Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 10:47

General

  • Target

    45ce696c62a09af95a278f9a32afb4ae_JaffaCakes118.html

  • Size

    353KB

  • MD5

    45ce696c62a09af95a278f9a32afb4ae

  • SHA1

    1fca921830c33211b0eedaf937a118ce7a66e6cf

  • SHA256

    e4e2aa9cb5e2dfe45aa4504cb691d26e56ccf302e519c0fd565635ea65e41e3c

  • SHA512

    dc4614d0ef15635b2f865b02cfb7a3bcd3e5d4647b6c655769ebca7e5988ecda9047b839a02decd17a31930f121538ae7c49eaa3dc52e816e1707ad6004eb1fb

  • SSDEEP

    6144:SOxSgui4C1lk54GpJ1naZhEFsMYod+X3oI+YRGDe1sMYod+X3oI+YRGDev:tyi4C1lk54GpJ1naZhEx5d+X3vGDG5d2

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:384
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:476
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:604
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:2228
                • C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\system32\wbem\wmiprvse.exe -Embedding
                  4⤵
                    PID:2052
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k RPCSS
                  3⤵
                    PID:680
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    3⤵
                      PID:760
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      3⤵
                        PID:816
                        • C:\Windows\system32\Dwm.exe
                          "C:\Windows\system32\Dwm.exe"
                          4⤵
                            PID:1168
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs
                          3⤵
                            PID:852
                            • C:\Windows\system32\wbem\WMIADAP.EXE
                              wmiadap.exe /F /T /R
                              4⤵
                                PID:2596
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService
                              3⤵
                                PID:972
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k NetworkService
                                3⤵
                                  PID:284
                                • C:\Windows\System32\spoolsv.exe
                                  C:\Windows\System32\spoolsv.exe
                                  3⤵
                                    PID:664
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                    3⤵
                                      PID:1076
                                    • C:\Windows\system32\taskhost.exe
                                      "taskhost.exe"
                                      3⤵
                                        PID:1120
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                        3⤵
                                          PID:2160
                                        • C:\Windows\system32\sppsvc.exe
                                          C:\Windows\system32\sppsvc.exe
                                          3⤵
                                            PID:2384
                                        • C:\Windows\system32\lsass.exe
                                          C:\Windows\system32\lsass.exe
                                          2⤵
                                            PID:492
                                          • C:\Windows\system32\lsm.exe
                                            C:\Windows\system32\lsm.exe
                                            2⤵
                                              PID:500
                                          • C:\Windows\system32\csrss.exe
                                            %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                            1⤵
                                              PID:392
                                            • C:\Windows\system32\winlogon.exe
                                              winlogon.exe
                                              1⤵
                                                PID:432
                                              • C:\Windows\Explorer.EXE
                                                C:\Windows\Explorer.EXE
                                                1⤵
                                                  PID:1204
                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45ce696c62a09af95a278f9a32afb4ae_JaffaCakes118.html
                                                    2⤵
                                                    • Modifies Internet Explorer settings
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SetWindowsHookEx
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2088
                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
                                                      3⤵
                                                      • Loads dropped DLL
                                                      • Modifies Internet Explorer settings
                                                      • Suspicious use of SetWindowsHookEx
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:2072
                                                      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Program Files directory
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious behavior: MapViewOfSection
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        • Suspicious use of WriteProcessMemory
                                                        PID:1028
                                                      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Program Files directory
                                                        PID:1952

                                                Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        1cdcf071b4b2eb21175066040c1d2e25

                                                        SHA1

                                                        4906b596760deb1a55d8bc0193171406e59713af

                                                        SHA256

                                                        ee00921897fbcf5d4cf7f24cb91d646be47c0cebb9f224cbfd958ec584caa43f

                                                        SHA512

                                                        6b0385a533bed2d9299f7c7a8bbf9ceb959474e121612b87b038b00326f23301bf12f4d36c11cc2f4b70c63235675a398f9a9eda9a8e1182dcc3b938d6d56f76

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        9ccb6d848f059b924d2259c71bc1bd28

                                                        SHA1

                                                        468e0a0ceedaad930ff94b61d743480861c8ef0a

                                                        SHA256

                                                        70e4414f277e155b77eed561bd2bbfdd0fe3f2942dd77cf241dff82481a9b0ee

                                                        SHA512

                                                        4f8c1966a7e8a8f6a70c79f3d8b24906797a6d6c4ee04c4e9d7dfe6596e67b0bbd62eff7b7dd712d08b9bfe84a36d83b839b1040cae0f3c63384c0355ce127b5

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        7933348504fc23145b9a27aac439e545

                                                        SHA1

                                                        f60d6d0298ee311223350b51f67b0ebae7ed1197

                                                        SHA256

                                                        68933df14f0e49e4f4ab701017fabbc412c2a5d90f381e52985fe703ca176de9

                                                        SHA512

                                                        8f3ec760ac44056d5c4494d50a7582ea7122bbfd20e56264852cabb2f8fc83a35264c43981d329a1574220c8707ff79d06da91aad6aae5656444630ef8485739

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        32d50d78cc56e0ac458193eef1e6d0f5

                                                        SHA1

                                                        2830bd23c76e7871c859a027aae952a28484f56e

                                                        SHA256

                                                        fc3fe94b7e716de20f0379ebd6df800a76e1d3ab54ae62a4cd3e708068494897

                                                        SHA512

                                                        87a0a63d40923df1373ad66b268ba8d0d45444967a21277ea66ef75d197680d81a09ee1004ce5fc9c655f9d21e829c53c2ea91b0caf3652bf4b5152caede0bae

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        f2dd1b636af038b7f9321b9e368ee135

                                                        SHA1

                                                        e03a078197e973d42cb76cd2d73fa1d078ca9447

                                                        SHA256

                                                        47ca19a4a0c439209860cfc16534439c582ca1715c209f43d84ffbb43ba35d65

                                                        SHA512

                                                        3621c869f127ff732c6c45e41b2e9c9a8edfefd4bf036b6527630511f80a6259d6640874c89fc9d7e0d9d28da2f29691accfae7a5c394b7b38c4eb5070fa1183

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        baa542070ea3b835a8d2de9e8b4f0444

                                                        SHA1

                                                        4ec90d8432b9f746cbc92ad2644cdac9cd30ce62

                                                        SHA256

                                                        267ea534c4c76836d691173ae0076fcbc91440e31399db2cb1c3c09461d28e7e

                                                        SHA512

                                                        4ec981f2b2f1751535a874711052240cd988c438cf2de8c2de02525938bb624b090f7c898af66a09d4c1da8eff2c1e3404abe90790b1ce4c96df6ada67c18c3d

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        3e69f10cc4ca312292aa46fd200078b2

                                                        SHA1

                                                        292dc929f982d81be83377d6ab05ace1b0d7608e

                                                        SHA256

                                                        9d9a583d212ecf5559fa46260bbe1f9c8fb71ac520ede37151ebd5868db2901c

                                                        SHA512

                                                        5bfb901d0d3960fad86ef01a3e6db2d84612b694f3845ff0a0c36b06287cc557e0efd759fa34e609687153197747fd0bd69368874e47c74aa3243f4a4c152cdb

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        2607fd10e250f9c34add85f4d52cd095

                                                        SHA1

                                                        78273ed09bb64126e149ade9779824730fc5bcf3

                                                        SHA256

                                                        e830105ac0f09b7b2386b6599aabc2878deff39a5823aad03760ff9bd38ad9a0

                                                        SHA512

                                                        717a191b5c3e4dbd4c6ef2f0b174bca67641e4af225e0d74dbcc2b20432c096c5bc181aa2c8e86ffdec6e7588fd26c0ce36c12f9a5884ae0a3f04e17942b8185

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        a378dd3f22e5ee613dac8edff757f8a8

                                                        SHA1

                                                        ed2a30065a293422553d8bdd5d26661953ece6b5

                                                        SHA256

                                                        5317f2eeac45733afb63c3b880df17c3cfb0c7f1368c58e96e8cd9edb30925d2

                                                        SHA512

                                                        1c7c59e34008679c4619fcead2edc56480ec6bc63e66618db93801020bc9e5a005884ab3287e7cf0dc57749ec4b490d382477cb866d2306e57ecc7f081ac29d7

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        5237c795f121feb88700ed4cd2e36f31

                                                        SHA1

                                                        d003e260045fb9fa24c8c257be189512697248e9

                                                        SHA256

                                                        e55c45f2fc3c93e5721a46ccc05fcef2b91ef488f0ac08fa38ecf5a16a743105

                                                        SHA512

                                                        007ba77477ac6b1a039f48f533bc83a1956e4ee6d7bd0aa6b64e01f121a8093820d3872919ca262489fe972c346a968cda819b98bfc4d8cbb0e11f95206dde15

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        bf1d980701a5de650e61a7ee0451a150

                                                        SHA1

                                                        1e28267c312ecf77a97312bc353daaef97f33b6c

                                                        SHA256

                                                        600b3e49eeca49797a740bf1d252ef122005aa07f6c697843ab5d9f16d6b09d3

                                                        SHA512

                                                        13c5c968a662a5595342a995784ee52988859441e860f357fe1cba6602cb049eabb680c637d2c6d16b879d07dbfe4daff0ee83a8db4e7641b65ce5cef59327e7

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        9f9e35f762a11b107cac791f87133b5c

                                                        SHA1

                                                        73e95c2a5563f334d57ae869cfd45995bdfd0d72

                                                        SHA256

                                                        b8443686f79ad80add4f45bd71483b5c32d34d84e2fa9be33930a9c4ed8d31ec

                                                        SHA512

                                                        182adc9f37e32501cac355ba85e447b7d4ca3841c9a9c96d5a641d35e31b4d019d2874a1be2a475ff7da03a9e4988d66e096329c9112daeb06dc9d029061901b

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        5b9d9a465ce65af2355100ef9c0f8ddc

                                                        SHA1

                                                        c145eb7cf9b24cb5a321a61ee7fe0968c1634891

                                                        SHA256

                                                        dbdbb2887a2d99cf003dd879ffe104f4a512aea6756a0c5180d30712b09add63

                                                        SHA512

                                                        9f5c4f4f8671766de346ecc196098592b0c3eedd8be4e6e03ee0160b277619c5ac899e8be45e0bfa4d1576033320f9f31cbd10990da3edd19796aac07d78ac61

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        b637612bb6cdcff49649dfb9cf47106b

                                                        SHA1

                                                        91563fa898a80dfacac77dab50d5a6ad27d4c3c1

                                                        SHA256

                                                        a0c95b4a85cb0e59424b53b4574fce9d564874478e0e87f3237ec4025173dd14

                                                        SHA512

                                                        3c927f89dc53a114dc906f0300a4712d6b6ff4dc90ffb56e195e9e3852cdce43e9f21e446df9a1973078fd7208d3ea300bda7cf611d6b4f9bd6a3ea372645796

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        f266ec0ba74650c7ef3a1c905004b386

                                                        SHA1

                                                        1b851c36f55ab1ec270ccb6d939568b6684d1f9f

                                                        SHA256

                                                        a6f27646ac62a5c4f3f91aac4d3d482419b19f493b43af4f0ef4f241a75e28d7

                                                        SHA512

                                                        591a2e17b1d07edb8449f48468377f5e58a5933cfbeb082b340da76ce637dfd1871ce14ea09ed2f35531486903a819d15dc6cf9ed29b1940843575d8852b8967

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        d33a84926c54aa865e4045d19ccf8972

                                                        SHA1

                                                        82d87c7241a98d4c2fbc29e584de044adf56d921

                                                        SHA256

                                                        0d3549d92e75a6b7943d31d59124ab9c34be60629b82c7a87525815ee10e0e6e

                                                        SHA512

                                                        ee5fd5940194ac1e3ad0deacd917d7a7fd4befa5a9e7c0a0a2064abedb523a377d3f425256dc07301f7004853a9ebc7dcd18e165ce327a15eafa06f5c3ea9582

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        733aa18822915f44a3b5626ddb1c2c9a

                                                        SHA1

                                                        b5d85a236009ee1b2fb92cad89d81e848d6f5820

                                                        SHA256

                                                        3065b2f22f6943f7fe90c387d309bf31b375e31df09784477080384afcc97785

                                                        SHA512

                                                        e3f28b885ccb284111aba7da545914029f3f7bd0bb4587c838993db7e99a8725a3a134f9b2e2bb97b9ec2176873d556a408eb0d34bcd1747c8b08e1045935904

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        d6e6afaf65c614b919d4d68fea0dbc05

                                                        SHA1

                                                        bc4cc530241e4ea03fe87fac9f75734b3c090307

                                                        SHA256

                                                        f875fa57e3d7421dcc93c38d4162c699075cbeb2fc6bcf59d09171a83b4fa3da

                                                        SHA512

                                                        b5cabf615ed085ddfbed9eeec35ea3ae6e2fe8955414e38715d4b7fcea41e7866f7a193fa3095a13e5b2b16435d9b40e93e36e3b8f83e2d201bf645bd57a6dca

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        3e343f3cf856398da9f68f071690d950

                                                        SHA1

                                                        e4fabf7318ef4dc18457a193dc9ab397a960016c

                                                        SHA256

                                                        029d99463ed5bdd6b85d78bb65c0d39aa1ce0c63e4184991ceff8096acf26f9e

                                                        SHA512

                                                        53f7458b4d429cf93fc0d57172e272b5113dacfc46e950e6285616da2117a1a8ffff64f963309509651c05a45a8cd645446e40638365179dd7cdc6f5a1d21482

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                        Filesize

                                                        344B

                                                        MD5

                                                        916d8535fd68242cc6b6ca5d7ca12e8d

                                                        SHA1

                                                        ab2ad921193adaece9cc87d2b851d8a0874abaf6

                                                        SHA256

                                                        17ac49846b9f8e576cd0eb922076458bb53f395d565278ff16c02877b1c0f241

                                                        SHA512

                                                        5cf8df70b129ce8e0d6212fdf9ea9aedc76a6cc115143db59a43dcba4910c32942539acaa8e63ad21cc3c4dc85edaea1ed86b5ffe045da5b5ac55031488ee35e

                                                      • C:\Users\Admin\AppData\Local\Temp\CabE3AD.tmp

                                                        Filesize

                                                        68KB

                                                        MD5

                                                        29f65ba8e88c063813cc50a4ea544e93

                                                        SHA1

                                                        05a7040d5c127e68c25d81cc51271ffb8bef3568

                                                        SHA256

                                                        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                                        SHA512

                                                        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                                      • C:\Users\Admin\AppData\Local\Temp\TarE3FF.tmp

                                                        Filesize

                                                        177KB

                                                        MD5

                                                        435a9ac180383f9fa094131b173a2f7b

                                                        SHA1

                                                        76944ea657a9db94f9a4bef38f88c46ed4166983

                                                        SHA256

                                                        67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                                                        SHA512

                                                        1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                                                      • \Users\Admin\AppData\Local\Temp\svchost.exe

                                                        Filesize

                                                        84KB

                                                        MD5

                                                        03451dfbff127a5643a1ed613796621d

                                                        SHA1

                                                        b385005e32bae7c53277783681b3b3e1ac908ec7

                                                        SHA256

                                                        60c6c49b3a025dbf26a1f4540921908a7ea88367ffc3258caab780b74a09d4fb

                                                        SHA512

                                                        db7d026781943404b59a3d766cd4c63e0fa3b2abd417c0b283c7bcd9909a8dad75501bd5a5ff8d0f8e5aa803931fc19c66dcaf7f1a5450966511bdaa75df8a89

                                                      • memory/1028-6-0x0000000000400000-0x0000000000436000-memory.dmp

                                                        Filesize

                                                        216KB

                                                      • memory/1952-18-0x000000007EFA0000-0x000000007EFAC000-memory.dmp

                                                        Filesize

                                                        48KB

                                                      • memory/1952-17-0x0000000000400000-0x0000000000436000-memory.dmp

                                                        Filesize

                                                        216KB