ramnit | 24c73e0efceb8968c62930eb5250eeec4d3a681250aa6eafc19290e84cda221b

Analysis

max time kernel
129s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74e49d33a13c8d2ef22dcc7f678dae8c_JaffaCakes118.html
Size

155KB
MD5

74e49d33a13c8d2ef22dcc7f678dae8c
SHA1

5ebcb23635d22101329437bde177f95664ec9344
SHA256

24c73e0efceb8968c62930eb5250eeec4d3a681250aa6eafc19290e84cda221b
SHA512

3b21ed0081d3460c938b2035c26408228588ed97e86a58876ede40706379c313bb2761780c5bc37c884078120c38349ca9dd75c1cd3387d62e5f50e07d11f49f
SSDEEP

1536:idoBtC8nRTauRnuiivBD7OnRuIAbHEg5WnoR6IpQSN+4fksm+AFiXEeMEVKyLi+l:iyZ3tFyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

1428 svchost.exe
608 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2640 IEXPLORE.EXE
1428 svchost.exe

pid	process
1428	svchost.exe
608	DesktopLayer.exe

pid	process
2640	IEXPLORE.EXE
1428	svchost.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/1428-436-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/608-443-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/608-447-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\pxFE6B.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BDCF2B1-1B3A-11EF-928E-6A2211F10352} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422874187"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

608 DesktopLayer.exe
608 DesktopLayer.exe
608 DesktopLayer.exe
608 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

2068 iexplore.exe
2068 iexplore.exe

pid	process
608	DesktopLayer.exe
608	DesktopLayer.exe
608	DesktopLayer.exe
608	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2068	iexplore.exe
2068	iexplore.exe
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2068	iexplore.exe
2068	iexplore.exe
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 2068 wrote to memory of 2640	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 2640	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 2640	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 2640	2068	iexplore.exe	IEXPLORE.EXE
PID 2640 wrote to memory of 1428	2640	IEXPLORE.EXE	svchost.exe
PID 2640 wrote to memory of 1428	2640	IEXPLORE.EXE	svchost.exe
PID 2640 wrote to memory of 1428	2640	IEXPLORE.EXE	svchost.exe
PID 2640 wrote to memory of 1428	2640	IEXPLORE.EXE	svchost.exe
PID 1428 wrote to memory of 608	1428	svchost.exe	DesktopLayer.exe
PID 1428 wrote to memory of 608	1428	svchost.exe	DesktopLayer.exe
PID 1428 wrote to memory of 608	1428	svchost.exe	DesktopLayer.exe
PID 1428 wrote to memory of 608	1428	svchost.exe	DesktopLayer.exe
PID 608 wrote to memory of 836	608	DesktopLayer.exe	iexplore.exe
PID 608 wrote to memory of 836	608	DesktopLayer.exe	iexplore.exe
PID 608 wrote to memory of 836	608	DesktopLayer.exe	iexplore.exe
PID 608 wrote to memory of 836	608	DesktopLayer.exe	iexplore.exe
PID 2068 wrote to memory of 1960	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 1960	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 1960	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 1960	2068	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\74e49d33a13c8d2ef22dcc7f678dae8c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1428

C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:608

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
5⤵
PID:836

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:209937 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1960

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c4c1e37d4252cd46e146166678fc8e32

SHA1
7d51696108f01c07e9dcd8f392894058a4f2eb02

SHA256
72884e616c4c94a897e5a6a2fdfcc7c504a4b50381197190b3a18a6491f4a89b

SHA512
2c4fa437dc769ca33294175bddc55816f2acd24c06efabdaee27a4a6b11ba65773563fec9573ab48085e1e1905917e49087ac3839b7de380ea0fd85131f7f37c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
617665a1c4bb7e35d9f0f90008ead7ef

SHA1
505c4f838907ea07cb7745ed59f8c7939822e116

SHA256
9b27695934d5bf3fd91a92f651217e7ddc2cc4fce4f8ace2bebc09767b51a68c

SHA512
61b9cb8bb27b84fcb39834a70ca1fe79f9294c72c63295d3fe2bc807a80ccc7e9a6452678b3439e3919e8f3546b36625b1190de5e985801b229338f7a47ecb98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2b20a3044a8aa756c70b9340918c1c96

SHA1
b1063f09e5b04826eb4fdc9b184cb0092ba7d4c5

SHA256
7aa9201cd8b2dea10c5909e115650a28eef4d5fb10d51d4eab1ae0e01b73a0ca

SHA512
ae14a8b1431f45398918a6de6a56bed3774fb4469f4b1c000231347c314e99e8530c2547608d791ce03e5197885b60689b3661ffa9c58b01ce6fd7f9a28d662e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7717d1d1c3c2cb1a66d58694abe4bbaa

SHA1
707576ea630c861b414d852f345f2aa14301f60b

SHA256
945424a9b2a30491b7d2e32856ab79b32171a306a534ea579694a2425427b67d

SHA512
5a1cb04633cf876e8e787c0f24426171cc6b1e043d6be1cf2e07e374ed8c9df62631a483ce9f4d7c7cab426982eab842a82103efbda325d625978f1966019dfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2aea4d953282ee38bbb39d874e92e5bc

SHA1
b8942e48099c76cc4e3e64de4e0c5d095128a01a

SHA256
7d8e6b49969e108a8c94c85207d0a32f281040d0c1c51b31037708947532dbc3

SHA512
169c358e6188040f30c2e765f290a8766ac4bab1cecd60426c9655e127b5fb2622679aae5ed0fe81d87bf54b39a9f9fb94ef690bfce4b3eba4c22a91b3d695f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
68a01e37b14e3d3f8c7e7feac4320800

SHA1
6f116739b8f73e074428436d80bd29faac14f0dd

SHA256
3aacc7b28de21f6c09013607f7aa6d3ec1f59e0c744439315902cbfdf6c4d2b3

SHA512
7c0ab057ae2ea63d163b5db73457ff11f8aaa9174df8243f21f24b33eb51b6de175b531274c2442ebe9a4c83ac7053032dab8cd6995121963092de6397719f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2364f4575539fd7e213ad058f493a693

SHA1
06d317bcdb7ffd0a42d1feb8d91d9d252c586cbb

SHA256
75d08ed35a150acdd755b2835ffc26bfe74a203d1bff4b1d0da7af6f612c69df

SHA512
df2f35faf641f73f9006323476faa89dda424d660aafc19440dfb68ae098c0a6c0ec436b9a36cf3b9ac2ca84091fe1d4945f8d9c55a33f40ace5e5969634e055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2cd29a4501b2dbd46f2f3dd0d0bcca11

SHA1
1f81b71bb633a10852aafb3a87cac57b350a13f9

SHA256
0f2187b05719a123fd378511c38e413df48b09ab7322da4acfeac6c38010f55d

SHA512
c28503237529ab78da41028c070f0333555b9185f9ab5765a6d16115f7ccd96ecd44849ae964f7877330ed1327c0d13d42f405ea92d4886b592f97b017b2fd8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
03a2770520343621fcb172f3a18d466c

SHA1
9292ee2475d2d8668e677ca4c799341a478aff5e

SHA256
dace312c3221e9dd2a3584dc75d58c16417a1fd0198d9e2867e86a0fb238ff19

SHA512
c3c35254764fd7d93c7aee75a2b609853676e6b4e2b243ba15944c612b352c4f81bcf7a147c46ae4cb986784738a44e3a500b9f81c3337427ab070fdcb64047d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
937f336fbaeeadd193079d1ea697db1b

SHA1
f01b77378019bf4877dd2dbc0167b7990dbe32eb

SHA256
ceeb04ab31fe78ec031c195916b0099c1a01a3ea4aeed7756959a4088e098adb

SHA512
7f7d50fa4901d34a0d49f3828464c567b3f4459b5d416b891a33736c1fb69d7e386ed0221532496dc2ca07e8120027e7a40ae67618cd1055b14db53c2c574a18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0329d51dbc1a96aa0585ad0e8eff5f55

SHA1
e2b1ab1083cd0724e913bdc5e18efca8805f488d

SHA256
ffad52b301f81d9a9426d6eacce038db17a3d4011ebb1d499f91f4f2a017fe5c

SHA512
616c5d98f337dffbee985f8b892c05cdf2fbcd86844b4f5aa200c1b2b25bb7f963d3cf489b0b200d16e45c02a59a3a50b5eec1fbb837dbd1bb98798a6028917b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7e1a032e00b87831cc46ff511ff0dd8a

SHA1
ec71052016bab57657981698145cdcb85f909623

SHA256
94dd48379e7b6f8f6d25d2607acfc806c202ad2c7788fe075b48faf3030a244f

SHA512
279f5069b4560d3a8360fd98d15b8987c3a214914a8fc60cf019974a057122dcb3661ce1e171f09fb285fb2f55a05e9e6fe69a97960266e66e0cf013015fc131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
eb2795f7fe717244a2c7ea5cbe4eaf4e

SHA1
485fa524dc92cae35595386e33111966d695b6af

SHA256
7ac7914f30037e0807b377457d3240d02b360e58a196e3459f3b29db348c2db6

SHA512
861bbbcc53a8ed3d4fc561f6a7e8bc5f59ce68ec2bb6732d1d78032eec25575c563ec2ca2ec536306dfb88d9dc97f508266d06e1dd79a2c7804b73aa72abd260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D33.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DA3.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/608-445-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/608-443-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/608-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1428-436-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1428-437-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download