ramnit | 0e64f28d04163e2394b2be89975e84fa019f93f6feb93c181fd3b8867d4fec53

Analysis

max time kernel
65s
max time network
130s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11/12/2024, 22:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e38c206d66d6e9d2ced3a09e20115128_JaffaCakes118.html
Size

158KB
MD5

e38c206d66d6e9d2ced3a09e20115128
SHA1

506ea6be25772643d9829b7e7addc6b8ca2f7c20
SHA256

0e64f28d04163e2394b2be89975e84fa019f93f6feb93c181fd3b8867d4fec53
SHA512

380883950ddb3a98dc9c211d2a7b8d714cd3a8f69076facaf12b024dbac7a5233f92414105c09a275edcb18984d133b9da1e3dbdd776516f0c938108c72d2f76
SSDEEP

1536:imRTEb6lJLPB+0yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iMN7B+0yfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000016d77-438.dat	upx
behavioral1/memory/2140-444-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2140-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2140-447-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1712-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1712-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3DC5CDB1-B884-11EF-831A-D2CEB2690DEF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2872	2844	iexplore.exe	30
PID 2844 wrote to memory of 2872	2844	iexplore.exe	30
PID 2844 wrote to memory of 2872	2844	iexplore.exe	30
PID 2844 wrote to memory of 2872	2844	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e38c206d66d6e9d2ced3a09e20115128_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    PID:1712
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      PID:2140
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2488
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:472074 /prefetch:2
  2⤵
  PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de7897d65d2ada7b15f9a135cd1de84c

SHA1
f441bed0cda0be4cd4f5572a4beda376dd1acfaf

SHA256
275887fa5f481a3827eaec28b336ed4d8579f786bcc83f068e35bb6308d595d6

SHA512
5bf8b01674ee7c925962e6d698cffb1e5b7327190eae3accb9abcc7528a1a7f5e862a0074256b76bc3aec3a1f927010673459a8c6140cfd508e1b951949bcf9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c3cb46af059a38c19fb7a0a6ab743b6

SHA1
fb5638423955ca854cc1d02a08b755d501068db2

SHA256
b0e80ca91df563b639d0bbd29c45cf4d746697d73e3a2f4ad8f7d56400fb9c4b

SHA512
9771b877c5e562d047c394076000ef683270bace3c432c9242ceba59f627ab883e15da86ae4e4c3700328b1a2659eb4e2b87e5862156b3175c60ee07e982a831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a0125c9338a21e0ac0a5ede9ee2350f

SHA1
529ecfa4a765ce251dd7c5e72afbe503a7a9829d

SHA256
05c38db8047e51705a13acce54ea91165e75e3acd9c08b7737e42c56aae1bbc1

SHA512
508f13fbb9cad87fab4d8eb2a3c729816358bea831a51f1eed1ac25d73c5b225a192e4830de2a7b5e266d6752b001784a927159ae09640c6e1ac080437c9677a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07a2ac2058529fdbac0d69f2e370c7b5

SHA1
63213da33846afd89b7b54c29d01d5bc2de97cd2

SHA256
59e9efd871cfe0846fff7310ca6301df6236c2361aa40997875f5cf376f5c0c3

SHA512
59f19134f1eca8b6423b203eeb278e8298cb9d79a6b254fe6fac4c343485be3058c1e795b4b69fae180597775f4835aecfccda1fb8d36f3ce683513d51653dd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70515a0e53a96026f009f1515db367f4

SHA1
bc76806c0a397c3a045e9941e972e95eaa81b600

SHA256
662055a0ddf1b912d9e713d69e025f5bd004e1532426d7ac6d7c8de0c8e1fc70

SHA512
6a077ada667dd49f870c22e5518e3b11cfb2f59e9b67a5b2c4451aafb3b14cc30f2e601c2fb9a7c88f1970c7706d7f69048802f47344acb2a4486fdc286dca82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
764f056672d886f51de5e34a11a799f1

SHA1
b96df0a62fd4e62467939b4776731fcf0aa527dd

SHA256
a6ed94af39c5805f3812556277b536b8147e62e13d8397eff8dd253df52b6d0c

SHA512
795eb23f98415bed39770fad43d8e2eaad5da238007d8e03713cce632131fe8defec52ba6bfc248a9e45e97274c8b1ebaa102b13dc72b368a513409061ca7eb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be71682844e4798fc4c2d3da5e02ea84

SHA1
4abdc95d9ed322e5eb56fb46eb64e7cb81c27ae9

SHA256
4870a35ddf033b6ccde59beb20c9f3fc50ecf519cd44814721fd0b32c58b4393

SHA512
cadd0f55aacd9360282dbc7fa2638c417658b60a7d1afbb2c47a8eca112337e124063456fecb3fd0f5686f8785d4c0120a9eb0fa6d00bd798952e8633acb1667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3ec02ca3c657414956c5c4984bfb22e

SHA1
dad1b77044e854e18f2d78bf8500f53837e8a459

SHA256
bd64c82efee93582f35ced44f226e4ea6640196f59c3af6682798971b912a18c

SHA512
d01ff10a463b21f00d5258cce3be2beb0619b63058f6549c677749f96914b863ed0bfe1b75b937f294cf4f1eba5fa9c5a6e55dc0b199f3e7cf579697294e6892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46ec7a8b9f6c8d6aab3187fdedc43057

SHA1
18d7ac4b584e7be39f011e00d864806572a9c355

SHA256
9c350c8b4327404458ca6aff0f0f670a82b643f419f23871947a07d31d4c528d

SHA512
b4bd3a89aa1f0abffca56bdbfb3b495866736a3b2004635ffb82bf46b8cd89daa7d2517c6678e4672730184693911fa900aabfb9550434f229974dd28c913ce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86c3e1e99dc160cc62e1c589fcf1b3f4

SHA1
a79a94b3d2597d42a7d088795469db1f56783650

SHA256
f1b53ae68456d6b1a1acbea39a1f35bda91b2f986c7788a1ced09c97ae07bf32

SHA512
7c0fa48b2cb44935a19be85ea916252890dbc0152efdbe2b7f322f6a50f58024f287f4cd794a081a927be2cae86a62646689dd09fa18644cf683170543a9cfd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f70f5357a3af0a34be955935eee7e2a

SHA1
ad4186f05f7da4042a80d97a89fb8f64c1d72ad8

SHA256
2ff685e9399f847c6b6a3194143d1595ba6da8e4b8ab51e486806260d2a60485

SHA512
111280f131cbea6b9e9619e0ecdcbef6ada33f202ffcecc0d01eaf3e88370dd4509e42d7a1f31db28efdca9b6573dc00d391171c62aa6948c1e4cfb420d8196f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18483219530c30fd6b9584455d39efb8

SHA1
836f0da154db9aa25a3a75d492cc74045973eedd

SHA256
b4f0993134b50859102f48506e8c615532961226f5d97d8871ba43bcc737d58f

SHA512
fe19211b16c4c6b1ed8c450af2901e24e44c8c0d50f05d72aafaaa703345af62cd0267ef666d4c38e8c19d74f8bdcf09ab6bd1e7e1baaa3374efec4d4bf88844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9844d75c6aeba1221a50a2aa502993c7

SHA1
e4cde8f130019179dd1687bb28e164053ca3f8df

SHA256
d0f96572b237d6a91b524673bb83abc538af46facfbd7487460e304cad41a65c

SHA512
e5b4e1c5ac0dddaac25d4e64e99ed9ebe3953c0f6aed50e8e75f35a6546caf5101b39c1cd4fb78cf6d8103ee576660f3711611d1f18e52f4410ceb23cb84149b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12ef4be70a6a124d1ddb1377637349f7

SHA1
d1a4fd8b39f3f299aa98b9eef370cf133fc9c81b

SHA256
207e11cdc339078ebe66ec1ce6ff31d85daf4be88ac7157384ccf509f9df0ed3

SHA512
fba55e1bbf81ac9c766675371a7a739b3a650f820808bda12766eea8b9912805b40ac0827df5326e45e4b253bd2bb89880913de7d1e2c2a104e4ca23ef14e95f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24cdff2bbfcbbfcef6e75532d0c23929

SHA1
a2e556e45c8a701c50aba0f3798d91ee2dd92e4c

SHA256
295b053996a90a48d332888e183bed8868fe93451be685c06f7f74906e5400b2

SHA512
635d090cc27cba36ecabeebe2c44db294d779b0c1534eede9906a878387ff90d6835b76970adb2b96716f77ae8c471923ac6911d210f2076c788aa779cddaa53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df2e64cc47b0de52835b51b41b776e02

SHA1
a72561e52872cdc67ebfa6875ebb5ea68740b732

SHA256
26c21f04029fb47a2e8dec49d5fb9a8c1b5bf559807d047e37f36a16af744209

SHA512
b44123ef2e665c1c08ce7b508cdf0512b4a18ec109303c270a2e3ab82f82e7c0a400a9d06ece1ed12127424b62d56fc6a52581322da4ba7bd111f01f8a295e29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a4394286e9d52d0e6d07ccdb6779f94

SHA1
761741291b5fc549f8d24e156580c3dd429c4415

SHA256
a5445a885983cedeb17df6d498a20e7542d2afd4b5c4c7bef5def1a0cc8705ac

SHA512
6f6e6220722560a1783f87fd145174c1f38318ed73698a725753073d5c4610fc18d931c064c6cd06fd76c83197c21d49a861c23cce6cd2c7a35262dc1e8d0e01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
653bc034cf72fe6f8a0b636cf091e8f1

SHA1
a632747c98eb1e7186550860f9336a626740d958

SHA256
1f6ac7f45c22a6508ea949983941d21aca8a8eba88512f44853447111a914d56

SHA512
c4da3e81b84c6ffe78a540ca0076679403dfd7e20c4f696f05ea00b5cdde3bc228e99341a74e9ffe27a2daf42daf04d566961d983f2131490c1e9b2f158e44e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
120dcd04d9945729c76babc330633444

SHA1
bc5da8440b17ebc2c017d7387df4d990abdcef77

SHA256
df78e20bd9cdf32cc9a1b8b56df8e108afdaee00f7782ef80a52ee9b4d9a9135

SHA512
301f8a3b93d1ab5ff452b096f8c5561a4aeb7b1aec96e298252aaee2f6c7ed8ee52438249293a160ecfcd7a042381191f70e1e19091a4f7cf6eb166fb22e376c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6651.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar66F2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1712-435-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1712-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1712-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2140-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2140-446-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2140-444-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2140-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download