Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 03:08

General

  • Target

    74aa1a2403555156c3033a8845bd3d53JaffaCakes118_NeikiAnalytics.html

  • Size

    348KB

  • MD5

    74aa1a2403555156c3033a8845bd3d53

  • SHA1

    d6aeb7a917cf676c6284cf87219a595511da67b9

  • SHA256

    55e0deae1f4d4faaeb0e042e204cd7c544739e9d394d319fdf50f2fa8f96749a

  • SHA512

    3f088ad524600bbc40e70dfbd542c5ea036eed642c1afed2f9e8d0fe6b60326b6c7d93049bd70f420a48db2db7486d0ad3b7facb30fb39ba9f1bc0b8457b2684

  • SSDEEP

    6144:SAmczz4OsMYod+X3oI+YRGDe1sMYod+X3oI+YRGDev:dmczz4M5d+X3vGDG5d+X3vGDc

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: MapViewOfSection 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:388
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:484
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:596
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:2128
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:668
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:744
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:812
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1044
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:836
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:964
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:272
                            • C:\Windows\system32\taskhost.exe
                              "taskhost.exe"
                              3⤵
                                PID:1072
                              • C:\Windows\System32\spoolsv.exe
                                C:\Windows\System32\spoolsv.exe
                                3⤵
                                  PID:1080
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                  3⤵
                                    PID:1156
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:3004
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2880
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:492
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:500
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:400
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:436
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1116
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\74aa1a2403555156c3033a8845bd3d53JaffaCakes118_NeikiAnalytics.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2460
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2488
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2824
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Drops file in Program Files directory
                                                    PID:1428
                                                    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                                      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:1256
                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                        6⤵
                                                          PID:2672
                                                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:209933 /prefetch:2
                                                    3⤵
                                                    • Modifies Internet Explorer settings
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2100

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                fa33a468dd4be6220d16d1dadb10cacd

                                                SHA1

                                                cbc40bed88f3137791b7d7d861f56be7940b4462

                                                SHA256

                                                29b615ec6007fef00bcbebcd7975b8ef1470684de4f8b6cb16b807bca4849c8a

                                                SHA512

                                                408dd87703ec51f0275ce171eb01cfe7fd09963801c695ef216dd76f8084d1058516de1608ecf4079eefb36467dbbc5ec8822f6fdcec9fc85a2999e942ea5356

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                7bd2791f8e7ecde9993cd2c6d711d9b1

                                                SHA1

                                                df9ae973a6f7e53b84f9e429ad532c0709f29bd2

                                                SHA256

                                                07ab1b95fef444c3622c7de1b7b1cd1eb91d40af9c6a2c43222fa1f529281c2b

                                                SHA512

                                                6f97949e42dcc0e9015b2187f3d27071ea4d89c2cf14d500a381ff2cfae5e323c678859dffab7dabf1408030728fa23abe27892fce2cc95ea756b276c61c950d

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                e4aacc6c1e3510ac4e36f988bbdefd13

                                                SHA1

                                                a73ba74bda7572b7c3c44f60d854de0123b8a744

                                                SHA256

                                                26814a23dc101002e94b373e2f868d608c6b3b360402eea8b92c9d58190ee798

                                                SHA512

                                                54e0a56d83e15b57b841334c04107152c7d418f6a3948f5cef4271b44964d96edb2d16e6669a8e01ab585b9dfba32dad3ead8c22fdad0e246790a2ab01019760

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                93241c573dd8fb1354e6116c80eb8317

                                                SHA1

                                                4f4753804123e1229c373c7bdb769276487a2f97

                                                SHA256

                                                49ea67c9f6fe78ff9b159e257c454c0c7f3d7d2db0bc2efbdbe876c4dc554f6f

                                                SHA512

                                                9afc9c64a7c17be1ffedd6acf30a8b85064eca996142f11958f02b3ffd31eb9626718a5dcef5df17821abb6baebc75592622c4c8917a835c393a7c0e127422a4

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                2d34b34e6788b6226545d492a4ff93aa

                                                SHA1

                                                2967aed09a9d94b37c4e4ce0a90c0464adb5d8ae

                                                SHA256

                                                7bded99fe812e305936c8336bc00a8bc736cc6001fecaedadab34faf8512340c

                                                SHA512

                                                ff5e4397ea8de397001bd91ada4ab4673e2e19fa225f9992ff0d92c044ad9c4f070726f4c6d7ad43079f260693c468e8086df799714d69f484a0bc7ac541e52d

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                5b063d728dd83c718e78cab31c1c7d5b

                                                SHA1

                                                a4fa79d0fbd02580633424a8b097edec4fad110f

                                                SHA256

                                                d9affa6c1989d568259962a3bac3ed68accbdbdc7ba4db9299ad1560e8af9e72

                                                SHA512

                                                91eca8f619f58e46567189ed8ebf183d9437d8adff80a4000dc539144f8e59b3e0fab68168fa11ba4bd9cd19b2800bb3e6cc9bdd4186d2e2f9fec326ae5049a3

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                367818818e587c177ae3182a857c1c1f

                                                SHA1

                                                6110c41c5b1737009c677f277ed48d63de72a586

                                                SHA256

                                                5246557272663a7cee4af09640f7c54bc84eb3c41b02c041ddc193dc7b7f1652

                                                SHA512

                                                6d5e636492e99f63e51c3f6f905b17d65ccc79b9e4f1e259eaae5f03d184239836d7831db6337240624bdfb959b27074fcae91213f5a636adeb52e674877c2f7

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                5ea1794bb8cd632ed7d7cf08eb5b1cc8

                                                SHA1

                                                5afb25f67a34b0010f190e2d4b659bcf9b7ca182

                                                SHA256

                                                ca13bbbc89895ec1fd70938926fce0ad352b39fde9cc8d4f4ad317443090e935

                                                SHA512

                                                603e9baaf68f368a539439d22702e853accd2eec7791d74e92038fb57fa39f144b537a88d5d53f989a7dff1e5d6f7c4210c5d8b9cb0daa6a8a848fce754955df

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                2d4c33b0b44b858bbed4acc747d40d4a

                                                SHA1

                                                8db97e5433eb7811f58de148bc1c1020ab2eab71

                                                SHA256

                                                00a4a452cc31395786a50efb59f86d2a964addf1d700b58e61711d7e874cfb87

                                                SHA512

                                                3f0593a09dc95990ac14439269aa8a3a83b603131909b1e5902f708137c52c3ff80069d07cb4171ade8d12ce532d7b76caaf51d627db2d15c109a3073bcbe781

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                a915091e9e01af18b4f6047acb5de12d

                                                SHA1

                                                84e881f608154471a198221362d01fa1254a0adb

                                                SHA256

                                                5b08274ef13e9bde6855e9267e7292137c43738ff31f504e83cea5ff47b2d8f7

                                                SHA512

                                                4c9cf77e1735bfacdba9f5cc6fae9395edc445d42fb2c063b7237e6dd89906cdd18e11ec685a3d9f46c2bfb7f9e12e766781b6d5190f3e50c013ec6f9abd2768

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                43d323b2883506c9d825ba6964035f14

                                                SHA1

                                                6e6556b878a1ead129280c4b316fe29fdb22726c

                                                SHA256

                                                f05a73c9faeaac5690340acb951d5dea7591888a1b5b5d8b8ba67c0686082fbd

                                                SHA512

                                                b7b768b6555bb001e66abe83c9b9da92699067841fe42f8247a7d27ef38d1756f651398e188b23a816c709b86f68924b6399e92cca5f8ad70a9e009ec7777ee9

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                14df3bde0043db6bdb7a8803ffc40022

                                                SHA1

                                                2641ea4d9af6532598d664f78ffde5c3ccdf6ce6

                                                SHA256

                                                acb57c368594ddb7586e35e9d073eab522f4782e310a38c67c256bfe32803b4a

                                                SHA512

                                                c4bc9da894a2c822b1e9e72253bae044dc91a418e528abe8e38b86804664e653e65fee30295ff82b9ef69bb7c772db323932f8acc1fce18d92df19b168370121

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                1293af4201504331d1b25d1437653003

                                                SHA1

                                                29a01b93f04e9ff895690ff021ae226043f59223

                                                SHA256

                                                3da3b419d41c7d2a675d3854b94bd2b984deed3c93f42ac6d4617289ba7ef800

                                                SHA512

                                                e3805a586f7c5ec2e31a2b91c9fa2e626cf360233230f4f9d8928b7618ef1106ede98bf8d4ed1be73192683c1e95ff1f84f4cf9a8e61681b7c245ebb02200814

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                97da6ee2f4a9c34e148dfc67debd460d

                                                SHA1

                                                8c55209bc6fc0d6d2ea1899d6bad941118846d58

                                                SHA256

                                                f1aa2d482a9d1ad18ea61d6749fcb7dc9424cd05f25ab0081529de5f3e741f7a

                                                SHA512

                                                6020f50c55afde50ebccbd3c4811d89e68aa12d957955cf6dd595aead087f219cb4b562de8b993c167bda0c652e34fbc787dbd11d471393a072d080d175993ef

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                a96745e67f5b348243d9b57e3adda26f

                                                SHA1

                                                eb02868af9fc58a2f715099b0023c5485ae7c041

                                                SHA256

                                                8c32e551e720136ccf20b4e8086c0c707a1f71586abee5128bbb353772ffb9aa

                                                SHA512

                                                7bd1b65987cf7bbf36b9f937511807325150f0591032f34a8cce47065c87b1a2b22b685f751a887bcaebb4e195e450fc0baa5fe22fec04c1ae0feda63843a1fc

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                890eacadcce32cd64f5e309476dc7c63

                                                SHA1

                                                68f5e1a3923458f7b3e403a1ba7333d03f713dd0

                                                SHA256

                                                509838f4d6cb6dad8b2d26fa1df6056573777e6ce0456d55c47069c659773cf6

                                                SHA512

                                                babf179b4e54cc3ed6f0450a8873b1548bf4741d23deedad765d0d029bf5fc6c130c35a1e1ff2f04cc1d9ad33c6bd45edf1b44905ba66fe453d1e4b2caee517f

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                ac9603190e663aaeaccc99c69ee2165a

                                                SHA1

                                                7166e111ff3ad0d45d8c75554df9864a7bc2fbe7

                                                SHA256

                                                63b3e87e7cdbe005be56155b215a87a9c5fc5203e408766dd675aa9ab3d02f5f

                                                SHA512

                                                c7bc74186df2eedc9bbed3bdb374756623701e521253276a5a8928168bb47fb88501fbcc192bab25a1c48a0b7c76420d2f004cac8c9623ad18f58d232929aa0c

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                911e85258658ff85f452d902537da5a8

                                                SHA1

                                                7121cbcc96f1e49e1d10818495e63bc46f5dee15

                                                SHA256

                                                ccca5e6ae353ec1a90cbbccb2e2be5a76e73fad6b455f31c48b9551e41f79e9a

                                                SHA512

                                                d1af15550c704d36e47aba54916ed855288bd6b91bf621da49cf9e762363a60439e413d31255640a6ed446c099107c11bbf0329bde3fe311bf843321d8260141

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                659fa7605d7a7c720f189546fceb795b

                                                SHA1

                                                3b8c61091b935a839fe59f217adebed65e152856

                                                SHA256

                                                ae687d7d0962b4c0cabcee597fe6bb94b4d338cbc63e5f7272aded9eb4236b38

                                                SHA512

                                                3ba93cdd27e52325466a4c9c57735deee9b1e7bc3b15cb95e8d9c1d4dbc7b8ff76746cc88c6877e2e15ab52bfbcc5ed478c924da2eff9a56b5b389202a782d61

                                              • C:\Users\Admin\AppData\Local\Temp\CabC91A.tmp

                                                Filesize

                                                65KB

                                                MD5

                                                ac05d27423a85adc1622c714f2cb6184

                                                SHA1

                                                b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                                SHA256

                                                c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                                SHA512

                                                6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                              • C:\Users\Admin\AppData\Local\Temp\CabC9F8.tmp

                                                Filesize

                                                70KB

                                                MD5

                                                49aebf8cbd62d92ac215b2923fb1b9f5

                                                SHA1

                                                1723be06719828dda65ad804298d0431f6aff976

                                                SHA256

                                                b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                SHA512

                                                bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                              • C:\Users\Admin\AppData\Local\Temp\TarCA0D.tmp

                                                Filesize

                                                181KB

                                                MD5

                                                4ea6026cf93ec6338144661bf1202cd1

                                                SHA1

                                                a1dec9044f750ad887935a01430bf49322fbdcb7

                                                SHA256

                                                8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                SHA512

                                                6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                              • \Users\Admin\AppData\Local\Temp\svchost.exe

                                                Filesize

                                                84KB

                                                MD5

                                                03451dfbff127a5643a1ed613796621d

                                                SHA1

                                                b385005e32bae7c53277783681b3b3e1ac908ec7

                                                SHA256

                                                60c6c49b3a025dbf26a1f4540921908a7ea88367ffc3258caab780b74a09d4fb

                                                SHA512

                                                db7d026781943404b59a3d766cd4c63e0fa3b2abd417c0b283c7bcd9909a8dad75501bd5a5ff8d0f8e5aa803931fc19c66dcaf7f1a5450966511bdaa75df8a89

                                              • memory/1256-22-0x0000000000240000-0x0000000000241000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/1256-24-0x0000000000400000-0x0000000000436000-memory.dmp

                                                Filesize

                                                216KB

                                              • memory/1428-21-0x000000007EFA0000-0x000000007EFAC000-memory.dmp

                                                Filesize

                                                48KB

                                              • memory/1428-14-0x0000000000400000-0x0000000000436000-memory.dmp

                                                Filesize

                                                216KB

                                              • memory/1428-15-0x0000000000230000-0x000000000023F000-memory.dmp

                                                Filesize

                                                60KB

                                              • memory/2824-13-0x0000000000400000-0x0000000000436000-memory.dmp

                                                Filesize

                                                216KB

                                              • memory/2824-17-0x0000000000250000-0x0000000000251000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/2824-26-0x0000000000400000-0x0000000000436000-memory.dmp

                                                Filesize

                                                216KB