Overview

overview

10

Static

static

9ffc67b3f0...22.dll

windows7-x64

10

9ffc67b3f0...22.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2022 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ffc67b3f0b49e35357ee68dc59d074e38035c4d34476170c4610c131d4a7e22.dll

  • Size

    231KB

  • MD5

    00d354ce7ce7e61c0288f0970f5bf2d0

  • SHA1

    fc05475d7f0e20dbefbdf3c7637004fb66b9e63d

  • SHA256

    9ffc67b3f0b49e35357ee68dc59d074e38035c4d34476170c4610c131d4a7e22

  • SHA512

    7be7233bb2660bfb22460eef2ec72c59cafff6a326c6d0122fc6b2ff8b751f69d5f5b068e4dcd6d23f67d2e30ff00c078353e022e0afa38b01fcdda3ba6209d8

  • SSDEEP

    3072:+sGwxP7Ghb+GgJ2r1fHZF8+T7+B84TZpxGAtl5a6YsbGHWSlE5t6ZoiLCmGK9cO:pBQ+aVXMB84TZhtusbA3OEIK9

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 7 IoCs
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 7 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 13 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ffc67b3f0b49e35357ee68dc59d074e38035c4d34476170c4610c131d4a7e22.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ffc67b3f0b49e35357ee68dc59d074e38035c4d34476170c4610c131d4a7e22.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1304
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1288
        • C:\Windows\SysWOW64\rundll32SrvSrv.exe
          C:\Windows\SysWOW64\rundll32SrvSrv.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1408
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1932
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:432
          • C:\Windows\SysWOW64\rundll32SrvSrvSrv.exe
            C:\Windows\SysWOW64\rundll32SrvSrvSrv.exe
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:756
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1336
          • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
            "C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of WriteProcessMemory
            PID:676
            • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
              "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
              6⤵
              • Executes dropped EXE
              PID:1456
            • C:\Program Files (x86)\Microsoft\DesktopLayerSrvSrv.exe
              "C:\Program Files (x86)\Microsoft\DesktopLayerSrvSrv.exe"
              6⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1212
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1512
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1512 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1352
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:740
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:360
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:360 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1388

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    168KB

    MD5

    c64813adfc336147b0e6230f949236bd

    SHA1

    cd3b7088c1e071ea93952673a4c59edbfbd619cd

    SHA256

    38f3ffec87edfe3ff6da75cc8604651b8170581d780ee5b258bc591fe72e6c6f

    SHA512

    8a2cf2459f810c33caf1ad4adcc241ed4b63c865703e4ff36b198f7f994a28be8abb9fbddde939931f0daa214522ce7b56696cea088068f127827cf1a2a9a628

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    168KB

    MD5

    c64813adfc336147b0e6230f949236bd

    SHA1

    cd3b7088c1e071ea93952673a4c59edbfbd619cd

    SHA256

    38f3ffec87edfe3ff6da75cc8604651b8170581d780ee5b258bc591fe72e6c6f

    SHA512

    8a2cf2459f810c33caf1ad4adcc241ed4b63c865703e4ff36b198f7f994a28be8abb9fbddde939931f0daa214522ce7b56696cea088068f127827cf1a2a9a628

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayerSrvSrv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayerSrvSrv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57EECD11-6988-11ED-9201-42465D836E7B}.dat
    Filesize

    3KB

    MD5

    a52d65683ccb2121d5656b73e4ad9452

    SHA1

    41ec0bee1d7ade4732908c2462f31c74a033728e

    SHA256

    3280ee0a88644f33f682b5567bccfb966e831e8b70fa178e33d8be2e58cad0ef

    SHA512

    5ffca52d39a97f24ffb662ac99139a5995970fce9e90997158e16ed8afa78b05dc9491dd65e8bc54314dc02ba0acaca25020c358ac7eeca51dd4077550c2e6ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{581010B1-6988-11ED-9201-42465D836E7B}.dat
    Filesize

    3KB

    MD5

    54676960f62c36771a75d360cecc6973

    SHA1

    fc101be22681f2b754309a9234064064209efaf9

    SHA256

    e32ca4200906e5fff3f143f9ace39e37ac7d5bc7a79041c9b600dc5946b8408a

    SHA512

    1eb8e7b84d46936b30379b32551d8d06d055efab4d931d3f898151ee7beba36a02f3587b5ea8d6d97099b2f11156e268ab76d2d77a85af6c296b3a7e0e60ef5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{581010B1-6988-11ED-9201-42465D836E7B}.dat
    Filesize

    5KB

    MD5

    f8f9e08d138a43d6a55dc233290b1b0d

    SHA1

    d21766cbe9fd8393aa12bbb13bbb420a64cccc74

    SHA256

    34b2b3850de2890c91b56f1c26c3a7aa0871e726cbf2f430a70247cab81c1512

    SHA512

    6906f94eecbe72a6dacf3198841c0cf9d5411251ecb022302fc6be2934c1428d9d2d617cda08d985d1a38863b846e023006a7731868f00ef7d1b315c51f00d68

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{582127B1-6988-11ED-9201-42465D836E7B}.dat
    Filesize

    5KB

    MD5

    2fa19ef55f33cbab742ca4a4f2df19d5

    SHA1

    0b2fa1da63a4a8d16afb47e8ec0a9393a0cf35de

    SHA256

    f7437365e990cc146ac4e111de4884005013cd066a83f9aec922d75991598ede

    SHA512

    2f5613fc0452a36dce971e8c15f699c1fa5238d02894a475e7a1fb952db4df515fb7be4c92a9533bcd24b8b95e0f871779693a5eeb14e3cd2c2f6d8b5316fe17

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5BLIAZFD.txt
    Filesize

    608B

    MD5

    8862fe316658db07a69ab77264c6e288

    SHA1

    9b2359e917aab99a7364b1bd572b1c5f6dbd397c

    SHA256

    988c12708cc2ac0ae95bfad1245002331f73e5cbf03009a4c23394dca557c078

    SHA512

    d9766287476b73798f98d0d828589597bf36fe3ad690c7958afd22f000e75ebea928dfa87abd79dfa15e32d46e0b6e6cb34fda15e7420870d173c00a027f39d8

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    168KB

    MD5

    c64813adfc336147b0e6230f949236bd

    SHA1

    cd3b7088c1e071ea93952673a4c59edbfbd619cd

    SHA256

    38f3ffec87edfe3ff6da75cc8604651b8170581d780ee5b258bc591fe72e6c6f

    SHA512

    8a2cf2459f810c33caf1ad4adcc241ed4b63c865703e4ff36b198f7f994a28be8abb9fbddde939931f0daa214522ce7b56696cea088068f127827cf1a2a9a628

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    168KB

    MD5

    c64813adfc336147b0e6230f949236bd

    SHA1

    cd3b7088c1e071ea93952673a4c59edbfbd619cd

    SHA256

    38f3ffec87edfe3ff6da75cc8604651b8170581d780ee5b258bc591fe72e6c6f

    SHA512

    8a2cf2459f810c33caf1ad4adcc241ed4b63c865703e4ff36b198f7f994a28be8abb9fbddde939931f0daa214522ce7b56696cea088068f127827cf1a2a9a628

    Download Submit

  • C:\Windows\SysWOW64\rundll32SrvSrv.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • C:\Windows\SysWOW64\rundll32SrvSrv.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • C:\Windows\SysWOW64\rundll32SrvSrvSrv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • C:\Windows\SysWOW64\rundll32SrvSrvSrv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    168KB

    MD5

    c64813adfc336147b0e6230f949236bd

    SHA1

    cd3b7088c1e071ea93952673a4c59edbfbd619cd

    SHA256

    38f3ffec87edfe3ff6da75cc8604651b8170581d780ee5b258bc591fe72e6c6f

    SHA512

    8a2cf2459f810c33caf1ad4adcc241ed4b63c865703e4ff36b198f7f994a28be8abb9fbddde939931f0daa214522ce7b56696cea088068f127827cf1a2a9a628

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayerSrv.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayerSrvSrv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    168KB

    MD5

    c64813adfc336147b0e6230f949236bd

    SHA1

    cd3b7088c1e071ea93952673a4c59edbfbd619cd

    SHA256

    38f3ffec87edfe3ff6da75cc8604651b8170581d780ee5b258bc591fe72e6c6f

    SHA512

    8a2cf2459f810c33caf1ad4adcc241ed4b63c865703e4ff36b198f7f994a28be8abb9fbddde939931f0daa214522ce7b56696cea088068f127827cf1a2a9a628

    Download Submit

  • \Windows\SysWOW64\rundll32SrvSrv.exe
    Filesize

    111KB

    MD5

    1e58c74d262752a2060fbd8010d75169

    SHA1

    9adb4d47fb327e7f7293130c424c64e27ce6da2f

    SHA256

    05a0c977d25de24bc7778ff6b83f81a94f555a181f48dac40fab303c69b43d98

    SHA512

    22185e4742b69d1167b1edfc7025014794cee91b52573245a969c1d416def993b4a284679ed54577d4db1dbb7931763abb7a3d777e7c57492f52bf970ee42090

    Download Submit

  • \Windows\SysWOW64\rundll32SrvSrvSrv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • memory/676-77-0x0000000000000000-mapping.dmp

    Download

  • memory/676-93-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/756-69-0x0000000000000000-mapping.dmp

    Download

  • memory/756-83-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1212-85-0x0000000000000000-mapping.dmp

    Download

  • memory/1212-92-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1288-68-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1288-57-0x0000000000000000-mapping.dmp

    Download

  • memory/1304-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1304-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1336-82-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1336-66-0x0000000000000000-mapping.dmp

    Download

  • memory/1408-73-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1408-61-0x0000000000000000-mapping.dmp

    Download

  • memory/1456-90-0x0000000000000000-mapping.dmp

    Download

  • memory/1456-96-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download