7d1d3b744c4171dbfe2605da70678bef1cbb360687efa96b4301a0abdb490462

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe
Size

35KB
MD5

6954e88c21ecbdd116bd1e921ef6bd49
SHA1

cbf975f591b76e6ba8c4bc51e36bd1b59764e972
SHA256

7d1d3b744c4171dbfe2605da70678bef1cbb360687efa96b4301a0abdb490462
SHA512

7489280aa05509c7bb1dc72aceeb747a75e52cdc0b95246a96357a48b235419de02432f0b8f2b1c59bda031a9e33ad89cfc16b11bd1eadb40b94f6204ce56866
SSDEEP

768:DpWJql7EeQdXEHmxDS2HZ7RTeVh/vG9+1oSZ8Cs0a:DEJqlRQdXEHEt5wGE1T7

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2944 set thread context of 2300	2944	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe	30

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\DownSetup.txt	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9AB0ED31-4948-11EF-AB3C-C2666C5B6023} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427938032"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2300	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2300	2944	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe	30
PID 2944 wrote to memory of 2300	2944	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe	30
PID 2944 wrote to memory of 2300	2944	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe	30
PID 2944 wrote to memory of 2300	2944	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe	30
PID 2944 wrote to memory of 2300	2944	6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe	30
PID 2300 wrote to memory of 2824	2300	IEXPLORE.EXE	31
PID 2300 wrote to memory of 2824	2300	IEXPLORE.EXE	31
PID 2300 wrote to memory of 2824	2300	IEXPLORE.EXE	31
PID 2300 wrote to memory of 2824	2300	IEXPLORE.EXE	31

C:\Users\Admin\AppData\Local\Temp\6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6954e88c21ecbdd116bd1e921ef6bd49_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2944
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d24fad87793844a71107bf06dd459fd

SHA1
a66abe146db475def57cd80f07f92cf3284d7448

SHA256
e8090b7faf7a73cc2b5338d8976f1a93bb44e8bf454ab720035d049c862b5f46

SHA512
551a0108b9c6106162fe1d7cd6b9fbd375d33a1b119ecce34c4db7c5917d245b65062d4028c3c22264b5d4e55a8bee8dcbab3e5b0bf81adfe4c53728bc4fa30f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57b99c45d1165a1a4d8539260bb8b51c

SHA1
cdd75ea4e78201d827c0808a924a03116eb673eb

SHA256
af88e187a4057aa6711a1fae4a672e0277c26f66e002aa15c039f11594caf5b9

SHA512
e8cb07cb23b02a0a1c9de816428d717d738b71b823745caf8f43c2e36429591fa79b78ac03de0d48e5bdc763edc31f307d1bf4c0eb62649be4adf2e2e4d966af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
503e703cb0f4dd064927c090866479f4

SHA1
97f1b82f90ad5f6ae00d19f4be6a2f682f404d77

SHA256
f3a11ced0578468c7aa2d2ca6875614e5521d83427022b77317285d6403d79d4

SHA512
c99037de822ff81923d3fe6d63a89a3c7afdc95ae7ec3f6e5ee53dd5ecd820c652f9096da2022fe38f4f54d1a8ce4444975756480a0ac2c483cb522d3cda9cd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2400b817f5d81b82f1d847976b8c677b

SHA1
15c882965dd24ca988f1e1c25b7c64a300e840e5

SHA256
a9fb440ca8f079f90b012634131250811cafd46b3fca1dff75c064306c87fc77

SHA512
802926f28afeaa3c8831d4101277d16c91477471179d9309c57708c0fdd4a5f2bc05af96e07db19f7469850891f8fecddd2be62edc9108b4a5af31c779e48ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca4979c7be348d1664607bb82a38366b

SHA1
b4cd10c78690a39d297e9cb43c412ca5ad2e1f90

SHA256
35dfcf9149af6c99100b156ac2e24db7ed003ee201551faa195283ae8aaa686c

SHA512
b5984496647536fdeff3ff587e1a7fde3d97b3579d187854b0ff96d0afb013e39bcaa4bcd8199f63df5156c30f29d2c7ea2d6d160580ee1bbd07ebd22045e03f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d671cfc7396f1c1f75f456945536071

SHA1
f86a4082640d44500a7d88d527194eb0a038a4cc

SHA256
80fbd8e4798f12a9aa8f140bc09195b3f8eb03ccd46abfdc50e7e739d470fd91

SHA512
a8dab25a51a09d82ddf1f49b296be9ae92bd60584976e711d2da2d4ada58ff19c2e1b4892b0bcccfa741186988edae39b6078756c5bd13d6c02c893a59637956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12b98c0f67db16e4324c92c279a40145

SHA1
b1515f9383ffd601cd31febf82e1c9212d9f2a51

SHA256
27491466d02fe0889350a7d0140432c8b32ce4f6ebaf1c6832bb3561f5120d1a

SHA512
b80f06f5f9ddc99c5ae137fecc6e8939731143625d6300bb0455dae4c535134cb58fd1bf48bc44a2261a5064a2b74e8b57b55835685c943300db45a8c913b3ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6dc52fc5e40d68343500d581f70508c

SHA1
d35160373c09a10b480a1b78e75f0c1fe1286eeb

SHA256
4199100ac34031eae309b7151699be6a238e0f76d7ea6863472db2071d2e5aa3

SHA512
8cacad3228df8087a50f9f9da66ab4541c658b6a35ccef6ebfec24d66c32e5e8ab1bfcc196524f527531d3d0275a5cddca771628ac22573a1a3d14cb0a8e26bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e36662d8a0202c6850e50f9d30848ce

SHA1
7e233a54b8ec154fc11f9f939c9ab9ef364009cd

SHA256
07bc90ec576306b0540a1bd34c77205d16a1355974bab489e01aaefd0357e142

SHA512
5337dd90dd90e28e6088f8aa4f9a7868bacdf2aaf788108d224f855fa4e66bf888474987fb7c4f531f96847f7b464eec3070893edc1b3d7b970d41bce5814a34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da0a4f31d0ae9bd5a26ab530e9826382

SHA1
91779745b840b5da462d5dfdb587dec8b43e04b6

SHA256
0510d1db99a83c148de754980686e1ff0a74f53702d4fb30b19c20214f95c0bc

SHA512
9a67bbb78d2c1dc92d6febbff36bc0cb7ce06f8ef845e774235d84d35017d05792f127ee82409167edbe61f332c5c21ed212b49062a7c9129adafb6682aea516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eba3964cee77887729ba935c3d48a048

SHA1
4c6db6435bc7e866bf830fc1ed9e1d2748d09b74

SHA256
4e5c39c4dd0e0a493beeb6250d2eeeb65333d94d9dd8a510af8bb815ed1b8a3c

SHA512
3a8ca0c2ffcc5f0dd913b68a247aafbb979fd267a2ea1a6d090e2b925021ab6c9f4204fbbbe7369140ec71182db4f2ca6da429a839a6c34767b79487dda39425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ed9e5a624b130d014fab9e9bc9a1773

SHA1
ea9eba6439afd00350f36528103a90518fdce556

SHA256
b455d2b2404a70cbbea6dd2a26200f1fee1db6c81e3b49ad6269c2566b47f9a9

SHA512
12fa13f5c5a7cde38fc4c16e397880710f4a784f0fcb060271e5c1657aaf91da4358349e6085dabaa61ce9877af8d9e2ba8b73918f32b71b57d8c0448697e602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6413b1067cf655a8052443bbbeb470c

SHA1
53549be2337702b22dcc1e363b04a6413d290285

SHA256
25975cf41ba1b0dede46d363757b4f831d15c91c713c9c2435db039c31c8fbee

SHA512
692d978b5e3b5752cd812c95152edb669814782df4f93cfd98ae5181628b0eb86d5fe87e66fcb4ff0cb9a1e0471d0a91b8a97c3c839c8ef01dab9cd3437e07c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53b586f86857a04625f20d0c3f336ded

SHA1
3bb6bb07279f98bd61b3b394b62e5e185d1b41cc

SHA256
029278641305363b4d0f8e4aea9eaa4ed5497ce282b83736b1017f3be3406cc8

SHA512
783452888e1e568199e4f6a391caa8435db5b4b93a21c9423672781dbd074bcc92fb7ff2df391eb889c1b88065c8fde8a8a2446d95ad760edd8ad47e2f61a2f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99215162cb764809d19be6767195af48

SHA1
cfa37f8bf35d9cd0b8a40c34b70f40a29a0ef464

SHA256
a4e9ecc94e2e98848689f8a8dff5ecdec530367bba4c6c6a7e7438e252555158

SHA512
3d308703303f5d90615436eff7b33375020920bf3c96448886b01809b757dcf0c4c24c6cac22b48d8ca0799b180fe37e2d06370f6f73a81243678d678b9bae3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d20e19c7eb6a8d36cc5c6a9c4018f22d

SHA1
3ceeb9cc147e9a3293ceb9ef9c6e06afc387c55c

SHA256
d8aad64e8b13dea693443e47c72309ebd592d031f04e71fd94d1ae233a5d652b

SHA512
60f02419a9d8ca336dac8ad5cc48be316a0140c85c293d321c82ea4581c73614e7501f37f11e4c8d024bc14ec8d6ae0cd779e36ae1f0f8207305884878118f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7600074ea04be5b69c1ad2f1b9804323

SHA1
50bca4a97f418c64979e7ccd7663934d2db687f7

SHA256
2763ed4aeeb9115d4a384e6e1937a09831a6ad840246210f035a5a59bcd55ce9

SHA512
e34289295125a83ae28a4e35b747cd59a8b4b3dda213840eb99549fe121d273ae081d536769deef740ceb3e0a68780ff5b1ef211a3a81a331de670d5d4ef6574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dc90447bf866183cd387d28202ac996

SHA1
84de75c08dd4b75e249796f6722be2b6875b313f

SHA256
41c99dea8b23c704ff5a3657c426c7d28e099765f1f1128c27c2a745a3e9206c

SHA512
bc7553fbf5572eb9b04b85c40a0ba7b4f04fb25ff4f2b2faae3726dfb4e036907465603794e38a4a3dc533eefe10169a85d4c12d7778e2b2559345cf96352486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcbf8b6c995471200b22a6c3fd007972

SHA1
f1c1c92a35b09d77487fcb4ce91cc0094da75900

SHA256
670f55874ae32fc9a1f32d333da15fc422d18ca34290107b44e109586db02021

SHA512
ed038f72a73d8aeb01c5b02e2ba8db208bbe26c850f1b39115e1760f5207eb3cd21701309b92fb83021a2b9040576e4732687ed4db609b89758397e4636c1e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab37C6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3836.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2300-1-0x0000000000060000-0x000000000006F000-memory.dmp

Filesize
60KB

Download
memory/2944-2-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download