ramnit | 580d02781cd0ff36d0e38e2ae712cca0462b27e4874db459516878f1dd7c437a

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

791579f4059b178495c9004359a06894_JaffaCakes118.html
Size

199KB
MD5

791579f4059b178495c9004359a06894
SHA1

788f1a0038a76769859ccc248368d34cac3d646e
SHA256

580d02781cd0ff36d0e38e2ae712cca0462b27e4874db459516878f1dd7c437a
SHA512

2d8c3e7a1fa2c611416748f701758833887023a596fec98c4e7dbf2c49e13afe9d275943a1f288ce9de919321239af9873a7c538d2ed730f4d9e22c0004b4256
SSDEEP

3072:SslYYMyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:SslfsMYod+X3oI+Yn86/U9jFiM

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

2760 svchost.exe
1128 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

1780 IEXPLORE.EXE
2760 svchost.exe

pid	process
2760	svchost.exe
1128	DesktopLayer.exe

pid	process
1780	IEXPLORE.EXE
2760	svchost.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/2760-21-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/2760-36-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/1128-47-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/1128-45-0x0000000000400000-0x0000000000435000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px27BC.tmp	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 102413b82db0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a8ade95e904e07c82654bbe6fb125b7627a1cb3ba7e1af6246d408a0f39d89b1000000000e80000000020000200000001331da4ccdb5803dca83f4b54068a11a0b580ab47c8104385ee968f20396d93920000000ff726e5352a72d428d05e8f335fe33b608514677b51b3be338158b0846c3347640000000b7643f89a1b54e6a47d017f38676b2425d9a50e6b7b2a27bb0d91276a2ee3b913117e2a2f75be9274066a8f18e547557b6df5079efa484911a81b244424af380	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA037E81-1C20-11EF-BA8B-4EB079F7C2BA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e5b04211619bab88e9215cb4b5fe6c77af57a80864dcfff61c207455871f2c75000000000e8000000002000020000000eff4458d66aeb44720827c1678fcb7c7ea4f343491f0af532b3ee1f614af52ee90000000bfdec85162309422a2114b9fc3cd3f5001609c66e3ea529992539f854b1fec08641f34f47981b2e732aa85036e9e378fa2d60914c6ff3f2b11a947dabf178650719fcebce52231621a1e4304f29074228cc251ba3be9942d20279774bf10b1f59b0986728a24d210f9299e7a9ea2092d1f7417a86e6d6e0afc988c6df5df2c246f2c14544661c3012061b044e335291f40000000c8a8cab8411731b1a6883cd6e6d9824896f3cda65b2f2831d3ced3ab205256a080f95811cec0051b4c5c47bef33a95243e9fd2fc4377aa22ac34dbe8676a1066	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973157"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

1128 DesktopLayer.exe
1128 DesktopLayer.exe
1128 DesktopLayer.exe
1128 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

2236 iexplore.exe
2236 iexplore.exe

pid	process
1128	DesktopLayer.exe
1128	DesktopLayer.exe
1128	DesktopLayer.exe
1128	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2236	iexplore.exe
2236	iexplore.exe
1780	IEXPLORE.EXE
1780	IEXPLORE.EXE
2236	iexplore.exe
2236	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 2236 wrote to memory of 1780	2236	iexplore.exe	IEXPLORE.EXE
PID 2236 wrote to memory of 1780	2236	iexplore.exe	IEXPLORE.EXE
PID 2236 wrote to memory of 1780	2236	iexplore.exe	IEXPLORE.EXE
PID 2236 wrote to memory of 1780	2236	iexplore.exe	IEXPLORE.EXE
PID 1780 wrote to memory of 2760	1780	IEXPLORE.EXE	svchost.exe
PID 1780 wrote to memory of 2760	1780	IEXPLORE.EXE	svchost.exe
PID 1780 wrote to memory of 2760	1780	IEXPLORE.EXE	svchost.exe
PID 1780 wrote to memory of 2760	1780	IEXPLORE.EXE	svchost.exe
PID 2760 wrote to memory of 1128	2760	svchost.exe	DesktopLayer.exe
PID 2760 wrote to memory of 1128	2760	svchost.exe	DesktopLayer.exe
PID 2760 wrote to memory of 1128	2760	svchost.exe	DesktopLayer.exe
PID 2760 wrote to memory of 1128	2760	svchost.exe	DesktopLayer.exe
PID 1128 wrote to memory of 1012	1128	DesktopLayer.exe	iexplore.exe
PID 1128 wrote to memory of 1012	1128	DesktopLayer.exe	iexplore.exe
PID 1128 wrote to memory of 1012	1128	DesktopLayer.exe	iexplore.exe
PID 1128 wrote to memory of 1012	1128	DesktopLayer.exe	iexplore.exe
PID 2236 wrote to memory of 2172	2236	iexplore.exe	IEXPLORE.EXE
PID 2236 wrote to memory of 2172	2236	iexplore.exe	IEXPLORE.EXE
PID 2236 wrote to memory of 2172	2236	iexplore.exe	IEXPLORE.EXE
PID 2236 wrote to memory of 2172	2236	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791579f4059b178495c9004359a06894_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2760

C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1128

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
5⤵
PID:1012

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275466 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
386ffb667087976993acb3b56be23aa9

SHA1
799a3ff69d93fddfc5ef5b4e23f01e87e14bee84

SHA256
d62b0a9bdf90ed20d923691119e23875e8037407890fe7c673cad570673a9d2e

SHA512
979e1d8b8871f94cc78b2bd22bfc8a70b0ca2aaec524fffe18a01f0636d717e67c7896a68c4fa9742a874e93eb9c9d13fe5a0dbe02605599cab21dc19de3c1fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04faccc8855c2ba5be902f7ee76170e7

SHA1
6ebf83521c95b1f50d4aa47519e4a512cf9f0aa8

SHA256
161a05a378e6343b30e4426bada522c9fbeda3b83e5278c92e06fbe7ef478b25

SHA512
21f4c7c21de818bf1ce35508ba46ffb1f1a1924fae28fcfab3835a719cced78ca87398152b1ed0311f1767c73c218547a0ced832ec3bddc36b05591dd7facf58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19ba1f8dd6f81d73aab7792a51e2f0af

SHA1
492c196724f722a84160bf2d42df6a0f51d6f884

SHA256
1ac38d8f82d2313630140ef9c96a423638028d99a8451d810bd502aee5f20bcf

SHA512
54007864f30cbf58747f50bc8333df012a3d3b98dcb3487a11247146d792f17568caf1141e9c8755a307a96a45b040970d8541abcd82abd3a275a300b6f7b3fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff690b697cb0039fefe9c31185a1d42a

SHA1
151fc426f859f68cf187bf30f92bc0676523157a

SHA256
2af29e387b07ff0b78f4028894be9408a304eb27a3035cf8acef5aaebce29bf6

SHA512
2f09e588ebc1e1724f05bb68832a765117c644716ab09a5eea91d395ebf12023cf5e0840735b17bea2638bbbe7d3508098cc33f670d3e6c52f9bdbda7bff7e84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e82e28205e8cd6b3e17803b7f5109af

SHA1
b48240a79adc8c44b093ad1c0be59df0846b3fc4

SHA256
bee8ba115062379345369b03687a351ad528e071b7ca7419f0e9957f621e1f54

SHA512
bc3867557f726cab58d013182e7512198afd873dc54a194188ee35170a5fc61ddc14546873dc2ef60ccbc8ca01c6409a867fdb979155c3532af56543f5180973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e0ac8eca353d77f82008dd54bab59be

SHA1
45415f4ad54a8326161688af6ad8ddc536cc8739

SHA256
62dfd1f98baf2f4a060824215ebad986a4fb4a7e6b3d0a8e36ad01c3dbef1312

SHA512
d067d0df41ab4884ca54a97efe2f9840819be607f6448d3c67e8f9181cde093678fbc53dea9ee3530f84fb2f929a4fb6c18461288bb3296c0ded02e2e3046c9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c125f2b67a5f63a8c5d265a0ef328a48

SHA1
f58a5733116fd323591017b399e00cb775bbae10

SHA256
1dd3ec158c891a766a7d1ee07241aad4f662f32fba5cef6cd62b30c20ecace35

SHA512
ef0fede32f6647b895d9498d3bd055ff8b1690641733c93e0b0386336f0a1bce58fd155d5ecefff89121fc236fa66c3f4ba80c0f5aefb9a5c3e0b19c4dc47d58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e68fd93ed8f45d0ba999449d9047745b

SHA1
34e3fa9546d540ff3f9fa613613ad0b357e05df3

SHA256
67473c87eba70e7309629bb121653bdc949252cec8cdc69539443badebec97d7

SHA512
bfdfb4f1720a83bd60938557f8531cfbc2b201865de82d51af19c49ba5bb300d693fc472c1f3a9affd4d26d280f0078766261b79097ca537c463a8898549896a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4b7caa664cb31803f39de77a1187450

SHA1
f5f4c661487d220513bb67e8f5dd88c6a9feaa86

SHA256
7ef33af499d189fe14bb911f0e5cbedb560db7df8b882a5e416b168985ab8a35

SHA512
5dd7589df33361433aff7a0e23d011ad43405d662cb2acae37f57b5dbf8fef33efdbf7714df2784e68e3374aa84ef6193573e10b7f6ef93bd705a141bdeb8fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F25.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F26.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
83KB

MD5
c5c99988728c550282ae76270b649ea1

SHA1
113e8ff0910f393a41d5e63d43ec3653984c63d6

SHA256
d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

SHA512
66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

Download Submit
memory/1128-44-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1128-45-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1128-47-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2760-36-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2760-34-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2760-21-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download