42a80281f27333c48786df6d9866ef4fec91ce383cef67cace2e05ef44d3b8b1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Size

423KB
MD5

382b2d73e258a91eb66e695b13c08620
SHA1

f281448a1a3b704ac144faea000965ae721b1429
SHA256

42a80281f27333c48786df6d9866ef4fec91ce383cef67cace2e05ef44d3b8b1
SHA512

f2ca9083c8fb598999c544b46363e2973c7477df95c2bb2698ce0cb7788d0c7ff4bb05482c1bbf6b5cd4c45312e6271c8663e7bcee608b0aa4dc792dfa167340
SSDEEP

6144:UnoBjJi0nohk50WpUyJhI+RcTUmmkUlyEByODnCQfx0DH39+BmMZx:UnoBjdnoa0WGyP+T1cNHnCa0DH390

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000019619-12.dat	acprotect
behavioral1/memory/1016-21-0x00000000003C0000-0x00000000003CE000-memory.dmp	acprotect
behavioral1/files/0x0005000000019621-26.dat	acprotect
behavioral1/files/0x0005000000019625-38.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1016-11-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-91-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-96-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-100-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-104-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-108-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-112-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-116-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-120-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-124-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-128-0x0000000000400000-0x000000000054A000-memory.dmp	upx
behavioral1/memory/1016-132-0x0000000000400000-0x000000000054A000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\tmpad.xml	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msscript.ocx	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cizv.dll	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\QMDispatch.dll	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
File opened for modification	C:\Windows\QMDispatch.dll	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\ProgID	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\InprocServer32\ = "C:\\Windows\\QMDISP~1.DLL"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\FLAGS\ = "0"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\TypeLib	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\TypeLib	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\HELPDIR	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\TypeLib\ = "{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\ = "QMFunction Class"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\CLSID\ = "{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\Programmable	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\TypeLib\ = "{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\ = "QMDispatch 1.0 Type Library"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\ProxyStubClsid32	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\CLSID	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\ = "QMFunction Class"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\InprocServer32	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\ = "IQMFunction"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\TypeLib\Version = "1.0"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\VersionIndependentProgID	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\0\win32\ = "C:\\Windows\\QMDispatch.dll"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction.1\CLSID	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction.1\CLSID\ = "{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\ProgID\ = "QMDispatch.QMFunction.1"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\VersionIndependentProgID\ = "QMDispatch.QMFunction"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\InprocServer32\ThreadingModel = "Apartment"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\HELPDIR\ = "C:\\Windows\\"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\ = "IQMFunction"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\TypeLib\Version = "1.0"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction.1	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\CurVer\ = "QMDispatch.QMFunction.1"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\TypeLib\ = "{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction.1\ = "QMFunction Class"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\CurVer	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\FLAGS	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\0	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\0\win32	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\ProxyStubClsid32	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F}\TypeLib	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
472	Process not Found
472	Process not Found
472	Process not Found

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
1016	382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\382b2d73e258a91eb66e695b13c08620_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\default.htm

Filesize
719B

MD5
9bd399092c8c785a84b0c4979ab234ea

SHA1
dc5783c6cabff6c851ea2d23ced7312a5a816677

SHA256
a81afdff3582dcd70574e906b2e0fcb5e5d9bf99c166ce60a75bf53346751cf2

SHA512
c4dca35228ecfd161408abe03398328b45c7290b0897eddad9b0f48fe0a326c1d8c996572ec13d255e0927b4d5f8a365a507b4b570eea26366025e2559248fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\macro0.tmp

Filesize
1KB

MD5
6e89b2498ec76b19d3997ea1a20b7da7

SHA1
bbab4f951f68eb1a6120a8acf8ff380c652a80b1

SHA256
766edc093c93d03d1d3ab99b314ccefebab7c0d2d51f4cfec1c7a9abbc3009f5

SHA512
3ca5f964493aef614e65bd18632c4e3d7b45a28ceaf44775dada29fc9f60e57f0ea42f65fecc9dc3bb2509e4d2fff8e57239a11cbed7bb7d3f33dcab0b412661

Download Submit
C:\Users\Admin\AppData\Local\Temp\macroinfo.dat

Filesize
361B

MD5
82335fcb6b9ddf1a6952224dd8391be8

SHA1
32680155236c77c2923e0f541e949fac06640153

SHA256
f8f3caa08077f195069a084165cb85c3628ab7dcf596bcdec5cc962cef015602

SHA512
651a272c1f00ffdf482a2495cdbf81d9fbe7b727ba442ab57b4f571606782e6800afe5285c637a4dd6826f2b757a9d17c290d61fce5b66343dde1d3b9e42e2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mymacro.ini

Filesize
23B

MD5
2e166af4b32b36d429e8804bbba43318

SHA1
b0edd18aacf8b8adca135589c51dcf49712f65f1

SHA256
19349996b45f4a40de902fb05eed51f423589819d320070b3d4c911bb32aed5a

SHA512
319e999f4ffd995c5f06920a0132630659cab30ee00b828cba59af5885f3c313a7883f60d9e5aaa38defba7e9345542d14e54d67f8c20e96e2a4ad2d1744564f

Download Submit
C:\Windows\QMDispatch.dll

Filesize
27KB

MD5
533f7a48d4d595dd2bfe932ef43fa0ca

SHA1
457471ca7fe6d594c4705102b08ff48816d4eff2

SHA256
29b997f1ae6704e0ee83a3fa8198794d17b70645d8067046556507f10e313e48

SHA512
fd3d50866ceacce723dcfe2b01041150dd37d731aa111516b141c61746f360007c206f072a66363a1e8e68d72adc51bb7739a109ec49f69d4f4654e65542b809

Download Submit
C:\Windows\SysWOW64\cizv.dll

Filesize
15KB

MD5
380e545d52508fd12f2cff3ede7fd3e9

SHA1
84250bf555c7f85c06ca63d5ec068a7f82f5a59f

SHA256
6f93aef2d06a16d81185dff954700487aa81955ca501a97432dc41e98eb06224

SHA512
798be688435947f65d4fee82104241864f15d0e47b02355c6e35e1dbadf90259b1f5a497e4fc2f34ca825eb395df1a207efc525fe8d7083859f5858bcf9dc81f

Download Submit
\Users\Admin\AppData\Local\Temp\WinIo.dll

Filesize
36KB

MD5
c6b4bb7661fb5e0fc1efaa9f604a5da3

SHA1
1826692742a240a9214363e59ca18d57e5b1f439

SHA256
abff25b2e8bbe3b77d7077bd8763d54b935018d6f0a8420b91d04ec1eeb780ed

SHA512
fc8df9b2920c616d5cfefd2f669206601f5de201f145c9518b97b59fcb6074ab4531d1d05a247c5885be22474bbf33e683e9edef62b9fe1e4a264c0c12f8fb6e

Download Submit
\Users\Admin\AppData\Local\Temp\helper.dll

Filesize
17KB

MD5
d62ad7b03be3aec573a7dff1ddcb7c41

SHA1
61eaba65526e3985d893cb9833daa99cfc5fa851

SHA256
66f118c2114482f48d53edcae6363c9cf0a72ae5755b8e0887551b0ef8dd2495

SHA512
c0214bcdc6a264e8a3961b15c6f176ff9c34c9ca5fe3a841b61933e573ead9486ede1f4f2f8b94f2cf318de26a04543124d6fca587c3ba60dcc4b7e28f3592e7

Download Submit
memory/1016-32-0x0000000002240000-0x0000000002256000-memory.dmp

Filesize
88KB

Download
memory/1016-100-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-14-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1016-62-0x0000000002290000-0x000000000229C000-memory.dmp

Filesize
48KB

Download
memory/1016-11-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-94-0x0000000002290000-0x000000000229C000-memory.dmp

Filesize
48KB

Download
memory/1016-91-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-95-0x00000000003C0000-0x00000000003CE000-memory.dmp

Filesize
56KB

Download
memory/1016-96-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-21-0x00000000003C0000-0x00000000003CE000-memory.dmp

Filesize
56KB

Download
memory/1016-104-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-108-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-112-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-116-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-120-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-124-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-128-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download
memory/1016-132-0x0000000000400000-0x000000000054A000-memory.dmp

Filesize
1.3MB

Download