ramnit | 1d06f0fcc6f647e6c3bd8ac85989ca579462d69e6319195029646e81552cea71

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

688baf127622c2b960dbc6908f10b448_JaffaCakes118.html
Size

133KB
MD5

688baf127622c2b960dbc6908f10b448
SHA1

f62fc793c7a80b65d4d31ac512c5dd8a25e8267c
SHA256

1d06f0fcc6f647e6c3bd8ac85989ca579462d69e6319195029646e81552cea71
SHA512

be118768a09ff4183950fcc66a9264f4fe29b747a4fcb32ed77065b474cb5e67b8786c50a7fb61996bdd0bc2834056f77f71f031a2ca80e160e2fe4edc5dcbbf
SSDEEP

3072:Ve8YsD4wSeyfkMY+BES09JXAnyrZalI+YQ:VJD4wKsMYod+X3oI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

2800 svchost.exe
2952 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2748 IEXPLORE.EXE
2800 svchost.exe

pid	process
2800	svchost.exe
2952	DesktopLayer.exe

pid	process
2748	IEXPLORE.EXE
2800	svchost.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/2800-8-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2952-17-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\px1084.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005b3d877d7b4b754bb64fadae8daadcf000000000020000000000106600000001000020000000690a45847735319138b9d1513f174cbcf68af1369716f4bbc2548f357b6e57f7000000000e80000000020000200000008484318b73d2e411233b2cf08d9d3d202453581dd8347425ee9fdc35018f5458900000008dc13d8c5079318c02af5772100be0a06b24a9459929676b2083999378699b1f6ce507f4a78bd94dc42c9aa705d329f148194d465798a7d3e64b64782da358cec5a8654b0f8c9ba685b33f201b0d33c75d6110e6d81b6fc8cf774db0f4c7dc32ed3606a219e47b53e0d473bc2304c470d29cf47445826e03d566a344cc7a4725ad35e715563818c85adaa7ba67dd19bc40000000559205168ae561e8b34be76380b0a99596ca724d6e8d7852ce68018cd15a2bbf138d4986ec31498b68b61edbe9b00d8ef4948bce6ba7b4de9294c2daaf0c6065	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005b3d877d7b4b754bb64fadae8daadcf000000000020000000000106600000001000020000000a576547015e73214d69d6e0fcb0810e9a3b0379dc007e4c00cd4d7f5ab44422a000000000e8000000002000020000000626f7500e352d905c33bf62e0f6051520192bceb6f6e1cb47c4ca604340334772000000066745ad8e3290ea1c3ffdfd5ba9bd624d5b19091e542c3aea86178375fbf15824000000018568599760c20341b3865b55a6dcd73ca37c9131ad535c4c6cbffcbc0fbfcceabb67ac5b89fea8515f214aaae4afd86f4e1ec4366cb20b86023dbbd60361fc7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422572097"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DD11141-187B-11EF-8178-52C7B7C5B073} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c023abe287acda01	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

2952 DesktopLayer.exe
2952 DesktopLayer.exe
2952 DesktopLayer.exe
2952 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

2784 iexplore.exe
2784 iexplore.exe

pid	process
2952	DesktopLayer.exe
2952	DesktopLayer.exe
2952	DesktopLayer.exe
2952	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2784	iexplore.exe
2784	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2784	iexplore.exe
2784	iexplore.exe
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 2784 wrote to memory of 2748	2784	iexplore.exe	IEXPLORE.EXE
PID 2784 wrote to memory of 2748	2784	iexplore.exe	IEXPLORE.EXE
PID 2784 wrote to memory of 2748	2784	iexplore.exe	IEXPLORE.EXE
PID 2784 wrote to memory of 2748	2784	iexplore.exe	IEXPLORE.EXE
PID 2748 wrote to memory of 2800	2748	IEXPLORE.EXE	svchost.exe
PID 2748 wrote to memory of 2800	2748	IEXPLORE.EXE	svchost.exe
PID 2748 wrote to memory of 2800	2748	IEXPLORE.EXE	svchost.exe
PID 2748 wrote to memory of 2800	2748	IEXPLORE.EXE	svchost.exe
PID 2800 wrote to memory of 2952	2800	svchost.exe	DesktopLayer.exe
PID 2800 wrote to memory of 2952	2800	svchost.exe	DesktopLayer.exe
PID 2800 wrote to memory of 2952	2800	svchost.exe	DesktopLayer.exe
PID 2800 wrote to memory of 2952	2800	svchost.exe	DesktopLayer.exe
PID 2952 wrote to memory of 2660	2952	DesktopLayer.exe	iexplore.exe
PID 2952 wrote to memory of 2660	2952	DesktopLayer.exe	iexplore.exe
PID 2952 wrote to memory of 2660	2952	DesktopLayer.exe	iexplore.exe
PID 2952 wrote to memory of 2660	2952	DesktopLayer.exe	iexplore.exe
PID 2784 wrote to memory of 2488	2784	iexplore.exe	IEXPLORE.EXE
PID 2784 wrote to memory of 2488	2784	iexplore.exe	IEXPLORE.EXE
PID 2784 wrote to memory of 2488	2784	iexplore.exe	IEXPLORE.EXE
PID 2784 wrote to memory of 2488	2784	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\688baf127622c2b960dbc6908f10b448_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2800

C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2952

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
5⤵
PID:2660

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275467 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0db2f91952e8906a9d15de925d5f044

SHA1
601fbe7b03f44077f274cf2065ce29fe73a4a694

SHA256
71a8e19ca63fd5b2b07e100cff860152ee791487d78d3afbca89ae07a43db242

SHA512
85d7e0abdc3348fa60ba655065f964ac87d86139ce6272aa2380d8a7924b11622213bc88f6617f0717ecb6f692b4b0aa38128340ab3e544ea343ac439688eb5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f18cf3fbd557e7ee562d1c40e14714d

SHA1
7e6f7741d13043cbd965b96513fc02b5256a155d

SHA256
3080a6f9136e343bc03cce1fec8e8a8d0078a92ddf6d194ce0773c3e365f51ec

SHA512
8254a5646a56d6f1658dc4ed3ce24f6fb330c291ea54b7d6c326e7bed806eb54c93be0333761808ab3bc6bd8b50a4b84d88d09fd21cf9cce3b0b1a60bb5564ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2417d12378f629a52004a2e17c3b3673

SHA1
ed27160d5b6a8b05ddb00aa78f91ae666d5a6f32

SHA256
aad00eed69183c9ecd4a1f4c83dce7bd5d5490d9bfed3d1cc48be997466a03f5

SHA512
d14fd51d972a6d1fb85c56691a3a42358cc8acfb504435d57407a9085773cddb88bc8ada0330909ce71010b15869618ebb44d7167d0925924dce3eebe530de7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
430f7e36c96c6c23253b2c43e32121c0

SHA1
fd721b37cdbdae3d2c5a183b53672a989a2a6660

SHA256
b211265598abba5360ca5c2457b724cd2fe91a41225a4839893c118482cffbef

SHA512
27aa7131e6bfb5747006d4162261da33c8c52ccb8b9586a0a10d751893e5865def9422a8867b2a03cb641ddb13af88e6446d2fd0fc2aed6eb1b3afc2f5081c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b19c2da020e3a55f27373d0eb525c975

SHA1
dc78741063c05d376af406bd0da936f6ba065301

SHA256
5333e92e9a6a7574341769817ec065d59a767e2830902fd0bc90bca7b461628d

SHA512
5fe156025699d489b3f364b282873f8fca324dc3e189255931e217c2c84ae001fd5fd5978b10e5b0baf90ede9e6b5c8a0ed75f4b27a525859daa72ae8a38afb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b152cb94194b26862d013d45ce978f48

SHA1
2cc52622f46fb7843bf899debc02ad357b40ab85

SHA256
2c0f34f8e318b83d628e44961adb3183d997d6a58f213ad1adb8d4748f61d5b4

SHA512
934b0837e0ff9ea8ec168a575a6dcfb93911b2f495ae8fdbd37cb4ca1121e5be8caa3324d44006fcf21beba55c605981858c53575a320a632f9dd49dc9e436c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
197c8ed4eea42eda4ee6fc20be818670

SHA1
1b7a925e0b4d7e08d6ca10f06697fdc9b16a2679

SHA256
41b1c98fc07df9ae259689056d20842cf0d06769e5016264abdc4e0bd76083a4

SHA512
2ffef893bfdf35cf6465719fe4de8c5726d6e4c59a5afa3a739c05919edde246f5870d0eebd7fa8ff3067c4a8ab0c7be51b986215abdd22db585b72555676def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19163f56451b09bfaa71e9f5166ac205

SHA1
f3ca7d6d0b3337f412da348c921e3bf8d945702e

SHA256
77a26340431c4ac58523a07d76ce8140eaf55ab4d8f61357c044448d15128548

SHA512
8b8fc131ea3d1545bc89db4957155b68fd1b8876322537bc1ef00169707575e3f0543aeeae2320e91275dd07f8c23bb4da6c0923097ec271a50eb6d3ca3d3501

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82e7005c0932aa5a8b837945c1b7f9ad

SHA1
85b3c2526a904ed3cb6fa72c92c86256ade010e1

SHA256
49a44219833579cbb5d619404db4206395895eeb860d4b93abc2a569aa93f2a2

SHA512
1a3630c6a413e3c39e594ae0e0ca66208269c49f8b6f103b674aa16360c8acebc0392a3972f0ea614e4e17841b72f3cdca859da5ee858a2e4db94f7f10660fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar438E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2800-8-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2952-17-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2952-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download