ramnit | cefee26951dcf27c3708ffe0310830f42833c2d19d2358794adb5c5013780478

Analysis

max time kernel
129s
max time network
130s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79011298d0bbd903c5f03f0cdb94bc95_JaffaCakes118.html
Size

156KB
MD5

79011298d0bbd903c5f03f0cdb94bc95
SHA1

03568ce3ddefa3bf50f8dfd7b90c9db5cc9c68bd
SHA256

cefee26951dcf27c3708ffe0310830f42833c2d19d2358794adb5c5013780478
SHA512

70e6628cc20834c2cc9daf8c38ab5c887ae5a95578f9bd163dddca17b64f3c99adf6a1ea177ceb4da9c9d912891ecbc1d3c89ada66bf6ffdf8214a66ff9e6e68
SSDEEP

1536:i6RTCTJH7L4OJhyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:i4g4OJhyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

1612 svchost.exe
912 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

1504 IEXPLORE.EXE
1612 svchost.exe

pid	process
1612	svchost.exe
912	DesktopLayer.exe

pid	process
1504	IEXPLORE.EXE
1612	svchost.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/1612-482-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1612-480-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/912-489-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/912-494-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/912-492-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/912-491-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\pxF0E4.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF9AD2A1-1C1C-11EF-9AB8-560090747152} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971371"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

912 DesktopLayer.exe
912 DesktopLayer.exe
912 DesktopLayer.exe
912 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

2824 iexplore.exe
2824 iexplore.exe

pid	process
912	DesktopLayer.exe
912	DesktopLayer.exe
912	DesktopLayer.exe
912	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2824	iexplore.exe
2824	iexplore.exe
1504	IEXPLORE.EXE
1504	IEXPLORE.EXE
1504	IEXPLORE.EXE
1504	IEXPLORE.EXE
2824	iexplore.exe
2824	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 2824 wrote to memory of 1504	2824	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 1504	2824	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 1504	2824	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 1504	2824	iexplore.exe	IEXPLORE.EXE
PID 1504 wrote to memory of 1612	1504	IEXPLORE.EXE	svchost.exe
PID 1504 wrote to memory of 1612	1504	IEXPLORE.EXE	svchost.exe
PID 1504 wrote to memory of 1612	1504	IEXPLORE.EXE	svchost.exe
PID 1504 wrote to memory of 1612	1504	IEXPLORE.EXE	svchost.exe
PID 1612 wrote to memory of 912	1612	svchost.exe	DesktopLayer.exe
PID 1612 wrote to memory of 912	1612	svchost.exe	DesktopLayer.exe
PID 1612 wrote to memory of 912	1612	svchost.exe	DesktopLayer.exe
PID 1612 wrote to memory of 912	1612	svchost.exe	DesktopLayer.exe
PID 912 wrote to memory of 1804	912	DesktopLayer.exe	iexplore.exe
PID 912 wrote to memory of 1804	912	DesktopLayer.exe	iexplore.exe
PID 912 wrote to memory of 1804	912	DesktopLayer.exe	iexplore.exe
PID 912 wrote to memory of 1804	912	DesktopLayer.exe	iexplore.exe
PID 2824 wrote to memory of 1652	2824	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 1652	2824	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 1652	2824	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 1652	2824	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79011298d0bbd903c5f03f0cdb94bc95_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1504

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1612

C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:912

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
5⤵
PID:1804

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:209937 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e99a73f284556ad809aaf14232014342

SHA1
fc47467fd6305fddf9e195d33611b9943dbacc5f

SHA256
b4468a6cc48124796cadd42d9e87b233915368ccc7d26f6aea7c3bf3f7316e50

SHA512
3fc253cd3ec18c052a7264e9908cb49b4c4b024741319c778a9e1ee119b4fbb5627271f1182db274a80038a46948c62d851b41c4f6e327b7559c5f9e5b4d0f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
160a3f70b3b4a3cf293d62e3038d0b02

SHA1
7fb6f08c547656f28025943dae192bfe59076935

SHA256
ca33d48ad8e746fa0e8290bb0a0ca24e992fdefa829ca9527970e695a647ca6e

SHA512
c6c84bfd86688291b30649cd362c6fa1b2977c87c5045dea3ae8700f51c4f6858025a1a479ee7cfba207e064ae0d6a91495336d321b6cf98d99615a2a66bbe6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7be785284f06c9157130b83ab28e5384

SHA1
20ebccc0c8b28ff889da9ff0ff5114290ab1e474

SHA256
83107ba3e418faa7943d581ffc1f3f04b8cd4264ba714876512cf029f7cd6261

SHA512
3f69daeb4660c3358817657bfb4318b2a314acd930aba8318750973af41eecba3495e859e70b133ccb4b027e2564edc973514bd189b7a85183fa18d42374e10d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5931f62016914a208bb6d5f82116f6f1

SHA1
38918579d56db3f3a0b1629f9255328acf74159c

SHA256
dc6a76bb337aa7c8c300a06b9c739c2892695129ac1960700ee2bf52b9e9db5d

SHA512
17b113f705220ef3e16795921129544a241967bcc8a1b696fe3272aabe070cca1016dff1d246851825b30f0cdab1015e5c05066a2d21dee659c8040abcb6797d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
240f37e54d267a4ed114f16902fe71bf

SHA1
f57e0555b0e564f0c79a2f3d60897760cc87bc5c

SHA256
ebae9b7bf211a6036869be2cbc2aa5f83db59fb3819f574fd9f8515ddd883014

SHA512
aea5c17f23aa9c3e7d16b208e053db42f03647618d7c63ffbf36a25cf0b4d5611d06cdab0fef9c8da82e1da5fdfb843d1c89040c8b7acc8451c9dd366ddfd110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79d223b72db43dba74ad479313d2647c

SHA1
628f2b652e28916d87e3cfb95a6a643a6ae5db55

SHA256
80d7ab63d6461b61486e7f4c5ec1d4a7fd3329882f4e65d0c63afdfde9d8ce3e

SHA512
5a6770babcf06a975c2d067864e5038aecf10379ff0d869de66b921f3f32b9a14e37b432da417882e3967e949fce7cea7f7cafb92df2319df32265f9d574a44d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13c7f244740ea2e33640f7f04384c7d5

SHA1
6e9d5f3e702b4d5b93703ee6afa28ff5e2308acb

SHA256
a0601f4f46079a874a31818b2204e917402832bd4303dc17696ee9444bbc0622

SHA512
c979443498d3095ef7b2a52c59275fb16f2c2821a95d279c7c86f0a120fba8fb9a2b9d0568da39eef57e1310819df8e648d7e457f50dcb420a7bbe01b5ff9c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b08e4a1a5702dd7af913057d0fc062

SHA1
bb4bd8d17dcf98045b72c9b1206a899a088f772c

SHA256
cf83ab5781be00c250f4a858da7f4bdac808a30a5c6fb9b51c5b2a84b82a6627

SHA512
4fcecf50bd46fb3ed98d39374744b68b1ede3fae31ef21a22c04464e4e6c4d94b2bb4df868610aff2c5f3a6f0986ef2e908cfcd031b7b4965c8e49e9c9d2f540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccb72ea0a11d3d51c6c237bce3a75515

SHA1
a731df0b24dc0a286783dd8d80fd2ff7ad71b754

SHA256
40cbcdb0161abcb74d2ac34ea9e0595d3b9866a50dc67069267f09383545f35d

SHA512
5ceea8aed68d4cb38b76ec6f110237088c091c8d268e168748935cbba669d8bae4aa95d8d4139f578823131cc54af916ce669274b0cf2014b04139c00880ebd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d10e3952651b7f42f599a58ee534a088

SHA1
b8d731308f7bfecfd32873fef949a13b1846d058

SHA256
cb75b2a0e11eecc189438e4c1686284b2c0c1ca84ddf0cc47fdb939a1ad40edd

SHA512
1eb124fed72e82ba5d335b654feb123c1e8133366ecdec44594b3fbe8a04615eb8c714adc7a025dbfe32dea11ef3a9a7d3855b1a8c1ba436c036e83bafde98b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1086.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11D5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/912-491-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/912-492-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/912-493-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/912-494-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/912-489-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1612-480-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1612-482-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download