2495dc954860dc92ae7504a13eb849faa19a7a1b29751a8572cdaf595b7b5ecf

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe
Size

57KB
MD5

04a36e68bba3cfef080c9796e2b7c8ad
SHA1

2cd483d49665c600c88e951d4be49b01733fce93
SHA256

2495dc954860dc92ae7504a13eb849faa19a7a1b29751a8572cdaf595b7b5ecf
SHA512

5b2e9f2cd8dc778c1664b7262dc5f54b48ba4d1fbddecd6e3b3bba81899277e4686f96f0e22ed09e301a28c0b8d12202e1bec11e9f1102298ada595aabfa45fc
SSDEEP

768:tu88JmsOFMi3tYn0dlD0PV4547xSRAWa89wIoLDXDTRFtDKCzbxDtjx2A:tuXmXW0/QPV45SMWxLbtnxTH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433924830"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3D93071-7FBB-11EF-9D33-D6FE44FD4752} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2280	1900	04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe	30
PID 1900 wrote to memory of 2280	1900	04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe	30
PID 1900 wrote to memory of 2280	1900	04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe	30
PID 1900 wrote to memory of 2280	1900	04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe	30
PID 2280 wrote to memory of 2164	2280	iexplore.exe	31
PID 2280 wrote to memory of 2164	2280	iexplore.exe	31
PID 2280 wrote to memory of 2164	2280	iexplore.exe	31
PID 2280 wrote to memory of 2164	2280	iexplore.exe	31
PID 2164 wrote to memory of 2780	2164	IEXPLORE.EXE	32
PID 2164 wrote to memory of 2780	2164	IEXPLORE.EXE	32
PID 2164 wrote to memory of 2780	2164	IEXPLORE.EXE	32
PID 2164 wrote to memory of 2780	2164	IEXPLORE.EXE	32

C:\Users\Admin\AppData\Local\Temp\04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04a36e68bba3cfef080c9796e2b7c8ad_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dfc24e54b802ea5ac40da95cf5ab1b2

SHA1
badececc59ca50443af545a37202fb4e7309f789

SHA256
11346089176f639d3e1a167dbb92823ad76cd4bd87d817d9130633238723c650

SHA512
fc88c5f4c5d93ee7074c8bb9d9f32e3095e96d085b1534855d480eced94f3f5dfabf9e034f46d68171651a24300fd33cf658438eed19c43d15700d8744ca841a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ff59f933e9d3d2976e5427f480a523d

SHA1
c2607c11f8e213533573184a9a5b4a17966e3fd0

SHA256
5fdaf6edfbd975b7e48fd9905218f665bde3916a5f168b28e39aee29f3380335

SHA512
97c66f85652a8e4d1ee9788db3577fa44b8de07808754d83b8c1452d345ca234b402bc7567a045ec622d17e88cf61f2f7573a7f1146f1a59de5a57571b3b7d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33cf0d9ae4d0b3b974d3a3ff9e690073

SHA1
d5947134b3c73e05846bbde6df27ee362f8ed7df

SHA256
e5fa96cb1ff240727a6580ac392ff5203b953058fd0b03852a53d2f5f31706a9

SHA512
2b1d4b7fb401a2aa9c27dcb00f775b404f8901d898c3f14303f6dd35694b62df6c21417ece4e09b54a3e86c389b73e8732f4d3e968b36301461745ebfd68d30e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27c5c66112d8b2d1aa0763b8d5c03f60

SHA1
d40040dbc7486b155b3de1de920c60d7f3221241

SHA256
f42b3fef2e8b2198ef97a1d360c493bb5bcc83ac86288ac19b6c69218dde6053

SHA512
2a7a1ad372af0da67b2344f151b6f550294eaa30e2b4a6d7c86c17ce5d3d147b08a9e03ae7498e9b3f1999aa1f89b2c9596d729c20cf09dc552ab91b8bb2da3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a3c7a0bbfd088b23032c5dbdfd9764e

SHA1
f23310e578f90d43f974ff0cf9737da2c13521bf

SHA256
7ca0563effe00beff67c4a35da08822fe24efd600ddbc1a4019f9682205fbdb4

SHA512
60169a7d1fa09dd225a6b27e40a2188b48a884f6532e70b8aad5acfdf4b04dabc1e7c789da428691501791cf7fc281b2e63665d63e330c86a51722526085f059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3f67777ae9ae67fcdabb9160ff07cc1

SHA1
a5652dcde20ef23c4b78ff946d8df615ff0748e9

SHA256
d7dbac6f17205f2967a03e6f098a1fdaf11c659d40528a644594c134c86f856a

SHA512
0d960aef8306df70048c95aabbd717a31b9b4a97bf612b0bd9db6adf11784ab90922e67bb38b2cbeafec9b421ba0b8aae38b5f68d9f6bd4b366b2475d837bf1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4518c58a50ade400d0db2505cc606e7

SHA1
17882293e2119fbf9130c2d3e091989fe1335fc2

SHA256
011b1a1e05401a9bd3aefc409a42cb1334ffc098b51364278dd102aaa6e938a1

SHA512
454572388ad690994abf2f7a818b29b796cd1389830ef946db8d16c1abe6ce8b8495a5a257eed31a6d095a0c5e2f44a50f26afea37696f0eeb9a005e064a13ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28673f2d5dcc3efb3360a51891205d70

SHA1
6a74dc726b265161b14a60cb19b5e4dc85db58b2

SHA256
20345459a92c36af9c0110e7f5277d297e76eaea0385f3820d53d61a8183bdc0

SHA512
c082f97f842eccca08338461216098824e865d7200b9d72f6571f57b97672fbcdaf328645558f130d80ae51f566e62088fd4e62be04b179db547b073d718a2c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f78ab0769397a86850d67e6257e31bc

SHA1
ba864292ec18bb142a0f348258280d062096d738

SHA256
62109f0f4fb052525c80b05912633100ab1a10124c26f09c344803f9cdaec4fd

SHA512
77ad8578860755678fae23eba4d7aa2d111c7c8026ec8634b6475c41a73bc7d70a95d9cee86dadd24f1c0a6eeee5780020fd15a8387ee6804c102f5aa96fca58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e7c07ca6247c9ecfcd92b109f9224c5

SHA1
352c3d77e835fc1764285e10f0941c37a5ac7374

SHA256
e2f01e45c0a2816315fabfb8787749f3c359262b4cfa14c498ace78a5c3a3019

SHA512
4e094eb7c775439d2335b2e98de18e5ce9f6e836b7bd3cd5b2ef07acde692696bb735b5a75abfde3587a06e70bd2fb277c1a93339dfd80f92b725b83e6831e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f88bf75726af774c735cb0a6acda8d7

SHA1
a61dd6e9653084cd2822d659d99e98a60544c64d

SHA256
9bae6bbfaf4d3746ed9aef5761c61fa9f14b2d367bf43e9441609750cb30c994

SHA512
22bfb71a6d232aa48563dd646f8fd08dc224586592b8ede0ab2a5d8aa1aac42b0e90e1cfec2b34874e3f8ac26813077381c120471823460d210d9bb8945a7969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c80f03d7442016493b98b1091310ed3

SHA1
d0b1a3d7f8aeeb2255032a6a6ad76d946ef53a27

SHA256
83b103f622573f538b89ae1349bfa13c6dca25a6ff031b6ff483f4fe42265484

SHA512
cfbe54171da2799129bf4c3cc50c4fbfb31da47e68b25e8642363c6031dddaf94541b8e36d5d2fed7d7f0a67f3a0004d0869dab184b74164c358d6e15149d862

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
496c88ec4a56924d6c8f40bdf9860945

SHA1
8b14e50dcdd89451ae41feed7ffe4a061210e817

SHA256
8d261604acdca9ce7b71e185f500882abc1c91496ab5f943dbcc447cb81b7db7

SHA512
eccfb2ee62412ab14c1dcde2a680faf020878816dd034984e0f8ff25f43dbf7bc8580b589ab31c169448bd6eab91030f4f25750ab72be71a31fdd6971d9eca88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ba10b8acea9786c02f9980f3bb252b7

SHA1
8684d341ea4ae25b83e84c623e7737f812cf4c96

SHA256
d3ff558d0f61ab3c55547ac0f8b4062d35bcfcaaccac5377807cdff8d7c4cada

SHA512
ebbfa7d0ba65a39059949b68c757d030bc3cd7b40c7e18168f2d5508f9c9c4b0100cf552feae8560a705d3e79319bcaa3ab047ece921482d34bff2dc3346b0fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
463d0b9fb064f2740efd000536166388

SHA1
450a6e8471c496265272aba20338d14a764aa263

SHA256
5b0167111eee73a61087b8c3c33a70830611ca3a49f4e286ec8e7a45b79a1e0e

SHA512
40160171fe2ffeb5b83eb4150bd948eebc2c42a65dfce40a8a497f2236cf0399dbb2c81eaf4493987098212d2e84c6fed4d881f6c685fa7764be319d98d99d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
866549f419fd4f7388b5d1aeda3867c5

SHA1
f8c2d0605201f45d5e40439d14cecf2d270d7f1c

SHA256
2e4ac740d00b8060ca6b99b58d8398cce0f08e4dc35fdd50d8ece303dc03f2a8

SHA512
163b604ad9eb5e4750e55327feacd84fbf7df9f94469d85130fb94d9d204e5b04fd576479e52a25071e20d2ab4a3056618cb05cc10455ffcf18242dbf8bac912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99c2e63c95ffa5729eb57958e07e528f

SHA1
2b785e55188e163482e22d49ea3025b02ff0e568

SHA256
b20f0483773c9cc9135ecfca74bc6c05b46db662aa622bcbe4359c5368070cb4

SHA512
882c7db8f5a0adb2673b365b141a81391822904321cd6e9061a6a8802a61bfebe4ac0a298cbc7d06c1bef4eb56cb7163b355a64038d49a43a9ae4b224e1ef8ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9889d11d453e82181c4734ca312c4a9a

SHA1
b15511e29093facdd2da242b204e43236478d1fa

SHA256
f6a1bbf5a91f3c27372b175cf7cac359c5d6260a44f2e75cfba09dbccb827ba9

SHA512
ed73c5d53c4869eaf2c2614451bd2089ccd242ec716b9dbfce117576bd0bfac6372494c485a39f993814c1d948389c125a7c63aac1dfe2a63e146e725881bfef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4d2243bc59fb9d863596c914e7aff50

SHA1
8e5769586ef09bf3b6ab4e5d25654be8a0bac943

SHA256
7103b4175362d1e3592dce99fb1b45caefcf34390d510f400a182ddafcd9f231

SHA512
d25cbbf5dcf28378867977db2d8a58092535a636f6ba835ec495a943d064712b4e5885394f207da2a61c2b9763d7064b8fb201a43e9c2c3d9aaadac98fd2934c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6DB3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6E53.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1900-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download