bbe77eb3a05d29b10ad21cf884c06a8429e0549625a093f22cbfb5ca58303b48

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

asuf.exe
Size

13KB
MD5

af0a0a416e476ecff84c218cfc919870
SHA1

80913841afd890cf64b36cfe06d33efdc549cff1
SHA256

9aeb88c0c9f4687fcfb59668fc71a57e368669c98511297a3d1ed0969c8582f7
SHA512

e71f6cf23090e3f1f0d5f678e13398ad03fecaa1340c37ec7cb60fc1b9fdc79b9fbb30dbf51795bdccc5a2ba6d4b69309fd58a9da2faf9c05f0a3848bef1165c
SSDEEP

192:LUL9dBH9j/sAacntGaaQen27LD+cOFMr9ZCspE+TMwrRmK+vhOrUd21:mzacntDr7HOPeM4mv21

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral7/memory/3068-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral7/memory/3068-2-0x0000000000400000-0x0000000000408000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asuf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430524814"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0127142dcf4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C51CE21-60CF-11EF-AE10-CEBD2182E735} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000e5acbec8d46618329eaad8a8501a96bca136ab325df590b2d62d93804f1343f4000000000e800000000200002000000082ef71c4aa4a6b867fba8c7d84825786248ab75e6846ec8ae2763b3586ccc4be900000005523af7c67de5247971a65f577c22a55177a059caca5ff754786d85fc11769c3cd38fb93caef2f5cde136b65d70a2606fdc0cabcc9ad79f94a8864f569f7bd99ca1bbf4c024617c6ef8ec4afe3cb92c58d5628d89bdfdb9fb0b0b215418cc73ac9055c229873fc034aa8641fee2c44a2211225abdb7dd946191a31c0b07430544064a60ff4c7c9dae6f22ab0c643dd6740000000ad88023f14fc2f9be73de358dd41ef8418fe7caad648440b28cef7e8791a21b0c9ccfd27c31e8a72f1353d2ecda4cdd31d3acf180549d72db29468b52f7ec25d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000007012ca9cc54d8ec17f0be2d27db659c6a0e0ab0a0ff316cd8c2ec0a2a8825a75000000000e800000000200002000000052afa2edc730542664cf28c19e3d6e34ffc4d8989828021e98350fd1f27848e420000000fbc151daddfaaafcdf5010400185154d0753204981c46a7402e5bff68d0badc54000000099e3174821b0fae9ac8c0ae8e3339474d8d0c2c129d73fd464b592db35894086638add3771c3f79ee21e7a5150e513c6e8a5112b7acad5b743cc194a07e94980	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1640	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3068	asuf.exe
1640	iexplore.exe
1640	iexplore.exe
672	IEXPLORE.EXE
672	IEXPLORE.EXE
672	IEXPLORE.EXE
672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1640	3068	asuf.exe	28
PID 3068 wrote to memory of 1640	3068	asuf.exe	28
PID 3068 wrote to memory of 1640	3068	asuf.exe	28
PID 3068 wrote to memory of 1640	3068	asuf.exe	28
PID 1640 wrote to memory of 672	1640	iexplore.exe	29
PID 1640 wrote to memory of 672	1640	iexplore.exe	29
PID 1640 wrote to memory of 672	1640	iexplore.exe	29
PID 1640 wrote to memory of 672	1640	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\asuf.exe
"C:\Users\Admin\AppData\Local\Temp\asuf.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.alpha00001.com/cgi-bin/advert/getads?did=43
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff2aa57ff08a765333781fa7b8be99a7

SHA1
9d6b0147b2302492fb4302372557f51e52c741f5

SHA256
1ec6539bbb914f635dbfb6a4495e1e40db02236bf8e082b51ff73862aec29692

SHA512
be80da802e28cf9d85a456688626176f0c0baeed23908abdbe62da55fa3a74b4ecdb3a94802aff2c1565852907d45b3667720d434b94a76e9b20947cba4a908b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10c49b73aefbee0c6902db6c37a304a6

SHA1
5398e78051930ab972b500bcb56d4003fdb99069

SHA256
70c067c412edcd743437442da2910ad44e0dde68279cd84500dfa3c3b37dc9b2

SHA512
8f3931c0e4c4d7b409efe1c094129986ae7fa2481084f275b50cd68050e42de48f1aecbb3ad0e3c5dcca8a21f026079e04b30dff5fc299e7fc47e5e1a3eb7ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c92e4d397c45e9b994a35693440054e

SHA1
5b8e5c51818b0d6dce98cb2ca6e95044cd09a0f9

SHA256
cd0bbcfe5501dc441303fbcec4f99c3399056c33f4c3f46c3271bc1d7678f72c

SHA512
ace971baa2bef14733f02b662f2365759a5064d847428c5a8559753c393654493aaa401ae0ddaca12e3a552fb2f7e06fa53367b80147c7575d3bea7ddfe358bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90303f5311af7a7ed48a1ed01e3583d2

SHA1
b5b4560f117d6bd1abe6e0c361e34d3769e8a379

SHA256
1b536a0c11bc98e963c61b55ff8dba54444ba052262060a1621737e07810863e

SHA512
094f02cd996c5bcd4c50a7061aa90d0ef62b7b29c51633bd0656c95cb81888deb5261e091da081f2af77f125e798c39ea85c05d4e67ef0be5bc7bd8acdb736fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
495cf861d88c7673a837ddf466f7fee8

SHA1
8c009903b703494920339665b6ec0b254c65e662

SHA256
0ebdd1ce7456fa71958351f8efa0c90ee829b7b3ff6fa3653d8a9d75e1c1f39b

SHA512
79b021e6188009c2a8a8d808d85b6807ec588a177ddbb8d1b2d572c9b50f4cd3b23874f2a1b61324f28c3d670c83efd221b3a818ce3e38b95d30ad40b8a7a4bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e95f7dff5c908973b14f80d5e4695ef

SHA1
ab970863eb12838567d184d1ab2c1cd96bf6c366

SHA256
0b5345dc92b5934540cf5e28891b635d24ebc7529afa2bc3b53684983b0629d5

SHA512
06b2785a46b33b907d81cd22d5901e76e2bde559e16a97cb2a2e34d19af3df98e85749a87c52b5d78e1d504b4c5be16005dd90709751e2789bd3014a3dab6a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83ba8dd34f732a53545af93cebc42e99

SHA1
55e0815ba1cba02e4332a80a103ba36706bed81d

SHA256
7744950f913be9e3d49dcc2d52b054ad56d0172e4511c9cb18df8f15ed1caec3

SHA512
dd01779c06a8723f1d4f8c2e1daaa27983d0aa769a64d8b844915e15368ec6cb5a7fe1b4cbe64bbedf27162b9bf472ca0f052453881e962623cf2bb47f817604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05667f27436c02f788734335cc879ad4

SHA1
3bfe5d8642c1c73bc32af3750eb2b97b0e5c8750

SHA256
1a2538382bed38ae60d6553b17a9e3ae2ea2c32b8b9ee73f9d601df7cd81fe11

SHA512
70c115fb7d3c50b351b91dc9d4c2286a746facba0896d163745208a2d64c97ebc3687ea3e7d771890da1ca695f988c4a5f07b64747a0be5b59e8b8741cc27cb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3253fb14f6a748ac56af2f6cf8e7792

SHA1
0c58f2e5b27cd032f720a298fd2a7e29c399226a

SHA256
722dbad4451c109179e6ce2102eb5d580d136d701f2fcee1d7f20e1eb9a859ad

SHA512
470cd541b84297d25a6742d40ebfc3a1474d8fa4196d7ad82b33c38a3ea4fd586edfe2c712f260d76c1e7c8f4d74656858fa0bdcaf9939269c6f79a2fa3d16d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f47b9d27ee3bd526f30910790e1e4e8d

SHA1
7c554a5d42605df59b3942a9e98d2d69d331fea0

SHA256
72a9edc6d942350218a89f8ac71885a9d9bbb36af49603806f96bddbf0aadb2f

SHA512
682f986424bb5277acad044802336bdd56d12013682a17fec6c827678aabc407f6e7555d414b48498b976decda791666dddbf2262d27f52b4d0847ac43b9029b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26385e80d3c625eff434a82a6e45817f

SHA1
e0aea23356c04b4e7d427f2d5ee376b9acabaf5d

SHA256
e5f3e118fbb5725a6bda2b29697db23da950eea79e734742f4c7dd202acc7df0

SHA512
762ad645bce7be4a457bc249deba48c1a308132062cf71e4dc39b880cf5ea0ee809fb9a2a7237260193fb2d15bef954d01eb71b96889891d7b50c8657bc2bef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1d4f1272e6ac155d7b0fc31610a742c

SHA1
ef67027694973237afb506fc4c939bf1185f8637

SHA256
8ca9b7faf4a2cf9dbcf26b4189aad108571b7f8614beefdafca46583125a064d

SHA512
72a86340abbeb567ff04c418f2eee1be6856b881ead98c66c9a2ce320cacb88d77ae538f8ed25813adea622b3383180d41e2348eca7b07d8e8491f7e4c4da2f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e117f2dd9b1aab89334f55743319f68

SHA1
5b4f34ffe6f023bfabc8add406d7afba6214e9af

SHA256
1d3f8d7004f20c4d28ae3bb8c117edfd4814b33209a70c483993423f8303d714

SHA512
2c6619cd048a2b2572a9e3bf58511b8185ce7f5fe2eb581be7657aa545e9b00192c04b6122f2301f7e8d706742b6ab2ade78c0a135e90a1c3d5ce16f67ab59d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd29c7f372a9a8265da44eb60d0072b3

SHA1
dce8f5c644529a1f3698d6a3a915a3fc0049d39b

SHA256
288febe2fc036c7bd2281e3de1cc21341dd33358fb7cab16614f867e5a804395

SHA512
cde80bd846d394ebd0523032d5219c967fb71fcad652fb2b0e3b80e1d1c428e3d581c42fef8c54695c154d22760bd3578df5845e5757544a92fee17decdb8eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6affe0bc061330a2e5109c41cc44ac20

SHA1
0b5e2bbacaa45f251c3899534056bcd32d6aeea3

SHA256
e101a20e55326998aa71b9d3d49c5b04f0860fb19530d19881a84f0c55404006

SHA512
742091ccecf69509e68f0d8a21ac63cb270dca1e179485d380e436f75281a64d34f9d3216ea11bcee81e97e1aec14c606713e4ba3b7255983ac0bdaca4ebdf85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b810d6c6b037c4e9cfcd510af6a17552

SHA1
610da55d5550e2a010bc178005db74c2febf46a0

SHA256
9159f2a4135f238a173a610b9943234f769d047a2c2245085d05c709bd08922f

SHA512
19745cdcc9045187dd5dec7642a37412c5198f852b7214b86e2b3f5ec53fb2b1bf02889df376522c9fb5ce388d521596acea7fe5248201c8e7c9855bd099a3bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE6AA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE71A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/3068-2-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3068-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download