ramnit | 705f7b5e18d04ce4240861dc3f5afbd3c5ab83186fae19fef38e7b37ed1c1891

Analysis

max time kernel
146s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90ab2251631f460b6298590e85a58669_JaffaCakes118.html
Size

158KB
MD5

90ab2251631f460b6298590e85a58669
SHA1

b7d405c935037b4d7e7562f8637c68e594c2ba5d
SHA256

705f7b5e18d04ce4240861dc3f5afbd3c5ab83186fae19fef38e7b37ed1c1891
SHA512

041c0c8a730e6be3ec917aac20c784378311296771f1d6631135e11809c3c8d51707340bec91392baf8e3c8fd95759003633f14964ca6543be7d572c1aad45a1
SSDEEP

1536:iTRTGUzZfcwuRsUeIEXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:i9j5ubEXyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

Processes:

svchost.exeDesktopLayer.exe

pid	Process
288	svchost.exe
2272	DesktopLayer.exe

Loads dropped DLL 2 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid	Process
2060	IEXPLORE.EXE
288	svchost.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/files/0x00310000000195b1-430.dat	upx
behavioral1/memory/288-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/288-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2272-445-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2272-447-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2272-444-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2272-449-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2272-451-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

svchost.exe

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px10B3.tmp	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DesktopLayer.exeIEXPLORE.EXEIEXPLORE.EXEsvchost.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438557982"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{168692B1-A9DF-11EF-B4EC-5E7C7FDA70D7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

DesktopLayer.exe

pid	Process
2272	DesktopLayer.exe
2272	DesktopLayer.exe
2272	DesktopLayer.exe
2272	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid	Process
2872	iexplore.exe
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2872	iexplore.exe
2872	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exeDesktopLayer.exe

description	pid	Process	procid_target
PID 2872 wrote to memory of 2060	2872	iexplore.exe	30
PID 2872 wrote to memory of 2060	2872	iexplore.exe	30
PID 2872 wrote to memory of 2060	2872	iexplore.exe	30
PID 2872 wrote to memory of 2060	2872	iexplore.exe	30
PID 2060 wrote to memory of 288	2060	IEXPLORE.EXE	35
PID 2060 wrote to memory of 288	2060	IEXPLORE.EXE	35
PID 2060 wrote to memory of 288	2060	IEXPLORE.EXE	35
PID 2060 wrote to memory of 288	2060	IEXPLORE.EXE	35
PID 288 wrote to memory of 2272	288	svchost.exe	36
PID 288 wrote to memory of 2272	288	svchost.exe	36
PID 288 wrote to memory of 2272	288	svchost.exe	36
PID 288 wrote to memory of 2272	288	svchost.exe	36
PID 2272 wrote to memory of 1920	2272	DesktopLayer.exe	37
PID 2272 wrote to memory of 1920	2272	DesktopLayer.exe	37
PID 2272 wrote to memory of 1920	2272	DesktopLayer.exe	37
PID 2272 wrote to memory of 1920	2272	DesktopLayer.exe	37
PID 2872 wrote to memory of 2720	2872	iexplore.exe	38
PID 2872 wrote to memory of 2720	2872	iexplore.exe	38
PID 2872 wrote to memory of 2720	2872	iexplore.exe	38
PID 2872 wrote to memory of 2720	2872	iexplore.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90ab2251631f460b6298590e85a58669_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:288
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2272
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:603146 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5961873136dcfdd73acf0a7739975972

SHA1
f30a5a27131fdf7ba0d05c70ea546e16a50ad783

SHA256
8d61d75ff09d628927c8fdc4984b5c9c5c81d6e3e3e6ae8d1f48dee5fe7ab610

SHA512
82021c04014ae244a7ccbabd34b1bebbb45b943a77d0d4550771aaf01673d374c724172d316d919bebb77e82d3ad050a855d871bbf20f9026c25bc18fbb7a331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fbdba2cbb774058884d2d53fdd5aae7

SHA1
ca6b330c68f03fa7e9812f7b7769e0b9518a651a

SHA256
21e24babff3d25c9b91b2f552bdcbfa51549dedf19a261c4dbd8457489984e36

SHA512
008dec7a3527e4d01e5ff22b017a4bd39836481c484920d6617a62cf95b5623f8b134fe2a666bd20a609991476deccd2e2281e53c0bcdf2724f6e363c68bd960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0280e124c929126d9022e5ca11d28467

SHA1
5099bad1d98e0559d09c6982be530ec02dda7e0e

SHA256
26c50bd4d0f8545270af0d5fac7939d6a67daa69c7d366de9790398e49fcbd2f

SHA512
23e2c91d2d056163b2441531c97f3da30cf50074515855621ff21490ea62f14262b5ca0e83aa261c58da0edb357a8cc6ad65f7d06d4660ea8bf540f8b8b9fe61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01641f8cd5f0c2e4a2bfdf59f9045800

SHA1
6be0fcbc7af91b8c1d6c0c87cc1175a63743b3c9

SHA256
4db2d1fae9a023affddcbd2348a902ba32302990e0ca6f594f4c9b08cd43dc9e

SHA512
fb21145ef33bb911ab33c89f4f788dd555683f2f4b2ea46946a36bce8204638e725b1e8919ef4847c2458d83fe93e582516ab9c2ac57a56ea8364f8dff038d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36e5bd30801e7b6f1b0f9f5e1c612654

SHA1
64923effc7421debbd83070c3e2310db3f60d8dd

SHA256
f759ef90485764a0118f481d4b6aa82bb4d4e2f93fa4267f4b47ba84525b5a31

SHA512
5730a9ba3a26cb58fe1ade4b92423fe2a2d60c41a98ee291511da38db9d2c56b4c197873e76bfc9137579c57c90a4f391c2a53dd0cee4f2b9840c3b4e7aec3c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60f5d2d16198fd34af5debfae4e14208

SHA1
e8f52b39a3d118aa4304d34e1d5aaa1a0326d5ac

SHA256
0b47fde5ee6cf33640fb8463b504a89353863d2b67d172870486979aef965cc2

SHA512
4dbf8d4c7bceb6663bbda2c333591a7ab33e7030fc308855fc83f17a79539993db67b17f5deb707dae8721d59005a4551dbe39f70d3e2bd9336cdaba08347c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea721ad6f211433b73fb71a2cba22c89

SHA1
0c8391c404fe311cd0710bb455cc9ab8a62c82a4

SHA256
85d59bbfe4d6c59133290ee59bedec8d0b58031c773aba0bb90f3bb59dbbd922

SHA512
832c282ebaf04ffcfe56c071f6ab26705bd2484e386e36a262dd68ecf2c9b1e865df685e6c28ad15454f2161baaca0e87e7a7824869468aebd9ade9cca766f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51f9aac90e4b8cc9540f88267fbe7a20

SHA1
174e7924a04d9b02e96bcac782f11c910249b231

SHA256
c064b85909049190b6014d065a85b6a9ace2fa012232daee620155000b072596

SHA512
2447801ff02020c421bd99c9410f815422f520649295b68e6f70ace3ad30edafbbef34d709f116f8c43b16d6097a37068b6f680fcddd5c6111388fccb40b2fd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26f603a036f7772219952afbc915801b

SHA1
2aefb3b0d3e25623e27343b84b22bd576d4bc832

SHA256
e04e64db5a9bdb851cbd65dfa67167bd2565eb4e5117444d8dadfd9f8b759df2

SHA512
8888f6f1e645ef859548ec302b5f1aab965fef3c3a84d798dcde9e791afe706c17b5d6048bc08c9838b9987acfb6bc4cdadd7145a1bd3f69a0bc13e9cda7402c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60ddb7362e18ceba7a6d5ea10c0909ac

SHA1
ae237bd06b4f728e0107937267841ad05c2f2b64

SHA256
8fe7ba6c8d7d27e28de02b9cf7136feb41a3ec827023f3290cef134158781baa

SHA512
98bf56eae0b0fbc01c275c0d03c03bcd29ac686b12fc90f11a41e032d1905c5cefd9f36ca1e95ed52b94d5fa70158c07996a6f839c9fd3ab0a29ef58453667ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab338F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar350A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/288-436-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/288-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/288-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2272-444-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2272-448-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2272-449-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2272-451-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2272-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2272-445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download