ramnit | e1dcf112231774f6987b71e8cb2a6762b5b9143408e54d57f4b6f8d80123a063

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9520106265ccb15b52fc27a66b22e8b6_JaffaCakes118.html
Size

122KB
MD5

9520106265ccb15b52fc27a66b22e8b6
SHA1

beb1811b1f16b3e77bf1e16b15dde45de47772b4
SHA256

e1dcf112231774f6987b71e8cb2a6762b5b9143408e54d57f4b6f8d80123a063
SHA512

e5b4f243b6a3dc4c70766a72e06ea4e5c5e196408e4383d8f2efa6d163e6f638c1f71f37cb16fa3768c70415094049bf0ff7dec990cfd4a5fb763c6a439163a3
SSDEEP

3072:h1Hch187lA81lyfkMY+BES09JXAnyrZalI+YQ:gNLsMYod+X3oI+YQ

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 2 IoCs

pid	Process
2760	svchost.exe
2740	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2288	IEXPLORE.EXE
2760	svchost.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000016cf5-7.dat	upx
behavioral1/memory/2760-6-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2760-9-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2740-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2740-19-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px1AC1.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423672100"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000180ec177fa35524188d8bea3b851d9a800000000020000000000106600000001000020000000c3aeaf541a3bbb9cbd61bf297a21e01b8f74f74b0dac63c9ebc3a3b232dbe639000000000e80000000020000200000008e986792fb2e6903ebca6fe72cd6e08552239e18206e264496af0ac55a78173f20000000ebd14ce65cbb2af7c5975c1d4008af8c91f853b0d23e2f42ce43d3c6bbba78af4000000074661a8c8fd3781c657f39fd5e5e97dbaf2283ecd2066dee23c59395717220630d5169a7840a2c4d07fcb0dbb5543b3b8edc81d6fce3f701a981ed6b08473ab2	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00cbf12189b6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000180ec177fa35524188d8bea3b851d9a8000000000200000000001066000000010000200000002e3749ea9e1e2f23af2642694cf5efd428323a83bd7010373bad9d1c6e2d1361000000000e8000000002000020000000fba25bb8d07a240907dec7df142d08d45a9029dad127f56f2dc286599a50ffc590000000cac9e65670d70e494abc5d749158d61d25967464f47c2302118c817656257671c337e22e220c9357c162b37824807c0705b50c09271f9bac74482d9327aee6a842746901f61b5a917ad79f00e126ae8402d01c2c75ee43623a703f71af2ae23bbe5fc7461eb7503978d43fc933c6d8890b53cd2be89cd8774c436bffc4866fd96496cd29c0e31a764a10787f8cf5b916400000000a50a0c6af8d7cf6679aba62a7a1b242da9d212b6119eba06de2b6896ceab89b08ccdf8e705f01aef66534b30a757c290aec73d0b528506db1a8c7dc0edb0754	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{347468A1-227C-11EF-B5E8-DE62917EBCA6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2740	DesktopLayer.exe
2740	DesktopLayer.exe
2740	DesktopLayer.exe
2740	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1612	iexplore.exe
1612	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1612	iexplore.exe
1612	iexplore.exe
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
1612	iexplore.exe
1612	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2288	1612	iexplore.exe	28
PID 1612 wrote to memory of 2288	1612	iexplore.exe	28
PID 1612 wrote to memory of 2288	1612	iexplore.exe	28
PID 1612 wrote to memory of 2288	1612	iexplore.exe	28
PID 2288 wrote to memory of 2760	2288	IEXPLORE.EXE	29
PID 2288 wrote to memory of 2760	2288	IEXPLORE.EXE	29
PID 2288 wrote to memory of 2760	2288	IEXPLORE.EXE	29
PID 2288 wrote to memory of 2760	2288	IEXPLORE.EXE	29
PID 2760 wrote to memory of 2740	2760	svchost.exe	30
PID 2760 wrote to memory of 2740	2760	svchost.exe	30
PID 2760 wrote to memory of 2740	2760	svchost.exe	30
PID 2760 wrote to memory of 2740	2760	svchost.exe	30
PID 2740 wrote to memory of 2348	2740	DesktopLayer.exe	31
PID 2740 wrote to memory of 2348	2740	DesktopLayer.exe	31
PID 2740 wrote to memory of 2348	2740	DesktopLayer.exe	31
PID 2740 wrote to memory of 2348	2740	DesktopLayer.exe	31
PID 1612 wrote to memory of 2468	1612	iexplore.exe	32
PID 1612 wrote to memory of 2468	1612	iexplore.exe	32
PID 1612 wrote to memory of 2468	1612	iexplore.exe	32
PID 1612 wrote to memory of 2468	1612	iexplore.exe	32

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9520106265ccb15b52fc27a66b22e8b6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:209932 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b18a12f5c16186ad4f1ec78ae1a7161f

SHA1
e21cb05786bf57ab5b9685b082a7b5069cef0f2b

SHA256
bc0d86730a0537dcae731498db3e707e5926a9e57a3de467ef2af32a526897c9

SHA512
022da47ed3f6c6a45ed79e172167abeb76e04bd0f83bcea4077e6f7940d49612556cbf8ff784abb9b0a541a1125dca989d65f57378e3d08ae94e61bf9a327c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a41643a59647fe17bea2ea1b45d3815f

SHA1
f453c2075167ee9960fc31368b76078eeb512bcb

SHA256
dd86fc61c3dcfcdfff4be99062028d2e9410f3255e6c57161d2f7307168a10f9

SHA512
e47325981f16ba20df3c2349031b4b20059c709aa0eca9a9898e2ace7fcfc946c7f88186be653773c2b148f4325e473f7fe5e9cb4045869b7171c2a474f2f145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22bf39c90c1be4acaa6fbe4bde4c14b5

SHA1
696137b42e69961568953ce10ca6983921d2df42

SHA256
964e9851a3384787259f11ea6837276c0939507e05947c750d2294f11ceb9f19

SHA512
21440a568227a93b8c260d8582187287d81ff3b78d8ccfbddc366aadf12906cff9da1810db058da38b62110491b536b866d57c4df578409bcf1369f650f9889b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4437d012ac6d798252798ef3e76dbab

SHA1
4d137c64620e6c67a79372ba5da44d1a4b21cc36

SHA256
50d38a873d47dd0ccc93d779e6d481a969c8a7b96c106ea6462de010b56375eb

SHA512
1b804c1baeafdbea0491a7d3dca3c9bd83c6fc12c043b5afadf3147c4a96aa94d054a3ce783814190bbb4d3e70cffa1d1b462df464c22a0427a85aa084980a4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f44f0f23e66ba7a0cdb37e32e5f59542

SHA1
3d37a9f01197fd522b03e70ae11676695788636b

SHA256
6a8c2f494bae86020cb8819843641829c76ecedab9bd7107aff9e1530bd702d8

SHA512
33b544927435d9a9fdfd8908aa0279173be3fb2fac541b02c379a285a5dd06443eb57cf657262f7201e22fd4773b8921204b4110ae56997f0aac436f6b33e1ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236aacbe431c7422ece6dbd2566370b9

SHA1
b079fe9fee79fc02f9bf8415ae19b86690f3feb5

SHA256
764588cdfaf9d002061cd61ebfb998e1d6506cd5e455892c7c4a7bb51dda07b7

SHA512
e50424d8e1732f0d7b2569686f27eca1a1f482a0258a369a1763f00c7206cd780b492e31e0dd5ccc7114487ddb1a70aa48f734e82da1ab1ab3ca97f234f52f40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5114e866bb963f97bc6f2b9a68070185

SHA1
320c82a56f51b88e8834670dedc0cc8c83cb5499

SHA256
53bf88da0e5846cd7fd59b2a7139450c79a636ecc34fe3adfd52a37cde3b5be4

SHA512
670a26a19e10611d24dba21d0a542b0595e3e0eced1159abd9a4eff9ca6567fd796595a36d35ce6a3e9681254a14746147732a600ed5aef68d442cf4c7c9e8ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54897f48aa337def9724be7cd8a2890d

SHA1
1cefc20e4e2201b99130ccaee57f0194c1d624ff

SHA256
ad8d2009d1b8a1b77902f4bc338fd55035fe66992ca38de3c21dddd18ea42d4c

SHA512
1cbf67bb9c3cdfac215a2d10c2b3a2e38bb12566b1087adfc91001d7a2769cfd984b8bd6463fbd3e7ac16e7cd9b28d57a3fc2687eef8b5fa2d8ad0f0d82ddde3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
358e91929d51b96ed36d9a1133f22382

SHA1
84bed6667b399ca423198d119026d1fe624e66a0

SHA256
ff5ec13611ce6a7245b1cf965c512bb0cb2989a44bb411d5111180cfc644e8cb

SHA512
3a95377d47c4ab4a1ad66eeac0ac28ad1551e9c32255e5d9f70ba2331009f4000cb84df52d0ad08135fa33bbcc3f1f888b123e4a5760b0bbac3fb20b37ecb6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab169E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab177B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar178F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2740-19-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2740-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2740-17-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2760-8-0x00000000003C0000-0x00000000003CF000-memory.dmp

Filesize
60KB

Download
memory/2760-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2760-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download