5fea77a08a5719a69155cc7e32feca407bc83ad68a8404433ac84a7b40e06f9f

Analysis

max time kernel
142s
max time network
139s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa8d50ffc100566dcb5588cc5337a5f8_JaffaCakes118.exe
Size

40KB
MD5

aa8d50ffc100566dcb5588cc5337a5f8
SHA1

9086ad017739562bf6464c34360ce661b053a2c7
SHA256

5fea77a08a5719a69155cc7e32feca407bc83ad68a8404433ac84a7b40e06f9f
SHA512

fdfe291aab983003350f1faddf8d27d71655395d19791d26af9b5394a592c1838638fd1353f6a6c2f8246672a1620bc3cba355d09f3e2cf43ec5395ba5e78aa6
SSDEEP

768:Rxl16ijK1zaimH10HU9cp/Hn9JWiP3NkmT1WDNrs81nbcuyD7U44e:Rp3jaGTH10rp1JnqrNrnouy8Ve

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1744-0-0x0000000000400000-0x0000000000424000-memory.dmp	upx
behavioral1/memory/1744-11-0x0000000000400000-0x0000000000424000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430223140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02103BC1-5E11-11EF-8EE4-CE397B957442} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000005b9efe364a627c786b853b0db1de84f1f6c0151744f78e3de91e196be3b8ae1000000000e800000000200002000000050d0f6bf59d1f2bbf4a0a1b7cf45d8f7d02c187fc4c706ce4e188b9aaacb80d5200000005e2760e019af362b6dd9eace78631cb2f4cfd86cee4b848a3d2b5369b59c170340000000665dbb35e5e60ad7655b876a53907c9994ce50bd8ec3f1f4dcd112cca3a6e0cb15670b0b21d6260079c7e292ce74bc775f86557c85edba869cd41a5a0508e93b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907a89d91df2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000de15b5977fc421119c087457fc847f18d2502868b48db051a3dc698b9c8a33d0000000000e80000000020000200000008f16462efdf54d44a331632e95f077a5eb09bc910befdb7a3a78bc19931cfe559000000054293d51c411759119407e84a3222be51e2048287a766d3e0208a786da0d6a62867942fff5e1f89fdaa479f77bf3ca35e33d220769aba0b4bc4f1b4a18b33855224753d0f6ff0583f49cee87c5d5e0593249e65e110712b43c6ef4a155a5844b8866f950626d5324221d0407af5b3ff11405b7de6a59776b3900ad317cc666ca3c010cbc3df1834db11c4dc78c57c216400000001523dbe1f4dbce4f1d90f143124eaac1dd0d9f52b7c25c1440bdf31e3f02f523bec1a880be5a62d0ebb09be1d2667a9715e6bcf846810b9db60421ca4e627bd4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1744	aa8d50ffc100566dcb5588cc5337a5f8_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2860	2844	iexplore.exe	31
PID 2844 wrote to memory of 2860	2844	iexplore.exe	31
PID 2844 wrote to memory of 2860	2844	iexplore.exe	31
PID 2844 wrote to memory of 2860	2844	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\aa8d50ffc100566dcb5588cc5337a5f8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa8d50ffc100566dcb5588cc5337a5f8_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc4bb9965f7e0ddc96ad12d76825e05d

SHA1
b6edb0fbb04f846896fb775b4a2266050330d4c9

SHA256
73d14fa64be41d18f89e294e81ac22bb1de0c87de870ff1a50fcafd46bf1dae6

SHA512
ba96f0d47cc822ce7e345f29ea9aaf34e18d025a1c648a458148087e2f673ae548818d78b182310ca4f4b89231b989f9b22e96d83b9e961d6ca5c35499cdaebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8726520e984982721619f3fdb49eaa3f

SHA1
ebaf3f0a449e277013206fb748a7e1f491d16b5d

SHA256
1400c431c3593365c2631355edb69223f732035b803d2e180626f2752b11e2a8

SHA512
5eec882c06aa301594b79b77f3cd6fa076d7a3160d4cbe1070f4f31734a7ac6f9a526a0ff8e0621749e0cb51bb459e87efd706c523bac5ceffa1afa95cf26cb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4d8c2335d9606462dfc10baa1f69d50

SHA1
50d88c6257a384c85369f8ad946e595f78efcf7a

SHA256
c8f2fdcb2cccdab0c2c8172e6130023a795b850c029c1aa869e12a63f971b991

SHA512
0485ce67d20d7410771a6e4d4212516f9bfdca4b88ba982cacbd80a0c8312bee27b929f9d92a158b33558a1c50fe8629f999148d8a6089aa24b6754720a063b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d01ccb9b37b01b4128cbf8fcc506d3d6

SHA1
fc6b1bf1cc8060e6fbd1efdbfa4b4c784fe469d4

SHA256
2cb6bc6242ed43ea044d3744a916fc2b73f0b58f82b30b0a6b8947bcf7780afd

SHA512
7b16269ba7b52108e06a7dc0e4b83947adf02458aa9d9c3588f18aee258a7c91f84ce73eba74548514d1f29eec8d4bda47bb2b860160ffaccd6cd866aee311ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
517d1759a7338b0282ca9dbddbc69b58

SHA1
0c0e4fb630e86c5829bb3cb4428f8bf2f44d5c7a

SHA256
9a2f25b6299c639ba2293327e254de2660fd4a65586e478d5d109bec9350186c

SHA512
1df1eb091a70d57c1a0eeb5b7bab30159c457144333e177cd0e8df2deb10e9ddef08039064b5c16ecc20fa1b972cb3436006dac279e6b1a91dc5a7dabbc6b3f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98ca5c844e7290a30bea971f8ad21e5b

SHA1
be9d6834a8a8c9d3bd1f25cab5c0951b1766d8d7

SHA256
1749cad32948685b40d93b16d208f49df9582122b5e3482e50776a97f74280e8

SHA512
e20e35f9c6dac2a11783e375b81c025181f0a8144917ce1edc47e678692e469d4a8235093d06ad9faf669679ca93f5b3c71a741ac7312bd01fc692bf6dfacc46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfaf6b1e04cafa7a0b7c197700a1d77f

SHA1
906488252a8f9d65df04cc414641d98cbe27659e

SHA256
cd3d2a9d94d13047fa3148349bb40280cd0108aea9fd9c60d2dc0c3298d7f299

SHA512
f6582ee4703e58ca51f1feaf59f8f253a2202f05866464d55cde25f1ec971b00a0afbee79aa5c75d82eee43976c9205d8afa5744a9ec979c60723d35897ef80f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
249126e152d987cd01ffc0201a3e49b5

SHA1
905be4a21c3d9e1d975628574b3619f9849facf0

SHA256
320e6c7a785a678011119669c5098fb19a7865c1123536fd4c0409b963c85d38

SHA512
fc62bb70ff2492ce2316d862599cd62fa1234b0ebe5ce1998d02624fb9fe963ed65266ccb6a44cfb27d115a2d022b053b313e79b952265a8b00b52cb0ef2ea3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
502c445d3223f2ad9213740e0d3fcedb

SHA1
d41f361b76430581aa938008ae1ded4de62f9fec

SHA256
45647cd93e8e6955f704a0dd0c824f8cb0c132961a7dfc32b13c72cbea163df3

SHA512
318b6341ff0651bbb6756fef21984bab25ab6154c38ac0636b097743a5e0838eeb6539e32c08b117697812ed25740b2bbe6f33c6543d7c80d2a8276a33696bea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fc2cc201394aa782ffd66ca3261985f

SHA1
00d1737b0154bf4b1c304a81e66fc575c69ae7bc

SHA256
e46010db07d2cae17e10aea55ad465e636625a1ca3bab09bce54c89daf9b89c0

SHA512
7d0b8dadc1947387705792ec0edc1acb6727e65decffa3645988db10bc752244ece629416b281fa94aecb0580ac4f7127a7f685f755589d6abb8417daf8ff57a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d21a1f5aefc41134112c8b8a99fb6536

SHA1
8e460e25676fb16647d4dd7e8ab2174bb64c9800

SHA256
847290153f2c2aa94814dbadef7845203a68f92f265d91974f725eee97dd2b5e

SHA512
9a2e7dd1750d153d45aa7614ba7eda15ea45876d8c75bb3da84d47880d8e953287d036f0a477b1d8e796aab24c36256aa30aa50ed1003833ec06bc54ecf15946

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
060d02eb84c5a6e885fa5360119cedfe

SHA1
b460953c3693f7d6ffd98b2baa354367b99c141a

SHA256
ef92010c95371c1edd25a6643d9a8a9e6dc3ce98d0c519b31c37b037dc080045

SHA512
bd84caa0a6e2acf648229592cc710960b0dfa99642f0d236e29ed3f21eaa73f8a75c2e290c8d841de73f93b355e51670342280ad459f1561dcf3d7537403b04f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20cc795465401ede5ac6c202e2744662

SHA1
7c2d1f26a3fd359c9477a5d63279e60bb8ea6d2d

SHA256
2c4e3caaba895797dcff09b746b195531ddca6a9f898f72694ef20d9a3df968d

SHA512
dd5e65251f9ae811258114ea1eadf7d365710a7a4a198064a5f514da4f2842c1b50bc851f5bfbbfd339822ad5ee6e7abca0b5c273352de884f7fcdd7abe89e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c782bb63d59671989ba212bdd5757abc

SHA1
d50585d9e5d753ee10930103bb3d2c457e7064aa

SHA256
5e070842bcbb86b487977260c043ec3f2ac46f12f28ab9d7bd62f2dc34095dc2

SHA512
4475d63aa5d6f5867139a5bed75ef2c6f48bad4acd588567b7b2ade2617f759384a7da1f1161c1863a62d7af82a75a8e2a4750d2b9c7d735bb9c3de632cca405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fbc2e4791220f81da430902a4e40b4d

SHA1
00a653cba802f85e7da0107f3a397b3dc7d9d864

SHA256
7931d358c1774be27df1f24beb76bbf5382b99c474bfca4c365b886f6a55a152

SHA512
e26ad2c4fe03cfae86189bcf04f60877c43350faf6bb719cc84d34823dcc8941b22e5cdd25603e0b06a8b748c3478c0502862579bc7e85f227ff57dab5f0ee48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85979fa2911cbff4c4e37202b086e95c

SHA1
4ef193e8c25c394ad1af40b2b91e1776cb152b8a

SHA256
e7a223555a66efae050116876439337adc18d97054d2f0a03b88e9c3ba4624b8

SHA512
dea29e86d924105f144f1145ac0df4c7504584ce15b38014515b72d6016cd612786dd530cbfa9bf8a66636898a19192f1acfcf6ba4b713a83b295c89073fc5c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c3c2f77970f9cb29eab3acae7106753

SHA1
1d0f630af73a3244a73db1ede8778daef16c43e6

SHA256
026697552545719db1c05a2796c323446e694692bb7e14ebe4400fc1c772ab6b

SHA512
d765abdc3883eef84dc3a7d724a55c81aa2fb3ebe70d3c8615ab91648e9f72c6ef801da9e59ac8dafdb12c686f76878a762e9a73a30d207cc1cd96b54ca4859a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAB02.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarABB0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1744-11-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1744-1-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/1744-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download