837fff34bbe462693c7b0232c365b23d97fb2c273e5e11b61e94ce41bb83de02

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 23:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
Size

303KB
MD5

ec3b59f895054b46715e325080fea10d
SHA1

fe6fd80760d29db7aebdb4930943f0096fb8553d
SHA256

837fff34bbe462693c7b0232c365b23d97fb2c273e5e11b61e94ce41bb83de02
SHA512

3e1e36b4043d0818b2e88e18516b0e3ba51aa09fd986b3c84d6de283f8528c8f61969282e5d1f0345bbaf6bb9597f5febba906a88fcf8db57a0b70067d84781a
SSDEEP

6144:mGlOf3vF/mTzG9bj9DoktMF0DWBkzosodavMj2JCydxsZerH:j6vFenG9bZS0aizfCaEj2ndxO+

Score

7^/10

persistence upx vmprotect

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
2620	A_v_DVD.dll
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
2392	services.exe
880	A_v_AuTo.dll
2328	services.exe
2656	A_v_AuTo.dll
2568	services.exe
1984	A_v_TT.dll

Loads dropped DLL 31 IoCs

pid	Process
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
2620	A_v_DVD.dll
2620	A_v_DVD.dll
2620	A_v_DVD.dll
2620	A_v_DVD.dll
2620	A_v_DVD.dll
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
2392	services.exe
2392	services.exe
2392	services.exe
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
880	A_v_AuTo.dll
880	A_v_AuTo.dll
880	A_v_AuTo.dll
880	A_v_AuTo.dll
880	A_v_AuTo.dll
2328	services.exe
2328	services.exe
2328	services.exe
2656	A_v_AuTo.dll
2656	A_v_AuTo.dll
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
1984	A_v_TT.dll
1984	A_v_TT.dll
1984	A_v_TT.dll

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000015364-60.dat	upx
behavioral1/memory/880-73-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2656-85-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/880-99-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2656-100-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/880-131-0x0000000000400000-0x0000000000415000-memory.dmp	upx

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x0007000000015c87-105.dat	vmprotect
behavioral1/memory/1984-117-0x0000000000400000-0x0000000000417000-memory.dmp	vmprotect
behavioral1/memory/1984-121-0x0000000000400000-0x0000000000417000-memory.dmp	vmprotect
behavioral1/memory/1984-136-0x0000000000400000-0x0000000000417000-memory.dmp	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet = "C:\\Program Files\\Common Files\\Microsoft Shared\\services.exe"	A_v_AuTo.dll

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Dvd.ocx	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\services.exe	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Dw.ocx	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_bind.au	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Au_ing_Code.ini	services.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Tj.ocx	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Au_ing_Code.ini	services.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\services.exe	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.ocx	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
880	A_v_AuTo.dll
880	A_v_AuTo.dll
880	A_v_AuTo.dll
2656	A_v_AuTo.dll
2656	A_v_AuTo.dll
2656	A_v_AuTo.dll
1984	A_v_TT.dll
1984	A_v_TT.dll
1984	A_v_TT.dll
1984	A_v_TT.dll

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2392	services.exe
Token: SeDebugPrivilege	2568	services.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
1092	5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1984	A_v_TT.dll
1984	A_v_TT.dll

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2620	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	28
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2620 wrote to memory of 1092	2620	A_v_DVD.dll	29
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2392	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	30
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 2320 wrote to memory of 880	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	33
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 880 wrote to memory of 2328	880	A_v_AuTo.dll	34
PID 2656 wrote to memory of 2568	2656	A_v_AuTo.dll	36
PID 2656 wrote to memory of 2568	2656	A_v_AuTo.dll	36
PID 2656 wrote to memory of 2568	2656	A_v_AuTo.dll	36
PID 2656 wrote to memory of 2568	2656	A_v_AuTo.dll	36
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37
PID 2320 wrote to memory of 1984	2320	ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe	37

C:\Users\Admin\AppData\Local\Temp\ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec3b59f895054b46715e325080fea10d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll
  "C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe
    "C:\Users\Admin\AppData\Local\Temp\5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1092
- C:\Program Files\Common Files\Microsoft Shared\services.exe
  "C:\Program Files\Common Files\Microsoft Shared\services.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:2392
- C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
  "C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Program Files\Common Files\Microsoft Shared\services.exe
    "C:\Program Files\Common Files\Microsoft Shared\services.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2328
- C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll
  "C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1984

C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
"C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Common Files\Microsoft Shared\services.exe
  "C:\Program Files\Common Files\Microsoft Shared\services.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll

Filesize
47.7MB

MD5
1a7887f7771f3ed1cfea602f5fd23a16

SHA1
a216810d0dc8590081235efb179a562e9a084499

SHA256
62bbf66e05f9b873432c8693f37fa9bdb0ada4620269135a1e8a0a2d9738cb7e

SHA512
eed8edaae65253c7876f1641b00cba9580727d4cfb6a2b8475d3c7ae843483fe428f79dd4aa2422691a0e3d892bc62dbc9267c597fcde70a65ca98b6d9eaee57

Download Submit
\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll

Filesize
606KB

MD5
b50db5298b3ceded1caab793dccbc566

SHA1
f2ca0fca8175736ba1cf2b048cebdd1e30cfd711

SHA256
63364e81aa0b13f0028d9a176deab4fe9d910a44e8147966f016f49b3522defc

SHA512
b2c65a0ba4dd47bb61d79563ff899efb7952c42b155513f3583a60d7c8bd05b1dc547ace4a0ba34f95e6c7238e7d21fea25dc0e014359a571bd525a47352866a

Download Submit
\Program Files\Common Files\Microsoft Shared\A_v_TT.dll

Filesize
47.7MB

MD5
4b23caa9f2302c455e13b03c9be8cfeb

SHA1
97980c55f8b7c8e437c79c2ead11989f1b347a2d

SHA256
dc41ebc6592f1377f011fa5601a107dd2d42c961b1282da0d7db354676f1fd22

SHA512
a5ed32cdd4d1ea363df14cb32f77f32efe6ad3ae6497f5e659bfa1db5408cb5ad9c1dec3d73485e309e863e81f9ca035fe8cd31474f46abc632245a866b01aad

Download Submit
\Program Files\Common Files\Microsoft Shared\services.exe

Filesize
47.7MB

MD5
0829e18c48d49a5f4662a8e1f7eefa1e

SHA1
b69d0e74385724e113af6950f45d3e36d0dc6a5e

SHA256
35cbcd1510a6afb1cbd9440be09cdb0b7555f0b7c73c376c7d8ece527fbc67b9

SHA512
30a9895bb883a213fe5c92b0fa8c814db1fad5c85f26b377e602e2a2b2e55492bbfed4a625400cb2d057e4b34b0ac6b70a643887f409a19bfcb05fee1bcc3afc

Download Submit
\Users\Admin\AppData\Local\Temp\5555se.exe_4E2F607D76DEF471D6BE337F974C2EFFE7C5F73D.exe

Filesize
252KB

MD5
98a47a067a396d52c8f33cd82d1df5e4

SHA1
2c8e3743283615f6f54afd60806f5476d3e52f06

SHA256
cc6e0f9ea16b535ab144868ca0b0b0d41a4953326a3b2bb3bb68a263bb3da83c

SHA512
380b32900159deb9a3caad5522414a8d77613fe4b832a63717809efaba65606a4526a4e5e32309c2168e22ce231b1294ee8cb95e633f60f3733f642510ea1f15

Download Submit
memory/880-99-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/880-73-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/880-131-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1092-26-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1092-32-0x0000000002EA0000-0x00000000030A4000-memory.dmp

Filesize
2.0MB

Download
memory/1092-33-0x0000000002EA0000-0x00000000030A4000-memory.dmp

Filesize
2.0MB

Download
memory/1984-137-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1984-120-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1984-117-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1984-119-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1984-118-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1984-121-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1984-136-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1984-135-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1984-138-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/2320-66-0x0000000000240000-0x0000000000255000-memory.dmp

Filesize
84KB

Download
memory/2320-4-0x0000000000240000-0x000000000028E000-memory.dmp

Filesize
312KB

Download
memory/2320-45-0x0000000000240000-0x0000000000258000-memory.dmp

Filesize
96KB

Download
memory/2320-112-0x0000000000240000-0x0000000000257000-memory.dmp

Filesize
92KB

Download
memory/2328-79-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2328-82-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2328-81-0x00000000002F0000-0x000000000033B000-memory.dmp

Filesize
300KB

Download
memory/2328-80-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2392-51-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2392-53-0x0000000000970000-0x00000000009BB000-memory.dmp

Filesize
300KB

Download
memory/2392-52-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2568-94-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2568-92-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2568-89-0x0000000000400000-0x0000000000417B00-memory.dmp

Filesize
94KB

Download
memory/2568-95-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2568-93-0x00000000002B0000-0x00000000002FB000-memory.dmp

Filesize
300KB

Download
memory/2620-39-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2620-19-0x0000000000230000-0x000000000027E000-memory.dmp

Filesize
312KB

Download
memory/2620-24-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/2620-12-0x0000000000230000-0x000000000027E000-memory.dmp

Filesize
312KB

Download
memory/2620-13-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2656-91-0x0000000000230000-0x0000000000248000-memory.dmp

Filesize
96KB

Download
memory/2656-100-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2656-127-0x0000000000230000-0x0000000000248000-memory.dmp

Filesize
96KB

Download
memory/2656-85-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download