ramnit | 51f894fa0cfc6ff2b5eef226d676c108bf1e22380da8ba6bbdefbd1b1f65efe8

Analysis

max time kernel
133s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe
Size

2.4MB
MD5

dc1ee6a07a4f65ebf43b9d8d5e3c307b
SHA1

0928441e4f6b7bc2778c7cdf4cd2e547a9f285de
SHA256

51f894fa0cfc6ff2b5eef226d676c108bf1e22380da8ba6bbdefbd1b1f65efe8
SHA512

4e87db44efad77e1c618ccbbc85e963da3dfe587dbaabb750fff0d0798edc3ac339709a1871b873e0b9742a16dcbd1d461fc47ac2b21cbcdf21d8978cb90eae1
SSDEEP

49152:l+0BHZGfL7bE2tPPU59/s3sNNOwfSCqwILfNiD1E77ELHQbrMSUWW79:l+0SL7ptPPU59/s3sNNO8/ZILfNipEXu

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1292	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe
2352	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe
1292	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b0000000120dc-6.dat	upx
behavioral1/memory/776-4-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1292-9-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2352-16-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2352-18-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2352-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2352-22-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxBD47.tmp	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DB01731-AB48-11EF-8BF0-428107983482} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438713199"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2352	DesktopLayer.exe
2352	DesktopLayer.exe
2352	DesktopLayer.exe
2352	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe
776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe
2800	iexplore.exe
2800	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 1292	776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe	30
PID 776 wrote to memory of 1292	776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe	30
PID 776 wrote to memory of 1292	776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe	30
PID 776 wrote to memory of 1292	776	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe	30
PID 1292 wrote to memory of 2352	1292	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe	31
PID 1292 wrote to memory of 2352	1292	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe	31
PID 1292 wrote to memory of 2352	1292	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe	31
PID 1292 wrote to memory of 2352	1292	2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe	31
PID 2352 wrote to memory of 2800	2352	DesktopLayer.exe	32
PID 2352 wrote to memory of 2800	2352	DesktopLayer.exe	32
PID 2352 wrote to memory of 2800	2352	DesktopLayer.exe	32
PID 2352 wrote to memory of 2800	2352	DesktopLayer.exe	32
PID 2800 wrote to memory of 2668	2800	iexplore.exe	33
PID 2800 wrote to memory of 2668	2800	iexplore.exe	33
PID 2800 wrote to memory of 2668	2800	iexplore.exe	33
PID 2800 wrote to memory of 2668	2800	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnit.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:776
- C:\Users\Admin\AppData\Local\Temp\2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe
  C:\Users\Admin\AppData\Local\Temp\2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdedb7d0bd4bfa3972a19452467ec5cf

SHA1
4949dd8dcad937470a1474a1cdd0ebaa0bb30c37

SHA256
caf3374d4f8d6f162c87be1935aab4b287c9c985dc3718d255fd8420cca2dcbb

SHA512
a8aed42cb79dcd4a27baddbb1adbc5024446a9624d23d0f3e578c9aa48ef379f27402ee8932c3928bed62299748f69221c3c96181b591c25c864c1938de73e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45221e74395e498d6da6f6e4a4648394

SHA1
30398e6d3f14a7c03f0a07dc119482d3031b9aa0

SHA256
a3588504f8fda316e4f486031d46b6f144b37cd1b53d312fd352f2ab0ce259eb

SHA512
d9ddd627131883941019df918abd94638fbf09661fe5e91e68fd4254255f636c2804cf86291abe4efae6a0919cd210ef22d5335e1438dcfc8417fe05a0aebb6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb0b9f49fa1aa73c61a2a2bfcb0eafa4

SHA1
8a9c1711ada32e5696ec71a7958a79361ee3bb55

SHA256
e024e60c7f7ea5804cf8a25edb55698c77a8df8b0fda0eb2a264d0a8c1039c7b

SHA512
fb966ce3dd6affe097de705ff5f80035e385a3d3c5a9a7e564932ec658649b4862c66db3e4aa485dfea2b8ed445c6416cf4cadbb6548af9a88947915f2985d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed66b82510022f04f1b2f42bb5c8a099

SHA1
5208ab600044a6274cd880312871ccb09cb5ae4b

SHA256
cdb846eb276a594aa38c8454763ab577b5d797e6a8494b7dc41dfbd8cc4b3558

SHA512
cb79df6201a0409eea80316cb1c060f08686108c66a0f2fbc9067185bed892c4080c04a9a23d325172566c230e12780b9ed37d400f449afb725e9ad9bc6ddd32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
719341a60ad82666010076600d3830c9

SHA1
21aaaaf9e07ff38e95e77f40841a4dc886ebe058

SHA256
2c69b59a1848a1678f497642d3fd4f0213d0c8cba888a59701d6c17469510c29

SHA512
0ce25c78b9dbee8cdc268f1f6b1e56ff3032b1d686d100816c0179fb6bea17ac2596c4fbce7e0e8ed49e9c4e231e707281efbc36ce650f2e423d1d7add377825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
694e06ec6ae89a3b40c468b3980ad4f2

SHA1
5ae58e81d12d6a8cac2b72043dd12f26505ab731

SHA256
9bc9beb8e61cb0c844a8befc27f55b522b63f0de4d4be3e261fb0a1d25750ec7

SHA512
fe610fdb58786a2a537a892ff69bcf89001942d1bd90caf500832aa62fcaf64ccd29467c58cfb6e78e3848f464e002fed3cb1223df2e202dd58136f3edeb3f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da4247764e6136dba8f34626b1d85ce5

SHA1
e10db13c9c4062fb72b481eb014c36dcf835a034

SHA256
c70efa68670c366ee9c6e2e923605c63df89ab010126ac33e8deeaa0a682e636

SHA512
05d71e1e620747129346c19a343c1a79977851e59652650edb7660a2d477247e87e6c828388363c1df282630730a38f2fb41c1d023597f60f760f27eb772ef7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf64b66ffcb0242bded5e914289ac9fe

SHA1
58405c70daf7005279b5b8ae11c777b626e581b9

SHA256
84a3398ac04e1d2c1e2410349cb38c6c43705372b7051e34a5ac9858289d8da2

SHA512
1648e050b5a1e12d34a7cfe6186a194d0b626918e86f8d592b760ddf8c87697d4506acf1de6ae635097fe86281c5e6ccfc18629a56c5c385faa8011bad5b16e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a6f08d099b3efb0766e60afe322a343

SHA1
f15a2a93f84d48e8e2650fbd9dbfc51135037cb7

SHA256
7ab8ce9ab32a8feaecee1065e9833c6812d798a507a6d05a68fa395488d4bd5b

SHA512
49c4e16eb316d15cedee37b935bb9d35b9996ab73d2edfadabe57ec771219d5a3ca136ce80f4aecb83b883deeddf7a4d3b1ad358843643e18c1b5e81c9e59032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83bf9a0946ac22dd7e7aaf53ac76cf83

SHA1
4d0373ffad302bef485222d97f35c554f3a27f24

SHA256
a8b12cce0face602740592dcafbf9a9ca5762ca178031bb67807576abf568f4d

SHA512
1e6d943e7a0e7881f4f6ce4c9d7bb5dd7acb7cf383cd977381f45c635c93cac720334458391b4713dbead1a086f077fe2baee49c4eba97242908abefcb4a0ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-11-25_dc1ee6a07a4f65ebf43b9d8d5e3c307b_avoslocker_luca-stealer_ramnitSrv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE4A7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE4CA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/776-185-0x0000000000AF0000-0x0000000000D54000-memory.dmp

Filesize
2.4MB

Download
memory/776-24-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/776-23-0x0000000000AF0000-0x0000000000D54000-memory.dmp

Filesize
2.4MB

Download
memory/776-4-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/776-0-0x0000000000AF0000-0x0000000000D54000-memory.dmp

Filesize
2.4MB

Download
memory/1292-8-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1292-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2352-19-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2352-16-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2352-18-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2352-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2352-22-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download