ramnit | 0e18234e981840cd2212a920e860eb3b482bf59059733b86d4c1ea1d0a0a6c1d

Analysis

max time kernel
139s
max time network
140s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
10/12/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de0699dc7c74f78d9a289e75e4488888_JaffaCakes118.html
Size

155KB
MD5

de0699dc7c74f78d9a289e75e4488888
SHA1

b90fa0658cab5c83199ea29ada181cdad6e1f2f7
SHA256

0e18234e981840cd2212a920e860eb3b482bf59059733b86d4c1ea1d0a0a6c1d
SHA512

f7d7c04b9c3f7aad7d2224ab07ff6f6241473064c2ae6ef496806159319e70d91e8c7b569c95b58b56de10bf5242efe13f8f0ffa294147b82e15eea2a391f1a9
SSDEEP

1536:iRRTZ/m1w1zyyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:intNyyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2236	svchost.exe
2540	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
1324	IEXPLORE.EXE
2236	svchost.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2236-435-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x002f00000001949d-433.dat	upx
behavioral1/memory/2236-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2540-444-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2540-451-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2540-447-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2540-445-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2540-449-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px8FB2.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{799991F1-B721-11EF-A2DC-6AD5CEAA988B} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440015855"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2540	DesktopLayer.exe
2540	DesktopLayer.exe
2540	DesktopLayer.exe
2540	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1944	iexplore.exe
1944	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1944	iexplore.exe
1944	iexplore.exe
1324	IEXPLORE.EXE
1324	IEXPLORE.EXE
1324	IEXPLORE.EXE
1324	IEXPLORE.EXE
1944	iexplore.exe
1944	iexplore.exe
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1324	1944	iexplore.exe	30
PID 1944 wrote to memory of 1324	1944	iexplore.exe	30
PID 1944 wrote to memory of 1324	1944	iexplore.exe	30
PID 1944 wrote to memory of 1324	1944	iexplore.exe	30
PID 1324 wrote to memory of 2236	1324	IEXPLORE.EXE	35
PID 1324 wrote to memory of 2236	1324	IEXPLORE.EXE	35
PID 1324 wrote to memory of 2236	1324	IEXPLORE.EXE	35
PID 1324 wrote to memory of 2236	1324	IEXPLORE.EXE	35
PID 2236 wrote to memory of 2540	2236	svchost.exe	36
PID 2236 wrote to memory of 2540	2236	svchost.exe	36
PID 2236 wrote to memory of 2540	2236	svchost.exe	36
PID 2236 wrote to memory of 2540	2236	svchost.exe	36
PID 2540 wrote to memory of 272	2540	DesktopLayer.exe	37
PID 2540 wrote to memory of 272	2540	DesktopLayer.exe	37
PID 2540 wrote to memory of 272	2540	DesktopLayer.exe	37
PID 2540 wrote to memory of 272	2540	DesktopLayer.exe	37
PID 1944 wrote to memory of 1808	1944	iexplore.exe	38
PID 1944 wrote to memory of 1808	1944	iexplore.exe	38
PID 1944 wrote to memory of 1808	1944	iexplore.exe	38
PID 1944 wrote to memory of 1808	1944	iexplore.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de0699dc7c74f78d9a289e75e4488888_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1324
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:272
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275474 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f32f8606a43639cca7ef18b5e4a5d3a6

SHA1
9bc1c95b2383ac0fcb81ada698d353f3e5a18fda

SHA256
5b303723499a7b8d19c512a60541acda82aca6cf73bfda2cd5d7eaa23cf35495

SHA512
1279be1269bc787a9265e25cd5c51b48fd0b483f9e0e73b8cfa97d427de3399d532c2bdc26be919ddac0d6b78665ab75bf07d749531e71cf1db0b9011e0e62ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9616e6f31e25d2dddf633561cfd925e3

SHA1
4cf3ea01b2f3e684f2003c9535ff46e12ee9d6db

SHA256
6d19a1bc799d8a4105dc77f81498b948825538176f4667028b7c422692103abc

SHA512
f2e2d0ff7e52f69fa26fe5b7ef06820f1437f707c6ea1f903e8ec7ba56e43a2a54ea9bd0699479e7f0c0d8703d75f5d22195d0d8310655ff19fd7f50f4d03172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35faad76d719ef9effc786a1af77d204

SHA1
89067cc227d96cc49e730277900b7790a2a985e9

SHA256
9dedc3672844c388f605fc821024557529becec14c6b0772ae8b71c30063444f

SHA512
1ce8ce636d946e734a1e46f94bbde5980eb079f6b1bf6d0099eb1087bbcca74d36fd67cd00dd35f6d459d2d5decae0781b2c88224ce31032d87d133befc9712b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f6d185e17ab27ab51b41b1f68bb798e

SHA1
bde70cb2e832303e62cc36bf05eef63a5965fa2e

SHA256
c050090dbb77ea2db6ac356aee50cf1fa3ff82c67b8463e53a9d6fe44135d69f

SHA512
ca1f1793a11efe27eb51e0c4edd7dae818fe976a4e19dc12b2bacb5a8ccc8a7f0168986225bb7419624ab5df4272ddcb4b5aa6409dda1d466dee155af8894077

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
254be3f4c680cdff95b65a21dcaacc12

SHA1
e3201e7c3ac4514fd620342b18764fc529438764

SHA256
b3893e7985c337c8959e76f90f2de8249f88349865366bdd540cf1039674d8d5

SHA512
cdee546a848d7f50aa56cea59ade587c98954322791dd9813f378901a8527dffa83de5f1020b79d4ad2726bfa38529b65080d5a2e48a1dc093d2e427fbb4f522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72ea67108277f177c7716df197f015b8

SHA1
494efb34b5cd7b73004d9969802918af4504489a

SHA256
0c05b4a976bb909af955bd92d01a3f0ca4a45fc750bc8ae413b57a849d38f7aa

SHA512
6f21514fd6708c9fb5ab7427de16ac8f541d68031562da0848ceac48305760a0a3f2ee9cb8074bd0ee6a416d9666f9fc738d2c2f2aa95e9d3c216388ddef1821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b84ecc0b8bc821498061843295bef1f

SHA1
a805b5aa23cb98ece9e4362cfb1b02081fad32fa

SHA256
620607dbc52bdd7a1246d5ea49f948850f7fb50790c080d9923c7fec1e702bc0

SHA512
453b1ea15e98f9eb27b318e23536cbcf94954773b0569b2ffd09565986a8af39ad31e825d795573e3d1ff27e86e7084cfbd4cb8711cf412f1c78d625ecb61e29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4832c7895762c6118ccc99624a359eec

SHA1
766958b077f5c4efe6328de0fafd907c9234a758

SHA256
1962012dc15b9ea41b9643c291ed712335866a42123b52fe8b6fa1e790141375

SHA512
d4c6506d077df209c79df6cbaee7b37b563b4801b62601ec86ebc77a4e9fa4528966b40a2b404a36c4065991182be0aa4baed071cef93c8d07060c68adf74a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ec1d72c1b372a45ab8b91051e5df576

SHA1
1c5d99be90531e448a75e06b1208e44ffe70ea74

SHA256
002d078fb8c304319f039762c889fb3b24ba116458e677213ba3106e8c89d428

SHA512
11152825a1bbbb2e8d7341fa6ac6dc883e87fbdc93e16ce79be91ef42e0a9efecd4400b75e5af368f3b8804fbb9a5ffe22ef79341c071b7182530862aa6ad99a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7757940040ce23f68dbe2a94b8cc51aa

SHA1
9ada99b84dc0b90a239841a49b469489cfb1e87c

SHA256
e6f9edb57561b8562deecb0095c40fbdc56b9dc55ef680f0b496f9a702ba537e

SHA512
087999733c4ed0c5449c4f633e8f1259edef80e1da20a14bd1cb39856cadb37d02e1541114b08269262b7819328862c38523c6d32398e90afb599fa3f7f43bfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7d58b007104562f701b13d0d9bcefd3

SHA1
abe8ec1004b7b46665098469da2977b04c556567

SHA256
5e455557976b2eea431f96419a3fd705a40a81500e16f9bb571bd69dfd04b8ec

SHA512
a151cf4086fadf8ef14e42f0cfd37e7aa5e4d23a35dcca0a025f1f5b2a5ad3f39ae46ca208f455c89004922d842956e5447215c61930dfd9eacd9108068a6dd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae601a285d08453f929b59bf83b4d9ef

SHA1
1c14a83ccbdcb1f7560ff58bd717944c5f62cf26

SHA256
5c66ce9a0dbd4ad3ec39d83d418828b6dc16e8d1e0a3333024b30255e124bfc0

SHA512
7c0a774ea5e8edb93f7400848d5055b37977b45d2ba2e67192a913b58fba70ba8c4fe566c11cae13eace996da39c4fb4e88491f65908f377b1f393fcbb37100e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5C1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA681.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2236-435-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2236-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/2236-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2540-444-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2540-451-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2540-448-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2540-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2540-445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2540-449-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download