Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 18:02

General

  • Target

    0ffe211e164a0a07cfec3790cab189e0_JaffaCakes118.dll

  • Size

    614KB

  • MD5

    0ffe211e164a0a07cfec3790cab189e0

  • SHA1

    1febd666ccb79988f6483b3d76521abf9b93203c

  • SHA256

    486d1f139f0396f4cc8e840babc60b0a3001246d53c4b4fed1356f8000618f81

  • SHA512

    a66ab4775c7168cd60acb690224db16bda50ba1e4640cb4f2534f14580696fec9796b68775d4ee928f63ec27d24059e2c434d3ecca53bb364d8defeb6b35d6c5

  • SSDEEP

    6144:80IEu0/l7rUdoqWMvjcw3sWSAoITM+NPUHFWnejpgPftu5m1t1vlem7Z88N069fi:t79qXvjRc5AoIY+NPUlWnk2Rl37Z7R2r

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 3 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of UnmapMainImage 3 IoCs
  • Suspicious use of WriteProcessMemory 43 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ffe211e164a0a07cfec3790cab189e0_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ffe211e164a0a07cfec3790cab189e0_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Windows\SysWOW64\rundll32mgrmgr.exe
          C:\Windows\SysWOW64\rundll32mgrmgr.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:3032
          • C:\Windows\SysWOW64\rundll32mgrmgrmgr.exe
            C:\Windows\SysWOW64\rundll32mgrmgrmgr.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of UnmapMainImage
            • Suspicious use of WriteProcessMemory
            PID:2736
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2788
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
                7⤵
                • System Location Discovery: System Language Discovery
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:2420
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2848
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2344
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:584
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:532

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0f022da353b4521dd504c902f86b5982

          SHA1

          da7aa9a1d71a630520925e1a3f94a627682073fc

          SHA256

          6a23717102a35b97190874395d1c77ed6786f6fd179812e7793285187bdc2abf

          SHA512

          2f3ae96ce747a7070023529ddb5462dd224c5b2280466988d827a49c92872df25187683a99290db48b6178aa9f457c3eb48848e518c4642b38141a9ece7bb728

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          86ccba6a17c602de77b34d3a016f056e

          SHA1

          cc167bd2e1682a0ae0991ca80493f701a9d9e71c

          SHA256

          3551e5f0b3c63673c8a6bef68c646ff5659d6ad3e273a46773f08f237e6e279e

          SHA512

          4d9e7f71fc61e0bec2893426e8673a0ed78fe8d245dad9946ea10c4e7ca8ddfa4423056eb4c4e437907e40b28f644ba12bf779927c0ba16f4cb094d9a587e39f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          94a6a405370658b680f53e9b3b5c4526

          SHA1

          d0ee39e67c5c4b4b64ac7fbdf3ad302255a22951

          SHA256

          e9169e3fab8e121345189b6912f9834fa55444f639e95039d6bf802f4ce3477d

          SHA512

          9e23e16c3cb182c54204bbf1c6e5704d8086e2491c1023a047e7d880dccec3094c032a69fe789cb3edeef70a0fe2f38f129135d4cfb5cd71e347eb401ef5192e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b932cc05c9f92e3a8f59d936769e7456

          SHA1

          3591132db25d8b8814b47ba61c85df7d1bfac85a

          SHA256

          458e9e7c6a93ae82c9b87ea040a345533e765926ce4ad2139176d8826477586b

          SHA512

          c56c94349ecce2ba128a5f8dc37142655e3b51f23664176d03bbeeecdbf19c2ecb8781984973dc7869e020f3daddd6a5147293e53d55c29aea9771cd431c8050

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          23a2adf98b60cbe6f19b2346f4db620f

          SHA1

          f9508d28d117d81f335a8a54b9bd077a73953b3a

          SHA256

          5d7f950a5be408285a95970d906be5dc0f0376e422a0a2a3124016a48937eab3

          SHA512

          564c96a03c3f5fe287351a439b8dc8e92bd07c4f571ae8c8e22677cf1acdc6feb773c1412cbb023edece00ab3396df0a09f843dbad53ff04b0f7d0e5c35ebb87

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c732f4bf6fcbb29adabc37475af21854

          SHA1

          8ed3f2a023b08fe1bf5412c6c9496ce240c057c3

          SHA256

          326bd9f6c80a18d0b920a76e67eaf7c61b6d11636fecdb07f17cd351620f3ebb

          SHA512

          c04c8f9c7bfddf2e944fc2935a9399ee6eeaa625da0fb30b4be18c3463c4c4a1bef6aa83bbf9c68b5c6dbd9b3da2b09c1e6e9419a06fb4c3aebff74f5e70d75a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2ca2d2769d788bbde07f7a071ecb4f8

          SHA1

          01354e12e55cf474b61001257008b40c6469a82a

          SHA256

          e4f6904e124fa97da7f1caf3a0af227a3f06808b8e640e0b3fe7a3f8a5a07ed8

          SHA512

          46f403378c585131273b3bee2e1f872aa772729f67a72679d12baad3c9605c7efdfb69492ad9004bce53500296235a4dd59aeb7db478024e0702ccb80d2affde

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9510da2383a1a2bf8044abe9aa186105

          SHA1

          55c3cab0c960dfe3d71a742896f1eec428047124

          SHA256

          b791c42af4c2df337fa3e2177c1abc81dc17c0836755cdf145be352c46eae9ae

          SHA512

          7e25db9276f6804e27083d919b4477f26ed36dfd91ce73841299ded3ec3bf2df2fdbaf96b9b86d0d94f6a0a5082ecb549e4cadb83a2e595fd7c00c2e8aa3d02e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2a33bca4b4ffafd6b3ece083a85d6a0a

          SHA1

          28514e01e0daa98afb72c58dcd066b16ba158d88

          SHA256

          e125ffab0f1317d81c086d0b19ee675cef062d2a3c598bf58ba465440cb9776e

          SHA512

          1eab9dece8c52508ed3292df434e2cb0025e50bc9132a283ddeef0fea16d532976a570c5572f50599b48f075895d83a4a030844c17adebee9d10d862a22e9c67

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          381a13147c823acdd983427ec01f5408

          SHA1

          8d493e088778136c6cf2ea07f9b4318c15d3dc4b

          SHA256

          8b203e2da8d846a318ab012b116bc10731201077ea5700ed8ebcbd954f1d5e99

          SHA512

          625c511ead1a7a5953621b877db9807c7912cb148075ff329ea2944d6b7f3f1e296321708190cb73d8859014c22bb9f6882cde72ea97076e777ac6e2808e58de

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6c94dc6a5cfbc9ed5218b6c0c92144fd

          SHA1

          50d939cffcbbf7cf71f46f642dd71cf472ed3c6c

          SHA256

          d43d328bfe2c9a46a9d6ad1f238e36eb391e40aa84e04c8e3a3ba2ec3fc018f5

          SHA512

          c16ee12c2ee852e206ab979df448800637fa888ecf9244d0b9c2d22ea1f1d632c60c55175cc6912e3f95a7601dce74f1635eb36486e4b00bffef2e0ea88242cc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          19e108e6f343c828c1677fc1a8139854

          SHA1

          3194f3a5190469fb328c83e623d705593a08118f

          SHA256

          cffee7ac8a24d478d45bfee79fb9fac701cfe440b3526ce9d6168f1f36f20857

          SHA512

          dfe9389dd8b5d4f063acd75f4f6662d1b888858e1a6cb3270140b60a1c54b31a3037f60b4a0be9893188fc4f7ac00adc3750d74c7ffdf5cccedeffef1a22dc2d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d0d5a7adad09ce00fee32493bb68d24f

          SHA1

          3459ebab357aa73c6273812ad0c2fedaf47ff45e

          SHA256

          3ed58795c5599471779d1b3ded505e5db3a42c01b73934528b26baa56eafdc78

          SHA512

          d6e03abb4aeda5868f46d690614bec34f28d78d5b24117c803c201248d78d42a015c65e6fc72c46cb8f7d945bf3e21129283ffc3bbf5d58188eda33b75353eec

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          242aaa3d2889f14c35a5348fd3f3b2a9

          SHA1

          c124a02bc8a155ce895634717e9a50ac612c198b

          SHA256

          bd828df3ec69dc9f9743761aee4b11bc4c99ac3ec232973a7079274c2f52784c

          SHA512

          bd90cf59b5d31bc7965469e1e1d712762fd3b266ff91ee052724fec94e21276e3a56e359b63d1cbac729c4241ad88ec2e97d86669ceb0f3f102ea22407893d5a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d0bd8b82c8de62b4563efedea6756ff7

          SHA1

          5544b6392a9b68f054308732cdd36fc9bcd4cd9e

          SHA256

          1c03539ef42ba85b0ad46aa018577fadfd912a687951cbb3fa1d19fec09323ac

          SHA512

          b00629defe53c9b4ca99c0f77bbdb3171e49d9a7262426180fe3251ef621ddd416ab35ead80790e4b51d60de2259bb4e1354eb3610a383a86eee87a346dab2bc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b3c1603cf0d73b5a7fd97f6d10a70e52

          SHA1

          7f5673298f529180508b16edb68d1d3af4521aaf

          SHA256

          0d6f9e4b5b7a7510277551b5c4362c7ee2013e8371ac3353adb352f299719153

          SHA512

          97ed27e6a65a3de83010d08efb52d889db0173bf296b6d0e782e36a1c362d73320880d4f00a09b888a4c39e13e4a297dedd930b6c2f3067ef5413aeba77fda1e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1f6bead250908b676f275d8202e37bd7

          SHA1

          362263d68f278498bd2d3e3fc60223224f9b9f55

          SHA256

          87bcd1e4335a3ef01b11801a7dba9ab1a86e03e8be1bdbff97e3b42db3aa04aa

          SHA512

          3176afef018f99f7ccc8ad7e19fb1a27853d5ab4f2eb282f56f1369d65fe644a463856e9a6ff1b765526dcff810a3ecd24ee87cf13d52c7a4ca76f4599555950

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b1fd1067f80341af522b3945db940702

          SHA1

          c948b3332b2d608250ba6cea9b3bdd4fa29ef3cb

          SHA256

          7c52b6b7236e2468efb15a8d230a324e1d239bfdd5ca8ad4ac7610bccb927a09

          SHA512

          862a62d220fdd5f96c67bb392177bce1866bde4d454295ad427feea4a4769cd316cef74705a4a727a611c66da1754b6a18bcf3d1327c8f4c3e5238684c0a21ec

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ff580d5d114511d8dbdbdce2e5958c7e

          SHA1

          9ea63d67c9eccf4ba46901fbbd3ff60b7ea9ab50

          SHA256

          225f7ad196dbce7a751b0c2f2233a584b0b6cbb896b53bfbd44433067c4c0be1

          SHA512

          ea03eba262ad6948c7296c65a58b4a7d88a490b699ed3f19de2f91348e61d87fc88bcc427a3566d0a96259169a572f64976b98e311acc60548f1df40d4b237e0

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B00F0E91-81B1-11EF-89F5-527E38F5B48B}.dat

          Filesize

          5KB

          MD5

          7e7ec0f96a8216e84941bd09c548beee

          SHA1

          21ddf0ad73da3215c8a43f09290b8dc3d45d5d56

          SHA256

          061a20cf68ff0146d62a6ba8df3fd7115740273ffb22d7ecc9b4acd71e3d451c

          SHA512

          e2544a515a764e32dcfcf01ee858d379dd917ad5e9d8832d43ee33b9a2423ff21c87e78720b6eb1a5e0c38bd718f176bf65b9e6e40e382081b30f4cfadd10971

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B00F0E91-81B1-11EF-89F5-527E38F5B48B}.dat

          Filesize

          5KB

          MD5

          7aef8553281f15431929e0ac913f6247

          SHA1

          4fbde9ab40bdb9bdd9bf25007a0bb8b86ebbdd59

          SHA256

          ff3f4d09ce42737820e1c99bd727b202c4596557cfc6e0ad460786a25502bd15

          SHA512

          d1293203fb4efaa62ec5eb0e6bdecdecd49a12e28b2b59b03ab07c20a16586ba4f534fe422bf25ba1c11ed5598ab50efad189b2834b2de829ebf81cb758ceed8

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0116FF1-81B1-11EF-89F5-527E38F5B48B}.dat

          Filesize

          4KB

          MD5

          ed7ced3ced533fecebec573a97230647

          SHA1

          ffb3106a7c3becb33f91552b1e96430b267d7366

          SHA256

          095e353fceccb7488bd8f42461ab60c59762967c3ad12101745c1df3ee6ce4e3

          SHA512

          ea9fd2c944b530a6d0340f7e9b085df2eb72854bd627ead2b2a4271c81d0ea1cede4ef9dc0f430191cd1996d1a4776494f0cb37b1a42384660b6ea7afb9a4246

        • C:\Users\Admin\AppData\Local\Temp\CabE488.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarE527.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Windows\SysWOW64\rundll32mgrmgrmgr.exe

          Filesize

          91KB

          MD5

          551161ba25d6c58cf6a4afe7587f7dcb

          SHA1

          3f36d947c0d082433bb121a9914b4841ffbfb5af

          SHA256

          f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

          SHA512

          f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

        • \Windows\SysWOW64\rundll32mgr.exe

          Filesize

          279KB

          MD5

          6cd9867676d7745d3d892b9b1eeb087c

          SHA1

          e27cd410d1e1cd2795931b2e9b4525ef2535ce8a

          SHA256

          372e00e34f497e57ddc1762cc01ed91ff77e3d6c6745b37f209d29da9c2c3d94

          SHA512

          5ab8bc024bedf78e585940e9d4e2e8b287591deadd4fe97880008b94609e1518ad430fba934f2c22227723f48deb72053a49bcf48d40e4fd85fd38069eba99e2

        • \Windows\SysWOW64\rundll32mgrmgr.exe

          Filesize

          184KB

          MD5

          9f643774ee392ba1e6c40644a9aa7de6

          SHA1

          8c55f086c5610977b4a84c0e0d77bfdf95bbe0d5

          SHA256

          307f2832c7cc23dfecff7b9787f454bed0fc1e31f63950cff5660fabae333003

          SHA512

          4b0effc99a0baa1de5d2a7f310c8c628e5ae5553ff5e31c7408751baddd9fd88fb22a12098cac22ec51edae84437cbb9fc0bd5f2ed645e7c6f30bfd69c08925b

        • memory/2096-31-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

        • memory/2096-28-0x0000000000340000-0x0000000000341000-memory.dmp

          Filesize

          4KB

        • memory/2096-12-0x0000000000400000-0x0000000000450000-memory.dmp

          Filesize

          320KB

        • memory/2096-16-0x0000000000320000-0x0000000000359000-memory.dmp

          Filesize

          228KB

        • memory/2096-21-0x0000000000320000-0x0000000000359000-memory.dmp

          Filesize

          228KB

        • memory/2096-34-0x000000007741F000-0x0000000077420000-memory.dmp

          Filesize

          4KB

        • memory/2096-37-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-23-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-24-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-25-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-26-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-33-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-29-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2096-30-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2100-8-0x0000000010000000-0x00000000100A0000-memory.dmp

          Filesize

          640KB

        • memory/2100-9-0x0000000000210000-0x0000000000260000-memory.dmp

          Filesize

          320KB

        • memory/2100-10-0x0000000000210000-0x0000000000260000-memory.dmp

          Filesize

          320KB

        • memory/2100-1-0x0000000010000000-0x00000000100A0000-memory.dmp

          Filesize

          640KB

        • memory/2736-53-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

        • memory/3032-27-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

        • memory/3032-63-0x000000007741F000-0x0000000077420000-memory.dmp

          Filesize

          4KB

        • memory/3032-55-0x0000000000050000-0x0000000000051000-memory.dmp

          Filesize

          4KB

        • memory/3032-52-0x00000000002B0000-0x00000000002D1000-memory.dmp

          Filesize

          132KB

        • memory/3032-51-0x00000000002B0000-0x00000000002D1000-memory.dmp

          Filesize

          132KB