ramnit | db26945ed3aa9a3b23684ebf7229de2bad86d39561607b2aae9aea278d4ed078

Analysis

max time kernel
130s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84afd1bac72b01fcf3ea8818b89017ff_JaffaCakes118.html
Size

157KB
MD5

84afd1bac72b01fcf3ea8818b89017ff
SHA1

828578abf77f764cc8058fa4281e12c825e7c085
SHA256

db26945ed3aa9a3b23684ebf7229de2bad86d39561607b2aae9aea278d4ed078
SHA512

841948bfc29796aaac3cf9b0c2b0b4d4b30c37239e326548f88bc82f1646fbc4c8c3f98a6f8afb16a1bf3b835953277c7dd682129592547fea57084541d8d87d
SSDEEP

1536:idRTKxJntWyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:i7K5WyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

2256 svchost.exe
2988 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2080 IEXPLORE.EXE
2256 svchost.exe

pid	process
2256	svchost.exe
2988	DesktopLayer.exe

pid	process
2080	IEXPLORE.EXE
2256	svchost.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/2256-481-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2988-489-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2988-492-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2988-491-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2988-494-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\pxECB0.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423245743"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8347AEE1-1E9B-11EF-A01B-4AADDC6219DF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

2988 DesktopLayer.exe
2988 DesktopLayer.exe
2988 DesktopLayer.exe
2988 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

1964 iexplore.exe
1964 iexplore.exe

pid	process
2988	DesktopLayer.exe
2988	DesktopLayer.exe
2988	DesktopLayer.exe
2988	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
1964	iexplore.exe
1964	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
1964	iexplore.exe
1964	iexplore.exe
1644	IEXPLORE.EXE
1644	IEXPLORE.EXE
1644	IEXPLORE.EXE
1644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 1964 wrote to memory of 2080	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 2080	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 2080	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 2080	1964	iexplore.exe	IEXPLORE.EXE
PID 2080 wrote to memory of 2256	2080	IEXPLORE.EXE	svchost.exe
PID 2080 wrote to memory of 2256	2080	IEXPLORE.EXE	svchost.exe
PID 2080 wrote to memory of 2256	2080	IEXPLORE.EXE	svchost.exe
PID 2080 wrote to memory of 2256	2080	IEXPLORE.EXE	svchost.exe
PID 2256 wrote to memory of 2988	2256	svchost.exe	DesktopLayer.exe
PID 2256 wrote to memory of 2988	2256	svchost.exe	DesktopLayer.exe
PID 2256 wrote to memory of 2988	2256	svchost.exe	DesktopLayer.exe
PID 2256 wrote to memory of 2988	2256	svchost.exe	DesktopLayer.exe
PID 2988 wrote to memory of 2816	2988	DesktopLayer.exe	iexplore.exe
PID 2988 wrote to memory of 2816	2988	DesktopLayer.exe	iexplore.exe
PID 2988 wrote to memory of 2816	2988	DesktopLayer.exe	iexplore.exe
PID 2988 wrote to memory of 2816	2988	DesktopLayer.exe	iexplore.exe
PID 1964 wrote to memory of 1644	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1644	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1644	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1644	1964	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84afd1bac72b01fcf3ea8818b89017ff_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275467 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d584002295a66ab067e813bf1030c75d

SHA1
adb7533240d84f620568a9340028a73f94a645b7

SHA256
ebc18526ee788329bfd9c1098d52a6916ebc4466a4baf1e2385a3ade77e06145

SHA512
dcfe3e4c4521a9851d2d1b1a54656e360461cf877fd89d85d1c067b74037f511b5cc88e62ee1303129e3b3d660f28939851e8e19b3d97bb45b7dcf1d9b1068f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
221b10c800c500624ec68a168c8f63e6

SHA1
645c9244a05c0724ec61e17f5d4006bdd9e93b3a

SHA256
961a2e65463bb30626a5cb55343d4cbc61ac174a1c34d817f27be71b5b58cb5c

SHA512
a42dc4371ac09196198aedc12e88e40daadf56c883aa0b9d8913a618faadedcef8daa13f47c8ed2aabd23cb7aad67fbce5a128d63fb3865bd003d4633d9f0638

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3d2bb3fbf615258fc7ace74a8da4d5e

SHA1
8a00a7a573c890f8b0990115d525e23ca4a7b30d

SHA256
d26b2bee79b216dc32a557039854e6742f5de09e4a6b828eda21958731c52403

SHA512
5be4fb641253f374599c15e0c102ee815bda36b2754f11b4e66d84445fd3a8084000a9387892ded00364c0bc21f519b3332386949f724a86664faa747f3ff934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4e989874f76f843905c5b3e6da1a0b7

SHA1
0f2d4610e80d1f97f973776ac59a69d9af037d85

SHA256
7e68884f1d527c1be8968c9bd94bdbd03418e6a3c379fdb89df05087bb6ed18b

SHA512
8ae9e3cf15bc0dad6c101413f95027ee6c4dd913f7ac4d94553e44cf6a9f3d4635c9045006d287c4ecc7af5cb319e68b7b61925ace18760ad6c13da73e4d16ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f7b2cb9f55b30bc84b5888d20c0a41f

SHA1
3918fa5f8f61ab24cd5b8203f9fa8f05a4854160

SHA256
952e9d5e5aafe0a649eab1c56c42bd2552b34f54ee7791c36165a33cc176bbe1

SHA512
aa033b2dcffcb7bf1d4335e5cfc1053c9bf14c7950529bf60928d0ecd7d29ede03268fd35cdc3ad6b222eb43fe1050310bf5723a2eefaba37452816f23c6f2f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f2af03915594555c5b903027774282d

SHA1
72f254faa6718b410f9a68d3e8a205145dac3ffc

SHA256
60e95c724ac6e30e3e8d5487c1ade09421268008984f47ae6afe314e90280896

SHA512
616af17aff12d9cd20748366d482806cf37332de6d1790d236817fd4013c97d7439a92a5fcfed9c3fcb26cbab7c106037228d49d78cbfde684d5133859d39d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ae75db5d6d177722f3e3cd316ec1852

SHA1
214befeecf8195d4f0bdc6e563c04c6e2278c43a

SHA256
b382c4a5fbdc239858eb22e8dad1c3c2a3c73189855c5085b7a8eb3e870351c6

SHA512
fad931eab5e3fa7db9888a94d0895f4d1ad7ada31e6f2a65368752192692ffd2e45987a142853cc46b93672876d4e49a517bc5b055307b6843a8db8417844a4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
988d9609c027713e74957ee77fb44218

SHA1
5939a9aa496e1dad9ef54956bed0a4f82fbb0e5a

SHA256
b2f62dd6e70c023a77e3fce7398a6528f27862c046b172a9699ba6084c786762

SHA512
051d77f3df7a168b60b1a142cd3f9c049b603f15557b1d55a4a423e6eec663d6a06f0ebc231ba8d33d3cb6d3a21ecee509e3467c61a613522280423f00678a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bd18baa4ce6f235af8383a4b20eeea7

SHA1
28b7c12d0874d5e3f14b20a297762b1f009ae2cd

SHA256
0c264d0e45a3a4bc9745fd2063bf88f7e19d68b8806dbfa7303c0f5b82154793

SHA512
c75417dd6e79fb1b21d3e997afb47834e4579b158022fa3f31de81236735c061a1ad3762595e2a7e974d1eada540a4ac9fd6abcd20358c1b0f736dae8ab1774b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b261feaa4a0615ae764583c5d4bc4482

SHA1
c4f13abb33b83a0baa3422da1edbed3f914a40f0

SHA256
900f7b8b1a4cc47bf31d2c83171ebea73b147c2155e816680a804ae2346381ae

SHA512
edb9341db925103bc145accf82d6bb096d7ec7d8f224a0e79dbc5f6309f47d22c6b6375d1be03c69506b6f6bd63ff2c5fa63493332a4712e601c88d20e0c2bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB5F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2256-481-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2256-483-0x00000000003D0000-0x00000000003DF000-memory.dmp

Filesize
60KB

Download
memory/2988-494-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2988-493-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2988-491-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2988-492-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2988-489-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download