ramnit | 3a72c22caf87d96aec80b7b501c3d14507dc5ea620d1b68378517b90315c1c3d

Analysis

max time kernel
132s
max time network
133s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11/12/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e26b8ac2a13ed42d48cbeca685bf4ceb_JaffaCakes118.html
Size

158KB
MD5

e26b8ac2a13ed42d48cbeca685bf4ceb
SHA1

61d8be9213efd2a384f83ac41c73cdd363bdbe47
SHA256

3a72c22caf87d96aec80b7b501c3d14507dc5ea620d1b68378517b90315c1c3d
SHA512

b206d2c8db85082a61ebc6a8463a0e76626ced718c4c0fa54e5fe7a46d5d91c1c449927ce72426d87b2dba9eff4a115b6622e3769bf5f33a72b92c5d89f735ec
SSDEEP

3072:i4IyCkf2uyfkMY+BES09JXAnyrZalI+YQ:i1SuLsMYod+X3oI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1592	svchost.exe
2408	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2900	IEXPLORE.EXE
1592	svchost.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0027000000019377-430.dat	upx
behavioral1/memory/1592-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1592-438-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2408-446-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2408-445-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2408-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2408-450-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px50FD.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440159739"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B2699F1-B870-11EF-9D96-D6B302822781} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2408	DesktopLayer.exe
2408	DesktopLayer.exe
2408	DesktopLayer.exe
2408	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1824	iexplore.exe
1824	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1824	iexplore.exe
1824	iexplore.exe
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
1824	iexplore.exe
1824	iexplore.exe
876	IEXPLORE.EXE
876	IEXPLORE.EXE
876	IEXPLORE.EXE
876	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 2900 wrote to memory of 1592	2900	IEXPLORE.EXE	35
PID 2900 wrote to memory of 1592	2900	IEXPLORE.EXE	35
PID 2900 wrote to memory of 1592	2900	IEXPLORE.EXE	35
PID 2900 wrote to memory of 1592	2900	IEXPLORE.EXE	35
PID 1592 wrote to memory of 2408	1592	svchost.exe	36
PID 1592 wrote to memory of 2408	1592	svchost.exe	36
PID 1592 wrote to memory of 2408	1592	svchost.exe	36
PID 1592 wrote to memory of 2408	1592	svchost.exe	36
PID 2408 wrote to memory of 1780	2408	DesktopLayer.exe	37
PID 2408 wrote to memory of 1780	2408	DesktopLayer.exe	37
PID 2408 wrote to memory of 1780	2408	DesktopLayer.exe	37
PID 2408 wrote to memory of 1780	2408	DesktopLayer.exe	37
PID 1824 wrote to memory of 876	1824	iexplore.exe	38
PID 1824 wrote to memory of 876	1824	iexplore.exe	38
PID 1824 wrote to memory of 876	1824	iexplore.exe	38
PID 1824 wrote to memory of 876	1824	iexplore.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e26b8ac2a13ed42d48cbeca685bf4ceb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1592
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2408
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:3486736 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b987e36f1515ef5920143b98297c845

SHA1
71ac01901a4bb774cb785ff561381640a6a51a36

SHA256
ba27e82e5e0c1357079e23acd92a005f797556514e8af00c4ef42271156ab240

SHA512
e533013e12748898dd22d54675377ce39dbc2b4d31770684344e6e47b37c5a84c1997555b937aaea746993837e70e79aed62eada227d8512e39a4e07c7a543d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11d4788be49ec6bb8061cf98d0e2ddd6

SHA1
c060ebf874def701ba4c5362f3d83e8db0b670cc

SHA256
601512a377835225daf3a3614734b0186e5c508ffdca3ed6d8bba833fb9f41c4

SHA512
ec1cd8a1311ed52bd9555ba909e07a7c7c8473d3d496939a769c43f9c16e72724e4930641495c2086314c5c3002a76ee9564960b5e8366cba51691aade70ebfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f998fa7f0b08a6e6610e3203c7f3a10

SHA1
7e630c241d15a4e8af1ee94d2b56106d971ef887

SHA256
6f94c770e49dd16f5c0899803e4b92864c84bf2b93ebafc5f00b92344d2b3979

SHA512
2b96721f15a70ba8bb0c460ef1ab90b2dcfc59feec9314f43fe0ad51c33c920b6fec4999fd388162b40e2a4fbb5b747b65594dda601dc329374f7c63604aef0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa8c4c2d5a8ae50e67a3ecf347e1c946

SHA1
0d00ebebf74824965ca29c7510ee47e09a209987

SHA256
da71d6a258762d081643d41ab44d77349c3956a45f39544b88a20e375a3e4f67

SHA512
d4f550b87debff7507eff4ebbf75f54b761baa5e2b2e9393e9c42dac9e68d7a23e924d3a8a5e1db52af371f83f280ef1178b5cdf5109e92cf02554ae6b463968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91769f831cba3f848e0379d8c9d8ab92

SHA1
b99578d7f92f57c584dbd09b9c92dd16efa3ac2c

SHA256
13556ff623a0255d6bdbb37c9ba9d853eb22cc50b2edc5ae51a09717307b1b7b

SHA512
67b2a83147201804562b196d0c5bd88181d29c5330e65e84fc9a2069908108370c4ef66f7071d7bdf7db8c754d2c0b70f33a83605896ef548ec0f02fbde6d777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a702644afa6495708f54625e6c48c4d3

SHA1
ba6ef76f0d027db984171ad0bddf1e869e9ffe4d

SHA256
9fb96d6f35119b772e10b0e24221d773085bc6adea23b7a763bb3bb544129b49

SHA512
969067cc5bed0c3f8ba48e2699269babfaec3b4cfa81bfeb8eac10b3527fe7aeee0125a42e1253adde6bf38defcaf98eb844f5d6e30b127ada646f9a1c2551f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4cc54b2aa6331cd0d4e57e09dafe7cc

SHA1
da6ae96f31422c575dee6fe58d33180d8850f2a5

SHA256
46fce2435306897158f527c9ee229ac8809d921c7dba42a25390adf16c57b320

SHA512
8861ec6a0f6f6dc3e3c717ef8b2adcc5252cb2c749be08f9484a07f58c85b8da1d49550c1225562a85168b014a4e2d45fc9f0f3b04bfb352f40a1f1bf4b962a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adda17e1b62ce5e6b8d072818c94c6a3

SHA1
1c806b52b0bb2cc30cf8a963bc63c87756e145aa

SHA256
245ed4c59c98cd8c6d698b4bfa9fef238588b96d96f51e55aef08cf1fc0433b3

SHA512
ecaea8cd5c6cbe8057feb1267a65ebea7fee3cefd1406803cca2d1f2f6ee9dd725efe522f13e3ed6ccee6f8b44dea81baf8e44fa32d42536bfaff63f043ca3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c783b6e5cef50b8ea5a21793432c3dea

SHA1
143e7d2fc6699f3dfc63f29bcdf1ec47f9a77e26

SHA256
b434f6652a6556b603ff37d62d6a98a926004728052704cc80ac0870064260fe

SHA512
320295d14e2166e05a16c528069d33c99f7c3c253df9bb7cfca15e3dab4505ea7bea88b4809b80b5247d52ebdb3ba26b8b36ae4528d279a83a3454398cee6de7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9831f46e235f9d290b804c304ccb828d

SHA1
c75720501937b12ee8affa46b942519cf0b97951

SHA256
30d9c935502372765f3f57e2349325ae695c1fb235eee363f78b57dd0c82f38f

SHA512
f6d6fe26ca7139db0e0f4ffb8ef104fa2c53cecafc2da9f81d8d1f900ca38ddb1afc0417116ab03b7eb870747841b8e3eba067071746859e99ec001d56f2eda3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
252dd5ad0fb8ea1d35a5a948b5dd811a

SHA1
390925d87769d3e8dd7b6a7ea9649312eb1d71ab

SHA256
6d46b43cf0d17fd7f759ff5d34ff71e3931abb04a24b002716929839d172e5a6

SHA512
11d61d286bcdeff8a0f7f3ce39e7cc58ac697c6e50cb72e495d8e3c740926002b11db9734c99e6e10aebd1970de5f6f94013213c7db9d172bffef459fc2c39a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7274.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7313.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/1592-438-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1592-437-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1592-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-446-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-447-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2408-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-450-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download