2018736eacc9d84fea20d31c2e5e1d1762103fcb9bc86c254c1415cb5b6eee14

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
Size

124KB
MD5

3ef580bb31a7a0ecd419e88de1df9a12
SHA1

451fef47679a39cc218facef5b50c75e8680ac9c
SHA256

2018736eacc9d84fea20d31c2e5e1d1762103fcb9bc86c254c1415cb5b6eee14
SHA512

11b856abc6722381afe41ae141dfcb66cca5bc8531c5bd01f26969757ad347e127b1e0853ed3110696dcf2487b1b329a84f724fa58c16598db535906cab48ee2
SSDEEP

3072:ILNVA/8MGsysgMXU6niwnyTfv/AZW7uPeEgyK+or:YM1GLsjijTfvIZWueHj

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run	sgcxcxxaspf081207.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\mainyust = "C:\\Windows\\system32\\inf\\svchoct.exe C:\\Windows\\wftadfi16_081207a.dll d16tan"	sgcxcxxaspf081207.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	sgcxcxxaspf081207.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	svchoct.exe

Executes dropped EXE 2 IoCs

pid	Process
768	svchoct.exe
3584	sgcxcxxaspf081207.exe

Loads dropped DLL 2 IoCs

pid	Process
768	svchoct.exe
768	svchoct.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\inf\svchoct.exe	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\inf\svchoct.exe	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\inf\sppdcrs081207.scr	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\inf\scsys16_081207.dll	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\dcbdcatys32_081207a.dll	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
File created	C:\Windows\wftadfi16_081207a.dll	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
File opened for modification	C:\Windows\tawisys.ini	sgcxcxxaspf081207.exe
File created	C:\Windows\dcbdcatys32_081207a.dll	sgcxcxxaspf081207.exe
File opened for modification	C:\Windows\tawisys.ini	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
File created	C:\Windows\system\sgcxcxxaspf081207.exe	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "436176292"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118499"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{45AB6E96-4096-11EF-A8A8-7A4AC7ACABCB} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118499"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427584937"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Check_Associations = "no"	sgcxcxxaspf081207.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "438364013"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118499"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "436176292"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe
3584	sgcxcxxaspf081207.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
Token: SeDebugPrivilege	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe
Token: SeDebugPrivilege	3584	sgcxcxxaspf081207.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1172	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1172	IEXPLORE.EXE
1172	IEXPLORE.EXE
1068	IEXPLORE.EXE
1068	IEXPLORE.EXE
1068	IEXPLORE.EXE
1068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 768	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe	86
PID 3200 wrote to memory of 768	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe	86
PID 3200 wrote to memory of 768	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe	86
PID 3200 wrote to memory of 4432	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe	87
PID 3200 wrote to memory of 4432	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe	87
PID 3200 wrote to memory of 4432	3200	3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe	87
PID 768 wrote to memory of 4548	768	svchoct.exe	89
PID 768 wrote to memory of 4548	768	svchoct.exe	89
PID 768 wrote to memory of 4548	768	svchoct.exe	89
PID 4548 wrote to memory of 3584	4548	cmd.exe	91
PID 4548 wrote to memory of 3584	4548	cmd.exe	91
PID 4548 wrote to memory of 3584	4548	cmd.exe	91
PID 3584 wrote to memory of 1172	3584	sgcxcxxaspf081207.exe	94
PID 3584 wrote to memory of 1172	3584	sgcxcxxaspf081207.exe	94
PID 1172 wrote to memory of 1068	1172	IEXPLORE.EXE	95
PID 1172 wrote to memory of 1068	1172	IEXPLORE.EXE	95
PID 1172 wrote to memory of 1068	1172	IEXPLORE.EXE	95
PID 3584 wrote to memory of 1172	3584	sgcxcxxaspf081207.exe	94

C:\Users\Admin\AppData\Local\Temp\3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Windows\SysWOW64\inf\svchoct.exe
  "C:\Windows\system32\inf\svchoct.exe" C:\Windows\wftadfi16_081207a.dll d16tan
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:768
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c "c:\mylas3tecj.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4548
  - - C:\Windows\system\sgcxcxxaspf081207.exe
      "C:\Windows\system\sgcxcxxaspf081207.exe" i
      4⤵
      Adds policy Run key to start application
      Checks computer location settings
      Executes dropped EXE
      Drops file in Windows directory
      Modifies Internet Explorer settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3584
    - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1172
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1172 CREDAT:17410 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118.exe"
  2⤵
  PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WZ04RUV6\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Windows\SysWOW64\inf\svchoct.exe

Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
C:\Windows\System\sgcxcxxaspf081207.exe

Filesize
124KB

MD5
3ef580bb31a7a0ecd419e88de1df9a12

SHA1
451fef47679a39cc218facef5b50c75e8680ac9c

SHA256
2018736eacc9d84fea20d31c2e5e1d1762103fcb9bc86c254c1415cb5b6eee14

SHA512
11b856abc6722381afe41ae141dfcb66cca5bc8531c5bd01f26969757ad347e127b1e0853ed3110696dcf2487b1b329a84f724fa58c16598db535906cab48ee2

Download Submit
C:\Windows\dcbdcatys32_081207a.dll

Filesize
235KB

MD5
60ae90145a6bc50790318fb0b074131f

SHA1
6f5b6ab387fde56f099fb88496aee66ac4106108

SHA256
a5b0faef46cc255e80aadcf61ba275bfab81ec521562c34bfebc2c1becd93a78

SHA512
67989effaf49bfad2e28ff10842f42be360d8d4e0d2e0a70fd703d160060ab9be43015a312afcaa01e4e44c570dabe54d9f1705c5ef78973ee407b59aebb9f80

Download Submit
C:\Windows\tawisys.ini

Filesize
493B

MD5
24438ede8c94371269720e46e8745b50

SHA1
cc67a5dbb96ad2ca5271d1c2db7eea5ff52c76c8

SHA256
848d79d222c5919324fa04447c6ee6209795b8c8584c75dd374edd37b000c9cb

SHA512
15a14ed9fbe243ccdff4a0c2c023917d31829b609b5b228de95d96974368170387cb88c5f475871a78281921055d958c0d6fdc88446dd5f91815fdc6d4e37023

Download Submit
C:\Windows\tawisys.ini

Filesize
82B

MD5
2480d36467f45a316e4a258fe0b7e977

SHA1
1b62ffe951e000a18bc1be1a08ac87d85b23e3f0

SHA256
fad6f5586b530b49569d075c0db2194ce888dcd0d32219367149c51b03c97be2

SHA512
27eecb983114ee98ab895f4ac9bc69c34083dd42cfcb12e4ae04b43be3d131cf70f1fd421ea3186baf790459fcbc9e324ddb8ae57a3ce59ae43062ead6ad1fa9

Download Submit
C:\Windows\tawisys.ini

Filesize
384B

MD5
e23f6a4f7b965af905d7e351c0b0ec8b

SHA1
3a08e85973f97fd69e84d1df616c5ba502cb2f89

SHA256
f97ebbe90cdf6f1e1269fde9803dd62267b0537ae678f293ac7932ceb3129d3a

SHA512
6ac58b57278712a14f52420c1af4d76d35e96cd513c57328d53e835d6d51c1941ac76c90b0cb310513ffc047da42a800dd04d46e79317c33fe0fb60a4c2d79e9

Download Submit
C:\Windows\tawisys.ini

Filesize
433B

MD5
d34de41bf887fb72334a0c542a23ef09

SHA1
9d406bd5397f8df8e31281af66775cfec8cbab16

SHA256
4e021fcea72f077712c6912c8541fcebab2cfd9550a02d4b3f0965707c607bc0

SHA512
f20b0489ca533266f3d165a140cc849f6d696d3eed3fd0acc7c980dabb45c1e23ba693dd97031ab380eaad2dc19d2146cb6417071e21c02ec52f588bff167e6d

Download Submit
C:\Windows\wftadfi16_081207a.dll

Filesize
36KB

MD5
7f2a23d9909f950a1c71d7dfbac0debd

SHA1
f6eb6dc4fad12f793af39be6032b2dfed3e52268

SHA256
d96d0cc09dc769c936182c362ff07b1a28ea79c5e83d103f3072b67f1ec50b61

SHA512
62f1ded32c5ea3dc2a10231dc0d360fde5f55a46d56787a3a32fc221a53e7a29e65cf51e6bfca3612444e9a67a75c2d6593c44243a5d33221f327bfd5b88783d

Download Submit
\??\c:\mylas3tecj.bat

Filesize
53B

MD5
791fba77df97af6aed5a5d834e301244

SHA1
877333337e83d8441521cd8d7fd13e692299035f

SHA256
2b7519863fb197a1736a51a92578e3e73b592cb93541d1e48046bb8b70adb64e

SHA512
08d0d731076ae00051b4584640631724c382ac072c53cf5502a32fd714ce548c26bf3854704bf4cc250a21484c42d35a22dc47a8e3f59a17c10b7e74cf507a23

Download Submit
memory/768-58-0x00000000008F0000-0x00000000008FF000-memory.dmp

Filesize
60KB

Download
memory/768-75-0x00000000008F0000-0x00000000008FF000-memory.dmp

Filesize
60KB

Download
memory/768-114-0x00000000008F0000-0x00000000008FF000-memory.dmp

Filesize
60KB

Download
memory/3200-59-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3200-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3584-85-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3584-92-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download