46c75b74d21515e607a66db4dc2a04aebf4c03b5f885e2008f7ab2238a87c334

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe
Size

11.7MB
MD5

9879774208b15b338883bb3e4b3b1f67
SHA1

f3c6bfabe12989b0937c007298593ce753528525
SHA256

46c75b74d21515e607a66db4dc2a04aebf4c03b5f885e2008f7ab2238a87c334
SHA512

61a3ee21ff5b413d0856f17fe56b760061b9f819d5d9ba5a6451b01e5ba8f881bdf03b80587912c27a2ea5c2f1cd60e7b4f84b80b07b589e838be092ac117cfd
SSDEEP

196608:310dD4Uk+mdtvzgLvEixiwPj8DMw1046pdHK1MVoK4JH539q15Un:31yDJmd6LvE4vOMJd9K1MVoKeH5NqM

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2424	netsh.exe

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	NOTanNot.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	MODS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	System checker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	NOTANVIRUS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	NOTLOOSER.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	NOTVIRUS.sfx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	NOTVIRUS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5b89d30b680a51dc2d00cd25b99c736b.exe	server.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5b89d30b680a51dc2d00cd25b99c736b.exe	server.exe

Executes dropped EXE 9 IoCs

pid	Process
3304	fabric-installer-0.8.0.exe
4440	NOTanNot.exe
1292	MODS.exe
5072	System checker.exe
112	NOTANVIRUS.exe
4916	NOTLOOSER.exe
4812	NOTVIRUS.sfx.exe
1700	NOTVIRUS.exe
1868	server.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5b89d30b680a51dc2d00cd25b99c736b = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\server.exe\" .."	server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\5b89d30b680a51dc2d00cd25b99c736b = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\server.exe\" .."	server.exe

Drops autorun.inf file 1 TTPs 5 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\autorun.inf	server.exe
File opened for modification	C:\autorun.inf	server.exe
File created	D:\autorun.inf	server.exe
File created	F:\autorun.inf	server.exe
File opened for modification	F:\autorun.inf	server.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTanNot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	System checker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTANVIRUS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTVIRUS.sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fabric-installer-0.8.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MODS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTLOOSER.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTVIRUS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3020	taskkill.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe
1868	server.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1868	server.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeDebugPrivilege	1868	server.exe
Token: SeDebugPrivilege	3020	taskkill.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe
Token: 33	1868	server.exe
Token: SeIncBasePriorityPrivilege	1868	server.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4740	javaw.exe
4740	javaw.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 3304	4460	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe	84
PID 4460 wrote to memory of 3304	4460	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe	84
PID 4460 wrote to memory of 3304	4460	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe	84
PID 3304 wrote to memory of 2420	3304	fabric-installer-0.8.0.exe	86
PID 3304 wrote to memory of 2420	3304	fabric-installer-0.8.0.exe	86
PID 4460 wrote to memory of 4440	4460	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe	87
PID 4460 wrote to memory of 4440	4460	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe	87
PID 4460 wrote to memory of 4440	4460	JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe	87
PID 3304 wrote to memory of 4740	3304	fabric-installer-0.8.0.exe	88
PID 3304 wrote to memory of 4740	3304	fabric-installer-0.8.0.exe	88
PID 4440 wrote to memory of 1292	4440	NOTanNot.exe	89
PID 4440 wrote to memory of 1292	4440	NOTanNot.exe	89
PID 4440 wrote to memory of 1292	4440	NOTanNot.exe	89
PID 1292 wrote to memory of 5072	1292	MODS.exe	90
PID 1292 wrote to memory of 5072	1292	MODS.exe	90
PID 1292 wrote to memory of 5072	1292	MODS.exe	90
PID 5072 wrote to memory of 112	5072	System checker.exe	91
PID 5072 wrote to memory of 112	5072	System checker.exe	91
PID 5072 wrote to memory of 112	5072	System checker.exe	91
PID 112 wrote to memory of 4916	112	NOTANVIRUS.exe	92
PID 112 wrote to memory of 4916	112	NOTANVIRUS.exe	92
PID 112 wrote to memory of 4916	112	NOTANVIRUS.exe	92
PID 4916 wrote to memory of 4812	4916	NOTLOOSER.exe	93
PID 4916 wrote to memory of 4812	4916	NOTLOOSER.exe	93
PID 4916 wrote to memory of 4812	4916	NOTLOOSER.exe	93
PID 4812 wrote to memory of 1700	4812	NOTVIRUS.sfx.exe	94
PID 4812 wrote to memory of 1700	4812	NOTVIRUS.sfx.exe	94
PID 4812 wrote to memory of 1700	4812	NOTVIRUS.sfx.exe	94
PID 1700 wrote to memory of 1868	1700	NOTVIRUS.exe	95
PID 1700 wrote to memory of 1868	1700	NOTVIRUS.exe	95
PID 1700 wrote to memory of 1868	1700	NOTVIRUS.exe	95
PID 1868 wrote to memory of 2424	1868	server.exe	104
PID 1868 wrote to memory of 2424	1868	server.exe	104
PID 1868 wrote to memory of 2424	1868	server.exe	104
PID 1868 wrote to memory of 3020	1868	server.exe	106
PID 1868 wrote to memory of 3020	1868	server.exe	106
PID 1868 wrote to memory of 3020	1868	server.exe	106

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9879774208b15b338883bb3e4b3b1f67.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.8.0.exe
  "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.8.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3304
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
    "javaw" -version
    3⤵
    PID:2420
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
    "javaw" -jar C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.8.0.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4740
- C:\Users\Admin\AppData\Local\Temp\NOTanNot.exe
  "C:\Users\Admin\AppData\Local\Temp\NOTanNot.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4440
- - C:\Users\Admin\AppData\Local\Temp\MODS.exe
    "C:\Users\Admin\AppData\Local\Temp\MODS.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\System checker.exe
      "C:\Users\Admin\AppData\Local\Temp\System checker.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\NOTANVIRUS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NOTANVIRUS.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\NOTLOOSER.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NOTLOOSER.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\NOTVIRUS.sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NOTVIRUS.sfx.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\NOTVIRUS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NOTVIRUS.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\server.exe
        
        "C:\Users\Admin\AppData\Local\Temp\server.exe"
        9⤵
        Drops startup file
        Executes dropped EXE
        Adds Run key to start application
        Drops autorun.inf file
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1868
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
        10⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /IM Exsample.exe
        10⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
130b7aaab78431d9878eb1aaf9ccd230

SHA1
0a96eeb4e0ab369829c67cc248ffaa1ce152de92

SHA256
719ed70666d0d0b097fbb85028300028841427bb198a9ea9fb105c4d78e7c603

SHA512
2d33709843874cd7aaa258e0ee763eb490cc208924e84b077b876e8de96babec5695ff06242846ebf1e2b382dc08a314d207c9790f8ee25e7dc30cb2a51cd667

Download Submit
C:\Users\Admin\AppData\Local\Temp\MODS.exe

Filesize
9.0MB

MD5
92527cbd8a40915461d54399f6067fdb

SHA1
924ef6c4ecfa77ff74690c825c8a2dcb0e1b833c

SHA256
3240795dd9214e9f92a1bc1560b9f46f2d703bb5154a646750bcebe095d48148

SHA512
fd41d707e4938767fbaaeff2bb0a8c2d5fe1d4f7638b4d599f7ca327065379c6288a22f70bc66099e9996b2137f62e8ab426a4125096de0f405c1a8ad93b584a

Download Submit
C:\Users\Admin\AppData\Local\Temp\NOTANVIRUS.exe

Filesize
4.7MB

MD5
849e4effcb9775993f20173e82433ff5

SHA1
233338cfe6df040c43fd225ed27eaf930dc8b8af

SHA256
abcc2e404458c1496e9446ebd697ca6ad530935f33eda155b06e052759bd598c

SHA512
aaf942c8c95a043fe1c10cd66ce5e962ac604b60017eb99a75a89f38c8f2bac7dd625427eba82f492a95291f831f73b30985fa7145df526ca8e7b70887a0f70e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NOTLOOSER.exe

Filesize
2.5MB

MD5
f9f3ea1df9cae216e8546aaa6ed95fdb

SHA1
1720c4170ddad930aa94188d23e6749285c8cbe2

SHA256
5b2e319b409f5655dc5086669cf078622bb11ecd85fd9b3bf6a47031af647bf2

SHA512
a6e2c74bf90c8cdffe48da3fca833f70e2ca56ddab18225539f4e2933c398f4ac56f09224b734439f4b0b0d692b59efb3aa2e1cf741254e1f7e1d6f86a1e2235

Download Submit
C:\Users\Admin\AppData\Local\Temp\NOTVIRUS.exe

Filesize
36KB

MD5
89fd86be3a42e20b390c3f4b0651a0ba

SHA1
f1543e1be692db024f1800bcf7cf43e5921be1e2

SHA256
f007f1756a8aff5bfdc1aa84ee88e56b32acd948e5b12097bb93b989e658c58c

SHA512
8e2a87e4a94a485e64bd54a3d944a9b1018b51cfed207268e0f2ca1b7feb5c4ed2f8571b3ffd6946b8db0f861a863f047cfec5718f52a5d3fbe344aa81a80c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\NOTVIRUS.sfx.exe

Filesize
326KB

MD5
d280d91dadcbc8d4cfa56410250c86a3

SHA1
03b0a69e84eb9eb2b0f9286faf14b1178e40643b

SHA256
60cf21a6663455edf240ae0e253cae326965aa4e3b2bf52fec8f181b75926e7a

SHA512
addd6cff7cf47c348111c3ebdb9a37e66baee9e2b522699d6d07977d328b72181576ac3f7a2f9bdd84baef57e971601e60dde76c1477e602c1b13a5d71bd28d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NOTanNot.exe

Filesize
9.1MB

MD5
98a517b99c8c361d58397a6c99ee8c31

SHA1
32b66ef4bfc386dc6bfb35af9922a3f8f1b19f4e

SHA256
75c317765dee954a0db6fa6a9461d95bae6ca0d0e01f6016a39684b9dc8c1099

SHA512
161ff276fe52409d1808ef34cfbb873de547b03510f7014930d3888452a43ab8c279bfcf729df2c6a2866f547d61357691da9fbb909374343543f1ad8dcc8e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\System checker.exe

Filesize
6.9MB

MD5
1ddea56cc423c39b99178780efd2feab

SHA1
f383921429530184e406096220d6c24b54336068

SHA256
4d288f5715893122d463079643fd7eee3282bd7630444fffcc302446fed9f7e1

SHA512
0f536341a3b470cd59df7b63d1b9ef72e5dba05541a3705b3de04e2b16f2683372088788d3936fce2857fd816b55253dfde5ee5642a5da4ef1b702d1b615f804

Download Submit
C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.8.0.exe

Filesize
447KB

MD5
9300d91f4958eae086fef390227289d8

SHA1
7f4898fcd26047e1ee5c470da0813e32bbbdd47b

SHA256
029fecd75b1b9305c2d2e4c9ffb5d66f3da7934ab7a78d680e0d7dc9ff84b473

SHA512
748d2a473ee49b3eac1bca2006ca461aec80d2a3cc9a930260a4bc978e81c5026b660a0a266640c5a772d7bdf82de0f58767bc625874ce4c1bda775d7023223a

Download Submit
memory/2420-36-0x000001F9717D0000-0x000001F9717D1000-memory.dmp

Filesize
4KB

Download
memory/2420-37-0x000001F900000000-0x000001F900270000-memory.dmp

Filesize
2.4MB

Download
memory/2420-23-0x000001F900000000-0x000001F900270000-memory.dmp

Filesize
2.4MB

Download
memory/4740-80-0x000001C863730000-0x000001C863731000-memory.dmp

Filesize
4KB

Download
memory/4740-128-0x000001C863730000-0x000001C863731000-memory.dmp

Filesize
4KB

Download
memory/4740-146-0x000001C863730000-0x000001C863731000-memory.dmp

Filesize
4KB

Download
memory/4740-154-0x000001C863730000-0x000001C863731000-memory.dmp

Filesize
4KB

Download
memory/4740-160-0x000001C863730000-0x000001C863731000-memory.dmp

Filesize
4KB

Download
memory/4740-186-0x000001C863730000-0x000001C863731000-memory.dmp

Filesize
4KB

Download