ramnit | cc878688122b40ca6ed03730e319ce5a48e318442423df7505196bba6a4bc6d5

Analysis

max time kernel
148s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc878688122b40ca6ed03730e319ce5a48e318442423df7505196bba6a4bc6d5.dll
Size

264KB
MD5

45c8b34daa550fde1f82a2acccda5f07
SHA1

fcc639efb6d02a1dea64650fcfd913fd2393a759
SHA256

cc878688122b40ca6ed03730e319ce5a48e318442423df7505196bba6a4bc6d5
SHA512

ac114f6761fd9a2f7693bf9ea75238f9a3e8a7a3e505072f5217eb73d05ae1408825687949bc0335461df4867059c0c5a4f47b732cf81523dcc51b353d815e09
SSDEEP

3072:VdcQ2ZNMSQvbajUTUItjT68+xQUpr/lIylK8ZUaUubSG7cEe0XjQS+JxjwoDjlaF:lATSOjUQK4rtIylKC55IE3XkFjJDhaF

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 2 IoCs

pid	Process
4032	rundll32mgr.exe
5068	WaterMark.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4032-138-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4032-139-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4032-142-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/5068-150-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-151-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-152-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-153-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-156-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-157-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-158-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/5068-159-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxD352.tmp	rundll32mgr.exe
File created	C:\Program Files (x86)\Microsoft\WaterMark.exe	rundll32mgr.exe
File opened for modification	C:\Program Files (x86)\Microsoft\WaterMark.exe	rundll32mgr.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
840	3472	WerFault.exe	85

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2585961717"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30999737"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30999737"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2723461537"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2585961717"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30999737"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30999737"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376577247"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BAAB0C5E-70AC-11ED-B696-4A8324823CC0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BAA1867A-70AC-11ED-B696-4A8324823CC0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2723461537"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe
5068	WaterMark.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5068	WaterMark.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4360	iexplore.exe
4624	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4624	iexplore.exe
4624	iexplore.exe
4360	iexplore.exe
4360	iexplore.exe
3504	IEXPLORE.EXE
3504	IEXPLORE.EXE
440	IEXPLORE.EXE
440	IEXPLORE.EXE
3504	IEXPLORE.EXE
3504	IEXPLORE.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4032	rundll32mgr.exe
5068	WaterMark.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 3036	3252	rundll32.exe	82
PID 3252 wrote to memory of 3036	3252	rundll32.exe	82
PID 3252 wrote to memory of 3036	3252	rundll32.exe	82
PID 3036 wrote to memory of 4032	3036	rundll32.exe	83
PID 3036 wrote to memory of 4032	3036	rundll32.exe	83
PID 3036 wrote to memory of 4032	3036	rundll32.exe	83
PID 4032 wrote to memory of 5068	4032	rundll32mgr.exe	84
PID 4032 wrote to memory of 5068	4032	rundll32mgr.exe	84
PID 4032 wrote to memory of 5068	4032	rundll32mgr.exe	84
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 3472	5068	WaterMark.exe	85
PID 5068 wrote to memory of 4360	5068	WaterMark.exe	88
PID 5068 wrote to memory of 4360	5068	WaterMark.exe	88
PID 5068 wrote to memory of 4624	5068	WaterMark.exe	89
PID 5068 wrote to memory of 4624	5068	WaterMark.exe	89
PID 4624 wrote to memory of 440	4624	iexplore.exe	91
PID 4624 wrote to memory of 440	4624	iexplore.exe	91
PID 4624 wrote to memory of 440	4624	iexplore.exe	91
PID 4360 wrote to memory of 3504	4360	iexplore.exe	90
PID 4360 wrote to memory of 3504	4360	iexplore.exe	90
PID 4360 wrote to memory of 3504	4360	iexplore.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc878688122b40ca6ed03730e319ce5a48e318442423df7505196bba6a4bc6d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc878688122b40ca6ed03730e319ce5a48e318442423df7505196bba6a4bc6d5.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of UnmapMainImage
    - Suspicious use of WriteProcessMemory
    PID:4032
  - - C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of UnmapMainImage
      Suspicious use of WriteProcessMemory
      PID:5068
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        5⤵
        
        PID:3472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 204
        6⤵
        Program crash
        
        PID:840
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4360
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4360 CREDAT:17410 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:3504
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4624
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4624 CREDAT:17410 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3472 -ip 3472
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\WaterMark.exe

Filesize
112KB

MD5
9767edb24505caa3f9615ba0414e44ff

SHA1
42c91f4dc19dbad863845d4546731dfd5e6e9c14

SHA256
5252232bda9f69119eace43194c74bb666bc32c5ec2012cb8a4f52750a534827

SHA512
b9e733958c27537d2af9b933ffff4c2d52e067506b0e9aa2e51d16ef4cfaa28f163675e9b5c970993149ce7d3f5a796b5855bed18ae43d37535c4da4873f8644

Download Submit
C:\Program Files (x86)\Microsoft\WaterMark.exe

Filesize
112KB

MD5
9767edb24505caa3f9615ba0414e44ff

SHA1
42c91f4dc19dbad863845d4546731dfd5e6e9c14

SHA256
5252232bda9f69119eace43194c74bb666bc32c5ec2012cb8a4f52750a534827

SHA512
b9e733958c27537d2af9b933ffff4c2d52e067506b0e9aa2e51d16ef4cfaa28f163675e9b5c970993149ce7d3f5a796b5855bed18ae43d37535c4da4873f8644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BAA1867A-70AC-11ED-B696-4A8324823CC0}.dat

Filesize
5KB

MD5
64e547ae5e8170d41f24e99555652111

SHA1
fae241b8ac4f6a3876d6c65d13b30c5393483ed0

SHA256
efbcc4cf92748c2bba7d66919058326ffd6da26a1c385a443b80aa120b811da3

SHA512
65f67f487df0fddda678d0881fb9aa56f4949fe86804db86c70ee127e9f1ea9ae5c2208e2e48d22055e34780cda23d744c9e7fe8ac343fe0039f0e73380d47af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BAAB0C5E-70AC-11ED-B696-4A8324823CC0}.dat

Filesize
5KB

MD5
e47397274b1363a40c3da38f5f001ca7

SHA1
8b7ee632d3531480a06c50b8b059280b11ae1270

SHA256
c35815ff188f34a0dc4afc44456bb34267a96cd2ae9bf01560d78661f1c96d63

SHA512
40f8aa420c4952a3cd73f647ab929332d6e5b88651cd67122a0b0bd282e04ef085f7d84aef959b7cdda4c6860ba9908b746556499d796938a63b16a0d74f5da4

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
112KB

MD5
9767edb24505caa3f9615ba0414e44ff

SHA1
42c91f4dc19dbad863845d4546731dfd5e6e9c14

SHA256
5252232bda9f69119eace43194c74bb666bc32c5ec2012cb8a4f52750a534827

SHA512
b9e733958c27537d2af9b933ffff4c2d52e067506b0e9aa2e51d16ef4cfaa28f163675e9b5c970993149ce7d3f5a796b5855bed18ae43d37535c4da4873f8644

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
112KB

MD5
9767edb24505caa3f9615ba0414e44ff

SHA1
42c91f4dc19dbad863845d4546731dfd5e6e9c14

SHA256
5252232bda9f69119eace43194c74bb666bc32c5ec2012cb8a4f52750a534827

SHA512
b9e733958c27537d2af9b933ffff4c2d52e067506b0e9aa2e51d16ef4cfaa28f163675e9b5c970993149ce7d3f5a796b5855bed18ae43d37535c4da4873f8644

Download Submit
memory/4032-142-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4032-139-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4032-138-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5068-153-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-152-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-151-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-150-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-156-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-157-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-158-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/5068-159-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download