504ebae730b0fa7c705ec2bbf9c02bd3cbb5c8e5c90dd6d19095e9ebe9303bd8

Analysis

max time kernel
118s
max time network
143s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/08/2024, 21:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
Size

74KB
MD5

9ffe7c08218a1c3eef97a240c9312398
SHA1

b8bc78ada75033575779f37eeda542f22cbf0097
SHA256

504ebae730b0fa7c705ec2bbf9c02bd3cbb5c8e5c90dd6d19095e9ebe9303bd8
SHA512

cb9ff5ab4ad3ceec32b8a97fda6ebfe07b7d1d21f3a179d89b701b624d088d0a22161dd4d48b8eed17a4df93ef7080b885163587ceba1f1cd05ab71cb741aa58
SSDEEP

1536:zGMpBSlODZUO0qao3rf2VJ3dn+mb/amoeGn7fkOiLFYTuLn1pM:zGAJ0lmrgJ1+mLamobnuFXn1pM

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2672	Lufsfd.exe

Loads dropped DLL 2 IoCs

pid	Process
2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\Lufsfd = "C:\\Users\\Admin\\AppData\\Roaming\\Lufsfd.exe"	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lufsfd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430005389"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B71B561-5C16-11EF-BF59-526249468C57} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
2672	Lufsfd.exe
2672	Lufsfd.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2672	Lufsfd.exe
Token: SeDebugPrivilege	2792	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2724	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2672	2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe	30
PID 2676 wrote to memory of 2672	2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe	30
PID 2676 wrote to memory of 2672	2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe	30
PID 2676 wrote to memory of 2672	2676	9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe	30
PID 2672 wrote to memory of 1852	2672	Lufsfd.exe	32
PID 2672 wrote to memory of 1852	2672	Lufsfd.exe	32
PID 2672 wrote to memory of 1852	2672	Lufsfd.exe	32
PID 2672 wrote to memory of 1852	2672	Lufsfd.exe	32
PID 1852 wrote to memory of 2724	1852	iexplore.exe	33
PID 1852 wrote to memory of 2724	1852	iexplore.exe	33
PID 1852 wrote to memory of 2724	1852	iexplore.exe	33
PID 1852 wrote to memory of 2724	1852	iexplore.exe	33
PID 2724 wrote to memory of 2792	2724	IEXPLORE.EXE	34
PID 2724 wrote to memory of 2792	2724	IEXPLORE.EXE	34
PID 2724 wrote to memory of 2792	2724	IEXPLORE.EXE	34
PID 2724 wrote to memory of 2792	2724	IEXPLORE.EXE	34
PID 2672 wrote to memory of 2792	2672	Lufsfd.exe	34
PID 2672 wrote to memory of 2792	2672	Lufsfd.exe	34

C:\Users\Admin\AppData\Local\Temp\9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9ffe7c08218a1c3eef97a240c9312398_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Roaming\Lufsfd.exe
  "C:\Users\Admin\AppData\Roaming\Lufsfd.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1852
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e7e57ac06f13bae6a873b861e42cd39

SHA1
44094e02d8a87a9c8e7a4d9944a2e179b13c55a4

SHA256
11ec4c59ee55a2ee5b00753027c0ac25e07524d91c95b98253aed0c0d41b8c7a

SHA512
a8b647fd7e681bea9ae751fdb26cb2545d232f6d904c0f7e5b6836209b39d4dcbada73a611588ca5aceb1da31ffba81da7a8dd3d998a4c6e41824f6a00d868e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58d7f0c74d5f90ffd09b5c4735e9acb2

SHA1
72c4134a83e8bb0fd3114230e8c956f6fe044cd8

SHA256
bd77cce9f249b69a32eab62efeae914ae0cb8a05bddf9331ed85d69f6a241255

SHA512
1bdf0053f380c93a4f9968c20b66073b787253b3e5b8372d49cff38bb121fa60cee777e441bb55457753a1c1e92c3d0cdc42b8b3ccfea4ea9e3f5df130a5582e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb420aa9938415e2b17b300a8e0cfaaa

SHA1
795d82e37e170b591a29fb49189f6be2d0cd4665

SHA256
b1c4e711d10192cc05aafb5d10960b34dfa8f0e7e9078360ed8c13523d639534

SHA512
da4ba703c46e8b0ec7b5052bcebf484c4fc7ca9017cb2ce30a855ac2ff075aa3fa16ae83a33a10185e2d136fc65a3aecde559378c0ec9e98f9cb04f1cc65fd9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d85c9321c0a18d349e5898dad453d5f4

SHA1
741cb03baec5c3463042121b460427bc79780a1c

SHA256
c5b218d031b9e8002d0212b686c0c0dba05ed46175c2fda378d74c9d90bcc4e6

SHA512
180bd7404baddb25cf58b4c03e1ad336a5a444a9e69c0fae588e5cd6fd4e3d76e882994bc876609e85aab8c880ad29b2605b22fe59d7474bbea957dd071f1aad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2de43871f3c89de112d8b0f2a9154ed3

SHA1
087577c86c11a14d3077383d6400c494e774c32f

SHA256
518c853bdd3ece1d6ce4b78175034b160e1950fa7bf4d355f587e488bdf7f16f

SHA512
6a7454ad0bf0f5e65b811e764dbb9803fa8e82f44bcad5f35df0550efe7411f5a55ac0fc9c05077f9013c1cf7473623f61c03eba69383b466113f2e7695f4e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a68ed38ccc88966a024e4851a818e1ad

SHA1
5880d8bafeb797b819a31578949d940965b8fccd

SHA256
583a94213fd1170a3c6f7af7a29f645bc18c47d82c9e917bc013f0d240750234

SHA512
3246cc39144bcccc65b832150455a7aa74404ba2f030cfbce3f0639bcb3bbf15a3d9e18592b733b65ba26888c044ac5d37bdb46663fdcdafa4c524e29ad93d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f413a7aba94191858fb912d779a163d

SHA1
96c4664fa812cf6b582dda408593b5e23be32bf6

SHA256
40fb05692e7597fd0be3f6cda6c6f6be03a05b6abb799e3868769aeed23d3d9e

SHA512
f79a06fb7768c02fc856cc58226d062be346c0c31e9bcabe8ae1f37818b86252a56fc3df8a4c2583ee93311fc80f9107d57b5933ae7e2ec4b14650b99daca392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993763df10c10850ddec5f648642179e

SHA1
5ed0e64ab2f8b999d8a77c36f04e100c67acc74f

SHA256
cfb7ab3d9e2f0ffd7d74379ccbe9c687bf705a32b05c4b0b227a0fc6c86a3bbb

SHA512
fea634e0faa6c4005f7bdfe51b1570a89cba786454ece8c5979bf8f12716759cdfa042605fa36316b0eee673fa2397c5abd3795316c053377e79b868829ffb1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5a7ffec3e38bf923b2e85499470f01d

SHA1
65fd9e547895faf161119dd26c71371231cc5c53

SHA256
fa2f4525cee38b791542df1bed90b7540834da860cabc80eb68c81b943ce92f2

SHA512
0c4e22962be328cf3111c369ab83a792a3d314aa47f1d8572342ef754bb28bb716e12f8649c47feb63c7e1749e705e4f15750c54edecd00a374fe713f79168e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
708eb9e5f4e67f4179e02ce58b720625

SHA1
943c4e18c22a9c74e8eda10002ecb82ce6c2c252

SHA256
906870ffadf1329b25e7ecc1e949ac8c323e864e515c4f2699e405f190d5d425

SHA512
8fb9d0157710c2b5d4c6548e93e6d79acf89a45ca2b415559ea5adc2d56557febeb1c431035ab5a5200e194da1bd8ed735a6966c7dc9b9e3272d6833e7d6d4b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41928a297abb70ae8ee88e3d6020f731

SHA1
9a8924546e0ce5334eda45f9e3df9c254ba578e5

SHA256
23fb12873901ca9d9e97ecd4992cf70ff5e96be7f13d64bb4bb49bb37f20dc29

SHA512
7ba3708f81bf87814c472bf1ab901b074c5d489acc5e4c87b4e38dde6c953cd98505d3a1acf84033b0bff0567e38346c6b0584e4cc453351a2980bb83a86a2fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7626dc146f03df738c83caabafbc4c8

SHA1
3a86ee3a26b368a926e6947250799e8bc5dd7652

SHA256
3eec928f5e17862a96f375d1eaecdf1367d0094c53b92f320a7d1933efa7dce2

SHA512
4092b62e058066ffca74175c7da2f3363a6adf3960742359a22c4b8919f6451313a7915e84c0c24b30d830894a2f1baf67c7fb09fa49456f834ceeb98c66bdb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd51f3225ceeb393eb520147c46b3d4e

SHA1
64e4f884dff96a8d13898c518a3a984c853a0e3c

SHA256
a1815f5c38f1042334fbb36dd3ea993af7a5ff327157c0ac4f0d7cad35f185c3

SHA512
bec9b39f9ade2c7ac51a7588697fcc6a8a9395e0c9456898e2d7a20624be72dd017b2bbd289f3c9ce4015873b1431ee5acb91d513c292c967820b33b1ad75b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f94a5a8fd08eca89c33dc1eb61ea205d

SHA1
a8ceed3ad15aff03f1ca542ff0814aebe360330e

SHA256
f07519c59dc9f3cfdc16701d469995ea15a713f8230809ca9cb515bcb8626ccb

SHA512
e0bdc256e020814efb3cd4a3bf4cfb2bae3bb64ef02babcd0f4a21242337dda43445bbb1a70fe7e13131a45dc2d28ed03cf9f8a27e64ea3b307dbaf8cdceaede

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14AC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14CE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Roaming\Lufsfd.exe

Filesize
74KB

MD5
9ffe7c08218a1c3eef97a240c9312398

SHA1
b8bc78ada75033575779f37eeda542f22cbf0097

SHA256
504ebae730b0fa7c705ec2bbf9c02bd3cbb5c8e5c90dd6d19095e9ebe9303bd8

SHA512
cb9ff5ab4ad3ceec32b8a97fda6ebfe07b7d1d21f3a179d89b701b624d088d0a22161dd4d48b8eed17a4df93ef7080b885163587ceba1f1cd05ab71cb741aa58

Download Submit
memory/2672-15-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2672-16-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2672-18-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2672-17-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2676-1-0x00000000021C0000-0x0000000002350000-memory.dmp

Filesize
1.6MB

Download
memory/2676-2-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2676-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2676-13-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2676-12-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download