81b20269f40fa088b86c3d6f42095a1d5ef482f3e8c331a2d178db8ba2ab3b97

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27143e488d0ae16f5c0b2e6e405364bc_JaffaCakes118.dll
Size

6KB
MD5

27143e488d0ae16f5c0b2e6e405364bc
SHA1

b31ef6092345ede6d6960876e8a60412c77fdaa9
SHA256

81b20269f40fa088b86c3d6f42095a1d5ef482f3e8c331a2d178db8ba2ab3b97
SHA512

77ec97b2fccd13c9bd38889052abb872c6d823419548e881f8e78169db01e78ef0b782548ddd5a6e99ebb1b1cdd00e15d565449f39ab8345136ad559f2767bdd
SSDEEP

96:DXs99nWYLxsqucUJEKyzVjyxoEwmVRODAALc6sof:DXs9l9LxsySzyz1yPVRGXc6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426370364"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97383321-3B06-11EF-B0F4-569FD5A164C1} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2076	rundll32.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2992 wrote to memory of 2076	2992	rundll32.exe	28
PID 2076 wrote to memory of 2812	2076	rundll32.exe	29
PID 2076 wrote to memory of 2812	2076	rundll32.exe	29
PID 2076 wrote to memory of 2812	2076	rundll32.exe	29
PID 2076 wrote to memory of 2812	2076	rundll32.exe	29
PID 2812 wrote to memory of 2744	2812	iexplore.exe	30
PID 2812 wrote to memory of 2744	2812	iexplore.exe	30
PID 2812 wrote to memory of 2744	2812	iexplore.exe	30
PID 2812 wrote to memory of 2744	2812	iexplore.exe	30
PID 2744 wrote to memory of 2608	2744	IEXPLORE.EXE	31
PID 2744 wrote to memory of 2608	2744	IEXPLORE.EXE	31
PID 2744 wrote to memory of 2608	2744	IEXPLORE.EXE	31
PID 2744 wrote to memory of 2608	2744	IEXPLORE.EXE	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27143e488d0ae16f5c0b2e6e405364bc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27143e488d0ae16f5c0b2e6e405364bc_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ea140669949a445215f594a5ac79015e

SHA1
973f1c54bbfda2867bb87f2f073ad87199b0ef41

SHA256
5a2920e64c8d936139a47923c4e2e6cc99aacedfc42528d52a4c3f5d22c09330

SHA512
fb9f0d24ff354e29a4865568c75fd459326b6851dc70e12ba2cea0e06dddee756552188db5979dc37c55aad6965299f839536380323a4cd55fd0809b1e2c45b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c1017407f85fd447c190f07669bc97f2

SHA1
c1fd9b3475481d5abb6fea49d2bfc2d27c6f388d

SHA256
e6c4c1c60e1d0298039f8d0af9ce344e9ca98df7d62896698a0c91d9ff78375a

SHA512
447415c779bea9e1ea0be53b67449521c81783766a0430c5b88c2d91ae50e47b42360b42d3e4a4f80024396c68db2efe66bcb39a424ebb0ab7b3285a8faacb0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c485e9b14145cc276e3c57a2c323a542

SHA1
f63fda7dd26b49328410ded20fa33d48af67d8ce

SHA256
8f9ea97f4e11b53df26f834d99942b9aaca33a1e974299e466008e04a2349542

SHA512
fd8fa0e51d72eaafca84c24d5cdd139fe8eb4119960956b71da8e26c7beb0e499de1541f3239b840943409ac052d65ac02ff9741f0c928219413408ea35eb5b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1343cb71bca5d67b69754bee5b0a09e7

SHA1
cab2701f882935128f9d44fa7b34ae734276d2cb

SHA256
c2d71b6bb5ae8e05a545ece4f817c88bc62f5499f0e7405812b54e56fd7f30ba

SHA512
505f6e6ad6c13e4b82b469bc40e5f0db3d3565ae1b36bb676fb6f60689f75ab0be7e1d9f13dd953c5012031f715ff7ef04e90931735f2841e93581d2ab96f91e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d2e87b8215ac5c379693f2c6a3f62573

SHA1
d910d77b67a9e1305b0b90db0788b18c7977b97c

SHA256
258eec6048ec2f2e7cce7a51cae2f4416422ce345b74dbee62e20b1a00698044

SHA512
a93b607a17a6c2d2fccb70d7539ec1668ab7a047828b4813fcee018506aadbb09806800f3909dc3e4595c17921ec840817ab8f2ed225396d20b98089db940fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b8227b51998c0b0651ea54a23f174642

SHA1
b53aca597379e20bb64ecd1c6ad3e92bff04f35a

SHA256
54f54757352eb6a765e713e78d1ea98bf74e04374bf515ff09b4097730b2a965

SHA512
3e79ab13a8c02214057d168755698ba12a802f862b34dc8741c23cc92e32090e71d5f9c05154ba3567ed5619c9b9e02caa5585b6b48c5770c3be6b62ea37d872

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ac9a05acac94b2b015ca1c3fb71a68b0

SHA1
daa3e850d1e03d77dca8f4c3a48807fcf478beec

SHA256
eb05cdd28ebf21efdb0ec9374cf7b64c830b879ff6fcdb0920427743a2a9b133

SHA512
822970b5165ba3fb451b4aa23bc41c415899012dd4702af945fc5c7a012d4b1d2b877203017c29355570b8e05b255b4352a45bb02a9ec212335c47e32e43f137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ac56c794923bda9adb8628ecee9550db

SHA1
ad038e6eba850cd142967ed99f575f25f615fc39

SHA256
7a977578f42809466e5e1b490a5e4c98646be8c886c659cf85858c71ec396a2e

SHA512
7a7c6b436dc2e147fa424dc1bea6ecdd6a73ef5a02efc6311ad740e8297062dd4c26e815791f7758714cbe08f4819b2328ced2b81e1bd345395fba8a40f59803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2385ea1c3e3edd807043f1344f2fe3d9

SHA1
fddab73748ac37fdb5d1defea0534ce23d37f8bc

SHA256
c361317a0ebe8c7028d576419d2487e8fd09ddcb08e02f3eb3ca8d3b5c482b80

SHA512
96c7680752555366bc029384c84666711a8f7ddb2a756a051a915dda0dc2eb46e87567ba73dab6a7affa694f94d36174148dee450f1aaf0364f297b9c7598b90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
08ec716a05c743ffd38df1c3b22cc2d8

SHA1
f858aa05bd8d40720447cb54ce3a8ad8fb351937

SHA256
a4f9a94f1ad22288a8cb3b84219053cd8826c60cc889fea7f7e1c5069076ffdc

SHA512
d8450bcca6a66e4ac74f3479ed7fb9f89c1d4b6096fc0d900fed6e59acf1b3a6c75a0f9c8aa08c2732248568ab34b55f184283bd39e9c9c457d65a4d7bbf214f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0ebe900d9ef96b56b6ec217c1c035922

SHA1
eee914433f0cfe2c959a359826abcfff016bb6b6

SHA256
681dfd7999427ce6cb63fe35d44b5c0d314c80a4824480ec04270c30f63bd655

SHA512
06628488e343aa156f7326324be1ca01458489415ba0243f5513395c336db04fde96d67f96fab06094ff19abfd878d31ded5ba7c48b8086f44e451fe01d9d936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
17d8ce5aa25874439dff800ffc86a242

SHA1
534fcebe0a4d49b137d57c9ad09398999631059e

SHA256
42fb6d7d38b167ce5af7777babb336a2e682fd6e616da4cb28031b5ddaede971

SHA512
1fbf200b447c1e805730c171cea366563e84d405913f2ee2dc33f847cdb9016421264740f14707baab80730d51b84c8ad05ce6327fb1aed1cf996380d052c162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3ed8715651189e1f5aa3c70f7a26235d

SHA1
cae5323208ff8a036bfd83446fadb23259c0210e

SHA256
06f319ddbbaafe6f69fe253949e6067dd8d07038caa05545d878b2530a955a2d

SHA512
fdffc20347076d264f8405ee97a51e349bf17f656599c34cc2b75c46468cc1f3dcd8358b4487bc7953e3998665020edfdbe35e5b4d99c377a548ce2c37e386c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
469942eb8d5fc1e6579efce9647a101d

SHA1
186f101b8b78667ac1615136412c1d4f80ec7814

SHA256
827219fb10c0c3d09e4be9ef06c1ead280ef2f6c7ef7793b6b04b1f23448ced4

SHA512
c670196b18a4d13fed1f1c31a6d8977cf412fd35744094a8484c793efca789c06319d84c5f4a823b1e92c1e3bb84f98c0593af020652647148e764c11a6649d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a8ebb5dcc7ce8e93f33f6db93a0aa2ff

SHA1
5c258bfe25b3eac62a0780f5c6013e3e8dcc3891

SHA256
ce89fc7df35952ae906cb17abbb3f0ecbcd4322c8457959287fbd3dfd73cbd92

SHA512
9887014275e3ac748502ce6675ab740b35bf89b1d2759170e444e754eafb7414c251d5e6c84ce7da90fb8cc8132840694bdcd14ee8e88538ccdc1856ae7531b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
acfc65379a52bbae3157e05826f2bac7

SHA1
59f8d9adcb8b2b6270ad13542b08486ec9946d11

SHA256
677574de9c4186f938d63d7d5c78ef13ccf52c9f2142a7159c5e6be2632673cc

SHA512
414068eed55d56e4c4ddf2ed4ec111c03bee058bde869b7e4c6d3af3ec5cffa007259ee196c6ff8daa8d81ae31a62f1f85db491ed760ff4bad03b3ca1777b01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1d8a10ebdef19a5ed5d48c4a3c18772b

SHA1
97914b60e8894378eeada7786a360364cc5e056c

SHA256
d97a68d499e3fd18ebd682459af884e4ba07e1071f323a95720bd98a9f919ca1

SHA512
515bb06e13acdc6e59196f1226399b65075c6cf8f290f7c5f01b9e2599e36dbc1404c02830a0c0c23351fbdb1a066341acda0949ffd34918420c0c2ac1c7f860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e2016625df7a3dff8889c967e6b45793

SHA1
e8cd2a80f0d3eb535dc2618dc782e95c9fe89e04

SHA256
2075c401e884fcfc9963bbbb77846bb2d11b6792cb85e761ee751bc52cf69e8d

SHA512
b1018cbfedc55a67df08b9b81c3c1e5c973ae1dd748c44591f5dfd8952784f6ef8426cf0955f0a085cd3dccdc788ffb3d2b4be3eddea1ee97f78251d2c0d9ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C9F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D90.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2076-1-0x0000000077ACF000-0x0000000077AD0000-memory.dmp

Filesize
4KB

Download
memory/2076-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download