locky_lukitus | 92d843407a4f17392c7d7b2f6fc2dfa879743ed87d54c16a0449bfb4d168b541

Analysis

max time kernel
125s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-05-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe
Size

615KB
MD5

1eb5b93203f2ee6d0cc0c61f634eeb63
SHA1

9f6eacd64f69c34c88b5a249e0c07a275efff1f6
SHA256

92d843407a4f17392c7d7b2f6fc2dfa879743ed87d54c16a0449bfb4d168b541
SHA512

7ca76f7085982cefed0c98fb9660193178478a73be641bff55ed88a8d07925bb56712b877b358e65aa198bbbd0ac5330bd280239ec383a426dc928f4aa076d0c
SSDEEP

12288:OBRpTCkUGgvu5F4ZBV9K8HCEZqxeemKduM+cyS1T7FA+6SP:OVTCq4H3KFjx+ALb1T7wSP

Score

10^/10

locky_lukitus ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2808 cmd.exe

pid	process
2808	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

Processes:

1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\WallpaperStyle = "0"	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\TileWallpaper = "0"	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9615DAD1-0C01-11EF-A1AD-46837A41B3D6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b083816a0ea0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000014e73e71515463c8e97dbe6d87f06cd6f6cb3fd521da7fc7a9f60a65ccad5ed000000000e800000000200002000000067068c09bcf12fc131fcf4fcfabf594442aa8aeb98d7f10a011f626ea444c87420000000369f6b5ebe02cc021ab72a8ba51d380f6db233cbc60f08dd8c997302aba2cbf64000000092e2d38ceaba68d0aeed9105dce53d6db2ddb0792fd96712d4fbe7468e270eded43e8ecd065809a33d5ef56e77f9aef24ab419aafa227215ecf33817cc90d63b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000cc3f7c7bfad8cdf11cff228131282dec8a0b8fff13e977e43e81e2e6a3ee40ba000000000e800000000200002000000025acfa03c35273f28977e704f336ed813a0470fea5cb19bb6fa2b0011de71633900000003464115ee5200bb1e2d636266c4c51516b834103879b5c800cc4ac0f7b96572e03170c70361937ac3866e376defb369483cf596d2f428c3b85e8db7599161e202278a91ffcde93f1e040c46cd89e72d995b1a92be395861e24801f170c32301d1bdbb29a8a4b4b4ba2a68a17f18ddf0e5b2b6deac6b49159b3c6be500e89ab6ff56b72cb5ce2ee9aeabacc499271b27640000000342268f9a25461ec6c59a28ac13a679e855ef1c8f6b924e15097e7df222e5c2b7f322477505c96ae1c734469ef29304801b2950045e863278cb8166c171620ef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeDllHost.exe

pid process

2532 iexplore.exe
2568 DllHost.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2532 iexplore.exe
2532 iexplore.exe
2664 IEXPLORE.EXE
2664 IEXPLORE.EXE
Suspicious use of UnmapMainImage 1 IoCs

Processes:

1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

pid process

2312 1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

pid	process
2532	iexplore.exe
2568	DllHost.exe

pid	process
2532	iexplore.exe
2532	iexplore.exe
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE

pid	process
2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exeiexplore.exe

description	pid	process	target process
PID 2312 wrote to memory of 2532	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	iexplore.exe
PID 2312 wrote to memory of 2532	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	iexplore.exe
PID 2312 wrote to memory of 2532	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	iexplore.exe
PID 2312 wrote to memory of 2532	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	iexplore.exe
PID 2532 wrote to memory of 2664	2532	iexplore.exe	IEXPLORE.EXE
PID 2532 wrote to memory of 2664	2532	iexplore.exe	IEXPLORE.EXE
PID 2532 wrote to memory of 2664	2532	iexplore.exe	IEXPLORE.EXE
PID 2532 wrote to memory of 2664	2532	iexplore.exe	IEXPLORE.EXE
PID 2312 wrote to memory of 2808	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	cmd.exe
PID 2312 wrote to memory of 2808	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	cmd.exe
PID 2312 wrote to memory of 2808	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	cmd.exe
PID 2312 wrote to memory of 2808	2312	1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2312

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe"
2⤵
- Deletes itself
PID:2808

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2568

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
1cc71f208012ce1e30617f9c714661cb

SHA1
b504be172d97be8d8bb63624982c36757f86b109

SHA256
5a54826bbc27d244831beab7e39ed8f218906be1e08abe3d1fb74c33f51187cc

SHA512
eb803462d747903df14c60a54c1e81a4c9f990dfcc408b6f1c7f10b5bbb9ba3531c9be49f4ec0401187ba9802924ed6a42585ceac8241293212f0fa62f267989

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
a9f1b02b676c97d4ffa25334372135e0

SHA1
33ccb1980a94f7b6257884809409bd54d99c2527

SHA256
b8fad1dd57ba007b65aeb4da0f7954a4bd878cbb921dabce7f1b20cf7cc29fd7

SHA512
c8c928ecc5ef08147fab088224cbd314ef968b2c656a1ae0d8176c1ff1f1db3fc06d3f701e8203fbad71b0fff4dae71711e9db00e593934c3a1e08af89dc9efe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
f78b071b38b0c3f83d953a5bb9e773ba

SHA1
403cf03b8a0a4bf026854722993a27efcd686dd8

SHA256
83e3a8b111350a0b1f9f743707f2530b5c97825c3593ee396d8f39935d3c559d

SHA512
52891c46b70f4a27bc70b71106e300bf02d53762c5cb9e0213bf00e4dc6353ce2e4b600c26e59dff9dbea4fedf9c4a6366218fd9a035998fa66258e3607b7903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
c2e9532426d011692191f4e3145ccffd

SHA1
c9b7ef0cb3ed7e35ce61537bf218922121d6fcaa

SHA256
32943bd8f620a549befd5eaf7a716b243aaf532bb71e39bd8862f018c361dd8a

SHA512
ab067fc505a3de3d0a79a99c1ea8332c981e4b0d0938c209f07ca0462df73e09c0ee6ce0be923ba27aa0f9a742af65fdebb31c8ee631550d0d7e8a267e6c9a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
0253e8f8dfb08189e6d0aa6ecfdb3c10

SHA1
3dce1745b9ae18715d5b7a71d47aa8389efebe2d

SHA256
8c974dff5ce6c4992ba61ce45a5fcd15d6de8af9f6bdf38800e145f44e9e1f8f

SHA512
a832f25657d6ff453eb98b0429acc6d7204d62debc43ebdfa6da8e1e9967fc3be780341fbfe81e83cfc920d2177d226e5a3a613f5efe5b760451a27daf991bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
a42ad5e3099944a511641162a40ba16f

SHA1
6c2b87776a7e178371e9c309ec418a78124f42f8

SHA256
7a5140ceee9b606f630e980123fc9b6b2446d0a2048d29f1be1bfdab36771bad

SHA512
ba3970715bf6bb09f2a29809290f15968561cec9c7377ee7a61c3fd67682093d2231ae696d4b4fd339f95bda3416e79fa585d8bf0a33c56193f97a99b4199acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
96c76c378655207720536bc15e8511f3

SHA1
afcf5048bce4c4c4a61f4643aedc8330f02586d7

SHA256
062593d31c53eb4b36e82befc31fe6e20def09d0a3bce02cc40c839495c32a26

SHA512
b747a9012064dca1e7e96cfb0eaa3976e921ac5e3477a532078e519482b14549f4bdc6e68b024bf5dfde83c6409988eb9aa07b6e355fb7f4c555a0ebf1892a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
ba4d6c0e1212b513beafe65c8e0ccf61

SHA1
36fdf629d4efa01f896855e7b70abbf49b87b0ab

SHA256
fbc4200983f6852ac3cfefc12c7727d3dc5ba9e2c442b58bc668fff0f5a4f0fd

SHA512
5e95cca86a0d199068b8cf112d1160a1f93a3f176948cabb50345b855ca485a2f2a6ef83847968a4f348eda83dbc743860787e5b9ad2ca0405894bd43005f9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab94B4.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9586.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\lukitus.bmp
Filesize
3.3MB

MD5
057ae9d049edd22f26ffd45af426c4ab

SHA1
4a1d838ae55287cf2d3b39e3f3ceb8dd10bf8188

SHA256
3b207aebee069518c4fda6301cafe508e828d5116909145d9468533bddccff7b

SHA512
5a19881ae226cebef4125cae1c05a7b67c8c3acf7939f2c76158e9716ad10e917c7261ebdc9a75b7623de03bd4a21851018ddbc31bd3347105f9540c7344f11c

Download Submit
C:\lukitus-e155.htm
Filesize
8KB

MD5
aa0194564a225e2f8cd4fe54f762a868

SHA1
8fc35b0cd12385828531941138072d36d01fc711

SHA256
22eeb007664e65e77f0c9d03179e8eff0d13361b61f0c1039bfce40907e49bd3

SHA512
c04617907b9f0c18c4d6be3784ec045046aede5510b0c088dfb3a322b1ea5cf04b763de1038210d7d57bede7d652d2239ebeeb81919594591f8280605de8bef0

Download Submit
memory/2312-8-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-1-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2312-277-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-0-0x000000000049B000-0x000000000049C000-memory.dmp

Filesize
4KB

Download
memory/2312-272-0x0000000002B40000-0x0000000002B42000-memory.dmp

Filesize
8KB

Download
memory/2312-267-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-7-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-2-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-6-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-4-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2312-3-0x000000000049B000-0x000000000049C000-memory.dmp

Filesize
4KB

Download
memory/2568-274-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2568-273-0x00000000000B0000-0x00000000000B2000-memory.dmp

Filesize
8KB

Download
memory/2568-753-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download