ramnit | 66aaad6133c2ec5a654a8ace82073b97bb5d50f38f3ed8a9fad0622a3251f6a8

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05ccf157ce136368841f9850bedcd9b6_JaffaCakes118.html
Size

138KB
MD5

05ccf157ce136368841f9850bedcd9b6
SHA1

55cc6f610a2079514d350b4f7e6c9048948290b3
SHA256

66aaad6133c2ec5a654a8ace82073b97bb5d50f38f3ed8a9fad0622a3251f6a8
SHA512

92c4134f8399083fc6c0622e1802d3fda8fd081c40f179dd2ca64ccfcfc6a88f8f30c1e830049ea951f27be0a42bc1a5c1eb4c30a13a69ec4b2eb1dcae50d56d
SSDEEP

3072:abRWxGS6n6rlyfkMY+BES09JXAnyrZalI+YQ:5GS6n68sMYod+X3oI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

2124 svchost.exe
2632 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

1384 IEXPLORE.EXE
2124 svchost.exe

pid	process
2124	svchost.exe
2632	DesktopLayer.exe

pid	process
1384	IEXPLORE.EXE
2124	svchost.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/2124-12-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2632-14-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2632-18-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2632-17-0x0000000000230000-0x000000000023F000-memory.dmp	upx
behavioral1/memory/2632-21-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\px2378.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c3c4e49899da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6ECCD91-058B-11EF-815A-6A55B5C6A64E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420490285"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000004fc42492c9768163d7616ad88d688ffabb91ab35e2880f42d3c9660ba7c89298000000000e80000000020000200000000fd71c7cc281798a404556f72c1da4342ae496695d47c58a110e7396b09c238f90000000977efac32751a15fa43afcbff2df24db625eb969ec98946bbabcd7b4f9383e319ba745178ed13e1c895dbe5c84ca6abd173a1daad075a98ff3640fcf6e1157fc03e86186da6fb076348efc6fc40d207bf41804e7e1aa2c62f0b30886371096385869d93cc7924cae039ef5fffca68c73ba9adfc8e53a04698fee21cdf015ed8478938e55359b274b40f031cbf0c0f58e400000005111c6c18de0bbd31853c5970a3ec97e02913bade5aa7e5a4548e32f5f0764756f69c561236a07d4dacb36b5be9d5b653523b3c72260c0c63cb6c06b103a8961	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000001e192727a7ee47d6f5bc783f551343d8d5a0afdf14e0b9e6e619a7ac22c20967000000000e8000000002000020000000375b6343e16ee74036aae6ff5c55fba3ec3d43629dcc9664e624d482bae4146620000000425404d0a63d8fbae831f0f9f2dec7d4ea1a5ef742eda883d395b6745f0f2f50400000003345aa262cf5e3a798892b7c1ca013ec0a2ecf4137d41058431c65478d7a7c9cda6c12ccd94494ed26ed20db0329e260852d81e1c71d89c17bc8e60106d57b6c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

2632 DesktopLayer.exe
2632 DesktopLayer.exe
2632 DesktopLayer.exe
2632 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

1132 iexplore.exe
1132 iexplore.exe

pid	process
2632	DesktopLayer.exe
2632	DesktopLayer.exe
2632	DesktopLayer.exe
2632	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
1132	iexplore.exe
1132	iexplore.exe
1384	IEXPLORE.EXE
1384	IEXPLORE.EXE
1132	iexplore.exe
1132	iexplore.exe
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 1132 wrote to memory of 1384	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 1384	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 1384	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 1384	1132	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 2124	1384	IEXPLORE.EXE	svchost.exe
PID 1384 wrote to memory of 2124	1384	IEXPLORE.EXE	svchost.exe
PID 1384 wrote to memory of 2124	1384	IEXPLORE.EXE	svchost.exe
PID 1384 wrote to memory of 2124	1384	IEXPLORE.EXE	svchost.exe
PID 2124 wrote to memory of 2632	2124	svchost.exe	DesktopLayer.exe
PID 2124 wrote to memory of 2632	2124	svchost.exe	DesktopLayer.exe
PID 2124 wrote to memory of 2632	2124	svchost.exe	DesktopLayer.exe
PID 2124 wrote to memory of 2632	2124	svchost.exe	DesktopLayer.exe
PID 2632 wrote to memory of 2608	2632	DesktopLayer.exe	iexplore.exe
PID 2632 wrote to memory of 2608	2632	DesktopLayer.exe	iexplore.exe
PID 2632 wrote to memory of 2608	2632	DesktopLayer.exe	iexplore.exe
PID 2632 wrote to memory of 2608	2632	DesktopLayer.exe	iexplore.exe
PID 1132 wrote to memory of 2444	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 2444	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 2444	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 2444	1132	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\05ccf157ce136368841f9850bedcd9b6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:275457 /prefetch:2
2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2124

C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2632

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
5⤵
PID:2608

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:406536 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f8ffae1daa590e87a75d3e1677914cb7

SHA1
0bb3f9f035c28f8155d167f9353a874890b51e4c

SHA256
71b260abe4faad52c7affd062fc92072093c87632be656ef98fdf7f5a5dab706

SHA512
49e401227ee0ff591f9c10909fd1cc64e78ad0080007f231ae08b9fc5eee2ab587688ebcda8f1c0b4c6986e8df7a019bc4a9cf483d79c0083451b7b7d097c131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1b3628b2a35d186ea0bf46e68a07b4a6

SHA1
825354e9450a665376c3aef40518f3302b5ffecf

SHA256
d6adee1e39142f512064b1deedcb18bddb2c72a751b986e38f818a6706e9bd06

SHA512
7eb23c89c1ed2b04d02592856ed384cf029364bf5eda200a4ac22bbd0a37cdf35f78af22c59728b8a76ccffa06b93a6769749d0941d66a9d9a00724b03f1cb03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d0a23f6ed82329d201f4014252c954d2

SHA1
1c80da114c9cde6ae429f023cb09603837792a58

SHA256
e493d1419912a8690bce6b673fbdacb30dce425b8e8f900bd536e22523d58cf0

SHA512
917628244d091b3f48106cff01de03fad1471248594013794c7d7467f20a6b34a4dac159590c9af321446e8e11fc9ad69b43ed6b187758e5fdc62ee445c9b136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
44f674915284978039806e9cd4b400cc

SHA1
36b4710603a93b38f5ba573066c21f204ecc17ea

SHA256
38aceeb42584a2e77fefb1379796e5c1a9940103e3e3af0ebb40868b3da621a7

SHA512
c369681ec7d7ac756f1f0dff021fdcde589efb727e67d01d13c0d6d4f914db422a4de835d64250bdb425d7f4a9efc1cf2466d58d1da45a917c09c0ef34084b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6d0226e3ebfc1de5c37aa2152e9a46fe

SHA1
b9a4b2b825a58cb0cbea68a077bba460176c447d

SHA256
250cba20712b0363a140f91613f097f628f8d6dde38751578f7d6e185057965e

SHA512
b8e340e67243f11739acd861d8d02e44a2d72a1407dc3031d5aebccc5437a8ddf341fab76773b4fe1f567565df3521f1b76d45773a39b692381ffcbea1d2f233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
27f94997136deaeb7b4edf7e70c904df

SHA1
5bff6d9096b25a3e7912df0267ecb2993c1c8d13

SHA256
4e71474437eb13b8d873ce3bb4cdc2a62ec9513ef7911dc7b950b13d57539673

SHA512
03b5134791a6441ba39ced5b6982c962987e4b338c1612b46ca3bc1a0b01d909f9d350abf8e588395c0452e03679055f60b77ea96251c930863ee760ef459cc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3b281558a20d07cf75568e4f6a5e1c8e

SHA1
7f0e386fdc1fe58cb522763a0eeeef6bfb88da19

SHA256
3f0089e10dc5d6529c64ff0039f41aefcb2fd1a49a42fac92a42570cb1f73491

SHA512
05ef429491b92e0ef33a432e43b8dacfdc38b1a720afe6e27143c8d4033d9ee9f17f9ab93b464e1f79d8da621f189e5718d5d209bc324357d908f98ee76b07f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9e8695433cf8456801bea4da2dd440cc

SHA1
05533ef5b80e64474ac95fbc71735137bada8cbb

SHA256
ab3b7a3397c4ad8922e8f30e30ad375f05f3998066e43c824036bf572f730870

SHA512
d98afcdc3842e5a3c15d3d0c4622d7912117282c878a4c54ab4564fb52a1c0e31dabc2733d86a1ab98e9dcb6a86795610f76e142e6885a3718aaa9372bdd8f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F07.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2027.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2124-12-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2632-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2632-16-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2632-17-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2632-18-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2632-19-0x0000000077B3F000-0x0000000077B40000-memory.dmp

Filesize
4KB

Download
memory/2632-14-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download