ramnit | 40626c451f1b4813c715d16c8a25e29ca23ad0eb749532c2e99fd4f62459eb0d

Analysis

max time kernel
65s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e38b84e9a6af635dc956f96437833d59_JaffaCakes118.html
Size

160KB
MD5

e38b84e9a6af635dc956f96437833d59
SHA1

97001250bc9ad9d91cdbff641387b5fffcf14ff9
SHA256

40626c451f1b4813c715d16c8a25e29ca23ad0eb749532c2e99fd4f62459eb0d
SHA512

b2aa6c607b2d9a217824bb90365d2955e43e95f7649b2338c5fd9af9c890d4d174aecfae35b81299c8be72b38cbfa8dede531efd6c69aeab1e2e9fb818ef138d
SSDEEP

3072:iQ5g6s0e6yfkMY+BES09JXAnyrZalI+YQ:iYs0efsMYod+X3oI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000d0000000194ea-439.dat	upx
behavioral1/memory/2164-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2164-447-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2164-445-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2924-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2924-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BDE8D31-B884-11EF-8EB4-4E0B11BE40FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1836	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1836	iexplore.exe
1836	iexplore.exe
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2272	1836	iexplore.exe	30
PID 1836 wrote to memory of 2272	1836	iexplore.exe	30
PID 1836 wrote to memory of 2272	1836	iexplore.exe	30
PID 1836 wrote to memory of 2272	1836	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e38b84e9a6af635dc956f96437833d59_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    PID:2924
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      PID:2164
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1476
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:406539 /prefetch:2
  2⤵
  PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88f5dcd2c069644b372e64f2a7d9a404

SHA1
e5040baf7d1547d5386bb8f3884a6bdfe013c3bd

SHA256
3d0877cf51b7c3ce8213a47e58e43e4b35c42bb128d87acd6680bac3282f36eb

SHA512
1d00ac50691b2f56233ab24c9844e2bcff2a65845981b6c5f4e9b0f4a2e35d6e33092ba847571002fed0d5f89f6bfc390e971d793a4ae6125d658b918c217119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6fc707d5708c99330f4e68fb8431a6d

SHA1
54241801cfc1abd39c06e084f477052c42d4c2fe

SHA256
85eb1b1b13013adec7450595319e939a504d4a67194811741d69cbce152f1bd3

SHA512
025f0711ebbd5ee07ad1b581f75c4b56db28894a4b4246b93048e32bfff25708dc71536dc87ddb6a22ffb56ef4e17a1bca72edaf0e04c92289a06b6a08477367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e320d4b82ac15ea88f3f4b55da6b83e

SHA1
393d53b81cc520e3be9da9faf5cc674af6afa5d5

SHA256
5371827d1f5391c55ead34ec2cbc45f23b1444202aa6c61a3599f5b2af60fa23

SHA512
77a98c4b62df4ce86425a49bd7445898361bf893ebd636a00ba6fefe4443c3f1dc853b8b533269100e92c42a9f7b38aa5d41c905e683dce5b5d6abe5244e2b41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b9a413f83787b7b40adbfb78a7991e6

SHA1
cbb7b53c18efe9b40d68f5d941089e18b1f6d3e8

SHA256
003eb868952c03a1d8af908d43d1229c2ffd27a705f6d91c0e017ae4c5822e19

SHA512
a067f15939d3ffced44cb0334ae2a9bb11516a02086047f16551ad5258b6d876f5e0fa4306fc206834a3d6e8c5c28beac814931ec6fd31f668615e1871594bc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24364982669bf46db14a265f4992e053

SHA1
62dbfbbb6443f09646f3587119bcf5868e50ea4d

SHA256
fe3ce42e5dfab36e3945bfd8ef551abc8d130e309eed8d7bacaf8fbba2472cc9

SHA512
c9ed4aa0ca70e8409b0d48d91b056c08acefa3bee1221058c9b2236bfe6f1aa2643ba0a7e1b6ea886eed5aea4c04c580d8abd13de25aae59ccd11f3bd3714f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef9261798a871b418d2c2ecfe04ee327

SHA1
66f3ac609edb091feb163fe02287f402870eeabe

SHA256
932fc3b8fe331a858532ed14c2a0dd0d2c743073b180152cbbae1c3ed3cf980f

SHA512
2349749093c5dacc4108c91402dda5dbd6bb141b7561cf1bc0d0b8a581a4c78b4540c14f4aff388c3bd3beaa3e15855ffeba7a64ff2e9781d143aec1b8d67b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b71b62e3ee5e545f65604bf5276ffc5f

SHA1
77b595c80a6ba31c309270c87eae533b388302fe

SHA256
db458566681d4e9dc56b9c22526d4db8d668a47e54373b7a07c691d4ea1e4673

SHA512
4230edee2a1f01eecbf823e590f1079ff21046f98f0de2f393ea3ed2719136886bbd26b388b4a292f311b9433a76188f8aab205faebabe6d2096f5a1572564ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc4267e8ce7876498e70f07d61a86140

SHA1
dad93937ca4b001bf8f5b6d3bd231cb2fc049902

SHA256
88b36dd31fcc33b90acdc2c48b2e0e94d670ab92d4ed40f57b66e96743201a00

SHA512
4a694733ef8c15500ea6cad320a1296301f07662bb17fb7e0c303bb7f5a5faaedbd01fc62e5aca16a0249aa88f303a45e3fdacaff7d903aa87d95df77bdeace4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dc8cb39df1621cc51c17ca9526c3d99

SHA1
5611d8e790508a425888ee792a61552637176205

SHA256
863c4fdc34e241e00240b61ead870d4547477b5895d1764ea7bbade7eb821664

SHA512
f02f29e064296f740fa93bf5095c7bcb6aac194b7a1455154f884c1d17b42f2532077a05eca2d867159bde7a00caf9e6e2bc12313068cdf985b2d061a255de73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d29e4129b78fe2072f1f35f7bd282d93

SHA1
e2de95f9017eb4b2d9dcd6e88013d693139acf61

SHA256
af1f9f4e06c2c1862b9d84913d541ea756699cec78efdb746278bb33adc3f58f

SHA512
30d07a307341b47ffb9d9befc36ec4e3d367d25eeae65b0f320896c48698b457955c18198e3d04cfa3fc2a131402db12d83b62b006f45a12ef28ea0e8e13308c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2b92f7d34ececaef9ff008dfc65ce81

SHA1
109909c42d15069351ed79723647767c6ea5107b

SHA256
256e220714f9ae99dd9ff7d67d21d259df4fafc953bc068df05250fc45bfd4d4

SHA512
a9f0ab461593f6ef37a38e5ea8e3241cf5bf8687dc5122316084abc3507aabc76a25c978449581d9572bdda339ea1b46ec2fa7618736c33cd5efb90198145d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ef7d971db437b24fe97c5ea2899e86a

SHA1
7ea0d2595b412269b893c347627cac401690047b

SHA256
e56271d25d7225d7947a9ff72abd889daba5b6af3fb34b492e88d0a0941c59c1

SHA512
abed9a448f442e06572cfeea0f59abafa57324c83a480fdd8c5f9051de3105f63cd48095a4d5f3302d9712ea6c73d710a695f8789f30793a5e3b3271a981ce65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fba7f0da65214556324f34ee6a1da12

SHA1
e93639fc072b03fd48e871580403b7ad0efb0376

SHA256
69e692848f31ec7e0dfa1bcb99c1c7ba07c7de2d8148de8adff4c28e392ff8fb

SHA512
4f06704328123f5b678610fc9af9df167ef95e46d7e9f974a16d8234b2d2b3258bc874cf5dca63a0a5dd157cd57ddfd263e59899fb9107862121ccc88ebda139

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c1e8db9b6501bf675a462cfbe5aa0b9

SHA1
5def949b8b1c8eba7cf2f53ad603daed9d4d4fc1

SHA256
9202238a456239b79c509b00bf274100036b98e7b4692ab5b6e61cd639996450

SHA512
31f9eec4e25a0c674436d6f06c48e0837a5e5039efcab8265f0abc5ea672e02cad70c58963651b035ddf0650a1b64da2acaeebcfb6468d2d48b1fac0cf2daa39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2129d8f2cb2808ea92a7018329259957

SHA1
a93e61ad14db7f1929cb7fa2c82aa03fc52c5d7d

SHA256
1fd1ad57db6b89015125560895166f77a6eff84c3cda197df925e6486beb48fd

SHA512
1bd4f5a12933ebe62b99d5b0b6947147680162d2c550bdf79c8d51fb980fc4d6d5a77a6c722f74e706debfb00b652dccef551398534f089bad49505312ed471f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a57d3d919c232a723d2f5b4a173eb1e4

SHA1
e237e8d7e7a3d2c72cfeca1e2603d31717f5151b

SHA256
97a3c4db3d0cdd1529f56c5a4597c1ddd7981448eb2a19ea138c4b92c359c537

SHA512
2e9a334878e93f3dbf73f791c5b7e573011e5094bd13c0a23da60d513971f8ec47bd94a80477bc7e12ec42bd9783abd22ed57409317d809f4e61306ff109a244

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba24ef8ecdba608f92f6caf0d73f5126

SHA1
d9d4d73e81bb3b6afe12d93615f24796eb0a5f39

SHA256
6eb0dd15ce1e8b605b73f6b129851fc589264c2915d41dc20ae4600a840c4a20

SHA512
4086f6fbbb613ed1f9ba66f454f31728aedeb4cc85d2c3b2df43254a5f88d946a16de5d4821c3aad453a9b3d3135a55b190f1fee6ab295be5dc2f9538965d12c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05ddbae5fb8fc690c22e46819214aa5b

SHA1
ac7b1fb7c6b308a9693fcb37455ed91fb5a93feb

SHA256
3bf6c2d79a0e5b6afad97e7f72302e553e40f2498ca5a199aac69aed7986cc64

SHA512
8b20366142db2a23f3d098441928f3be591fccd298694ef5ff31fd62bcdd8989ff93dfe738806536c197427ef78080620d25b9aeaa0c00bffaeed04bf18f554b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5627fb6a1e22b873db12ec87ce006908

SHA1
dedc3b910f8d009c28843b24fabf4a77d326ac9d

SHA256
dfbaa95b2c2aed6017e4decc1650c0f63943e2741e1c9c3e13555605e9640a8a

SHA512
be5a8c0e092ceacfaa3883d605c294871006b54b48cd137166e6b8e4951d2bf361e6bfbf1f2818b23a509d194659a7fca8b3180ea84b805ef74051ef7c11409f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF34.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAFE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Program Files (x86)\Microsoft\DesktopLayer.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2164-445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2164-446-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2164-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2164-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2924-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2924-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2924-436-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download