locky_lukitus | 0d0ec7cc3b6c9ca1251cfb8672cd4e9c68080f7f0a67ad17357f62a9fd4aea5d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40ebefdec6870263827ce6425702e785_JaffaCakes118.exe
Size

654KB
MD5

40ebefdec6870263827ce6425702e785
SHA1

6eeb5a2e81f54e1eec1eb7af2ed621504011065b
SHA256

0d0ec7cc3b6c9ca1251cfb8672cd4e9c68080f7f0a67ad17357f62a9fd4aea5d
SHA512

62e1f05949536d7ac5ae878c5eff25dda11cb44073c27d93a203b39fd029664b17966c60a047bf7a3345ab0bee99548b589fef20e8257c8351c18fbd6459c54d
SSDEEP

12288:/jmKnV9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmH:/xnfS/XfuDisAgbeUup4OY9+F

Score

10^/10

locky_lukitus ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2872 cmd.exe

pid	process
2872	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

40ebefdec6870263827ce6425702e785_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

Processes:

40ebefdec6870263827ce6425702e785_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\Desktop\WallpaperStyle = "0"	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\Desktop\TileWallpaper = "0"	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB0C4C51-11CF-11EF-8B6F-CA05972DBE1D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000000137ec605d2bcfd32e1d6bbdd69b6ca50d19eba956c422f5414bc2022f58f2c4000000000e8000000002000020000000fbb26410af1e886099fecf3bf9bb350bb406ce29847afb3080d8349412ef281620000000dfe1a92b859eaa416f9c75c6e88611c9fe30eb33f9e187be4cae16e971d5fd66400000008ae3b7fb7e0f0a25b767346bac7fb73a5cb23305edcb95919acab0dc6dd232e7f4f443f0986bf856923332ff036ffaff1bb91c9a7b0def0450430e2c6f264d7b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a040999fdca5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000beca84d4f2da4821227d5d9bbc5544ed623c545320dda18c93579e5d8aa81bf0000000000e8000000002000020000000e9850e6e2c8509303d3656e6bf565f0303ca26d8c5cc9d4ff54318d7a0ee5ce190000000830df0f87551acdef91dc1b962d52bc17ee09835cbd13087323567a2f2e2b0f6f4a37823dd961f0da8f4ea541bcaf20bca5071dab21a73ad82291d9ddffd932b819fd523b7b33dc24aba714282487f6eb56c0ee3f6ca4699e5ba6eef64555a46003a24fe50b8d6165bdf7fd2fcb23336a998df75c0e3619a2a77a9b4af975bc6925c43128c612419d0149b0b4fab540c40000000a70b61f32be67c9c86a4bcec3f2c40f0a08625a1798157b05fe078917e824424ab228e45606bdbd8b48b4d8653b8187fb9a19d1f85f31cb558e5c78b8042640b	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeDllHost.exe

pid process

1652 iexplore.exe
1496 DllHost.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1652 iexplore.exe
1652 iexplore.exe
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE

pid	process
1652	iexplore.exe
1496	DllHost.exe

pid	process
1652	iexplore.exe
1652	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

40ebefdec6870263827ce6425702e785_JaffaCakes118.exeiexplore.exe

description	pid	process	target process
PID 2260 wrote to memory of 1652	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	iexplore.exe
PID 2260 wrote to memory of 1652	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	iexplore.exe
PID 2260 wrote to memory of 1652	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	iexplore.exe
PID 2260 wrote to memory of 1652	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	iexplore.exe
PID 1652 wrote to memory of 3032	1652	iexplore.exe	IEXPLORE.EXE
PID 1652 wrote to memory of 3032	1652	iexplore.exe	IEXPLORE.EXE
PID 1652 wrote to memory of 3032	1652	iexplore.exe	IEXPLORE.EXE
PID 1652 wrote to memory of 3032	1652	iexplore.exe	IEXPLORE.EXE
PID 2260 wrote to memory of 2872	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	cmd.exe
PID 2260 wrote to memory of 2872	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	cmd.exe
PID 2260 wrote to memory of 2872	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	cmd.exe
PID 2260 wrote to memory of 2872	2260	40ebefdec6870263827ce6425702e785_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\40ebefdec6870263827ce6425702e785_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\40ebefdec6870263827ce6425702e785_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2260

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\40ebefdec6870263827ce6425702e785_JaffaCakes118.exe"
2⤵
- Deletes itself
PID:2872

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:1496

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
223615dda810a13c9bffc200cdf868db

SHA1
a9ce5f82b7d6a5041f3fe4fcfbd454bc5369f604

SHA256
998e37ab3db777ae1ebdd7782c331b65eb1345a1b6f708d9acde11280430f0b5

SHA512
8c0326e7d8f02b49f74cf87651c8d99301f995f18e950128ae78ef75832d059b19616aac4b44a1fac08f62f0670a1a08fb67a43e2c1bdfc8d17347b20e47f951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
42a8296ccd1d446645dec065c79d38dc

SHA1
3fe8be9e8b3aca97ab7a23d585506a5fe97dce01

SHA256
683c8f2883445fd5f0f48e9f96bac604ff1ac26becbffa1362cecec74e0995ac

SHA512
87d89d9b6383c0c70bccc8b9c4f46ad3f00bf7e1caec710bfc0c42851e39df5da70ff1ef1fc0af9048758d1a8b890d359b2334a8c4fbed34af8a444777ebc2df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3fea99e068943e705046284f9937a272

SHA1
353b9f2595add03a4f050aeb2318782a2541373d

SHA256
f728fafc11e65ee3ae55290bafb42cbbb2dab54c9ab9f2ef94f8057b6cd9e897

SHA512
b37099295b1067a9317785b5f31b17c599b763330d607498447449f696b6eb7ef738c0c8e18b7b2baf0beae35caa7c7d772d14d7eb07b7c70a2bcb854ca1d9af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
020a836f1b56710a70e71bf7d8638ed4

SHA1
9763e7d391f209da6553471e53636a07ac0c4c77

SHA256
a0122a910ac430c4de3535436810d69eae89293dc2feec382046d33eeea25aad

SHA512
04f75594a4d75b6fa185539010d84885e41e8c8ab6c39d8401e0c9cdf64f59af35843668eab4d5568979e6e8ef68027947392c4e817dc3e7f2ee9c26b57576a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4d89f0acae39d8c0a0458bc7fea6e2a1

SHA1
fbf355888007187a10938942899e9d42bf90cb8c

SHA256
fc23e71338c5db4a5d4394f413947ac81c4f9761ca66ab7a66c70647d156fe71

SHA512
18373bc1ad065093b8f01a75758371461102a662145a0e1f88a799e7fab85e25373b50a5a1eb4eeb2ba8f95f70b73de061ee8a79dcdb9412a1d69c3002aa194e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
60418018e22a2c53b9d014b75a32f499

SHA1
ea2eb6640ad58a7f2e7dff382d6ab2482d4b9b7d

SHA256
6a39d9966a4e5bc80ed91fe6cad7016e0ae0a7fc3140d303b89b240577a8401f

SHA512
7ca8169ac5f8bfe9059af12a80e9aa68b3ca66011997cb29205b3df7d1ac5c77188017cb8c556c10650dd87ab771f1eb121c707d130b856099c5ac28c9fbf7ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c9e5851941f2a43593e9e46c7b03dfdd

SHA1
099499e33279619f64dbf071faaf571ad63b5373

SHA256
f6361cc9577402b1e2627c1f7424d8ff32255e7416360dd57a0c2f1dc56fa4bd

SHA512
29c4250f6a8f5c5f096ea8fb35c50a49b1f27946e2d62037d2d209bf4292fd910f50abaa66614e0342d7bd208999dbb237181648abdbd04d690955a8969d1847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f80d08d9cf365af0f39664145b0333b0

SHA1
172107096e7df6fc31d44e64d650daf0a7c739dc

SHA256
aff252c9b45aeef05e4c13525031540e06654ec7ee74b20429835dd0213b0d57

SHA512
8f3c487aa3f4d8e4aebfc758f0616b4303ef560a02e4c937d5409f0d661a7fbcdb2d3ac87bfeabcd512bd8e07f15b406fb682489c540c8df6da3b53b869305b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4fd1e2d0ee6ab12378017132aa5891f6

SHA1
d3e409d4ac0df77c5707df8b912c13e55b4a5cfe

SHA256
f23340d007fb52ac07b58d395c8fd5d17976799d70bdbd9f767b26c1a2abf915

SHA512
d2911da1c54b211561b712be0b3188cfea9faa08a3dcefa1a8508720803366a87d1ca8ebdd4ad4cc7ff42ddf2562c42d481e1adb1198c3f76b2fc467ca8fd9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71F8.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar72E9.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\lukitus.bmp
Filesize
3.4MB

MD5
05905f3335010f905c94e2931f69cd90

SHA1
72fe8ec4abf35338384146aef404ef929dd874d3

SHA256
87f06069085d954e2eddcad08c492eae8d3c44ff099b003d0cd41af682d716f4

SHA512
fa965148dc32f95cc7d50475ea021485c0188d7afb0972184b545366e8aca6de417ef55ca5abed16a221acd7dedf8b815417c3cf40cd7706aa2d70161d29bd18

Download Submit
C:\Users\Default\lukitus-70c1.htm
Filesize
7KB

MD5
c2ecfd44c8631ac3a40bf61196410b76

SHA1
6c0c47e9786f389d181303f6bc1523dae0c555c9

SHA256
0dabec65d4311836bdf935c7a6c4937a5b4ea30dcaea741102504be245d7daa3

SHA512
19d0a9e4f50371eaac036dcbb3e4fcc71bfa2a68fac27e06b4b1678a84d3727c85f3aade856a62cdbf6898e573491e26409cab51ba21a52fecde51b43f354bf2

Download Submit
memory/1496-757-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1496-280-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1496-278-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/2260-16-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2260-277-0x0000000003830000-0x0000000003832000-memory.dmp

Filesize
8KB

Download
memory/2260-0-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2260-6-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2260-4-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2260-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2260-2-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2260-1-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2260-281-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download