ramnit | 7234db5e809ca33502c44fa965c2594391638bf8eb26fcf01cd0a14fa225f85a

Analysis

max time kernel
137s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6943cb6e4a99b7d4e5b79c97e9f1a0e5_JaffaCakes118.html
Size

130KB
MD5

6943cb6e4a99b7d4e5b79c97e9f1a0e5
SHA1

3a8e5f1baff2dd1ff9de453dce65a689d5bfa6a4
SHA256

7234db5e809ca33502c44fa965c2594391638bf8eb26fcf01cd0a14fa225f85a
SHA512

9269466fd203f05cc6a68cabe9373b7fa5ee941fdfdc113173fe25c5c08a18404379c9b96496ae5ca7037f98378c84ffbbe0ada0f6f1990db6df12c126fe88a6
SSDEEP

1536:1HchmcmilyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:1Hch5milyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

840 svchost.exe
2816 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2724 IEXPLORE.EXE
840 svchost.exe

pid	process
840	svchost.exe
2816	DesktopLayer.exe

pid	process
2724	IEXPLORE.EXE
840	svchost.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/840-8-0x0000000000230000-0x000000000023F000-memory.dmp	upx
behavioral1/memory/840-7-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2816-18-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\px8E6.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000a774e3fce5b1576e5288e693624dfe16d29329d19b18df6d1d6afef57cd7d671000000000e8000000002000020000000ecab1e557af7b34a712e869a518cf5ec5d916905c1da7f59323741195759840520000000da583d70c9d80605ec8b34c547f5072dbf49f34c571b65052755d50a65222a41400000006c13ade55d43c1fd6bb096c9685e6725ec1b2c3d791218ae6fc04a1c93f4712839d033aeb0e70c9523c86fb9155da12edf6894eae1af17f13e3193a21b1b7418	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000512c2c7814ddb9df353f746428987c654fd72b6048bfccb98d964c9a06e0f2b1000000000e8000000002000020000000fadd5231c475b750e9a0c67e04013d567341e474a6fad0b6eab2e0400ee0825d90000000a765ddb031ffac7324d39dc77c6a875b07fb322ebd7e25ad434cfd566468ae10b757c8db8dd27d0d9c7b9f8ee54a3812b46ffdfd48a2ccb2e2c1244bf6eb8f17cebf3e5eb5b923c1dfb88f8af0b555397dd5b2fe11c57b94ac6b449711fc84bb196c893891f364e612ccaa114eb0a2bcbbfd1e2f6bb20f3e0039b1a0ce984b18bd060f3a636d97c0087ee754ad0c5dd440000000c6b61347b3ccc941d8482a31abadea9d8b52424892064ba35d71d069868a96d4cd82be67f0c3a6be944d9061232c329d0766ae6b84a96f74374a57ac49138990	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09a37a5afacda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{914CD191-18A2-11EF-9A67-52FD63057C4C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422589065"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

2816 DesktopLayer.exe
2816 DesktopLayer.exe
2816 DesktopLayer.exe
2816 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

2984 iexplore.exe
2984 iexplore.exe

pid	process
2816	DesktopLayer.exe
2816	DesktopLayer.exe
2816	DesktopLayer.exe
2816	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2984	iexplore.exe
2984	iexplore.exe
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2984	iexplore.exe
2984	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 2984 wrote to memory of 2724	2984	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 2724	2984	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 2724	2984	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 2724	2984	iexplore.exe	IEXPLORE.EXE
PID 2724 wrote to memory of 840	2724	IEXPLORE.EXE	svchost.exe
PID 2724 wrote to memory of 840	2724	IEXPLORE.EXE	svchost.exe
PID 2724 wrote to memory of 840	2724	IEXPLORE.EXE	svchost.exe
PID 2724 wrote to memory of 840	2724	IEXPLORE.EXE	svchost.exe
PID 840 wrote to memory of 2816	840	svchost.exe	DesktopLayer.exe
PID 840 wrote to memory of 2816	840	svchost.exe	DesktopLayer.exe
PID 840 wrote to memory of 2816	840	svchost.exe	DesktopLayer.exe
PID 840 wrote to memory of 2816	840	svchost.exe	DesktopLayer.exe
PID 2816 wrote to memory of 2688	2816	DesktopLayer.exe	iexplore.exe
PID 2816 wrote to memory of 2688	2816	DesktopLayer.exe	iexplore.exe
PID 2816 wrote to memory of 2688	2816	DesktopLayer.exe	iexplore.exe
PID 2816 wrote to memory of 2688	2816	DesktopLayer.exe	iexplore.exe
PID 2984 wrote to memory of 2520	2984	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 2520	2984	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 2520	2984	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 2520	2984	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6943cb6e4a99b7d4e5b79c97e9f1a0e5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:840

C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2816

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
5⤵
PID:2688

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275466 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2520

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e29ff7c200dbf6798923b333da64c746

SHA1
9ded83975a3bab688de36ae2e439c8963751ba7c

SHA256
106ee347a09fb0ad25ae841ae452ee56e3fcc9879b474b96d7d1727c3bc0c005

SHA512
b92ff9884a973ab9e050a8e80db6dd8c388098d693510f4568cc45f0e3cf5ca4922a850530f4381a39ee9e877a7b5fd13c9a1219b5445385dcce7fe8513e0669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c0fa6422c9c2fd1dbd658a518708837

SHA1
23be4efe7b62b01a3fd499503ec9996469880ef4

SHA256
94a42e2095874637c47585b5ed666f43f87ac5912c633d0e3b98260724f89c1c

SHA512
33fe8eb753c30d12fd08c5de8ad242102f4c1ea242493e3db356671c66df2edf4c6914782ff4e410dc3175af77366fb02048eef67e839c5b08e94c7fb9f09dfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5a2cb2f96db518274245d1ba2ae81463

SHA1
7bff905bea2058d15ff6406861d6f31442e0a016

SHA256
baa379009c85333fba90625fc61c6dfe56c579aa203e7fe2b6d1ee048b51731d

SHA512
9c1338b1b19cabb675ee4d767da7dab649b405515ac627422f747922aac6effe2196f5bf83bd04a540b412d9db56c32c765b56c79c63a2ffca03040d89d69afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d901cad243113d04034f9e47673b6d69

SHA1
e270670f8aa111a50e19e10f30afac2106e663e1

SHA256
f7af20daa1bc78ae2cc45bab9562723657d8b4a2e2f8508b79f403a318c18529

SHA512
dcd838e7d2d14929b8cec07ecb91208684a06542fa87429d4801943a24cdaf2f30fff11f4ffe347538ca81fd3b9e01ccfb3650157a8d1fe8d8151139c8eb95ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a4298de9af26341f381f290bce605c69

SHA1
39b5d753c3a0232d9fdca3cd43111c47d07b106a

SHA256
2cc58cc79d72d01101f58c4f07115690de2cec9f5d7f8139bd89cf598cc5b9d9

SHA512
b0c639dc08f7c3f30e430f69a63a82de0b23ff06c580b088aec76dc760fdc2caae60fc66b4f7ce7043ffab630d6c1045f99588061c8a3ea7a1c74767710fe220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1f593bb0ad6e39f2b8d8adb3e9cbf55f

SHA1
f630c0997983cfe3451c673117eccae778c68693

SHA256
97c96d0234d7870f9421b9dec8b14df4c57276c9ec22e4d1e80e26b3def6ac2c

SHA512
c5c60471e1f5d454105e396eeed6642180e047ca72db00d71ceac133dd3f99d934be92a18e234262586d93babe9902710e1fd73506becd52e0a6df55b96d69b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
70433b56815ba89cd0912d0b6c3d7adb

SHA1
be57e3bcb1def131e8367ed510f2d3dd279a50a9

SHA256
8bbe48ae96ea14742e900543ae6f3ecbdd3c64be8e3e3eb5266fe31a7f88f37a

SHA512
d7a62302f149e6b46eab4f3fd788d10fc7dc68d1d2156ae36562837e22489814c1a929965ebbf7f1a55de431f71e943c717cf39302b01f55347a2c90b8da492e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3514a47b47f9823559c1cc635cf232f9

SHA1
9294ea82afb8971204b78cff94311501d2256dd5

SHA256
1c11ebef5028f27d670a9f8f6dd46168e1172c1745ecacda073aa5030fdf03ab

SHA512
47a3271c982ead8d875342e1923fd6e5c43c07817d511b69f6297b0cfc4f2869c0013fb1b0a4703715e7422aafadd550bc2e9d97bb6817969dfc0089258473df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7d9620b8566266d764d2581f5135f410

SHA1
1355bb00bb923aca35b32fd057b5ddef6ae4c950

SHA256
a00331a5b6934c03278e5a33ca25497535e99fe49593cf6bda3d20429807aa63

SHA512
51e3bf004af78825690bfa84276fb9e7abb8f768de052ca8f3b719b019449f130255f5906b439b6bdecd30e07856ee1e25fbe4e821ccb9e83ee0b62a1dba72c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab476.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4D6.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/840-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/840-8-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2816-18-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2816-16-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download