ramnit | 1d1f87ba0950a7b433d74b35f91c44d5c36157b911dc049917ae6b1a2e0bff8d

Analysis

max time kernel
149s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a4af554451ac249a2f3e63e1d38dcea_JaffaCakes118.html
Size

261KB
MD5

8a4af554451ac249a2f3e63e1d38dcea
SHA1

1750c60fa07985b1cfcf0be58cf21c381019b30b
SHA256

1d1f87ba0950a7b433d74b35f91c44d5c36157b911dc049917ae6b1a2e0bff8d
SHA512

f2235c30a61ea228e647d81e35e200fe6f6a9ef9dfbdfc9d55d61112353c5e9ad4558e7034c3ad4e8b50319f7ffbb893b78f452db2f68733e64cc784be98230d
SSDEEP

6144:SZBg6B6J0ZsMYod+X3oI+YLsMYod+X3oI+YQ:U5d+X315d+X3+

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 3 IoCs

Processes:

svchost.exeDesktopLayer.exesvchost.exe

pid process

1520 svchost.exe
2780 DesktopLayer.exe
2444 svchost.exe
Loads dropped DLL 3 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2544 IEXPLORE.EXE
1520 svchost.exe
2544 IEXPLORE.EXE

pid	process
1520	svchost.exe
2780	DesktopLayer.exe
2444	svchost.exe

pid	process
2544	IEXPLORE.EXE
1520	svchost.exe
2544	IEXPLORE.EXE

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/1520-480-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2444-498-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2780-495-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1520-489-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 5 IoCs

Processes:

svchost.exesvchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px6A47.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px6A38.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC1D9F41-2007-11EF-9E38-E60682B688C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423402201"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

svchost.exe

pid process

2444 svchost.exe
2444 svchost.exe
2444 svchost.exe
2444 svchost.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

2164 iexplore.exe
2164 iexplore.exe

pid	process
2444	svchost.exe
2444	svchost.exe
2444	svchost.exe
2444	svchost.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2164	iexplore.exe
2164	iexplore.exe
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2164	iexplore.exe
2164	iexplore.exe
2164	iexplore.exe
2164	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exesvchost.exe

description	pid	process	target process
PID 2164 wrote to memory of 2544	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2544	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2544	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2544	2164	iexplore.exe	IEXPLORE.EXE
PID 2544 wrote to memory of 1520	2544	IEXPLORE.EXE	svchost.exe
PID 2544 wrote to memory of 1520	2544	IEXPLORE.EXE	svchost.exe
PID 2544 wrote to memory of 1520	2544	IEXPLORE.EXE	svchost.exe
PID 2544 wrote to memory of 1520	2544	IEXPLORE.EXE	svchost.exe
PID 1520 wrote to memory of 2780	1520	svchost.exe	DesktopLayer.exe
PID 1520 wrote to memory of 2780	1520	svchost.exe	DesktopLayer.exe
PID 1520 wrote to memory of 2780	1520	svchost.exe	DesktopLayer.exe
PID 1520 wrote to memory of 2780	1520	svchost.exe	DesktopLayer.exe
PID 2544 wrote to memory of 2444	2544	IEXPLORE.EXE	svchost.exe
PID 2544 wrote to memory of 2444	2544	IEXPLORE.EXE	svchost.exe
PID 2544 wrote to memory of 2444	2544	IEXPLORE.EXE	svchost.exe
PID 2544 wrote to memory of 2444	2544	IEXPLORE.EXE	svchost.exe
PID 2444 wrote to memory of 2868	2444	svchost.exe	iexplore.exe
PID 2444 wrote to memory of 2868	2444	svchost.exe	iexplore.exe
PID 2444 wrote to memory of 2868	2444	svchost.exe	iexplore.exe
PID 2444 wrote to memory of 2868	2444	svchost.exe	iexplore.exe
PID 2164 wrote to memory of 2080	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2080	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2080	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2080	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2496	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2496	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2496	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2496	2164	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8a4af554451ac249a2f3e63e1d38dcea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:1520
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      PID:2780
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2636
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:406537 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:5846019 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4df82df6822ce01f05986a9c6d2e18a8

SHA1
9ea4b88bc0cbf5f15bcd51a01bfdf4c3a4bb9f1f

SHA256
1bee39dfed4926b0309cf4db8762694c0bc3e4f1f5d4559880319f9f70934b27

SHA512
b97b1ceb8e0d3cffbdd804f6e21ed8767ea50e78fd59a1fad9a11190ffadb38489cc750351c483cd5f4e144b8b541b8a57f2564249e51433ed6d02b813e6040e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccf66c69b81cf67cb390e49ab7e50dfa

SHA1
90b3b146914a81391c46e2c328e212fd9c33f7b9

SHA256
ddc4eba6100bddfa1f4d65db44feba8468ad7100da00abacf424ca5b1e9a96c8

SHA512
19c8d035492a6568429c27e4a0a592b6ac0e5fbe55debd43405f583e38bf5a4ec3cc2427c7beef443da9ee6b0027eb0e67f42ce6559e4deeb60ab00bf1e5168c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84c44f6bca6e8ef116651ba993a06825

SHA1
13d306c8f3c7d602158ad73fb91407db589a4201

SHA256
075fb977df207301376f5a33fe80850f3a9f31ab3670f3f8da26b85952b4fe82

SHA512
7fc1020a264ee8222fd3449bc38b358ec132bc4d6738055f9d19ccaacd3826f7e88c3ce02879d8a0de168378370a0f04ad9c4e6889943f25072bd7f563f7f4b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
983451bd29292e2013a92b9336da7527

SHA1
85f75a61797a4776332e5e12e902e59f8d3a529e

SHA256
00eda2c990d7f35e2a03e18bc36aedd86dd9b7a6a4b251a55acbd9fac995e2f9

SHA512
cc8580eea851e30088626758805cba7a9d1707dd0110810d26534613b15cde308ded0e026692b74401b74fddf57a1034a2fe2a6942bcbb4bc80d7e1c8ddd0aae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da6d1ac1aacb40a5b408ec5b291f9ade

SHA1
f3bd5002930389d9457feb07836bdd83e377a943

SHA256
4d5149be856cbc98e2f76ac9071816775f5bd229ef0e9f5ae173177da1dd6c8c

SHA512
0ffdbff3a6de012cec4cb25adff516e40aba323a49a34a100188d4484ff4d035d5ec46e8e79b09c1a7493dd192eb0596c47bbf13c789f023f6fe9f974f3adebb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d038bd21069c757cf402718ad2a0c2c9

SHA1
0a927f95419b8d875679b8f6bc2d19d636ce1919

SHA256
71a9f71fd179e06ecb36feaa840a3598ce5438510b4425935568e74dbdf0b1bb

SHA512
89cf6119e71e0f17c8146032e66401941243a14dd4ebfee489578317c942f171364e595a47028a0f8da95b1f049d738604f6784d2955c7cd1a3affc288c7597b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e69fd6873384d46e5cb56543104ee311

SHA1
e469eba7889554247e6cfb8de949db04559a68b7

SHA256
5a5ce5445c064f9b491bf5020d02720ce6b296fe313e9daeb27c25bfeb8ee76b

SHA512
563d99ad73661920514a2f4cd73756cb933cf3675aa5413d17c939e313a8224ea074a7772896e5d33f4abbb1a920a1e5522018111cd907a004aa33115317e8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98b2a57ad066bfe6aa666595dde6288e

SHA1
9b0c28a342c41638ae38f9932f15b8a76ad13a68

SHA256
9a2c0223751c5bc784d98e84cfe38ef9570049f5e9c29cf006f47ddf90aaa28c

SHA512
ada68fa646cce2de01e8cb0f0bc704a5e98a10b007066648fbb9a5e86af495371c8aa1edb2f77138fa00cfe2b2051a0aeb308b48698def210f17772388b13f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab228F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2371.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/1520-480-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1520-481-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1520-489-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2444-496-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2444-498-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2780-495-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2780-494-0x00000000779C0000-0x0000000077ABA000-memory.dmp

Filesize
1000KB

Download
memory/2780-493-0x0000000077AC0000-0x0000000077BDF000-memory.dmp

Filesize
1.1MB

Download