ramnit | 5ab4767f4c76601d4f451ae5b5a6a7c458c53f7d589c1ae276fe3d3c4e3c6fa5

Analysis

max time kernel
94s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 21:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

deecff79f2e318ec28cb6b09a5240208_JaffaCakes118.dll
Size

148KB
MD5

deecff79f2e318ec28cb6b09a5240208
SHA1

e63bfaa79707de9ac686cca86c968294a7a6d55f
SHA256

5ab4767f4c76601d4f451ae5b5a6a7c458c53f7d589c1ae276fe3d3c4e3c6fa5
SHA512

8bf353f91c39f7d17d04107df771475c43cb5152bbc4ab54b9ea69eeddcf2088c5fc522dfdf00d7e34840deeeb68da3dab049c27dc4912540e752d074546a059
SSDEEP

3072:WnivvB+kylk7CVxyI8pa0tKIZv8q+/iTETJNBi3F3l:0inBL2gxZv8q+/iTuHi1

Score

10^/10

ramnit banker discovery spyware stealer trojan worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	jFVnPayM4

Executes dropped EXE 2 IoCs

pid	Process
1048	jFVnPayM4
4672	iorxjgedknceugqa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4112	4816	WerFault.exe	85
3900	1884	WerFault.exe	83
3944	1144	WerFault.exe	104

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iorxjgedknceugqa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jFVnPayM4
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31131171"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31131171"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31131171"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1810447049"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31131171"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{975E4F7E-7216-11EF-AC6B-FA03B01A99D1} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1808259620"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1808259620"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2007634719"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433027657"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1884	rundll32.exe
1884	rundll32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1048	jFVnPayM4
Token: SeDebugPrivilege	1048	jFVnPayM4
Token: SeSecurityPrivilege	4672	iorxjgedknceugqa.exe
Token: SeLoadDriverPrivilege	4672	iorxjgedknceugqa.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5088	IEXPLORE.EXE
5088	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5088	IEXPLORE.EXE
5088	IEXPLORE.EXE
4472	IEXPLORE.EXE
4472	IEXPLORE.EXE
4472	IEXPLORE.EXE
4472	IEXPLORE.EXE
5088	IEXPLORE.EXE
5088	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 1884	2912	rundll32.exe	83
PID 2912 wrote to memory of 1884	2912	rundll32.exe	83
PID 2912 wrote to memory of 1884	2912	rundll32.exe	83
PID 1884 wrote to memory of 1048	1884	rundll32.exe	84
PID 1884 wrote to memory of 1048	1884	rundll32.exe	84
PID 1884 wrote to memory of 1048	1884	rundll32.exe	84
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4816	1048	jFVnPayM4	85
PID 1048 wrote to memory of 4372	1048	jFVnPayM4	101
PID 1048 wrote to memory of 4372	1048	jFVnPayM4	101
PID 1048 wrote to memory of 4372	1048	jFVnPayM4	101
PID 4372 wrote to memory of 5088	4372	iexplore.exe	102
PID 4372 wrote to memory of 5088	4372	iexplore.exe	102
PID 5088 wrote to memory of 4472	5088	IEXPLORE.EXE	103
PID 5088 wrote to memory of 4472	5088	IEXPLORE.EXE	103
PID 5088 wrote to memory of 4472	5088	IEXPLORE.EXE	103
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 1144	1048	jFVnPayM4	104
PID 1048 wrote to memory of 2600	1048	jFVnPayM4	108
PID 1048 wrote to memory of 2600	1048	jFVnPayM4	108
PID 1048 wrote to memory of 2600	1048	jFVnPayM4	108
PID 2600 wrote to memory of 3200	2600	iexplore.exe	109
PID 2600 wrote to memory of 3200	2600	iexplore.exe	109
PID 5088 wrote to memory of 1580	5088	IEXPLORE.EXE	110
PID 5088 wrote to memory of 1580	5088	IEXPLORE.EXE	110
PID 5088 wrote to memory of 1580	5088	IEXPLORE.EXE	110
PID 1048 wrote to memory of 4672	1048	jFVnPayM4	112
PID 1048 wrote to memory of 4672	1048	jFVnPayM4	112
PID 1048 wrote to memory of 4672	1048	jFVnPayM4	112

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\deecff79f2e318ec28cb6b09a5240208_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\deecff79f2e318ec28cb6b09a5240208_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\jFVnPayM4
    "jFVnPayM4"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1048
  - - C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      4⤵
      PID:4816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 204
        5⤵
        Program crash
        
        PID:4112
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4372
    - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5088
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:4472
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17416 /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1580
  - - C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      4⤵
      PID:1144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 208
        5⤵
        Program crash
        
        PID:3944
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        5⤵
        Modifies Internet Explorer settings
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\iorxjgedknceugqa.exe
      "C:\Users\Admin\AppData\Local\Temp\iorxjgedknceugqa.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:4672
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 792
    3⤵
    - Program crash
    PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4816 -ip 4816
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1884 -ip 1884
1⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1144 -ip 1144
1⤵
PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
84231e6b703a4b64fa601076af9e016a

SHA1
210e330be937e617085d28bf356c990a49dce0a5

SHA256
e10b7b5f4f3291d340cebafd2d87bbec8689ffb1750a813a2887b6cd31ce61b3

SHA512
e13fcb1e344dbd4cd9429faa51f61615ce602908e3eabb7ae9190e745f38747b62b563ca9c0c71abecff1fc398afd2652d32ec37511061d2dff2356aaad0b8d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
82d9f4716306764e81cf132d1443668e

SHA1
35b4729d90e289842c7682edd79fc02379e32989

SHA256
898eeef721d490da902818a7bade9f38220149a16b648e7591e7d7ba711a366c

SHA512
03ade0ebbfc5d1db0bb3255b0a03c3fe29b84397097d73054f219989a9cbce0570f02f1f0b03b3cb326e82088a617b94fa95b45777b60fd025475d73426a8635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BRZNMQLE\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\jFVnPayM4

Filesize
95KB

MD5
728a53df2a3d2f5307fe1cc77179d2a5

SHA1
a3c9de63748878de218c872e97eef0de767df853

SHA256
d9ee5d0e2dd387be3a501cc88cb2b2b310016cdedd7a83be402c203e4dc76e9e

SHA512
7496a435296ca0b08b554fb779ab3eb6709064a480a93e6f948f14a072cfbc1fe7e7ac8a31ea572b7a9910ad6b3d6e2019993bfd609d199cefd61c609c7fe893

Download Submit
memory/1048-12-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-44-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1048-4-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-9-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/1048-10-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/1048-6-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1048-7-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1048-17-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-23-0x0000000077002000-0x0000000077003000-memory.dmp

Filesize
4KB

Download
memory/1048-19-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-24-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-25-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1048-26-0x0000000077002000-0x0000000077003000-memory.dmp

Filesize
4KB

Download
memory/1884-15-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/1884-0-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/4672-47-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4672-45-0x0000000000550000-0x0000000000552000-memory.dmp

Filesize
8KB

Download
memory/4672-51-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4672-50-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/4816-14-0x0000000000A00000-0x0000000000A01000-memory.dmp

Filesize
4KB

Download
memory/4816-13-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download