ramnit | 23dc8b09394cf9fc5ca0a9f9ddbe55d64470b94d228a2793d616598d9aef8eef

Analysis

max time kernel
92s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 14:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe
Size

102KB
MD5

22a58ea35d45b71a98a4b29d35bc55a4
SHA1

e237313f572e4bac17ff4cd42790a18455a79da5
SHA256

23dc8b09394cf9fc5ca0a9f9ddbe55d64470b94d228a2793d616598d9aef8eef
SHA512

8aa7b25b3e1d2dc5afc5d72fa548fd932fa91ed64930599f8cdfab8a3938c3ec476e3d1539673813e06575fe7b0702647eebe85b6f73d1c39728d89950751909
SSDEEP

3072:hCuvo0N7CdRk1wcB5IqELMKsSGfg1YYWnEr5jwaaHw7Koj4r:QuvZgnk1PE5GwYF0

Score

10^/10

ramnit banker spyware stealer trojan worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3196	kxqgwkolrieoqnfg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3948	1384	WerFault.exe	81
4388	4340	WerFault.exe	96

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "889375547"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31116627"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426780945"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{54B70670-3946-11EF-9519-7ACDD6433640} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116627"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116627"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116627"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "689531855"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "691562913"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "689531855"	IEXPLORE.EXE

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe
Token: SeDebugPrivilege	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe
Token: SeSecurityPrivilege	3196	kxqgwkolrieoqnfg.exe
Token: SeLoadDriverPrivilege	3196	kxqgwkolrieoqnfg.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
840	IEXPLORE.EXE
840	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
840	IEXPLORE.EXE
840	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
840	IEXPLORE.EXE
840	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 1384	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	81
PID 3436 wrote to memory of 4672	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	90
PID 3436 wrote to memory of 4672	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	90
PID 3436 wrote to memory of 4672	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	90
PID 4672 wrote to memory of 840	4672	iexplore.exe	91
PID 4672 wrote to memory of 840	4672	iexplore.exe	91
PID 840 wrote to memory of 2340	840	IEXPLORE.EXE	92
PID 840 wrote to memory of 2340	840	IEXPLORE.EXE	92
PID 840 wrote to memory of 2340	840	IEXPLORE.EXE	92
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4340	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	96
PID 3436 wrote to memory of 4100	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	100
PID 3436 wrote to memory of 4100	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	100
PID 3436 wrote to memory of 4100	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	100
PID 4100 wrote to memory of 3528	4100	iexplore.exe	101
PID 4100 wrote to memory of 3528	4100	iexplore.exe	101
PID 840 wrote to memory of 2596	840	IEXPLORE.EXE	102
PID 840 wrote to memory of 2596	840	IEXPLORE.EXE	102
PID 840 wrote to memory of 2596	840	IEXPLORE.EXE	102
PID 3436 wrote to memory of 3196	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	104
PID 3436 wrote to memory of 3196	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	104
PID 3436 wrote to memory of 3196	3436	22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe	104

C:\Users\Admin\AppData\Local\Temp\22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22a58ea35d45b71a98a4b29d35bc55a4_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 204
    3⤵
    - Program crash
    PID:3948
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4672
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:840
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:17410 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2340
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:17416 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2596
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:4340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 208
    3⤵
    - Program crash
    PID:4388
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4100
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    PID:3528
- C:\Users\Admin\AppData\Local\Temp\kxqgwkolrieoqnfg.exe
  "C:\Users\Admin\AppData\Local\Temp\kxqgwkolrieoqnfg.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1384 -ip 1384
1⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4340 -ip 4340
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
63a2d2b4cdc269762fe4bdb8cdfde7f8

SHA1
5cce14e5285ce9844b164d37de9f4ad0acc7880f

SHA256
8e323e0354939fd301d8db011a0b007476c93e0e048100922e3e59e34b04f716

SHA512
db3b35b23c3088fdf8f5215d8f9149e717d871be0c7b69541aba232e6f829e18d9d074b53f173387985a3ba4df1c016ec5b75f4387d6123c6c1ba3113c43dec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
b160874e1d0808189bec7f3ad3938c5f

SHA1
a9ddd660eceb0a05a5cb690c86b7525ff7e7166a

SHA256
28e43a988ec6fc3197784cc293cf40c29a965f5c78d75d261c96ab54c31fd383

SHA512
0573f98e673ea4f624e390ced06dd269b78dd89747287067224353de9ab71b0bdc7f3579bad01f41ae22c73a1847227dee851b8b322a2cc319cca9796e87f6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\kxqgwkolrieoqnfg.exe

Filesize
102KB

MD5
22a58ea35d45b71a98a4b29d35bc55a4

SHA1
e237313f572e4bac17ff4cd42790a18455a79da5

SHA256
23dc8b09394cf9fc5ca0a9f9ddbe55d64470b94d228a2793d616598d9aef8eef

SHA512
8aa7b25b3e1d2dc5afc5d72fa548fd932fa91ed64930599f8cdfab8a3938c3ec476e3d1539673813e06575fe7b0702647eebe85b6f73d1c39728d89950751909

Download Submit
memory/1384-9-0x0000000001080000-0x0000000001081000-memory.dmp

Filesize
4KB

Download
memory/1384-8-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

Filesize
4KB

Download
memory/3196-37-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3196-40-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3196-44-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3196-45-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3196-42-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3436-7-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3436-19-0x0000000077842000-0x0000000077843000-memory.dmp

Filesize
4KB

Download
memory/3436-2-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3436-5-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/3436-0-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3436-18-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3436-38-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3436-16-0x0000000077842000-0x0000000077843000-memory.dmp

Filesize
4KB

Download
memory/3436-15-0x0000000000400000-0x0000000000439FD4-memory.dmp

Filesize
231KB

Download
memory/3436-11-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3436-4-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/3436-1-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download