Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 04:23

General

  • Target

    fa151d060c3f5286ca0a528751a3d6d2_JaffaCakes118.html

  • Size

    182KB

  • MD5

    fa151d060c3f5286ca0a528751a3d6d2

  • SHA1

    d3cf682f0a328cf81abad4cfd07c392cda0c5520

  • SHA256

    1495346193b82dc58fe75278b77e9ce324c61a73b6437d648eb90b6a28097f83

  • SHA512

    e91b5ab4dda179f9767d5e0fb3935fd945af8171198c5d63159fc4910981fb435be373e0e411567d4e701436a6437e449cf94fc0d89f83acadab17ed13d90d40

  • SSDEEP

    3072:0xyfkMY+BES09JXAnyrZalI+YwIfpvMUYpla:00sMYod+X3oI+YwIBv3+la

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:380
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:472
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:604
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1460
                • C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  4⤵
                    PID:1636
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                    4⤵
                      PID:2592
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k RPCSS
                    3⤵
                      PID:680
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                      3⤵
                        PID:764
                      • C:\Windows\System32\svchost.exe
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        3⤵
                          PID:816
                          • C:\Windows\system32\Dwm.exe
                            "C:\Windows\system32\Dwm.exe"
                            4⤵
                              PID:1076
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k netsvcs
                            3⤵
                              PID:844
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService
                              3⤵
                                PID:972
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k NetworkService
                                3⤵
                                  PID:268
                                • C:\Windows\System32\spoolsv.exe
                                  C:\Windows\System32\spoolsv.exe
                                  3⤵
                                    PID:1056
                                  • C:\Windows\system32\taskhost.exe
                                    "taskhost.exe"
                                    3⤵
                                      PID:1064
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                      3⤵
                                        PID:1132
                                      • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                                        "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
                                        3⤵
                                          PID:756
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                          3⤵
                                            PID:1348
                                          • C:\Windows\system32\sppsvc.exe
                                            C:\Windows\system32\sppsvc.exe
                                            3⤵
                                              PID:1336
                                          • C:\Windows\system32\lsass.exe
                                            C:\Windows\system32\lsass.exe
                                            2⤵
                                              PID:488
                                            • C:\Windows\system32\lsm.exe
                                              C:\Windows\system32\lsm.exe
                                              2⤵
                                                PID:496
                                            • C:\Windows\system32\csrss.exe
                                              %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                              1⤵
                                                PID:392
                                              • C:\Windows\system32\winlogon.exe
                                                winlogon.exe
                                                1⤵
                                                  PID:428
                                                • C:\Windows\Explorer.EXE
                                                  C:\Windows\Explorer.EXE
                                                  1⤵
                                                    PID:1156
                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa151d060c3f5286ca0a528751a3d6d2_JaffaCakes118.html
                                                      2⤵
                                                      • Modifies Internet Explorer settings
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SetWindowsHookEx
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:2092
                                                      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
                                                        3⤵
                                                        • Loads dropped DLL
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies Internet Explorer settings
                                                        • Suspicious use of SetWindowsHookEx
                                                        • Suspicious use of WriteProcessMemory
                                                        PID:2876
                                                        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Program Files directory
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious behavior: MapViewOfSection
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          • Suspicious use of WriteProcessMemory
                                                          PID:2604

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    c76db27b1768596b83b583f756e2f919

                                                    SHA1

                                                    3b188ea8658077c4a7df91b5d7a8dca010015db0

                                                    SHA256

                                                    c85cf4de1f6110578c7ed09b142bb658acde8d7191339c7534ecc6cbc5796cd4

                                                    SHA512

                                                    1107e00875d7b2d7c102ad6bc6ad692d5a34474e1f98a4dc59042e5643bbd4e2a0ff7d9ddff5780536eaf11e2f175586f69e907d19a97b3689630dd88d327dc9

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    cb3243309b44b4418e079c2f4e741a26

                                                    SHA1

                                                    48426499b131b948c6f8db63e0821e15dd9404ee

                                                    SHA256

                                                    e63e69aaae050ce2932b07ab4f71bb3edfc488ee1699a6a0ac7deaa241d2bced

                                                    SHA512

                                                    ad044ab81f054fc5c66900b3aab7e5adf0bd1ccf0376f217f3c144dd9db3e439c615b70b4d5f20734d6701b8673b2f6d4d39e43726b051b86c646eeb00efd861

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    009e1868f8e14d99b9cb62b3cf0a50c8

                                                    SHA1

                                                    b119ece4efe66600fa36db18bf0d4dd5ded9dce8

                                                    SHA256

                                                    d8fd13ec0909504ac9f5b4e300a14afdde3392a5c5c53dac40ffe48f898d8ba1

                                                    SHA512

                                                    02d7faafa89341ef957283857120a345bd911641b4886c15022da68ee732a859755c6fe391ea2126ad7a07478dd0d60fceaf32aecea6309f936f713d6a9fade3

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    1858d947e64e518f5cda18bf823172c6

                                                    SHA1

                                                    3a768a8d765b5e851b18763fd47dd9ccdac69bb3

                                                    SHA256

                                                    70d440aa086ae00e225f0a7ddaddb174632cb987e6abf9987cf44cf1ae5bc1a0

                                                    SHA512

                                                    623656a3e2895035160ef26a50ec1b3c3cd0bb89c0488249e43e558d23d4bbb8cd4d9362b92514f1fead8fd19a3addae920f8969d0557be53f97fc61a2b3ac01

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    e0050efecdc9dde4e0f8fa3a97e75fdf

                                                    SHA1

                                                    c7e2d3ae81628a660f6f58240d473500c07163e4

                                                    SHA256

                                                    336a447c1170c6ed0b676da1c2065b765083ae9558cdc15d5501cde54d158087

                                                    SHA512

                                                    1f02de2a42cd8f77422df38530668980a93a63cfd870d5bd2165d8958ec70998550256640ad49503ed3142d200e39cd5534bd8798cfa5346210d0d13ccf54a71

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    d2e000e8192ce63267ee6846d2655a05

                                                    SHA1

                                                    6045e21755b5d0182179766ee3c902bfd2b9953a

                                                    SHA256

                                                    517d891d64e1156ef3c18749dadb84633a2df442ae9fea4ee0fad453a30fd8ba

                                                    SHA512

                                                    9b706788b824fea2d4dcf395ae31f689bac12f9abc274beb8e5f8fb88a2285d9b28c2ca268244a10e02d2eb3ce1d076e9ba736dbcd9a7a7890c130e4fb3f93a7

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    7517b79ec711505e276b8b410c9c05a7

                                                    SHA1

                                                    935b999d4e6374342f1e515d900e90ad5e65f490

                                                    SHA256

                                                    973b7e210965e02b0625d3b7f6de4e9310118f44859d6f33e0c2641843c880a6

                                                    SHA512

                                                    45675f0b328cee4bfc362edf89ab889f56ffe3298c83884f85bc1c71df8f78a3ded43d8bbaeed4fc9b4245a6ba6b7880a4766b3983c6cd3a8e74189e29709f04

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    da35df839698428e5c460a2c24571896

                                                    SHA1

                                                    74c6be6ef429c10e6bffe430875f96c7fa60f85c

                                                    SHA256

                                                    a38e538bde2738aee71d6fd08e44f9f9aabe4124b3b7a136da94c56898f5c6e0

                                                    SHA512

                                                    f825eaf3663fba6e7a3133e04d97adc1f55da0468a8ed7803cb20d5dd397cd08ce2d6c5fbbe37c193883ff56dd5e2b458aa74e91086bd6ebc066a32c6d8989d4

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    dd38175969c65b1ec44b5c2b7a2e8cae

                                                    SHA1

                                                    345de7b7a756de94e8869937e5d1609ddbf2b4a9

                                                    SHA256

                                                    9a6138c3dc7cb1c89c3488d4cd6721c64f1be2db4356a8bedca33164080fc660

                                                    SHA512

                                                    53ed086ff72f309abb6581aaa9c393cc4846cd017b27f8d286b3879f2e3fd02b92540374c96c09446959b6e379b1454bdf9b779a60b887aca69c717c4dc7ee30

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    bb4fea60a0d799b3db879eb2c905fffc

                                                    SHA1

                                                    5e42cd7509cad8656bfe643e1d78ee9569a1152d

                                                    SHA256

                                                    8698f2ac68244ed21b48dc14bd05431a3092d80a1721a3b1f0366434c9f1a2cb

                                                    SHA512

                                                    ef29d5de8fc518f30dc531a12758682bdc69c216520f7c80220eea2425251526cd28a3cee908ad55aa6bf223e8adfd737cd6e2c8444dc25f1c112d64c782aca6

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    ebc2aa18af9d4f565db2a971a7ddd737

                                                    SHA1

                                                    0246fade6883cb013e440f9538b0e8287d36bd81

                                                    SHA256

                                                    e18df5bb70b59d77da2061386e8dfeb09c366dba3620a6d0d1126aa002b3a08b

                                                    SHA512

                                                    05f14f5197f7dee08c20fee6b39ed2e406b171c6021d321d12ea2f8b5d824ff283793e4dae934f63a9b1d2dd4df3bb3efa194d52da34ee57298f75e359997be8

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    03fab5d80164dda4badb218b9104483f

                                                    SHA1

                                                    12c45446b4e4c5b424a27208a6bd1e6080c12d36

                                                    SHA256

                                                    fb35979a00971a007e7c40c79bea506f9e66fce8b88abc63bdc137845d88543d

                                                    SHA512

                                                    33c288f63268230ad3037ef2d917ee62c8a17909c3f83252c5fb6a9d2a750d270c2e318cea62aacc638db7e1577b01013f6d5ceea1945ad7f3035991b1fdd1e9

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    4e2d2a861720f45728d78bdf1690f56f

                                                    SHA1

                                                    fcc11dc31fb0b78bb7be80459a7181fc454fe463

                                                    SHA256

                                                    148bf96e0dfbd5f6410581d65b1809f9a8295cde7e85c82e3bc14170a12df70a

                                                    SHA512

                                                    11c6142c26486701b6a7233c5339fcf31454ce83e382e02862461b606ae2f0b6a1989a8888b48cd038a2f90357338fef066ff86f0bf8939b08b643628e95e9f9

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    7040122c289ea3f42237bcde1f6ce5c8

                                                    SHA1

                                                    bc42b2f013c6f5268a5bd903765420355b442140

                                                    SHA256

                                                    cc5c5a92caebb17395f59b98f5afaf2087428c75dc747a66bdc9b2091d48b435

                                                    SHA512

                                                    b5161ee0ef8fa147cc4659037bbcf38f74a9275224760601bd40f41aa936a6f003482e6a732b9fb61ad160faeebad903ee907fc08372ebeac7881ae304bd38f6

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    364ee52f52523ab5793ed0b978e4649e

                                                    SHA1

                                                    04234d07edf556d10de4dc8813013f1e6dd80e32

                                                    SHA256

                                                    edd973a88ac0efc4110c6d6ee6be7075e1627f5c5b50696f06f9b732ca79cd83

                                                    SHA512

                                                    6ed9cbe6d2acf805a16f1472625b44b4ad9366e51a9c30a03eff8724e54dc4a62f08c55734078420cf78b024ff9407a6fa8e006692b49ea2dd3f9198dbb9b5b0

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    126dcb42a93388f8cdad73b2c7035386

                                                    SHA1

                                                    07412d6494b633a6e8af1283db1c67406d38a0d0

                                                    SHA256

                                                    ac515fbbd7395fde8bb97a1a4ff149a3fd4dc2b911379ad45e242ac3fab210df

                                                    SHA512

                                                    9f61b54a0c586c82cdbfc0c5be52b0314baf234f63d4be503e8831b08d7a7c9ea9af9a5b95506d30554f2640450c4fe715c4f14cc7f9b51911203511cd217388

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    945c1044cfc7cd8c518b4e01e52704c3

                                                    SHA1

                                                    cfe14031678f87e0bed4ff869818d279730cccdb

                                                    SHA256

                                                    84e86f7db073f619074e625c105f2601ed9593dbf6ce278df97f81882e74e2ed

                                                    SHA512

                                                    a6537dab408b66e59ae282cca58d7ef81c3cde746d5ba67319996fd494f06578ccf766ab8f40539681acea6d1f42d48abc17ca5ff9dfe681919bb9008666136d

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    00cdd8f83e31e21c27b72223dde697eb

                                                    SHA1

                                                    0685adad2c46569940eeadc428bfc4b8157191e2

                                                    SHA256

                                                    8905f3bf69d1f52da0c42be21ed53608d31edbb2e1f924e59dddbcc48f4e5941

                                                    SHA512

                                                    98ea667247e433c238709446fa08c77b868d971f552fdf856ebf502b98b384e33c78ecacf3f09c2598b072164a23f0d1c40cfe35937eed888cb7003bfe0479f1

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    342B

                                                    MD5

                                                    6eaaac0703f533d600fff1d2217ec17f

                                                    SHA1

                                                    909c31ba77764676679e62741c652a67d8763432

                                                    SHA256

                                                    83a6476ff4c91a2d5a9346bc5ce984dec1e3072bd5a773226b380e0779dc3b9d

                                                    SHA512

                                                    9f60f54768d71db3fff6710673262004afc4eea6d0fc80305cf90ae1e1a94a79d5af0e2778fd1191bb48757edcfa9341de340f59c8a69861e1f864b040da8889

                                                  • C:\Users\Admin\AppData\Local\Temp\Cab6C5B.tmp

                                                    Filesize

                                                    70KB

                                                    MD5

                                                    49aebf8cbd62d92ac215b2923fb1b9f5

                                                    SHA1

                                                    1723be06719828dda65ad804298d0431f6aff976

                                                    SHA256

                                                    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                    SHA512

                                                    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                  • C:\Users\Admin\AppData\Local\Temp\Tar6CCE.tmp

                                                    Filesize

                                                    181KB

                                                    MD5

                                                    4ea6026cf93ec6338144661bf1202cd1

                                                    SHA1

                                                    a1dec9044f750ad887935a01430bf49322fbdcb7

                                                    SHA256

                                                    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                    SHA512

                                                    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                  • \Users\Admin\AppData\Local\Temp\svchost.exe

                                                    Filesize

                                                    84KB

                                                    MD5

                                                    2c9b7ba4f48070880ee800ad69cb8a5d

                                                    SHA1

                                                    996c73deb5faa1af3c46eaf52ad48cbef09078a4

                                                    SHA256

                                                    631aef796ba3a4f2a5d1453bafdde76788f1193814a0c33e45af1058dbde216c

                                                    SHA512

                                                    1f2ae4631f45c4ca57dc97004027459cd755a02b970262a941f44def1a9c09e5545a91ebaf37cc5bb64a9338c3e7cfe4372be880df149165f2df83668446fa39

                                                  • memory/2604-9-0x0000000077480000-0x0000000077481000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/2604-6-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB

                                                  • memory/2604-13-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB

                                                  • memory/2604-11-0x00000000002C0000-0x00000000002CF000-memory.dmp

                                                    Filesize

                                                    60KB

                                                  • memory/2604-442-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB

                                                  • memory/2604-8-0x000000007747F000-0x0000000077480000-memory.dmp

                                                    Filesize

                                                    4KB