ramnit | 761116986cba07759d63894c2a71c0cf96801976ff5fad18138b9a249e4635be

Analysis

max time kernel
125s
max time network
133s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d99946b65fae1e7aebf1c0b052a51f64_JaffaCakes118.html
Size

158KB
MD5

d99946b65fae1e7aebf1c0b052a51f64
SHA1

2b4a6cda7f72292c50c907936c923f621392eab6
SHA256

761116986cba07759d63894c2a71c0cf96801976ff5fad18138b9a249e4635be
SHA512

bd0b62aced84e12a1b2ae37bc4dd94b99be4594c6c36cdf245005e9bb52351af32b67409ca901b72861337e265af3d96df9c1f0d15a3412ea0eb2a910f41ee38
SSDEEP

1536:iCRTVZZ0O9O6xGyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iQyOcgGyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2476-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1580-452-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1580-450-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1580-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x000c000000019490-447.dat	upx
behavioral1/memory/1580-446-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1580-445-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2476-438-0x0000000000400000-0x000000000042E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439908799"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{374923F1-B628-11EF-A5B7-F2BD923EC178} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2372	2420	iexplore.exe	30
PID 2420 wrote to memory of 2372	2420	iexplore.exe	30
PID 2420 wrote to memory of 2372	2420	iexplore.exe	30
PID 2420 wrote to memory of 2372	2420	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d99946b65fae1e7aebf1c0b052a51f64_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    PID:2476
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      PID:1580
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:472079 /prefetch:2
  2⤵
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
931b8dd676e8a28df9f2444d648adfa8

SHA1
67ea77abee935c3cfcf64aba86502dcb08d429c3

SHA256
0e4e94e3354732ba2ce4972b6678348eb02d00dd09982e7db3b299d272cab900

SHA512
2e2630683d11b500fb4876136c0a96a294ee61cbc1a5f94ac271598ed404156fa799bb7352221c98f09f19f00c6ee297f3320514fc7304af9f95c00919ce09dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0550b8a42feafbd98e93f9969677997a

SHA1
6f8642d4e83c2a023f13be264852f6530779a063

SHA256
78b46afcb754bbabfdb9d12578658eedb4a69f4cb586d2028ebd3478007cf5f4

SHA512
4a7c495421c44a789821f889b64f315e3eedc389a7d04fa4b79c91e1438178d64a90010419c69af0d9264406d3cb37b58b0244d469dd59b01d6fd1ca26fc6405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cccb1aa3ebf6a15541cfff7afa8bb3f4

SHA1
e8c0e3f911791b77f7a0bc515640c62ab263c31a

SHA256
27fb1172a3c4dc88bf1421205f7e2fee6734b275de102ca135f989489df866ce

SHA512
2c25c88905c982c4aa04d415cd8ee8c3570615808f236216318a5f1babcbba22c79ac220f3ff400b7569f43bd9b9d8903223ee9a7b6905a60db83abcba410bd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea057a00fe5bcc65862726e799de3d13

SHA1
1f4facd4a4202d3aa1a2471590d081ed4440c1f5

SHA256
c515b41901ec2382370b40c052e3e89e021bc2420f7942ee911253fe267eb23d

SHA512
d76f3be36dc142ac51fd962d3f8bf838ceb3f353d481972e5f98f46d9cae4fef4b947cdaf8b4291b34a14d5a2ce057ef2c410b50d2c8f2cdd814f397b38c3cec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4e2630d3147b8e6b3564295f7a20c02

SHA1
ad2d8c20afe719e4e5f97076cda68648efa6116b

SHA256
0ebf4686bd365b9e1101c17820201fa591c78130c43095f5171c37dc9f762e97

SHA512
fbbd9027a760a410f0e378923a4ee1217daf031f924d3e64da719671aa01336170fbcab7ba3604ab6cf53c3db967676875a93b166d5e4c53635541425645b73e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a50692ca04fe4ed26abf82680611acca

SHA1
74b14c97500034456b3493902693038f05f6d32b

SHA256
98580b54201839036a079956327c006009f6e0055c8124a1508b7c1a50e8e030

SHA512
3125314d364d58d86f22f0dd4ec7e1d75e69e57dc08760628b87f3db2b8ebc044fa562a7fb77d931b8fbe062ebedc691e1856f9f7f09b8bdcaf9e92e4a6d8af2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1c2993deb647d7ab089db3f788823be

SHA1
6dea91e64042c8b7afc2b10deb1714dcb07edb95

SHA256
8ceb6a0515e424f2bd01cb008a222b3801983141a5d147e0ea3b80f31f00df4c

SHA512
7ccb992703797aa203a4c2940ae4315f48e5d927bb6e32ab123ef2a4313c108b644c545023a32f9e5c8167ef9af1736a52ace2674db756acbc459ca57e8885db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3f92ce39ef12f45b143c99eadf064bc

SHA1
a087d1b2a2593a0af950d4bfac6d64a5198eaa33

SHA256
8a47ba34b02d9e6d69c3a75ddc6a0b5a760a831ee27c701bd2be4a202048c3b8

SHA512
df81e67114362466b9dc91b36d76a4dc0940a1ba0746e6785432d74e3c292c8be2445358ea4f9a292f5f0341bef816be6cd63fcfb96307ca84191ff453b96016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78f28111d9367bde4915719895657522

SHA1
3a9dbb33bf7712ebdcd22af1db2876d7a37a1bfe

SHA256
b6b77bbb768882fd86eaabe8d0e388e1f90ebf8a77d91fa7b96485cf560a6435

SHA512
4e45a3c6763f45d4976992b3fc2b6033ac325ac91dff1271863549f7238f742f701aa6d1d1a059627be93651f95285235824d3e33ce0825d0a802d313793c9b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1208fab4301f2a104c370d1fb1921458

SHA1
e3328dc577dfdb519b4eb71961f24d66d6d94e66

SHA256
ba153af4f9577571ce46fd7b70a0d431359418c8da298c4a69c6438f776260c0

SHA512
be8b04aa686291273bfe477ca79996376b37ad736c6783497a726ca5e6e551b1c44a928e503601ca8951d00ccf0bb50d5a26cf085d629b32463db76a947ba267

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19d2534d3067f5f3c668f28ae70aa070

SHA1
903c49aaec4ee2210c8886ac2ec69cea23913442

SHA256
c7856bf5b28d9c0c93974c330bd164573514aab48ac6fcfdc8dd8e720bc9ea3c

SHA512
5356a93c2f0041f208df3dd8acf2f4c5abfc9e85f961a23a204a9e15f310dc2be141102093625e72c2fa6ff74853ad006902b4462a8721967a92ef7e80ba9bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ddca6816913786353fec523363b5b43

SHA1
3b45c68312c092b0bc2689253ae3188b1f62002b

SHA256
71ea6d947739bc139b40455203c4e9ea378d660293407cd999d0f7d7e04eaf09

SHA512
dbd21bf9a16483433e738ab5ce3a8ca4b14d05ae62683fb80a1c2234abafd41fb37eb08f7c0fc576a4a07449bd34f1aee9ebd1018d25ed98b790ecdfeccb4b59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbb654cdaa04c2dd5490a9a292ea7411

SHA1
0d525eb285cf04d594e8a38dc11623ba19b92329

SHA256
139408eda7fd3dbc482def6707bb150ad118ad8611c866662222bd4f40bc5456

SHA512
9ec58f4c80a575e7dda78f299ef12c604772b558b777160c40ef1709a264ae780a59af43535acade0d5087e39e5c28c739f8541d4bc4d70e7a6704951239a320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b8eaf6251afd31d8bbc32601977733a

SHA1
485b4f34c0e2ad461cb8b0174e38847d97c3a62b

SHA256
897104cefa4a9b8739897f08a4813eb9e27df125ca4cc5375a0e9f306dae80ba

SHA512
e8311a19ef5d6e6867808f5ce0e8c67cb73fe981567a82e46cf2cfef7426eb20b494448283de5f048276b3fc37ae558a67469b4f2a06942b6dcb5b1a7fccddef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df1af493b385b45ad1d9dbeb46ac9e0e

SHA1
c12e046ee602cf302fb81935ad1e9470d5d65c7b

SHA256
d96e9421598096b35ccc95c67120cb0f8e2a0f9094ad3d9f999887a4e518f77a

SHA512
d50f55e24028f9c84fb43d99a1b64d8b275a5a043281d5e2950c0282d485948fd7b84ba68dc3b7531716d151475ef7b0408a93f8cefe657d1ce6c7f8d660edfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f62c797e7c0417e0deb7ef3d8338a95

SHA1
fff9f301cf6ade6ecae6808bed0110d22f64bd21

SHA256
2d20047dc5862d2f7301608a0e4308a09228ecb74190145562449b5aff401581

SHA512
cc07c723825cef7e626416f3fef8a6e629ea9094e314d20499b06670aed49e2b2c9dfba2a8e7a8f4428d4bdc39a85657954ff05124442efb96234b6bbef8da9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7455814531e70192fc32aaec3f59ac58

SHA1
f558e8d8eac198c5c09c0aa27eb86fd767108f5c

SHA256
27211fd3ada3d5a99fbb21d721aa704f595a010c9480e998540d6f5e6816b247

SHA512
9b8edc07eadb6a413f16e30592dbcd11d86d6b2ebc3684a04d9b31546f07d733ec76b42da6667e45f486d123f0c40f7a5311ce080254876cb5277879b73935bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc03256b17ebadcd97391d43d20eae87

SHA1
81a102697d1d0a8e71ae6dafdc7e54bd30626be3

SHA256
1eebfb8a7f5e7ac2de9a87ec4c2e714bb37790ada80843447f7fdf74b9c137a1

SHA512
b4efb07105a07018f770bd872ac61cd8b6d046c94c6f99b1dd38c9d7b4ad7041de5efb37e98106838bd7a3edb38c0df5bc58355df18ed97c09008578fffae7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab94D2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9581.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1580-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1580-445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1580-446-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1580-450-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1580-452-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1580-449-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2476-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/2476-438-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2476-443-0x0000000000430000-0x000000000045E000-memory.dmp

Filesize
184KB

Download
memory/2476-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download