50e49242340ade243597a6bb5cedb87bb0a3d2726d1fe913d2c019ff370793d0

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe
Size

56KB
MD5

fdb7ada64dab3275237389e0e47e2add
SHA1

0ead3a05cf94ed141ed6ad258485c93896acf261
SHA256

50e49242340ade243597a6bb5cedb87bb0a3d2726d1fe913d2c019ff370793d0
SHA512

15ae3bb69a8e3302b3ccecd0687c94e1a1e8c7a92c59e1b1fa328bab35274e71b01f737abe47a83575d373bc3e8a40c16cc28f569c45efcaa4f2221c88361d11
SSDEEP

768:Nu88JmsOFMi3tYnedoF7e80o47xfS2HpEGSDqOs9eiRA023t7M+Ifjvw:NuXmXWeslSBsJj302dM+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7FC48A41-7E13-11EF-9630-523A95B0E536} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433742635"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2608	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
1100	IEXPLORE.EXE
1100	IEXPLORE.EXE
1100	IEXPLORE.EXE
1100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1784	1904	fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe	30
PID 1904 wrote to memory of 1784	1904	fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe	30
PID 1904 wrote to memory of 1784	1904	fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe	30
PID 1904 wrote to memory of 1784	1904	fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe	30
PID 1784 wrote to memory of 2608	1784	iexplore.exe	31
PID 1784 wrote to memory of 2608	1784	iexplore.exe	31
PID 1784 wrote to memory of 2608	1784	iexplore.exe	31
PID 1784 wrote to memory of 2608	1784	iexplore.exe	31
PID 2608 wrote to memory of 1100	2608	IEXPLORE.EXE	32
PID 2608 wrote to memory of 1100	2608	IEXPLORE.EXE	32
PID 2608 wrote to memory of 1100	2608	IEXPLORE.EXE	32
PID 2608 wrote to memory of 1100	2608	IEXPLORE.EXE	32

C:\Users\Admin\AppData\Local\Temp\fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdb7ada64dab3275237389e0e47e2add_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1784
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22e4427cd2ccb483eb038c382cdda7ac

SHA1
1e9606060a2262aa746a9f4cc736b69f4430ab33

SHA256
c0fea3bb90f03ed1de6347378b9db36245018c8a03f0fa825aec58d625e8cd10

SHA512
26d5b750dec140e7ba6880e8bb1106f79d3f5356c036d040f150dad26e62ccbf766a52d68cd75b50287e090be8fc93f03711100b0d77d48f73f5254be3d1623c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a0467b8a78a6366fa8eec8dbdbf249d

SHA1
0ab3437631c09ca3fcdd0717291792bf8498554e

SHA256
7ca07456eaa1837849a99757793f4ffb538933fadd275e35d0140e1bdb9583a2

SHA512
4da0047a4328a0072bd2cc29d9a0152e2d8371b25a1a748edf0dabbf7c1e8faff8e9244acebd22bebdb637248fb47b60c11d9979c46768e19e4f882d638a0635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5348bec8576b0c5e9ba9d6493d39ee63

SHA1
f35c1f93d5b7c6fe1d24fe4b737281db2e38a9dc

SHA256
7dd6bd50ab4dbe2b2f91459e94ee07fd0df623f8eb7716dcafbdc40d9cb2dda6

SHA512
ee76edcc2cd1b61f3e3523948ecba4e292e8995c3900c7941070afd1364fe82d628a906a3a33dfb09215d5eafe49ffe4edc8e60b6827bf8799d02ffc4e81c618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b240e804477b766ce0a42627c7f21d9f

SHA1
f67ad7295883685b65b12617c91a8c6f4492337a

SHA256
15fcc672b9879405ca11295eacd287eb90737462c3dba5a16649a215857b1e14

SHA512
f877d4a15715c0c5125d3b071a1ce33cc23860b2a7b948847131f07da5e5426f9f2819d24ed9cc7d0f8dfa58b325a130e003d0ad27f0a8f13d3d3049961f51c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eb286d79c5a0d23dfe5ead467c89464

SHA1
7640b40c3d045f3a00e15f61509c51f8e6b139af

SHA256
fd25c72fbc80dc4932cb6eb223c3beefe7e0af7c541d662cccc90426d75919b4

SHA512
f0881bcd3cf0ba0d4682fd7064441bdaa6871c39edeb71c74414071668e5c321a709933b716376b8d8bb51f41a32a585e0ff68cdf76c6a111e2f0cc3949a4895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95ef789e021238219d1db9bd420e2012

SHA1
42291f25691af2e694ba20ed6c3bb7e1bded0501

SHA256
196e56aa2f69df41df80187423609f4ac1f8b4c1bde8f0ca7cc190b6b07bd7dc

SHA512
f36e436a8185a81c6388d9a6bc32378d41740b7744fd31cff63f32d1104e3511b41b14ec5f7227fbf42291229cc627dbdf428be24221c5972978c42e8409921a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0157c18dab987b6c065bb14a48860d08

SHA1
294cd037672007669df4d3481af3117acdf52850

SHA256
57e41550e6995c9bdffeb784ab7f58e342e3ce2c32ca1b1a9708cf975affa18e

SHA512
8b61a8cb995a4e4b5ea0b884f1ae1cf7cf87ec7cbba8ae30d60694292d43c8c05035d54b4998d61c2eb30cad960c5d63deaec86704c36d95aa0da9de4031ed38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d709e84599ae04c3d8955726c52527f6

SHA1
c0904605bb1d12f875639de324d1a857f981eac4

SHA256
54ec04a25e619251fee7a791df3d184c7c74633f1f5b48f9ea71462c3ffdcfdd

SHA512
c6272fe4a9d2c7ad183614e814999af7eff6ef4ab20af96812bd0f0aff62c00b1f7ddbbed0aec13b7910cf5c16ca81b90f029deca99330d61341c2bc2e4ce7a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bc1087e4d6cf6e19929f41741fba796

SHA1
87140c46e4c23180589f22d93bf66f9f56fa7ff3

SHA256
6f5061b01a67967275720c654aa48ecf427be4bc9e9375399f81a9862ff655bc

SHA512
12f375f621c0d30a466ee35b63d8b4040b73368681881d557cf9aa76ec99f74f5a5eeaeb79f6ea1f168facd48c5d7bfdc361873aa40a0ca1e52f3a82b9082430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d606f653f8b55e44b78b2fef3664263

SHA1
ee2591078825c62a242b2c11b9bf68e4de2f090a

SHA256
20b69a0a27c466d9edfcce8e61dbde8a935f2e86704ac2da78ef865bd339dc6f

SHA512
d0e777cf35275d075913ca8f39d991cb3af3b1cb0849d5c51cefea185ef6f00dd127e9e9a05d0a9f3c8063bcd9be7f38de2c3ea6c8f1b97ee16d64eaeadfab05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9837c4a3acf0b38f863d93f446456310

SHA1
74b3b8b0950c68a223280c3a3139ab4d0e6d90b0

SHA256
02725afa1d0ba7c53709d0557c5b0c0da5f2c7dbf2d58be505e37db0a6f913f9

SHA512
42c33e3d4e58c114fa9ef3304663508e861b0ca1822e05329c899c256b76ae2b9d2199a6a5e5218a5c2ee3e371cd7d01903c5cc185ffbf6574612426c9bef189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f81e4686a83186700f2ccbb3b511f54

SHA1
89a8f092baf8a5e5ad70f3c60128aa2687809409

SHA256
bf08a249b1a37cb4f791c4781d8fe42dcfc3f8a097a804fe50b750c1349f20c5

SHA512
fe1233697797a40619a7cc239933069f22230cec1891df3db6e51ba5b26fe329c550dacae55b8f6f44128694699974036be61d80b27e97ebffb756a759c5f59c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79170645f4c0668740a035f920e1fa8b

SHA1
d53696511a94a22598969836e35546f5ecc5f997

SHA256
620e1aee002477c6334e09cb18d96e3fc17fdd8b4e83706c1f42b007a78d2ece

SHA512
b069cb040a675654eaf1f16c096038d0dd837ced2ed0d92a75757185c2836caaf7ff4ee2903d0052d64fdf7b7489521568b013471cd80c028e4597c3795a0b3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
118cbccb697bbd027c634a8a71e47244

SHA1
a8ee51da148c35316c082b931370fcf43314313c

SHA256
d9466658ebb7e74c48b6805a3aed4ce880271f8e833cb5218420cf4cde42a736

SHA512
193adc2b7165c2bb0dfc9948d0fd3da10124ba9927c8a6484ca88d4350e7b3c481e40aebbc35831aac3f26491a23852acc82c500201e08bad0e87b1e6f447c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c96ada553edb24881e249b49dc3bc128

SHA1
9c6091303a69a171a5da816ad229fc35d601b98c

SHA256
fd29831f1b0c33d304b6678403cb102544262e056473fba15cd46b7661f22fc7

SHA512
592a996b9dd24257b1f368393a56e5c6afe00f186992087df0090f94d3ca47f9f4a8cd4e2ff483c281d21d9460ac29a88cd17a682665d2b812e464495e3a2998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
855f6b233f93b53900df931f4f114aaa

SHA1
c626f828c0b02511682764382c6ffa520e3579cc

SHA256
0c508416cf4937eca6279a9c17683bb43f9f3352ece9640cf7da6724abcf4df5

SHA512
d507b54c7a0e900fa1c2765bfca2d70946f2ea0b7c2a04c2dec15347120391eaec11d21c860c2c78086f3decec03041214081bba3515d829d5fb2b96696cd60f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
debc268db3069387135b4c2429efaf52

SHA1
6f037668c9209be23501f39ac533cfc2a5f9d4da

SHA256
4a560ebce043468143b32e021241d81673e5c6108d027ac3470d1dcaf300bd80

SHA512
5f7167be6258e285b498f53813ffe71bafdf86b82e79089a895229393420f0c78bf0b79d15318e33f3979a2c15704f5c8ac5489330cac1e6e0439f9ae5adf6dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22a1d28b67682719dbd83159239cb6d0

SHA1
c9a5d2a835dab056d931c4cb48456d3e6297c6c8

SHA256
fd021fa07e280275dcea1cc9db058b53cb5f88e60f039729c1d5bfd926c43944

SHA512
b860b2400c6c531cb621988707e3f23e565de2ac10ac924a9a897d2e0c33b397c663288838861a4c77f4d74965f0602034d17fffefe045a03c75ba7110a25025

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a0a20478eedb83695a2ba570c255c1a

SHA1
4410165e3c18d04c953a7f945756ea50ea8466d9

SHA256
a20b133987309a2911e4be5daea14a5b86a9bc0efbbe331597e7cd632c07ac7c

SHA512
3a14cacae89b48e56d96db8cecae4cefc164ce68d41af68a970802313426d0178708ec2ab7342aa76812e1abcfd945a091691e71aede9e6a9c76fbbfb70fb5be

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA084.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA0E7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1904-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download