Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 04:07

General

  • Target

    ea8e8ce971c18474b6cb2fc98a45f60b_JaffaCakes118.exe

  • Size

    104KB

  • MD5

    ea8e8ce971c18474b6cb2fc98a45f60b

  • SHA1

    92e6ea487de354914d5e02f3cd2f99b78c126c0c

  • SHA256

    7e5b54e6db6d030cf720142053170be118b9f44632404ad879434a8ffbdf7dd1

  • SHA512

    71921441d98ce9575f1a681ae0dc1f5340707a77ffa8a98ea196a97f7b809006cc8c7beb2b948fda3f5446a8b57d8f02600bd276fbb98a677f04d581fd47ae8a

  • SSDEEP

    3072:MzjQFJbJJKcfsSbbhOpVHKhpOZ8+BXJAy+:uyVsSJOttW9

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Loads dropped DLL 19 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SetWindowsHookEx 46 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea8e8ce971c18474b6cb2fc98a45f60b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea8e8ce971c18474b6cb2fc98a45f60b_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://dsdc.asdtravel.info:251/?t=919&i=ie&66dd452da8f7726c8f0eeda8517a8bf2090df582=66dd452da8f7726c8f0eeda8517a8bf2090df582&uu=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://dsdc.asdtravel.info:251/?t=919&i=ie&66dd452da8f7726c8f0eeda8517a8bf2090df582=66dd452da8f7726c8f0eeda8517a8bf2090df582&uu=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:388
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:388 CREDAT:17410 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2432
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a1&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1896
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a1&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
        3⤵
          PID:3256
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a2&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1300
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a2&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4932
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1076
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17416 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2264
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17422 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3732
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17432 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3360
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17438 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1536
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17448 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3584
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a3&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4284
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a3&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
          3⤵
            PID:4936
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a4&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2480
          • C:\Program Files\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a4&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
            3⤵
              PID:3440
          • C:\Program Files (x86)\Internet Explorer\iexplore.exe
            "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a5&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
            2⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3636
            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a5&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
              3⤵
              • Modifies Internet Explorer settings
              PID:4336
          • C:\Program Files (x86)\Internet Explorer\iexplore.exe
            "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a6&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
            2⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4968
            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a6&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
              3⤵
                PID:4120
            • C:\Program Files (x86)\Internet Explorer\iexplore.exe
              "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a7&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
              2⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4524
              • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a7&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                3⤵
                  PID:2060
              • C:\Program Files (x86)\Internet Explorer\iexplore.exe
                "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a8&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                2⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:680
                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a8&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                  3⤵
                    PID:2368
                • C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a9&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:64
                  • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a9&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                    3⤵
                    • Modifies Internet Explorer settings
                    PID:3056
                • C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a10&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:2784
                  • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a10&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                    3⤵
                    • Modifies Internet Explorer settings
                    PID:3664
                • C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.asdtravel.info:251/popopo.php?gg=a11&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:1768
                  • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.asdtravel.info:251/popopo.php?gg=a11&tt=919&ur=JaffaCakes118&66dd452da8f7726c8f0eeda8517a8bf2090df582
                    3⤵
                    • Modifies Internet Explorer settings
                    PID:3912
                • C:\Windows\SysWOW64\explorer.exe
                  explorer.exe
                  2⤵
                  • Deletes itself
                  • System Location Discovery: System Language Discovery
                  PID:4548

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                Filesize

                471B

                MD5

                33bac9325241193616461afd5a0deb0c

                SHA1

                e78ed72996568bc9616f4d6b20403749252b4859

                SHA256

                cb0b78d15b774b91ab6f6ef315a14f301b85b40122a72622818753212538f5b7

                SHA512

                3054cbd1551e36a747fc4c7086d3cc484530ea13d44279b4f5f92d462d91d7e3322bb240edeedd517751c00949a6264b50322464e446290726fde18ac4eb2e2e

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                Filesize

                404B

                MD5

                8a7e75089bcc9c2a58a3706ef705da5a

                SHA1

                bf411cbb730960799b32fa1af2465a8aabc2e3ba

                SHA256

                1fbc097fb4f238ec6bb785fb68777ed20f10ddb667f12cf873bed0da62ebb7a4

                SHA512

                09cba1ad591ffbb39acf54f85720ca6dcfb196cb52b5d3b5d7da737fae910f6f8078cd5c382e0465225314a29898d9aef66b6e80c0573264c2f91393667fdc2d

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B1B57504-763C-11EF-98CC-FA5B96DB06CB}.dat

                Filesize

                5KB

                MD5

                5cdcba02fc2bb06a6b14d516df9a1861

                SHA1

                4855ac7b5718bc8921cbfe57b0b6fc06e61c104c

                SHA256

                8571609e86c8e95ec906e4fa06f36336fc11ced2a11c0cccf81c3a1ba559c8f2

                SHA512

                011ba1511ec81f5cfd4284e9337cb3ad1ffb87636e739e4fbe5c5f4cf9ffa661e5329278ff28bb622d61e784c3b55336bb1a0436904cb8b51ee993edb4963a2e

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\httpErrorPagesScripts[1]

                Filesize

                11KB

                MD5

                9234071287e637f85d721463c488704c

                SHA1

                cca09b1e0fba38ba29d3972ed8dcecefdef8c152

                SHA256

                65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

                SHA512

                87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\suggestions[1].en-US

                Filesize

                17KB

                MD5

                5a34cb996293fde2cb7a4ac89587393a

                SHA1

                3c96c993500690d1a77873cd62bc639b3a10653f

                SHA256

                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                SHA512

                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\NewErrorPageTemplate[1]

                Filesize

                1KB

                MD5

                dfeabde84792228093a5a270352395b6

                SHA1

                e41258c9576721025926326f76063c2305586f76

                SHA256

                77b138ab5d0a90ff04648c26addd5e414cc178165e3b54a4cb3739da0f58e075

                SHA512

                e256f603e67335151bb709294749794e2e3085f4063c623461a0b3decbcca8e620807b707ec9bcbe36dcd7d639c55753da0495be85b4ae5fb6bfc52ab4b284fd

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\down[1]

                Filesize

                748B

                MD5

                c4f558c4c8b56858f15c09037cd6625a

                SHA1

                ee497cc061d6a7a59bb66defea65f9a8145ba240

                SHA256

                39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781

                SHA512

                d60353d3fbea2992d96795ba30b20727b022b9164b2094b922921d33ca7ce1634713693ac191f8f5708954544f7648f4840bcd5b62cb6a032ef292a8b0e52a44

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\errorPageStrings[1]

                Filesize

                4KB

                MD5

                d65ec06f21c379c87040b83cc1abac6b

                SHA1

                208d0a0bb775661758394be7e4afb18357e46c8b

                SHA256

                a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

                SHA512

                8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\dnserror[2]

                Filesize

                2KB

                MD5

                2dc61eb461da1436f5d22bce51425660

                SHA1

                e1b79bcab0f073868079d807faec669596dc46c1

                SHA256

                acdeb4966289b6ce46ecc879531f85e9c6f94b718aab521d38e2e00f7f7f7993

                SHA512

                a88becb4fbddc5afc55e4dc0135af714a3eec4a63810ae5a989f2cecb824a686165d3cedb8cbd8f35c7e5b9f4136c29dea32736aabb451fe8088b978b493ac6d

              • C:\Users\Admin\AppData\Local\Temp\nsz6C77.tmp\Math.dll

                Filesize

                66KB

                MD5

                9eb6cecdd0df9fe32027fcdb51c625af

                SHA1

                52b5b054ff6e7325c3087822901ea2f2c4f9572a

                SHA256

                54cf1572ed47f614b0ffb886c99fc5725f454ef7ff919fbb2fd13d1cbe270560

                SHA512

                864742ec6f74f94057b54cd9b09707c0125ac8db4844fa80af201e8b72a811bb68276c993e75bce67e5ece4f83644572edbdee5e963634c5a37839615faea97a

              • C:\Users\Admin\AppData\Local\Temp\nsz6C77.tmp\SelfDel.dll

                Filesize

                4KB

                MD5

                5e14f6774c43bdff6ffe0afb0d51c47f

                SHA1

                fb1e7b6e63afa6db6aa2033b5e7e90f1f4ba5e27

                SHA256

                7cb51ccf21655e9590a6c3232920b16a3dfef15ffe9df7b8e71f487ca8c24da9

                SHA512

                6ac533c0485156a68bd1460d8219acf7539b766590910cd646f4d7d4572c072f45369712d88d4e698f4e94aead8082abcbfacc3d6fe890046898f6c6d85274e3

              • C:\Users\Admin\AppData\Local\Temp\nsz6C77.tmp\System.dll

                Filesize

                11KB

                MD5

                00a0194c20ee912257df53bfe258ee4a

                SHA1

                d7b4e319bc5119024690dc8230b9cc919b1b86b2

                SHA256

                dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

                SHA512

                3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

              • C:\Users\Admin\AppData\Local\Temp\nsz6C77.tmp\inetc.dll

                Filesize

                20KB

                MD5

                50fdadda3e993688401f6f1108fabdb4

                SHA1

                04a9ae55d0fb726be49809582cea41d75bf22a9a

                SHA256

                6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

                SHA512

                e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

              • C:\Users\Admin\AppData\Local\Temp\nsz6C77.tmp\time.dll

                Filesize

                10KB

                MD5

                38977533750fe69979b2c2ac801f96e6

                SHA1

                74643c30cda909e649722ed0c7f267903558e92a

                SHA256

                b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

                SHA512

                e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

              • memory/2780-10-0x0000000002800000-0x000000000281A000-memory.dmp

                Filesize

                104KB