e5e5ca1031949bebe86baf826e7bf0e52578aa60cd0bcc61ef29e52efa2ffda8

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe
Size

38KB
MD5

85d19532fe806a6e69c4a2f8fb0d99b6
SHA1

6e4e9848586555e2ab97138edd96a44ee14824df
SHA256

e5e5ca1031949bebe86baf826e7bf0e52578aa60cd0bcc61ef29e52efa2ffda8
SHA512

c7ee667d8f85ceb8f80a07a22ed4c7a91de51e7637e5619398d6644cb739f51f93522e325e823034c2277b169a5e38aefa60216abc5bf815f0fe6c2908bdf301
SSDEEP

768:lFe7tEyaKaorzIgQGgV7qwGqqoAHQW8UnYL:fcaKaorzIgzgZqwNqRHQIYL

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2652 set thread context of 2128	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe	30

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429449750"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5893F0A1-5708-11EF-B552-FA51B03C324C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2128	iexplore.exe
2128	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2128	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe	30
PID 2652 wrote to memory of 2128	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe	30
PID 2652 wrote to memory of 2128	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe	30
PID 2652 wrote to memory of 2128	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe	30
PID 2652 wrote to memory of 2128	2652	85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe	30
PID 2128 wrote to memory of 2756	2128	iexplore.exe	31
PID 2128 wrote to memory of 2756	2128	iexplore.exe	31
PID 2128 wrote to memory of 2756	2128	iexplore.exe	31
PID 2128 wrote to memory of 2756	2128	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files\Internet Explorer\iexplore.exe
  C:\Users\Admin\AppData\Local\Temp\85d19532fe806a6e69c4a2f8fb0d99b6_JaffaCakes118.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1579b3ae3655e90f5f38ef470e96dec5

SHA1
4ec406c3d17e480935380c0842930c50436c6a47

SHA256
36734bfcdf2de7ad6b988f6ea13bdd1650f88505a3c0bd3ec9b2fcd800d5d65b

SHA512
b1531a1a772760e6f1072d828ca56b6869ae408be180de669c644e76d74fe5cdb8f872cd464b5d72511a52b4ce339ef0ef8cceffd2599e35645eb5074451a624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44a8e2ce0ddb0193d5b1f03602c8388e

SHA1
11d5b8c45ad9b043a45bbd6265a71db9e0886d92

SHA256
f84d6cc3aaa211369ede16bf16a426e30f275b516f687717f75b2d6a268beef2

SHA512
38cac177239a90521fe94fb4b3e8438c8298c43537d87705311a55436cce5706c8722884b94fa840758c6355c8e6faff377e26ed92b92bd89c1aff01dc4b42fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bfa9e20506d8b8caf4a6c574c24d6b4

SHA1
c86700fe6e385e28ab24ffa496c606b34ee7eb4f

SHA256
0c790ddfbd63a0337237d2b7d8ae28bf1d6905fb93bcfdf10a6600f75b6084a0

SHA512
00271b652039055b94035e43339d62941831dff242e8a2ce9b0ebe08eba921cb5a6b5a0242d0772f729d732ff624967787805636a3a544a05161765e39eb7568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
558c56ff0e6521430e8fa5a180a818fd

SHA1
0938dccce34d72270317fb255b681f2a26aa99de

SHA256
c5856e47e1ac93d1c674e47fb7619c4ba96d1fec5bbb7905425e2e93b926a6e0

SHA512
e9818f445737d56f7750c1064c370745d3f5a3fd2a99fe5c946506c1586dda90051bbbea1cdbc7ee02f94401509bc42334295dcb7eb926a81620fc00886d70f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b32f99f9cf3c5ee592cad431ca46141

SHA1
2944ee317396d6d0ee89df36aada3ea2d866939c

SHA256
221b9d8bb040c81984a08e6287d783b7bf8ea8395f89ad0ddba045464977d2f7

SHA512
89fff3b4ac6dd25024fcff5eb361659dafb1cdfff057260838d6468a024de6c748994ca4ee8d55df7072b310f4d1b2ea1d0911a63a48cbff0223f78761f32fa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2d4634f7faff9296af6c82b32af6407

SHA1
e23a2b6c28fdcbf33dddc2278dce525bf4b82987

SHA256
3dd523634584ff74725be19fbcf673e424b5106362b75ae2612e162e1acd4fad

SHA512
be882feb60833ed9006d05bbd8db079c0a56ba7c68e0b04fc0821c63f7c74d960205a40c9cd89054922cefde121474897aa0868e592f1724182e113049fc1dac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
598339c54e76b7e793a6836873afcfe5

SHA1
346a3402e95894376128ae5d44d0b3f868a5bc22

SHA256
95a565f98b7c1907c24375f7ef278673151b45436275c18a811fa0c78e1435aa

SHA512
926ff1f00e5d0a766d01f9cc62b2045082060d669517e368f57e3094dbfa03de2d89b1d5eb1971493e6908964a664d90e78f9c82f312ad651af1e450597cdd57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa611c804fa438e0fbe1de04907a62b8

SHA1
d0b535f090486c94ef31e7bcf37dd82e51a59697

SHA256
0399f954e5c5e5ef769f24d9d5fb11389874898b4a25a7c07a786ddb4f3a4d8c

SHA512
4a13348016abc241ff65434ddea60f00fa2871ae2579bea5749200b1079d556faff6017c1cb4dd55fe49a7b69188beb58eb9995fc07f9b5f503c4471c6816c38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37c208f9f80ace7e8ced0ba36d197512

SHA1
f09f1daa0ed470490a5b5201bce456a2be4aae90

SHA256
f193bcff799d92e53dfb4c73c096261da0c67d6ec28c41d7108b489f4b39bbb1

SHA512
35b98c5f32e6c9129d79271887b31ab4bcfaf0f37a84868ae52fe6081776bdbc69a11b2d0aaecb9458ae8d5061f9b32ff30a2595461120aa65ab08c6fb5e8b28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfa9bccfb570a06f63633b431b6f4c8a

SHA1
d07b961a399c27ee4246c6321eee201381331fa3

SHA256
7e283044fb7d660af885773bb30ad53052b7084986f0249fca4111386fe9d16d

SHA512
987b9e9eb6d1ce3a7db1863d01e30886e112ec9ba74987683098654556df3c2ef284b333fc63d099b1b5f355cb7d6282a15950a3c2cefe07ea49836eddb0fb4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9487c0b979370a5f717c05c97b882c3

SHA1
102797184abfe8656ec327bb294b00763a42c3f9

SHA256
2f18885320f1434198149d2e9ebee0648f826dca93a48c3a4faaee0f29da459c

SHA512
c6d185a481dd0f328ddb9cf3c1b330c8322a31480d55c54efc3dbf53b54641f5f48f767c9c60803aeeb2617921284427c406afb2ea8673a652940ba2d4d76152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
813d58f9f02ce4682fc7ca0c03b5f9d4

SHA1
1769bc28ac776cee5cdb52d341684676babd9af9

SHA256
dea745d40c3a6a4bcfa66588781c627dc41139fa78a8ff5a016cc37259464901

SHA512
38a61e3b3ecf72b5f28d21f5f40d5b276a03fceb1805175bfd46b4f44af3b34f4e739daea3af9a8e81e2839a081b9169c432d037ef14f7f1e77662b4ea1b7f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fe5b1d29be09ddaa83d2db7482d64c6

SHA1
e158749f2ea8316b7830bab30451446edf3895a2

SHA256
8e2439793e4364f25b61425ba903e425589b3f2bb93020150bc85addea8682b8

SHA512
1ccc152c2cf30e4019231b80cb01d825eafaeb60bc31e06af505487ac90cdf78df2b6e2fb7da08c32bc9b3ab2d57d25b56ae024a3f9ceb7003e4f158a92d7632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eea4b6a3565e8f7b46c48fd7b12c1334

SHA1
e7dfed2fd897491270810b8e8bf29ad32940904a

SHA256
1007f9ecc90cfcd658eb33d469749f7983d85c0a13782ac02fcfb791edbdb66c

SHA512
ddcbcbd446e1f43d06ddc55e9d4144e70d43edfb2125a095f00a96e7d58355a015282751a572d3bb19252e8fd7ac96665d692126a841042dc704a53dbb15b047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e51baa93841d419bb4ccb263a5bbf7b

SHA1
4170badcaadc78ca7d1969a4ebc895d3535a1563

SHA256
5d5db3d6e6c24e4d2bb4efb2af22e084d76cbc3e1ed9097b11e47ca723e03614

SHA512
a53e033c060e47fbcd6a181d043a7f65c6ae3790f9f50de5bf2ab626e7babb8231369afb2d62a0aeda929d6bada34a191aa171998b349a6bab161169cde87fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8c47f78550747ddac7e52c320c6f6e9

SHA1
eceb1254da11e88defe8ec52c13504088333130f

SHA256
b4e2b91e107bb7823176f99cece04030e0fb8c5201fc12edc4f88a7601461f59

SHA512
9b40a80f925a974f674d89c7a862e9d607ea2430157bb70e153e71571266bd11b712e4774b2271db584c25b1ce38ea55bb6bcea30724fa7e545cdd3c9200d8ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdd895295109920aca9dfa7aa130a604

SHA1
fd54dc96836a8648558c2af3ef65bb4658b36b0b

SHA256
c1aaf1fd28bd62038b0b4058a6a88e79fc4670407207f61a187d3fd336eaac1f

SHA512
0581194515329685151c874e49828fb2368ee2bc62fb9532bd3827de770c7479af403bd1436649890e8f7c059bd2a75b994a81365fde6659b3fa83745f0813e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c12e3556b4439ca18a04e36ed6763b5

SHA1
6493c519a636db128a680a574559d75f6f450bda

SHA256
00ef7d4f49b4938dcfd34658c5ba30286b3e5d7ffce9a85fa01e3c01aece5f3e

SHA512
481be2288a0deaff994c97b96350cc80ae6d5d4fcf116e2e6b00b9f423defdce79bc4138ad1f4cfcd1fb350f9280d98d21ab48e79f7d6111106b8d5b9e582ded

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d308f5cacdb5b3f50d6326547fc7255a

SHA1
9a0175e847ad22987c0188e1873786d850223963

SHA256
eeba0e327931a6179cb66acb40c13536ac2fc21373f40aa5dd7c384c58250399

SHA512
4312cce5263f9720c35a57aa0783aba4ea99d86681f61fbc47ba04ea0cff2e7ebc83a63d3aca194e23d0b7cda15a779d3acec84557f1902d301ae5c82c636630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1647d86b23e264e7d015e8981deb8164

SHA1
8f9d27994a7a4842b0e4e23ffcd3882a349bde48

SHA256
0fafad0efdd338ad5fe29d57f81f9d7de314fa3c0215fa919d1396a596e72fd1

SHA512
1a87cd06c661d32430400ebcb3289d8779ac1556105e6800193f05caebae2963314ef91076385a5c013fcab8af26c66f4e7e7040b1f914d95ac281a299d59eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab55FF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar567F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2128-0-0x0000000030000000-0x0000000030011000-memory.dmp

Filesize
68KB

Download
memory/2652-1-0x0000000030000000-0x0000000030011000-memory.dmp

Filesize
68KB

Download