ramnit | dd8d69ea7de0f16ddab2b0f6b89f66ef3c1d09d645485b7fca97679be98e6a4f

Analysis

max time kernel
129s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

154cf1788a1fe7fd89911620c30e6b70_JaffaCakes118.html
Size

155KB
MD5

154cf1788a1fe7fd89911620c30e6b70
SHA1

e4fc7cc9e0b8510cd9ca9e8874ac1b3ae374e0d6
SHA256

dd8d69ea7de0f16ddab2b0f6b89f66ef3c1d09d645485b7fca97679be98e6a4f
SHA512

9c3577ec5afa9abdc6b68c1102041c0623d67a350019e66a608cbd10b9d928bb6af49a146809dfff29e899084716a0a74bdcb84253c4a6f74f77d24bf367bc8a
SSDEEP

1536:ihoBtC17RTpuIaYRd8MJZ8YG10TSqKQWGfhiQ4VxOjfFwvtXi1jcMEVuyLi+rffh:iju4r5yfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 2 IoCs

pid	Process
2296	svchost.exe
2004	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2972	IEXPLORE.EXE
2296	svchost.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0032000000004ed7-481.dat	upx
behavioral1/memory/2296-480-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2296-484-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2004-490-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2004-494-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxF5C4.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11D1B041-0A7C-11EF-B5E8-DE62917EBCA6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421033216"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2004	DesktopLayer.exe
2004	DesktopLayer.exe
2004	DesktopLayer.exe
2004	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2196	iexplore.exe
2196	iexplore.exe
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2972 wrote to memory of 2296	2972	IEXPLORE.EXE	34
PID 2972 wrote to memory of 2296	2972	IEXPLORE.EXE	34
PID 2972 wrote to memory of 2296	2972	IEXPLORE.EXE	34
PID 2972 wrote to memory of 2296	2972	IEXPLORE.EXE	34
PID 2296 wrote to memory of 2004	2296	svchost.exe	35
PID 2296 wrote to memory of 2004	2296	svchost.exe	35
PID 2296 wrote to memory of 2004	2296	svchost.exe	35
PID 2296 wrote to memory of 2004	2296	svchost.exe	35
PID 2004 wrote to memory of 2108	2004	DesktopLayer.exe	36
PID 2004 wrote to memory of 2108	2004	DesktopLayer.exe	36
PID 2004 wrote to memory of 2108	2004	DesktopLayer.exe	36
PID 2004 wrote to memory of 2108	2004	DesktopLayer.exe	36
PID 2196 wrote to memory of 1304	2196	iexplore.exe	37
PID 2196 wrote to memory of 1304	2196	iexplore.exe	37
PID 2196 wrote to memory of 1304	2196	iexplore.exe	37
PID 2196 wrote to memory of 1304	2196	iexplore.exe	37

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\154cf1788a1fe7fd89911620c30e6b70_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2004
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2108
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:406542 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d63ab871e2e2182a72f4ee9f1bea4995

SHA1
3f24373697c6fa465be381fc256f5afa674337ac

SHA256
10974c0b5f084b6b0939f6358bf5933223859bebaf7c10a6fdf15f2f5bc32b07

SHA512
da0ee5763d5e9d5c0a6f30e62f1f053b78fbfaf989e8febd85c9c43d2053be6be17d7931f39494c7df4cab2e0545e7d5f58d19fdf40a434b2093adecc425ad52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02bd21ce3c7009665ffde248eed0003a

SHA1
79b7ac57c39bb531cd4d8d641d7c7db8aadb492c

SHA256
4fad484e4e31cb1df867f21a34c1d4f45de39529eb14027defadaf9ca8848865

SHA512
16a4c38d344f0a7dd06fbd8bffcb9805c8a7843be0b4e2cfdadaa5ba2454d199111a3d282decb74192fe7a03fb65c8f3747c78e8cb15a56d7326ce2f7eb689d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6aba6b113a5698e956707c279f6bdea

SHA1
7ab212215fce91c84d08283261a43d58f6f0170b

SHA256
ec891ebd0d04b5a58d47d405e5acd22c1519ee754efd6de9ca4f44ecbf67c17d

SHA512
9247e8c2111f0704ecae5561b89fa79f8b7c8b60c10ba35f90a89f6fb9901f861a0229ea44ca1bd6870582305c8196df6242425201b2625ccca3c84dbd8727f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
601f01bfb37eea4accbd6623022ad4c9

SHA1
f7062970695576179ca67844f1025cda1b32e3d5

SHA256
52085913f916a1e31e4edfd795be5fc3bb9cec83d89a3e6fd659529b90a32989

SHA512
e4716c26007b80890ed70edc62f166e1cf82503a7c43f9977ea88e392ca2115361f8caf1fc882fc15c9f4cb689810d25a63a75cf73ae86c6a14191d475b65551

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b70e54529b7da24b1ec30bfa2ac5dbcc

SHA1
6239d882a868ffbb2fb9445e04c592c658a7da46

SHA256
95f7b41b867d84e9e892de6600106b72b9cc822a8f042e2a38f0e1e1f28e2678

SHA512
dd9aba1bfc5c0f86a326f7da91822eed93ce706fe8c6d5def434b0f178e5309369c88091ce9669a30edf0076444928c2b076f97f76600cfd2d46e8f9ffe3d23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d41e9c420f03187229f24daaebdb35f

SHA1
51190efb187612c84ccf48d67652fe5cd2d9274b

SHA256
f4f5a15125fd3e75e168c3d4bddec82d5a54d9c7ee67979a14a4181af3fdd4d2

SHA512
d4ef136f4e3b675e0e28af57bf07c51234a79e86082f509774de25eaaf825319cfeec3e63a7b177c1fc31d88ed6c2c3f32a328fba82b90a1a30efdcb7e8dbd60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
983c568da1571fda76035758e39b1bff

SHA1
136c3c9927a30cb0c4056148b3a56e4e2e060f5e

SHA256
004a5561556cce46cd72d89c86b5450b31db9393f199d04f7355cb4140f541ba

SHA512
b07406cd32c79f9115d1c5f8f82b50ac7cb289702648f7f8eaac0d6924ab6cc24f677ccb05b21d76b8a5102296845ad93caef9affe7e7b955ae1270512e40f1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fba8c39417c1b30b8751a1d003996e8

SHA1
5c7df992e4021e2e9a36a1e85032f575af4bf29d

SHA256
6e68b53451af91bc8e47f05ae8c6c7ffa9fd8acd3b3e9f8929bdba0488b46c4a

SHA512
0ad47e74a0cc6255406ae87aaeb59fc156abbf8cc5f19842fb7dd210009a90d4c9037400bb940a1adba895b6565703a52761b507a1e30d5d388c31fc94f2fefd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5ff52ffc64e6ac40c94e83a5c30c7ca

SHA1
86264b74d9aa4f15fbfbc35bc1cdba9823c6cfed

SHA256
fc869ca4f634667540845205b3759700e74a3cd81c895cbb3d01e08a6bd0000c

SHA512
3a2393578839b99c9682ab95b996aec7fb0102507842a22a4e94bee3a5d96502ae546f8e42eecb6b58b42583b89566a03bd54e2e2432ba44dbd8f7602f3c1997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92e60b94268965e6b39e9df5a48f9253

SHA1
6aa3bcae75a495a6dbe3c2b9d4efa36c089687b8

SHA256
fe1756f6dee29085d79f3dd45ba719cfa2776893d86ba542f83bc262ee4ffb97

SHA512
0da7835deea411f730887388523a799a248325a25f84852f442429ccf6e349f451bc1b36d10f1f21dc167773dcbedd98c81949b6f1ccb07f6ab4540566e919d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a085057f6e8640caa8bad77c88c8b43b

SHA1
44394db2a3887753f658f7a9821f18aefeef4121

SHA256
7ec66b46c35ad121016ea6cfd45f53d0c94ea7ce2d187da9a289e096d151760a

SHA512
42f1465a8c45d17882e94fda34c372c0b0e00cd0bfd6bd625d3eed5f9d30e736501e590457305cd2030d80b6c142cb695cd9d54867ea959e67686448021be8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d12ed9c694d3a94e3cb74df70233de47

SHA1
6d93da2004919f8329fd4408f8edff870ffcb2cc

SHA256
8924e416cc0672fdb5eccf14e1d82ed8e66de7cabb6f9336b5ad0209921cfe4f

SHA512
d828354bd26c95bcb49b0895dcacad971ac2e19bd27b5c9c585f488cf3ac8fe34b1e855fe192a9fd951d1920acb3560c02543fe81c25dac55b20aaaa0ac8b23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab170C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17DD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2004-492-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2004-494-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2004-490-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2296-484-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2296-483-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2296-480-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download