ramnit | 68a97ba896815a4aeb81b219691e8988b29c1960fad74f88c894413e73fa4ef8

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88410742ebcef0f2c897b048bf15e430_JaffaCakes118.html
Size

139KB
MD5

88410742ebcef0f2c897b048bf15e430
SHA1

0154d135e711910f3b68d6f6abb608fbafe03a18
SHA256

68a97ba896815a4aeb81b219691e8988b29c1960fad74f88c894413e73fa4ef8
SHA512

7318af2d46402bd2175c06ff5c3f9897cffd026de5bafb29c70d0ed558681461175b21dfd3e30cafed0e5f7a092a8e59448aff4715b5e3a8ae35b242db906b5b
SSDEEP

1536:S8TS09k+yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:SGjyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid process

1644 svchost.exe
2492 DesktopLayer.exe
Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2884 IEXPLORE.EXE
1644 svchost.exe

pid	process
1644	svchost.exe
2492	DesktopLayer.exe

pid	process
2884	IEXPLORE.EXE
1644	svchost.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/1644-576-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2492-583-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2492-587-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\px600B.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{693ADAD1-1F8C-11EF-8221-D669B05BD432} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423349208"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid process

2492 DesktopLayer.exe
2492 DesktopLayer.exe
2492 DesktopLayer.exe
2492 DesktopLayer.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

3024 iexplore.exe
3024 iexplore.exe

pid	process
2492	DesktopLayer.exe
2492	DesktopLayer.exe
2492	DesktopLayer.exe
2492	DesktopLayer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
3024	iexplore.exe
3024	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
3024	iexplore.exe
3024	iexplore.exe
1552	IEXPLORE.EXE
1552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 3024 wrote to memory of 2884	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 2884	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 2884	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 2884	3024	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 1644	2884	IEXPLORE.EXE	svchost.exe
PID 2884 wrote to memory of 1644	2884	IEXPLORE.EXE	svchost.exe
PID 2884 wrote to memory of 1644	2884	IEXPLORE.EXE	svchost.exe
PID 2884 wrote to memory of 1644	2884	IEXPLORE.EXE	svchost.exe
PID 1644 wrote to memory of 2492	1644	svchost.exe	DesktopLayer.exe
PID 1644 wrote to memory of 2492	1644	svchost.exe	DesktopLayer.exe
PID 1644 wrote to memory of 2492	1644	svchost.exe	DesktopLayer.exe
PID 1644 wrote to memory of 2492	1644	svchost.exe	DesktopLayer.exe
PID 2492 wrote to memory of 1716	2492	DesktopLayer.exe	iexplore.exe
PID 2492 wrote to memory of 1716	2492	DesktopLayer.exe	iexplore.exe
PID 2492 wrote to memory of 1716	2492	DesktopLayer.exe	iexplore.exe
PID 2492 wrote to memory of 1716	2492	DesktopLayer.exe	iexplore.exe
PID 3024 wrote to memory of 1552	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 1552	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 1552	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 1552	3024	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88410742ebcef0f2c897b048bf15e430_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2492
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:406537 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e6c5bf63c660ac743cae01caeea763b3

SHA1
277ab4cd7abdb99ec64812f14ca27b7cd08ff60c

SHA256
f236df2da628fe1c824b67b349cf99dd8133b62b81c795bf182695ca4e51ecef

SHA512
4a9220518c5f40ca2412f3a97fdbb8523cd264f8a9910ce86ef1c53198f773a62719cad0dc7d06d9243a92d0f4035ad0c8e72cfedb2f5bc75b7f44284bae762f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64c36cb6870b6c43e59218e04af4f999

SHA1
c1e6518eb00569c04a38a404bfdd32c0e54b9b58

SHA256
4a8c7a6c0e371dd3d761bc692db09ee3119535bd6d7dd4c33ab4d4eeb4034461

SHA512
02c8d77c51c12e399a6118d941a37039e04016493a22a1cbe57c03e902f56b16b511475e0d45466d379e6a5a1e4186e48974401852611b755999f0d255916eda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
430b44741e4eb3501ba0722846bf397f

SHA1
fd2a071b4068dbaa7451b96e5316d6622cf7601e

SHA256
634ffd67576e88f0eb63269e5a4d6850560690dd6646461bc00a2cf5e9efa924

SHA512
ed37819d361583b314cf1443505a1be67b5cab36633b475ecd0732e124376b3fd0f1862c1eb101eb398a3d763b1984c3a2c93707068c52cc77710fd9859008b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d0564d16c1f7a2c9c8bfd7de3b44008

SHA1
cbd381556ff28bbfaa3b1c96a8e3604ec85b1af4

SHA256
de37684e4ae145569a516f8406461b5c661bc17f9b2a491a69acb2773c5bb92b

SHA512
ca79e89b3f8f025f433826cd2481d3bfb68c4953f34fcfde114f9f89802db99eabb69822bb0309119883c28b64789cfe2b321e84f779306a2aa95cbda6ea3e5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb501b83fc408b98d5a7ca1112bb0f4c

SHA1
249106c88b82a7ba69f346ed81cad7714461d2e3

SHA256
ce53d2a93cf81cfee671b44cb129fa03e5d72db80d62add87402de0260348936

SHA512
329dbe4d41a5599a6e43a13414d4ed7eb60e9dc7f774204e62ca46669c997ca9930f10d7ca2092229999c5d307f83986dd3facd6feedd7c968a4371c35d38953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36636ef458fe6c8761e14e8e98b99d7b

SHA1
bcbf8b141533e650fde3405aac8c5f1fd589f433

SHA256
20fb28d5e7a2a143c4a4076f59019fa91b10fdef0fc47cdbfbd37c5794a27367

SHA512
b94db602e8f60d60b7dc41a927c0f1921ceed8b71b4a02c2c3c838271651ed129bb71e7e0c81b75f0b297eeb584bd9d2f2e2cece9b8d2423b92e1c7cc87636c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2bf943a705556afa67b6546629b66ef

SHA1
2f2d81a8dec251ad3ba1d7c2a45f37f371cb5981

SHA256
ecf264cc962c317bed8111fad3c304f11a716d5e775e85503a05420722790437

SHA512
dbb9e8d7e995d2b421136b66b3b2a4dff5652b7b3972c17bbaf4690f90e230aa7d14db711cf02640b211199240d9b0728686ae7e5e5a5b0959f5042d63c4d6c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e517c6a973a933f5c7979a4faba6ac40

SHA1
32a3a215ed766e3c80c7d1bcfb6795bab255a467

SHA256
8fbacd66deac9ca70ec6294386188eabe5daca5aa4321e040b0a1d299fe89db5

SHA512
e5df89a6a7b4f7e7f5f43c6e0a5c11dd80cc2e10004ac93ae1dc1704fa2ba6e403a22078a94a0de62012c80c25a6b25862c429e725373ba3c08e86dacea934a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd65283fd76a407c7a922dad449eb5e9

SHA1
8c5f1b2ee8e81845f441017239c18eb56cfb58f4

SHA256
6ba2969ceb913a3728f03a4fb1892410672b951e9ec5ee947c1414044b7d489d

SHA512
d10d38722455b3cc487567602713c6b0f988bbfa07f94640a63ea12aef551dd4657ab8a73de5fe88499d3b396c21e65e47bbc89e5de7342563bf8fc06e6539bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4bc131db83d5bd029765662678f83274

SHA1
b7835cbbb6224cd5ee49519403975ec95e4c620a

SHA256
1f51f0fc4ddcae3b17f3be56ca228487d12baff9f8fa432c248b3957ba00e4b8

SHA512
a2c34348d41ef097d7000bc6ffcfbe1dad8b794d0f3a592fc293c52219facd0217ecae456a274b7a85329798f25f9b4447bb1407ff4c6f5e9ce558949c808e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B7C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1CC9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/1644-577-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/1644-576-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2492-583-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2492-585-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2492-587-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download