ca9e1c3ddc215d8c0c97675d45c397354a2cc68620e7b6f980ddfd0ec2b77b42f5b63b15e2c45d026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7ee9ddb8df34f96fa391411e9e54875

SHA1
5b1468c5e1941baff255a8974d33f9d35312fc6c

SHA256
5a2e129e7c84b8b364ea6ce1db7a77329dd87d6a06ca73ac90dfcca9b614898c

SHA512
ee0cf80d33009adb30023f210b2dbf26edb8924cecc81e484f3191dd8422ddeed26ade3799a18205836b9c4fa54b1573bf12ffa0261104a1976d943167124257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ced633191b31151815ca1ef189d7140c

SHA1
6dd7d3b875e46114ee6a6919f52a2b267b624b0e

SHA256
6190c80d84e933839b7fda10724d35d2fda8aca8d845768f6303a47c15a07f23

SHA512
ef625f4322b0e00bce13c7744dec94d64c8598ef8fb3b0134e5fdbd69ecdafdfaf55125def981a6a1cc96ac994574dc193d98744adfec666a6a92726b9dcc3f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddb9da312a07e2c42dccb3c65b733ce2

SHA1
6e7591711bd2638d26f902a66dbb727a0f55d762

SHA256
3c1eb9d4b8d6b7ea7fd8b4d65e8f15aec0640ef02c98768b30884aa5c540462f

SHA512
0df57737c0f687e2b2a0a7ee647446e1dad8b06c9358a96490ee9bc06d04d69187561cac7d997d61b3788dfae72b08c18402a35b671c9d5c0a4c2c5ccf94eea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
395d257050eb982c4bec22a2e7843490

SHA1
d32c60513c857a4c87d1c66856b5ddbddadf5f83

SHA256
62377147c50469d74b5970fe9bbba8ab7ad8266aaabb2640679b4d25fc82eaed

SHA512
1fb161a97e71e76427c89098ff3ce85e6b02ebc484e3c8bb35ed3d4373ae66cd2b2c901f588b93a505f31fad22496f56d616788b4a2580cc869155fa69e09195

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5863408e0dc995f04cc88f29b9419bd3

SHA1
8f17a2cf60c45ff24767bc48b79a3f58dd817282

SHA256
b26fe8b506440df1e0811bb7a9a197929d2109dbe5e75b6172aa8e5a31fdc33e

SHA512
6da19aa6c77ec14400c91750433085768b7cae48c81e5a5d4e47d34596141ad13d5f4572838e8f83fb8c824b5f809c1a8ab9d7d7b97ec68a04d904dfc29a03c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08491dbf777e488a69e5c45ce3efa44f

SHA1
fd4fda06d52974e051e0db5d391799949057a12a

SHA256
2e3fff4a6fba0742b53c2b2a893aa2338ccdb6addc7a776f4d96aed028d206b7

SHA512
b4f1e87aa2ed5e6d111c2f2c4a119b826b9cd73bc608e18192cbece0914f4116d735ef5644980c9518ab3a960ed45ccdae220714769514411e2ad4e3464b05f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2b265db29a210ab91f89d71932f6f8e2

SHA1
9930a0835e0ab6fea50e3424641eb8a820d68005

SHA256
a4ec7656b3d36c86f00cf087bcad1eae2951e1a29364ba896841b355eae8b5f2

SHA512
6bb0a56e24449b2bd572c2c57bf50303092a68ded64141075c889f70e220d377f1d7ec17460dc8bb2fdfb8a5525a6785d25eb27f63e9871a0facb25412e80e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H1FOMV1\swflash[1].cab

Filesize
225KB

MD5
b3e138191eeca0adcc05cb90bb4c76ff

SHA1
2d83b50b5992540e2150dfcaddd10f7c67633d2c

SHA256
eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b

SHA512
82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCEC6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

Filesize
218B

MD5
60c0b6143a14467a24e31e887954763f

SHA1
77644b4640740ac85fbb201dbc14e5dccdad33ed

SHA256
97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58

SHA512
7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF26.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Favorites\Á¼½£×··ç QQ£º285407.url

Filesize
142B

MD5
7959c79485dda351f0c99239f9d30442

SHA1
457c01bc74893ed0fa0698e9e253174eaa356cd4

SHA256
d97be5d3ddb34078ff13903ae92dc95e926f6be0e76b055ece8ef89949e7fb82

SHA512
8e4667098018d5cc1933107bed41d57dba63e10d08ddaed4a52f41dd5cc2305379466eaabffd4af7d157af7064650c89ff3d67c25bb1173452daf54c0f73721c

Download Submit
\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

Filesize
757KB

MD5
47f240e7f969bc507334f79b42b3b718

SHA1
8ec5c3294b3854a32636529d73a5f070d5bcf627

SHA256
c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

SHA512
10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

Download Submit
memory/2308-0-0x00000000002E0000-0x00000000002F0000-memory.dmp

Filesize
64KB

Download
memory/2308-176-0x0000000000405000-0x0000000000406000-memory.dmp

Filesize
4KB

Download