ramnit | fad076e6251a6cfac705b8ebb773fa9a975e950d02a463cc1aaf64563ec3af9e

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118.dll
Size

163KB
MD5

95c77ea0b777d9e2b82136ec0d24151d
SHA1

92486be9ee3505c38330ebcb48ad9af6a6a3e703
SHA256

fad076e6251a6cfac705b8ebb773fa9a975e950d02a463cc1aaf64563ec3af9e
SHA512

36d73b54cd5cf6767142c158cdaf7c1bc2fcaa929227cdba2b9b91dbcd52297923e5a96b7db8f56cb58cbfbe6c8b7e061e3053aa692ba4560a96ee447c19fa45
SSDEEP

3072:O244R/lE7liD1P8sFdXoh1U7Nm9fW1bwjAO7T4NehXn6vn+m5Av+3ywTZ7oWMy43:O2R/lE7aUsDoh+pk3jAO7QehXn6/+maD

Score

10^/10

ramnit banker discovery persistence spyware stealer trojan upx worm

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe"	svchost.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 4 IoCs

pid	Process
2376	rundll32Srv.exe
1296	rundll32Srv.exe
2220	WaterMark.exe
2828	WaterMark.exe

Loads dropped DLL 6 IoCs

pid	Process
1740	rundll32.exe
1740	rundll32.exe
2376	rundll32Srv.exe
1296	rundll32Srv.exe
1296	rundll32Srv.exe
2220	WaterMark.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1296-18-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/1296-23-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/1296-22-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/1296-28-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/2828-47-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/2828-46-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/2828-49-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/memory/2828-74-0x0000000000400000-0x0000000000418000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32Srv.exe	rundll32.exe
File created	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe
File opened for modification	C:\Windows\SysWOW64\dmlconf.dat	svchost.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2376 set thread context of 1296	2376	rundll32Srv.exe	32
PID 2220 set thread context of 2828	2220	WaterMark.exe	34

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODTXT.DLL	svchost.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\msadds.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ktab.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Journal\NBDoc.DLL	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODDBS.DLL	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchobj.dll	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\sqmapi.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	svchost.exe
File opened for modification	C:\Program Files\Internet Explorer\msdbg2.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACERECR.DLL	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll	svchost.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	svchost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\WaterMark.exe	rundll32Srv.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll	svchost.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll	svchost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html	svchost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html	svchost.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaterMark.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaterMark.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32Srv.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2828	WaterMark.exe
2828	WaterMark.exe
2828	WaterMark.exe
2828	WaterMark.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2828	WaterMark.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2376	rundll32Srv.exe
2220	WaterMark.exe

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1672 wrote to memory of 1740	1672	rundll32.exe	30
PID 1740 wrote to memory of 2376	1740	rundll32.exe	31
PID 1740 wrote to memory of 2376	1740	rundll32.exe	31
PID 1740 wrote to memory of 2376	1740	rundll32.exe	31
PID 1740 wrote to memory of 2376	1740	rundll32.exe	31
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 2376 wrote to memory of 1296	2376	rundll32Srv.exe	32
PID 1296 wrote to memory of 2220	1296	rundll32Srv.exe	33
PID 1296 wrote to memory of 2220	1296	rundll32Srv.exe	33
PID 1296 wrote to memory of 2220	1296	rundll32Srv.exe	33
PID 1296 wrote to memory of 2220	1296	rundll32Srv.exe	33
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2220 wrote to memory of 2828	2220	WaterMark.exe	34
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35
PID 2828 wrote to memory of 2500	2828	WaterMark.exe	35

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Windows\SysWOW64\rundll32Srv.exe
    C:\Windows\SysWOW64\rundll32Srv.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Windows\SysWOW64\rundll32Srv.exe
      "C:\Windows\SysWOW64\rundll32Srv.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1296
    - - C:\Program Files (x86)\Microsoft\WaterMark.exe
        
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2220
      - C:\Program Files (x86)\Microsoft\WaterMark.exe
        
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2828
        
        C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\system32\svchost.exe
        7⤵
        Modifies WinLogon for persistence
        Drops file in System32 directory
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html

Filesize
151KB

MD5
8f91179e0d119bb413ed77f27127342b

SHA1
2ce532228678c0be8f3fa1b8996872fc8f9eeea9

SHA256
1006a05a1bff9bee4edee6ddf2889a9fc2b64e4d7fd6a4acd757ea0ae0d715af

SHA512
8e0c4f5cc999bb6c9436acf60de876c15db69102a2f34bbb60def41f3f1a60740d2efa3a3c3e91a9697f88fbfd5220336adc4cf12301021fa0c5c6c2e5990bf1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html

Filesize
148KB

MD5
4095157371434b5efce5eacceb3cac49

SHA1
e843b7f54f4e6caa37291cec42b840082bd31c31

SHA256
6c02ffdbfd9969fd5cb984bba8d84bb07bac13ef0d5fafbfa68c5c50b9806031

SHA512
ff589847446d43f524239174e02c01648a1c9c05ef7d43bbf54245a4f5707c141232a0235818a2480e96a4e2f5ae9a998d4ce09505e81b0815815ef575396e11

Download Submit
\Windows\SysWOW64\rundll32Srv.exe

Filesize
69KB

MD5
3284b0d95ae1f80355da5e04e79a6be1

SHA1
642bbb026f238a4eed9931772869b637621d98c8

SHA256
f2cf33052bb9ed658351e1ff0687d0602a1f619e0976cd45852d3eb109aacf60

SHA512
13712a19409818ecb66ecb2bb045a5800e4362f0ff0e9b2d158590fd501c35861ceae195f8171301ef6e72dd3b6f28184af31188836d92c171bfa6bedeb98547

Download Submit
memory/1296-28-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1296-18-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1296-23-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1296-22-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1740-1-0x0000000062840000-0x000000006286D000-memory.dmp

Filesize
180KB

Download
memory/1740-4-0x00000000001E0000-0x0000000000239000-memory.dmp

Filesize
356KB

Download
memory/1740-10-0x00000000001E0000-0x0000000000239000-memory.dmp

Filesize
356KB

Download
memory/2220-44-0x0000000000370000-0x00000000003C9000-memory.dmp

Filesize
356KB

Download
memory/2220-58-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2376-24-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2376-17-0x0000000000280000-0x00000000002D9000-memory.dmp

Filesize
356KB

Download
memory/2376-11-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2376-12-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2500-72-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2500-70-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2500-54-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2500-52-0x0000000020010000-0x0000000020020000-memory.dmp

Filesize
64KB

Download
memory/2500-59-0x0000000020010000-0x0000000020020000-memory.dmp

Filesize
64KB

Download
memory/2500-77-0x0000000020010000-0x0000000020020000-memory.dmp

Filesize
64KB

Download
memory/2500-71-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2500-64-0x0000000020010000-0x0000000020020000-memory.dmp

Filesize
64KB

Download
memory/2500-68-0x0000000020010000-0x0000000020020000-memory.dmp

Filesize
64KB

Download
memory/2828-49-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2828-74-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2828-46-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2828-47-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2828-48-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download