Overview

overview

10

Static

static

3

JaffaCakes...d4.dll

windows7-x64

10

JaffaCakes...d4.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2025 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6ad957f406dc66c177305ddb8e4835d4.dll

  • Size

    204KB

  • MD5

    6ad957f406dc66c177305ddb8e4835d4

  • SHA1

    2bb10f3d57453f25d04a19b3144a6222b0e87b67

  • SHA256

    5a6b6ac9e464c4aa636974812118afbf645cf26ae7eb7b471d3f7a9d27274ae3

  • SHA512

    1439071c27e0ad078a91e2170b170a2613c83098e7583dce2221261fe6e8d0a964493b41753ec277eecc9a16e34ac92ac95d410c638241842cb406571ca74fc1

  • SSDEEP

    6144:2n8FEvxNiItcpYQxcvJU3+aCCJUf7mfv9u:PF2iEX+cvsrCC2f7mnk

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ad957f406dc66c177305ddb8e4835d4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ad957f406dc66c177305ddb8e4835d4.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2708
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2596
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2684
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1698163e4932ec01068e4bdefd9aa467

    SHA1

    c9bf46b6e160ed296a598025c7bf141c444dc41f

    SHA256

    2eca1b4345d26e6750b77dd072c47f47ec2a6885acd41ad9ed48037120a85dbe

    SHA512

    2d94f7af5713c08851fbf7937b3cc809777412c0e993998a24c43f901d361f10c1b99d8fa205daf4405fa7247105229446006219703d31fb605adb6686563c37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de0a3bc2deddcc453a601d4831242e6f

    SHA1

    c56212a396406d5fcab2eaedd275e3c0a00d4547

    SHA256

    7aba422c0aa1092197cabdd154884f34142957349d520369042ebafb9ced43cf

    SHA512

    0ce0ab33d8b99e87c333f94a5eca378fd51315950714a9199cb27fd0ff54fadbb07da64b7b18f5c97534046e2c52911c8963175ebc613e5795291864864cbf2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c3041006b07b4569c2ad99d2a27739e

    SHA1

    4643e237ea242801ad1137033b6f2541d095dcb3

    SHA256

    25475fe4ccd5c8d85efa533e703fa2b19df5799d88db186ba890b847f98048f7

    SHA512

    97c4307f8c6fe75c201be40930ae9760fa7da5334c221e7146deaa46e05724299132516db71d2c5eb09831caa76e9cb6841aab8a362daf72744d6e448694e4fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ede4a1c901f163f170d47d24ad0708dd

    SHA1

    640bd44ebc1a8c4954679cd084543dc65e3501ed

    SHA256

    eaea3a364613d460b226a8a6dc31c35b8969d86835a46a8fd7b704dbea50797a

    SHA512

    11e85bb175cf60d163d1a6e378938e5497ac02b30ae9d2255fe7b8aa4eb74c64b5ec698ad5751300b9d3ccc42bc7143d6995aa22ed1028a2e369e8f03e9c03c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da7b4d1e79f1fdbdebaa291978d1b1a3

    SHA1

    09f0016c3a0ee3c75b7fa54b3381680ab01e229b

    SHA256

    301e621467e79773df1758da0fb27f60915433486e777a92b53309250a710977

    SHA512

    7ca7297c5de7839dbf13f322325824b495ec991e1465f4111884b92200b91ce2851779b97db808294a4846e5cd7326719a5a5c07b234b302376a4262e61d0ad3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5552f5989ed6d7af15127a244e6807d1

    SHA1

    6dd62f68eeb1f8f7d7cd08a536661fded7736541

    SHA256

    afc16e50cc032cffa60f18bed477681b696a5df61c7ddad130dd9ef63633a9c9

    SHA512

    2a9b4b907cfd810964c53eb3b8f8c9e1de768b0c7752444b7250b22d342cae36d63f19ac2df3e0812eb83fdebfe826c684422f82658e6a843801cc5f5ea3175a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    725d3b52615545363bda42cf9ffa802d

    SHA1

    942c1a4f5dfac5b5300b7458b1589ed80a1f6547

    SHA256

    cfc489e080005d56b0e9004157390a47f0a30eb832c686f01a1e1543ea2a1f8d

    SHA512

    1ad54e55bbae70029060184f5f0ea15411603546053a15419badede03fd66038c4de05461fb46edce16b9512f580dd9df424c13c348d1e4394310a8f4feea48b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c98ad4dbcb7c976824b6c598800d729c

    SHA1

    8da8a6a1fc5c50c272fc3d8067521d9aa514e4fa

    SHA256

    710c987891b6e3deae778892d366df704569f9bfc423e7bbbe56c0e82e0eb7b1

    SHA512

    977feeb427de49183a8a53f14a8e87a08748a1e42836a79a38b361a6767ba8a7a4d3b51774f70bebaa58d1b5a978c07b1af061df8d2ba6682c10f68659a5ddd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4428745e1ca61fe5e5a8e3c96012da3

    SHA1

    43414f4171abeeb4b00da18fdb205e5ebcaec557

    SHA256

    bf6c532f6e92f99a50ca48d251066f575042b8ce979f6784c9397a020093804d

    SHA512

    663cff0210df77e461336afeddcbcc3f1a2231a661c9ace108ef615a2ff70ecf18e9f9daabe9f5e5ef1be4dcdb080d39b37af73ad0aeea784011ab7a9ba1aef9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83fbcca7e2be30e6ee2a9c5bee5cc4ad

    SHA1

    299d6c95829347249ac458b77866f127491afbae

    SHA256

    cf62e1d731e808153f9b836350075e4cceabbe523a9213193837769f740413e6

    SHA512

    4afdc39b612710a58db9d1b509c3c4c5121dd1b2e0181b2fe3a1ab69e83f44c9d693a2b56aa2adc5443209dc277aeaa9ee452731791cf32a328697c2fdad2989

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40c8679c911d905b8a45bcb345213391

    SHA1

    ac12143f47736802ed2fa4fbf4ae793ecebed086

    SHA256

    6407f72d23e2bc8dd05b73f75a245b5d98b0faa1b149aac15a0eb2ee72fc27e1

    SHA512

    b1fbefe54039defab6480bad2356462c66be6431a0bc46832fb4b2154745fcdfa3bc974c69df486c13ddfa3221f2a53b0188592aa1dcfa89348f7def79c204ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    082cabf94cd62487d7d29bbe0ac88971

    SHA1

    a1c4632fadf8c203fc7ff4cd7f3cdaf904475dc7

    SHA256

    537ade532e995228766552e333b5f6398d53eddd96b744a24169a00809ec8703

    SHA512

    2c10922f3ad6cccd97aedc77f47d303705ead07af894674d2c864de98e4ac14c3e667925c48622e1041110dabad412937c517af7c560190cdb65250d23f5bda1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4718c5ae3cf089860d7043a1fda75ec8

    SHA1

    15820a5cee98af383e8f12c88b661305fc24fb38

    SHA256

    e12c27b9920ccc8754bd86ac11d4697895c0f7bc56ac4530fd8b24b5adb4af89

    SHA512

    57b6a667b88ec68a610d1e7c2d61ee4dcbf6eb7e19ec357322b3c096628f514fbb14d9c5ab4f581be2251b7ff68a5790057a9b1c736f9b3fc8abaf7dc79efe24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e42923b286dd1b07454eec0dc71ec48

    SHA1

    7b5c79c81c288bb6a505d0018ad5710ea818336a

    SHA256

    374f512164fc8a8c459e792f0d0b03ce4f532c8d232c1e9f8ec308da5cf4cdf4

    SHA512

    8a000f44131a957c301afc2bb18aba7114d5ff04347bfb97d383a20ebc4c51c60662888feb683d246e196baab43ed4278c67865774066beadfdc6054b1c6adbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9cc8f0f1ac180d5d4761099e2e3fae6

    SHA1

    ae26443ac6d3e0337753c68f1d779ecd970ef782

    SHA256

    1279e7f5943391c9251fadc1d3b5d559d03705c1c417ce8248e6d17cfb4f7a8e

    SHA512

    e10189855b6a79a232dc2c9a332f80e0e030b7b2dfe9570f17ee2dc1f2efdcb1bb31494e33b0053a999265e9b02a38fc60f98ea875118278654671fc8e27f803

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    092f95cfa8f12f25c0b8d6663e157d1e

    SHA1

    59b4b3b7a2cb49df5bb192610d71c7d5f3d92ddc

    SHA256

    2d7935172d77d2e4c3d6f5c88e2089dc9a5117c5b663535be5c99f76b533d172

    SHA512

    3c8a0909cb70332b95cfd5636526e91d1d21faaa0582b4d6501ff67bf1173ebfc52bf84395ccc19fc879a128ca67d06469516d221a590aa5db0dcfbed5365778

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54f24e463077546db8584a1960172c4a

    SHA1

    428560e18179be199ecfd79deed7fdf652318f3f

    SHA256

    39ec2c97304001e318e83e3c6dbc4fc216d16febecb015a4d160bae28a2208d0

    SHA512

    59ad5333186ee5f0d67f5f2e30095ec8e86d0048967868365af50f87b6a94c4dfc5c4a9562929a2fdb47dff8efdd916c72bd6176bb9d4ea5adec3832fb7190c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e651374b78ec76437a8337f9b8d1d1a

    SHA1

    1e452e3da716c8a53a22cb4a88c32836be48db9b

    SHA256

    c4148b1508eb0bcb5bf2029c85d6f11c44711b5d7b75fb9b8c1055101e63d1ef

    SHA512

    4a1fc90fd8de2d1da4a6263d3930cdfb7520eb34bb8fd56f1f809fa8392fdd811a6a0c6e14b09496e6ed1a9562280dd31122bff73dee5c5a0df514ef05b5cec0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0337b148eb2fbe5ea1b6da6e51093195

    SHA1

    8a235242f7504317af07a85bbb512eecce5f4c8f

    SHA256

    51d81135cf747c82f8cb63e5ea1d345fb7ca915a047ee504b44f986688c31dc1

    SHA512

    8b48b9a313b6548558d1138b4091239e9ac92e505762b7a3de4cf764ffc8ecc889abc8ff5d4f9037f8800f30a7f74697b48b623d0a0ff931d4815de8ebba76ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aeec072022cbcf4f072b31b48ffb6f8

    SHA1

    df921c8f27775e53ba44b3f4023adf4aecc07e13

    SHA256

    ab19702d61c3898a387de75ea90985aec622438302f5659e0d3c8918f45410f5

    SHA512

    bf19a89ccdf8e921330af01d49fbdb434dd8845a3c631eb2f80aded823489f7d5294a0485e9323144065268e176d8c346717bcd30645a76246c1b819e3bf335c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c556fdcea636027520f291f4e3c74b56

    SHA1

    54425176e083845301bc25ae722b0e24b40cbceb

    SHA256

    bf9081af34f7ce8e71986bda11b61cfe2b05c595bde58615aeaf0247f40ead20

    SHA512

    4808a8c9af5d5f9546dc83dbc45a325506bce1446787f1295d131a04fb08e98e1d41cc4dcaf754a3ecf15c5bcf80a78f46cfead285680fbd6c9b41b4b1bcef2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a6763799b83dbf5d6862f2120b6bceb

    SHA1

    b178fb8171c19bf00a950befb82ad9dd217acdff

    SHA256

    b985ed4ccb9f61d9ab23574ad49f3da34d34664bfe87d7efa92d072426bf241f

    SHA512

    429d25cbeda1e51f4fcacc54a1e2cca4bfd09100b5f427389c4764738f412d41685d42dc7dedf79a966b00d6f399347eeec042e2565ae352e6cb20fa0d220801

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF6B0741-C99D-11EF-BD41-DEC97E11E4FF}.dat
    Filesize

    5KB

    MD5

    7aa690fb98b9de49489370fabbe7f694

    SHA1

    8cde2e0b441fa85997bde16bb860b74f4e660dd7

    SHA256

    b625dd628f078f612415ed115a9cf9c5aee15f1560e806d5cbe0b0360cabd0f7

    SHA512

    9378bec084c7fce82d059405d55c34ac3abe70f6f26a721d7c700129bc36343bf34620adbe9770ac57505532810239ea15876ea716fb507a60df8cb2d8cb25a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF6D68A1-C99D-11EF-BD41-DEC97E11E4FF}.dat
    Filesize

    4KB

    MD5

    9a1592aca37a872fadefe0fcf81c96b6

    SHA1

    4e460c6f072d1dbcda2af2ef64abd0eafcab0239

    SHA256

    13da79cc1d056cede0078f533b89332062180e4429e0c501ebf3a0d79128f441

    SHA512

    9c626fea27b67162d19b583db7c473039495ab29606690725cfe5bbbc1319882ca46279c540b8bbc583ba9cfd61a0659e847e796b87e383c18ec7f1a04ec72ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab64EE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar65CB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    129KB

    MD5

    d8c8aec24f832e3beaeb3865b17dcb95

    SHA1

    eb791e2c4cc783c60460f8b3628e034107659367

    SHA256

    1284cfe422573f4a7495bd98ebe0b81c27186ff292059e4d8aff07e917218859

    SHA512

    64bf0f321e4a4a3e83611374472eef63f167827e8ca26c27c1cb8ab337dd2921eca1a3b08dd8b0ea22027c5a1258c3bee041a0009f76f40ab372916f88b82c47

    Download Submit

  • memory/2192-1-0x00000000001A0000-0x00000000001D3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2192-6-0x00000000001B0000-0x00000000001E3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2192-18-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2192-13-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2192-0-0x00000000001B0000-0x00000000001E3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2192-2-0x00000000001A0000-0x00000000001D3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2192-3-0x00000000001A0000-0x00000000001D3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2700-15-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2700-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-17-0x00000000771BF000-0x00000000771C0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-16-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-19-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-20-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2700-24-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2700-21-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download