Overview

overview

10

Static

static

3

JaffaCakes...b0.dll

windows7-x64

7

JaffaCakes...b0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2025 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_78f59abb13c18b97df25064a7d7379b0.dll

  • Size

    221KB

  • MD5

    78f59abb13c18b97df25064a7d7379b0

  • SHA1

    e85980d623212decac94efefecf9a10cdce3aae8

  • SHA256

    94df4593588eff3b4084bae23675fc06523915be3600a5458f080dd5ab7697d3

  • SHA512

    b47ae95fbdeda1aae59ce17e8980e41f2fb750f4fe150a7aecbc83258f7b23c9f3d22bc8b89e69fddb8e6b053ad40dbcc86d3ab61e788ec33d291dfc650144ad

  • SSDEEP

    3072:Bevj25xBncg9i9ICBHDRNO+wGlSwxFxq0D1bdB1Fw43R3Ab+2vyXU:MvOxBcgQ9IC52+bFxrR9DqvyE

Score
10/10
ramnitbankerdiscoveryevasionspywarestealertrojanupxworm

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 4 IoCs
    evasion
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
      • C:\Windows\system32\fontdrvhost.exe
        "fontdrvhost.exe"
        2⤵
          PID:784
        • C:\Windows\system32\dwm.exe
          "dwm.exe"
          2⤵
            PID:316
        • C:\Windows\system32\lsass.exe
          C:\Windows\system32\lsass.exe
          1⤵
            PID:676
          • C:\Windows\system32\fontdrvhost.exe
            "fontdrvhost.exe"
            1⤵
              PID:780
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch -p
              1⤵
                PID:796
                • C:\Windows\system32\wbem\unsecapp.exe
                  C:\Windows\system32\wbem\unsecapp.exe -Embedding
                  2⤵
                    PID:2996
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    2⤵
                      PID:3772
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      2⤵
                        PID:3860
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        2⤵
                          PID:3972
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          2⤵
                            PID:4056
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            2⤵
                              PID:3608
                            • C:\Windows\System32\RuntimeBroker.exe
                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                              2⤵
                                PID:4176
                              • C:\Windows\system32\SppExtComObj.exe
                                C:\Windows\system32\SppExtComObj.exe -Embedding
                                2⤵
                                  PID:4212
                                • C:\Windows\system32\DllHost.exe
                                  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                  2⤵
                                    PID:4136
                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                                    2⤵
                                      PID:3332
                                    • C:\Windows\system32\backgroundTaskHost.exe
                                      "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                      2⤵
                                        PID:2940
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k RPCSS -p
                                      1⤵
                                        PID:904
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                        1⤵
                                          PID:960
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                          1⤵
                                            PID:408
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                            1⤵
                                              PID:920
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                              1⤵
                                                PID:1064
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                1⤵
                                                  PID:1072
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
                                                  1⤵
                                                    PID:1084
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                    1⤵
                                                      PID:1204
                                                      • C:\Windows\system32\taskhostw.exe
                                                        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                                        2⤵
                                                          PID:740
                                                        • C:\Windows\system32\MusNotification.exe
                                                          C:\Windows\system32\MusNotification.exe
                                                          2⤵
                                                            PID:2688
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                          1⤵
                                                            PID:1240
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                            1⤵
                                                              PID:1288
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                              1⤵
                                                                PID:1400
                                                                • C:\Windows\system32\sihost.exe
                                                                  sihost.exe
                                                                  2⤵
                                                                    PID:3012
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                                  1⤵
                                                                    PID:1412
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                                    1⤵
                                                                      PID:1424
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                                      1⤵
                                                                        PID:1440
                                                                      • C:\Windows\System32\svchost.exe
                                                                        C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                                        1⤵
                                                                          PID:1448
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                                          1⤵
                                                                            PID:1536
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                                            1⤵
                                                                              PID:1648
                                                                            • C:\Windows\System32\svchost.exe
                                                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                                              1⤵
                                                                                PID:1700
                                                                              • C:\Windows\System32\svchost.exe
                                                                                C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                                                1⤵
                                                                                  PID:1740
                                                                                • C:\Windows\System32\svchost.exe
                                                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                  1⤵
                                                                                    PID:1816
                                                                                  • C:\Windows\System32\svchost.exe
                                                                                    C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                                                                    1⤵
                                                                                      PID:1832
                                                                                    • C:\Windows\System32\svchost.exe
                                                                                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                      1⤵
                                                                                        PID:1996
                                                                                      • C:\Windows\system32\svchost.exe
                                                                                        C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                                                        1⤵
                                                                                          PID:2004
                                                                                        • C:\Windows\system32\svchost.exe
                                                                                          C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                                                          1⤵
                                                                                            PID:1304
                                                                                          • C:\Windows\System32\svchost.exe
                                                                                            C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                                                            1⤵
                                                                                              PID:1016
                                                                                            • C:\Windows\System32\spoolsv.exe
                                                                                              C:\Windows\System32\spoolsv.exe
                                                                                              1⤵
                                                                                                PID:2088
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                                                1⤵
                                                                                                  PID:2132
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
                                                                                                  1⤵
                                                                                                    PID:2192
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                                                                    1⤵
                                                                                                      PID:2236
                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                                                      1⤵
                                                                                                        PID:2296
                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                                        1⤵
                                                                                                          PID:2492
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                                                          1⤵
                                                                                                            PID:2500
                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                            C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                                                            1⤵
                                                                                                              PID:2672
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                                                              1⤵
                                                                                                                PID:2732
                                                                                                              • C:\Windows\sysmon.exe
                                                                                                                C:\Windows\sysmon.exe
                                                                                                                1⤵
                                                                                                                  PID:2748
                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                                                                  1⤵
                                                                                                                    PID:2768
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                                                                    1⤵
                                                                                                                      PID:2784
                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                                                      1⤵
                                                                                                                        PID:3060
                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                                                        1⤵
                                                                                                                          PID:3240
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                          1⤵
                                                                                                                            PID:3380
                                                                                                                          • C:\Windows\Explorer.EXE
                                                                                                                            C:\Windows\Explorer.EXE
                                                                                                                            1⤵
                                                                                                                              PID:3456
                                                                                                                              • C:\Windows\system32\rundll32.exe
                                                                                                                                rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_78f59abb13c18b97df25064a7d7379b0.dll,#1
                                                                                                                                2⤵
                                                                                                                                • Suspicious use of WriteProcessMemory
                                                                                                                                PID:5112
                                                                                                                                • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_78f59abb13c18b97df25064a7d7379b0.dll,#1
                                                                                                                                  3⤵
                                                                                                                                  • Modifies firewall policy service
                                                                                                                                  • Blocklisted process makes network request
                                                                                                                                  • Drops file in System32 directory
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                                                  PID:4488
                                                                                                                                  • C:\Windows\SysWOW64\rundll32mgr.exe
                                                                                                                                    C:\Windows\SysWOW64\rundll32mgr.exe
                                                                                                                                    4⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                    • Suspicious behavior: MapViewOfSection
                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                    • Suspicious use of UnmapMainImage
                                                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                                                    PID:636
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 416
                                                                                                                                      5⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:536
                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                              C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                              1⤵
                                                                                                                                PID:3588
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                1⤵
                                                                                                                                  PID:5092
                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                  1⤵
                                                                                                                                    PID:3500
                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                                    1⤵
                                                                                                                                      PID:1104
                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                      1⤵
                                                                                                                                        PID:2528
                                                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                                                        C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                        1⤵
                                                                                                                                          PID:4188
                                                                                                                                        • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                          "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                          1⤵
                                                                                                                                            PID:2028
                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                            1⤵
                                                                                                                                              PID:4404
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 636 -ip 636
                                                                                                                                              1⤵
                                                                                                                                                PID:2232

                                                                                                                                              Network

                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                              Replay Monitor

                                                                                                                                              Loading Replay Monitor...

                                                                                                                                              Downloads

                                                                                                                                              • C:\Windows\SysWOW64\rundll32mgr.exe
                                                                                                                                                Filesize

                                                                                                                                                119KB

                                                                                                                                                MD5

                                                                                                                                                78e3f033907ea994a9456f3f1c164b6c

                                                                                                                                                SHA1

                                                                                                                                                c106c05f7ffe122777639cfb771431e62d9c8e03

                                                                                                                                                SHA256

                                                                                                                                                4f398abd0091c32e100566ffa43db278c82965a71ee4878bd29cd6e104ab890d

                                                                                                                                                SHA512

                                                                                                                                                e8c4419d3f4ce4adbf8f48fd9d0dbca2f6d9696533e07fc3c3224f6e9ff91813ef20f0317f58ab010a1bb96d5445af5f952f8eb559be8aacf944679217b4a2b1

                                                                                                                                                Download Submit

                                                                                                                                              • memory/636-17-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-22-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-18-0x0000000077133000-0x0000000077134000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-23-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-21-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-10-0x0000000077132000-0x0000000077133000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-20-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-12-0x0000000000401000-0x0000000000404000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                12KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-14-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-16-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-4-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                164KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-28-0x0000000000401000-0x0000000000404000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                12KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-19-0x00000000001C0000-0x00000000001C1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-15-0x0000000000400000-0x0000000000421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                132KB

                                                                                                                                                Download

                                                                                                                                              • memory/636-13-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                164KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-11-0x000000007FA10000-0x000000007FA1C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-6-0x000000007FA10000-0x000000007FA1C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-9-0x0000000077133000-0x0000000077134000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-7-0x0000000077132000-0x0000000077133000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-8-0x000000007FA10000-0x000000007FA1C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-25-0x000000007FA10000-0x000000007FA1C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-26-0x000000007FA10000-0x000000007FA1C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                                Download

                                                                                                                                              • memory/4488-0-0x0000000074B60000-0x0000000074B9C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                240KB

                                                                                                                                                Download