ramnit | a44087c615128aa825b227dd2b2150312e1ce56fb61027050d3c7f0e9d97e7a0

Analysis

max time kernel
137s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

858a07ffb056cdac43f26b491c7d99b7_JaffaCakes118.html
Size

125KB
MD5

858a07ffb056cdac43f26b491c7d99b7
SHA1

a7594c13f2401ae789ca3a4a504776c8b09309e5
SHA256

a44087c615128aa825b227dd2b2150312e1ce56fb61027050d3c7f0e9d97e7a0
SHA512

df2ece6bf2f6b6a819eb12fa51aa9bb09e525f9adcf8d9e2488232134c2f81dbe4af73422daa84b5bd366251e65e9c57cf5c99f52c852fa15b181e36537a269a
SSDEEP

1536:VCtg1yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:V4g1yfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

2680 svchost.exe
2824 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2720 IEXPLORE.EXE
2680 svchost.exe

pid	process
2680	svchost.exe
2824	DesktopLayer.exe

pid	process
2720	IEXPLORE.EXE
2680	svchost.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/2680-6-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2680-12-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2824-19-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px205C.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000345802279258e649ecf8ef3c73621b655a9c49c8cb8c0cd5c5ddcc2eb72d5430000000000e8000000002000020000000337132e09871c2b949daa581c43a12a28673185ac68b12c4a0d06ab514087f909000000015dc9d59ccb54160db9e83a46590a545badc05cb63f5f01f84307635066f25758df6b2077760c8e881dfee049fcd6bcf57a73bcbc8ef8631ac9bb922f302a0b19d277ac37a6751f119885f91a9c5d44a0d0b50d07205bba6fc0bac9201b37ce97228b146cf4247cf136ebe731bde2b4526e2f0a91813d0b94853e85bfb054f0163d62a66b185fc643ff851c3f65bc52c40000000fc079905c775f3a2984e5f0aa00e66e54d224543b1735e635a1f30d5f08fbca178538711d7bd2cb856862127e1e931f6bb1a377148a9a4223330fd821465c23b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ba9fcbf7b2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B79AF0E1-1EEA-11EF-B5B3-EE05037B2B23} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423279760"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000653c2ab7e76e5f999097b255b1ae7b272b06d521bafbc9e9516bac6d91f0d813000000000e8000000002000020000000976d1c49adc217a57e1f36776c305ca01670cf06bb7e30b4c84086bda81f31b8200000001145be460721b1ccb9609e32b4de7dfc5772234af0f6bd5edf361583e33b43e640000000c23a1df633ac83ea7065d3ff4e95ad5854b5cc5cfb838e2686b654dc93f13e24bd459c2f3335b0e6dab0c60fb514bfb8c11ce9efe667f8f1d285cfd8a041774f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

2824 DesktopLayer.exe
2824 DesktopLayer.exe
2824 DesktopLayer.exe
2824 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

992 iexplore.exe
992 iexplore.exe

pid	process
2824	DesktopLayer.exe
2824	DesktopLayer.exe
2824	DesktopLayer.exe
2824	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
992	iexplore.exe
992	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
992	iexplore.exe
992	iexplore.exe
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 2720 wrote to memory of 2680	2720	IEXPLORE.EXE	svchost.exe
PID 2720 wrote to memory of 2680	2720	IEXPLORE.EXE	svchost.exe
PID 2720 wrote to memory of 2680	2720	IEXPLORE.EXE	svchost.exe
PID 2720 wrote to memory of 2680	2720	IEXPLORE.EXE	svchost.exe
PID 2680 wrote to memory of 2824	2680	svchost.exe	DesktopLayer.exe
PID 2680 wrote to memory of 2824	2680	svchost.exe	DesktopLayer.exe
PID 2680 wrote to memory of 2824	2680	svchost.exe	DesktopLayer.exe
PID 2680 wrote to memory of 2824	2680	svchost.exe	DesktopLayer.exe
PID 2824 wrote to memory of 2572	2824	DesktopLayer.exe	iexplore.exe
PID 2824 wrote to memory of 2572	2824	DesktopLayer.exe	iexplore.exe
PID 2824 wrote to memory of 2572	2824	DesktopLayer.exe	iexplore.exe
PID 2824 wrote to memory of 2572	2824	DesktopLayer.exe	iexplore.exe
PID 992 wrote to memory of 2428	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2428	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2428	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2428	992	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\858a07ffb056cdac43f26b491c7d99b7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:992 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2572
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:992 CREDAT:275463 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2ea935ac6966a4e8adf17f5f69a0d5d

SHA1
b503acfc50ff3da30084f5ae946093c17b1c6151

SHA256
e1365b7ee42877601993f502dd60addc0729ba477c6c287341221b292958149b

SHA512
03774bb864423561ac4f29a0804f7f70b1e7b7e9536a2fe317282d145eae93ec70584a8d096af2d21de02ca0fb1346ac47a69aa30168e7f4319130c6b8a81b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
785ce7c16bb05b4133fe508ac14befe3

SHA1
172326598032a6532106d40d0a3fd6df556ac9d8

SHA256
7245a3053e8fd25c69ce68b3a4d647272b753c71db9a6f13d27bfffacd8870ad

SHA512
33c43dffac03bc38c74a97249fca4a9b5593d68f0c4b26d81ac5efb7fb29884f37e2959f391940fbd874f023b87090e92b400695e6c074e3723705d4cfe4a926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81bd39900b4a2ae61352808f68b95e14

SHA1
c3c6bd98a81ceb7f5d5795803fb760f880e59cc0

SHA256
d359676e00eea1abd0a13d8a3602bc34109df7698c65fefc3344bda8119f99a1

SHA512
6790c3bb4290ed36f451f0bc588ecf0329472809fa514c6c37c8a0a73425ea69d4cf5157ac312e9bae585e0b9f319215f4fa193dcd29992382d5a9641b7b60d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcb45bde6662b4783a1fe9cf1053c214

SHA1
e08bb24c6595c25656f0290bcf9f5ebbb2cb2b36

SHA256
7d38d819536d5547a18cb55b75bd8608fbaa88b6f18592148ec299248bb91d66

SHA512
d0f373e3fe7dec3df1cbfc885c77aface92db08e422507b0e2fb165b31fb51a143868229d80aac531976cc0abcba01262c9878992f97c70e7046e9b97d848e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51e0c3f24b0837aa3f883702e98f72c6

SHA1
cc6c60a100253af6e924471229e6073f3e2a5fab

SHA256
c41cfdd012e68f10b473a4edd63c02d597e658d946a82599b29b686f92e342ab

SHA512
6733ae96a8ba2af8a6ae207b63504b2b29fceee81854dbcdeb74e0edcb2c27e92573ac7250baf81088b925c24ff29d8ad120f76613c0a1beea6ffed13ce6fa5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a2c88bddeb27fdfc1d7afb23e6a462b

SHA1
53256f3a52de0d9a3425b93813acda6e1856ddcd

SHA256
190d5cbb006c598364a418a8d8b39017b39dd54d946cf830bd306a286007f310

SHA512
487d92d354f73d28603059a1f141c826d1d60860c564506dede87e1d05cc9d1eac92dd190f185dc16422e0830a257d0c0fa27f452a630665905112afd1df9921

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
492e46796771877a6803ece605ce8efe

SHA1
702201261a773b4c53e4cf9103a5e729c08fd0f8

SHA256
87964305b890c54361b3658c38a6170c25dfb76f7c95a17f324bc2903a1601ef

SHA512
b091e16508b308eb4053c40ede4d59d375f8c2582c68b8bb4532a2bc9b2f9e7b64fef29a17d858f95b7d886e8f5c142bbc1033fe723bcf17d4f71fb3a66a9c9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7578ef70d60f6f8a6206460552a7eec

SHA1
72828a1d2584c60543b9e5505eb2a74623a5243e

SHA256
1409505af59f0c7fc983c10802a0aa4b98430e413cf0bbd243ae4f5839302882

SHA512
2a69aba2120ea625cab2dbb73a9d192831a51b68b8cb76a2ea71f3c23c620c97361f9267cfe013f00b2e3002278bd472b0eae5857406075ae988bc18135d4e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1A85.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AF7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2680-9-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2680-12-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2680-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2824-19-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2824-17-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download