ramnit | b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d

Analysis

max time kernel
68s
max time network
69s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/12/2024, 13:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d.dll
Size

386KB
MD5

d7b472caa2cf71209ce7a06f442a1f59
SHA1

5bcd2f5fccd97856db0f332bd02a1a227d222597
SHA256

b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d
SHA512

11c278a8d70d21ed4cc9cd48f1015d6451b44e08e7ee8159c2f0b2651f42d79443d96d9019b97c163c063c9e7e0c59fb0bf77b5efa4809815944b84b6a0b6848
SSDEEP

6144:6ZUlm384BhhmfmmKgyWy3iKVCq5A4HaeapaqaBe/xEMNkbYe:6Slm388hYfmmKgyExEM9e

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
788	rundll32Srv.exe
2188	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2512	rundll32.exe
788	rundll32Srv.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32Srv.exe	rundll32.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001949e-11.dat	upx
behavioral1/memory/2188-17-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2188-22-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/788-9-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2188-21-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px7C41.tmp	rundll32Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	rundll32Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	rundll32Srv.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2696	2512	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30F029A1-B7C6-11EF-902B-EAA2AC88CDB5} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440086601"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2188	DesktopLayer.exe
2188	DesktopLayer.exe
2188	DesktopLayer.exe
2188	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2812	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2812	iexplore.exe
2812	iexplore.exe
2868	IEXPLORE.EXE
2868	IEXPLORE.EXE
2868	IEXPLORE.EXE
2868	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2528 wrote to memory of 2512	2528	rundll32.exe	29
PID 2512 wrote to memory of 788	2512	rundll32.exe	30
PID 2512 wrote to memory of 788	2512	rundll32.exe	30
PID 2512 wrote to memory of 788	2512	rundll32.exe	30
PID 2512 wrote to memory of 788	2512	rundll32.exe	30
PID 788 wrote to memory of 2188	788	rundll32Srv.exe	31
PID 788 wrote to memory of 2188	788	rundll32Srv.exe	31
PID 788 wrote to memory of 2188	788	rundll32Srv.exe	31
PID 788 wrote to memory of 2188	788	rundll32Srv.exe	31
PID 2512 wrote to memory of 2696	2512	rundll32.exe	32
PID 2512 wrote to memory of 2696	2512	rundll32.exe	32
PID 2512 wrote to memory of 2696	2512	rundll32.exe	32
PID 2512 wrote to memory of 2696	2512	rundll32.exe	32
PID 2188 wrote to memory of 2812	2188	DesktopLayer.exe	33
PID 2188 wrote to memory of 2812	2188	DesktopLayer.exe	33
PID 2188 wrote to memory of 2812	2188	DesktopLayer.exe	33
PID 2188 wrote to memory of 2812	2188	DesktopLayer.exe	33
PID 2812 wrote to memory of 2868	2812	iexplore.exe	34
PID 2812 wrote to memory of 2868	2812	iexplore.exe	34
PID 2812 wrote to memory of 2868	2812	iexplore.exe	34
PID 2812 wrote to memory of 2868	2812	iexplore.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Windows\SysWOW64\rundll32Srv.exe
    C:\Windows\SysWOW64\rundll32Srv.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:788
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2188
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2812
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 224
    3⤵
    - Program crash
    PID:2696

Network

DNS

api.bing.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

api.bing.com

IN A

Response

api.bing.com

IN CNAME

api-bing-com.e-0001.e-msedge.net

api-bing-com.e-0001.e-msedge.net

IN CNAME

e-0001.e-msedge.net

e-0001.e-msedge.net

IN A

13.107.5.80

204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.9kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.9kB
10
13

8.8.8.8:53

api.bing.com

dns

iexplore.exe

58 B
134 B
1
1

DNS Request

api.bing.com

DNS Response

13.107.5.80

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd38938fbd5c4524e39000c9c7a8435a

SHA1
6145d0ce350049b279fc8293bf7799f37ef0163f

SHA256
0761ab1780b0119ed45a13c90147fe46f22ecd6791e116636a14e85360b6834f

SHA512
6182cd32dd1c37fdae7e31f01d1895ed073dfe7da00f4e31164e277f391b22f2fb6a9a97071dad3441d109fdb69477efd8b06075d3eb73593cce7034cf3986b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2a4af5a6d74c8ed09792cea922693cf

SHA1
258ba7f6d41763e8c76f4bdd1c7c350b09cd4a0d

SHA256
4cad9f0c4925641e59b7838eea12e92a05bc60d66b71cf39ec4182e778431e54

SHA512
7f92eb819430ab5a809a7308897f1b38d0264e26035c817c2a82f851f13c2ddcaf96883fabb56602e5eb27b32818b3e73c9e2cc58253b3091c900b98bf3689b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff86b655b8e3f356931b0e0980c19e47

SHA1
33fe3b754bd4fb25a32ce976a8f0b48cb922a996

SHA256
11498ac1c5d043f8e65725474bd1a4837bbcb4a89e91840a5ea89f06f3eb6d4b

SHA512
5ab54e6fbfe76e0e4ad690be2beb78760af7687fb974f7347a9d2028ff52799622c27e8ba22453b7ea25946371898d4ac40ea76273fa13482f035c864e7308a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bd721428b436e7580a1af28e3ae07ce

SHA1
1d2ca6ba278ca8b0b80cdf1509deaace413c4418

SHA256
2089961863b984d3713a6422534f879445c97e4a5d04ae80d655a5f28c0a723d

SHA512
135bccfbc2d27dbef15940f05f6f695cfd598deac5f81e4735000046e303cce74efaac4d530b0acec47ad0218c8a1ea4ea39406648631acbd94142fb15a407e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
207438f75ebd2fc7a7cbae03421a3d77

SHA1
152af48ae363781f6a37d4f25219c8b1995ea680

SHA256
20a7d0e34751ce19a3e7a06196aaf2efd3121241e8299f79bc3659642328c939

SHA512
b828a85fd680185d9097e80fb1c9ec75271794db8d7bd0139903920d88c6c81ea63780df10c3b2898202436774d49e7f8854f8200c07e0e2e97f8933a03a329a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56755df7675e562f384a28a41a6f5f36

SHA1
ee22fd903eaa38186f04708f208a0baece2367da

SHA256
cdb4e2cd25cfc01c835d86f76f1c71c2c6ed840fb0227f8bcbfc2ca2452a300d

SHA512
0bebd3a9a8d3ea25227c0e95ed91d2789f60beb3ebb9496efcee388a03dc3dc01287a1212b7ef2a3e6409c40ba985265d558e7a5351c0c0305b6fdbfeb24eb9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02f81bb8423fb34a5aafe0f2fe79148a

SHA1
631cde99668b57ffb6afd0e964efb6951abea20c

SHA256
19c0567c736d15a00885ed948e042366c1744987d8f224ff574e21d4ab58acfb

SHA512
54e0d4270f832c94aef81c4d83ddc9c35d64cd09895643e4fb4ca300d572f3a1019d944696203f2d81d7f61afed4337dd0ec083dc4024cb00857dbf1148bfbe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
047cc1cd85619c199804ee25f89a98c7

SHA1
2f4e167593f20cb008bf4774a59d29d8fba2985e

SHA256
054ed81d2a4df4d3dcf319a9f55f8cb12fb48e02ff4020ab4562c00d2cd48a26

SHA512
83351a5636745049d5da30a9e9087ca3b5abe5dce262970f9c6492fd2ef70e19bded296446bcab5b55df7e941ba264953959961246e65281c9e84a6d6a8d8857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c557ba36132ab48ee7cf29f83c5bdb7

SHA1
dc3ff8d3c8fe83ca11b979d32903876b524b8d40

SHA256
bbe4d06d472421372aed33ff25969c62063514432a4a8547bd8b2d6032e3ecf2

SHA512
6725723a3d3973b266036ddf710e772f257cbf3d9aad7aa898fed46f3b72efe0d138da7c1117578b159cd9296914c3a2240240fb38ae7706e6841e4250d72b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04d162a4b3c3372df3b9c0d395fdab54

SHA1
58f0e05e39f6056e02d7c507f5789de99f62a0ae

SHA256
e0bc83c723da977e09783c8796b51306f22f59e0b8c4bcc869d3d3f4cb56c7f7

SHA512
a4fdbafb44c91cfe8bbecd7c018b2ab4251da5e920497d6b5b0ce8dbc37c94346caf200632609eaff6e8d41c95547896597e644598fc76feab9baf90b843cb34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c2de8d73dd16cdd4828bf9272301663

SHA1
5d996578068ec448f12d4a5409b4d9b4af537d11

SHA256
7a11bfd1b430314785a34665e2b7814b7c7ee1ebb6284687b11842044bd1ae62

SHA512
97268f32690acd050e0e067f41ee84ddb5cfb813fcbed0ee44957dc0f72e0781612538c6be584c8152726c5ce16560830517704db3fad2be4240117939b0f622

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab92A2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9312.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Program Files (x86)\Microsoft\DesktopLayer.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/788-15-0x00000000001E0000-0x000000000020E000-memory.dmp

Filesize
184KB

Download
memory/788-10-0x00000000001D0000-0x00000000001DF000-memory.dmp

Filesize
60KB

Download
memory/788-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2188-19-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2188-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2188-22-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2188-17-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2512-8-0x0000000000130000-0x000000000015E000-memory.dmp

Filesize
184KB

Download
memory/2512-451-0x00000000001B0000-0x0000000000219000-memory.dmp

Filesize
420KB

Download
memory/2512-452-0x00000000001B0000-0x0000000000219000-memory.dmp

Filesize
420KB

Download
memory/2512-0-0x00000000001B0000-0x0000000000219000-memory.dmp

Filesize
420KB

Download