ramnit | 9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f

Analysis

max time kernel
96s
max time network
143s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe
Size

292KB
MD5

0e95b7e4925b92678355e57ff72fd0f0
SHA1

c3b8acb3d8fe27f6cccfc12465b2683a1ca4e8b5
SHA256

9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f
SHA512

a94c03179678371f75b1dd55560c2e45f4fcad4216abd354bb708aafbf0865f64309349722aef6bfc96dd2001691dc58acf3d127c7e109ee0c888a43f2b0da73
SSDEEP

6144:NvNNtWuYcqHmiNLOcQFfdD4motiK33l/f/:NvNb/1oLfQ9ehRl/f/

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 1 IoCs

pid	Process
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000054a8-54.dat	upx
behavioral1/files/0x000c0000000054a8-55.dat	upx
behavioral1/files/0x000c0000000054a8-57.dat	upx
behavioral1/memory/1680-61-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral1/memory/1680-62-0x0000000000400000-0x000000000045B000-memory.dmp	upx

Loads dropped DLL 2 IoCs

pid	Process
1504	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe
1504	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe

Modifies Internet Explorer settings 1 TTPs 53 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "374562741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55361A31-5E5A-11ED-8F62-626C2AE6DC56} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55364141-5E5A-11ED-8F62-626C2AE6DC56} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
944	iexplore.exe
1600	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
944	iexplore.exe
944	iexplore.exe
1600	iexplore.exe
1600	iexplore.exe
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1680	1504	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe	29
PID 1504 wrote to memory of 1680	1504	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe	29
PID 1504 wrote to memory of 1680	1504	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe	29
PID 1504 wrote to memory of 1680	1504	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe	29
PID 1680 wrote to memory of 944	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	30
PID 1680 wrote to memory of 944	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	30
PID 1680 wrote to memory of 944	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	30
PID 1680 wrote to memory of 944	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	30
PID 1680 wrote to memory of 1600	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	31
PID 1680 wrote to memory of 1600	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	31
PID 1680 wrote to memory of 1600	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	31
PID 1680 wrote to memory of 1600	1680	9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe	31
PID 944 wrote to memory of 1444	944	iexplore.exe	33
PID 944 wrote to memory of 1444	944	iexplore.exe	33
PID 944 wrote to memory of 1444	944	iexplore.exe	33
PID 944 wrote to memory of 1444	944	iexplore.exe	33
PID 1600 wrote to memory of 1956	1600	iexplore.exe	34
PID 1600 wrote to memory of 1956	1600	iexplore.exe	34
PID 1600 wrote to memory of 1956	1600	iexplore.exe	34
PID 1600 wrote to memory of 1956	1600	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe
"C:\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
  C:\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1444
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55361A31-5E5A-11ED-8F62-626C2AE6DC56}.dat

Filesize
3KB

MD5
fa7a2f9dfd4be4910ede9aeebf795521

SHA1
c11190e4a50cba42b5ac3bdcdd05b652811edb18

SHA256
ab5e1a2abe4108853a0e74528b805db5385549d7d1c71e54fc8e0788e4203edf

SHA512
6422b7640e16649960681b4f0ccf61569b1db93cf9f99ec0b9aab327c14228a9f3356927bc5ded3243f8417c04f8e14ef0c73e021e653b9a672dc4bff32e40ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55364141-5E5A-11ED-8F62-626C2AE6DC56}.dat

Filesize
3KB

MD5
300f4b04953c2adfa91e1e901424901b

SHA1
e00e4576e98fb1d27e0eaeaed43cec863d1661dd

SHA256
5fca546d13ff340b53c466c390f0de70268c3941f07b04a93da59b0bc07ea936

SHA512
6ff20134a48182947e8fe2edefe2ddad705fd2bad25a74e91400c6792f504cc5a7b7ce4af4908aa4a9e04448aa9b1305a888bfbc13496bb3d157306aa4908d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe

Filesize
125KB

MD5
4bcb9e36702414ca6cbc2259b64479d0

SHA1
22a85317683f3e71ad4b822751e8dbcfc17fac3f

SHA256
33d69fa6ccc1befaa7873fd9d41937925752c0237be06c1be9ec2c72c4c9ee02

SHA512
33cc133ed25d19d1f0e99152f4fe2841fd74a6601a959101fc30672dc1bf3528cf59cc80e7413f35ace43f4386dd55f24414374fff8b73fdff98fb7e3fc92c91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7UZ3NW8X.txt

Filesize
608B

MD5
56cdbeb15138506c5bc247ff016de4be

SHA1
72ab57314debc5135c5c5bd3b6cab263d982ff86

SHA256
e46c059828d7cce32848c3b151a4fbb7dd6da1b18cedae5c34d881f7d2dda5c9

SHA512
e043dd2afcc1c8d210a29934a5b12c712457ec0571b62f275df8f1a061de015aa8dbdb16f5733ae19e6a5f93256c6f35912e4d2f0fb0aec7afcf38817426bf64

Download Submit
\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe

Filesize
125KB

MD5
4bcb9e36702414ca6cbc2259b64479d0

SHA1
22a85317683f3e71ad4b822751e8dbcfc17fac3f

SHA256
33d69fa6ccc1befaa7873fd9d41937925752c0237be06c1be9ec2c72c4c9ee02

SHA512
33cc133ed25d19d1f0e99152f4fe2841fd74a6601a959101fc30672dc1bf3528cf59cc80e7413f35ace43f4386dd55f24414374fff8b73fdff98fb7e3fc92c91

Download Submit
\Users\Admin\AppData\Local\Temp\9e8fbc3f569c703857e52359ecd7d5cb0a50274b7d3f9568b07525c2ca470a7fmgr.exe

Filesize
125KB

MD5
4bcb9e36702414ca6cbc2259b64479d0

SHA1
22a85317683f3e71ad4b822751e8dbcfc17fac3f

SHA256
33d69fa6ccc1befaa7873fd9d41937925752c0237be06c1be9ec2c72c4c9ee02

SHA512
33cc133ed25d19d1f0e99152f4fe2841fd74a6601a959101fc30672dc1bf3528cf59cc80e7413f35ace43f4386dd55f24414374fff8b73fdff98fb7e3fc92c91

Download Submit
memory/1504-58-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1680-56-0x0000000000000000-mapping.dmp

Download
memory/1680-61-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1680-62-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download