ramnit | ac41eb2b83edca882104cb501262c219828978c984b21869d8ed542caad052ef

Analysis

max time kernel
130s
max time network
132s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/12/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4ab1e63a9c94c25c54298062c356ed1_JaffaCakes118.html
Size

159KB
MD5

e4ab1e63a9c94c25c54298062c356ed1
SHA1

49474b6292a8a71e8646b0c0da7cea9bc4790190
SHA256

ac41eb2b83edca882104cb501262c219828978c984b21869d8ed542caad052ef
SHA512

364dec0e0e347169684d4dbf6a1e6633a81a488413b041b91c9699ae4fa021bbb4b2c4aeac7c06e13aa48daa7ebac3c286716e5322251f60beb960d562476798
SSDEEP

1536:igRTq4oC+hdypENsyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:iKxENsyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1712	svchost.exe
768	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2740	IEXPLORE.EXE
1712	svchost.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x002e000000015da9-433.dat	upx
behavioral1/memory/1712-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/768-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/768-446-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1712-443-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/768-450-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxCA90.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440174709"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{568A05A1-B893-11EF-B120-F245C6AC432F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
768	DesktopLayer.exe
768	DesktopLayer.exe
768	DesktopLayer.exe
768	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2164	iexplore.exe
2164	iexplore.exe
1736	IEXPLORE.EXE
1736	IEXPLORE.EXE
1736	IEXPLORE.EXE
1736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2740	2164	iexplore.exe	30
PID 2164 wrote to memory of 2740	2164	iexplore.exe	30
PID 2164 wrote to memory of 2740	2164	iexplore.exe	30
PID 2164 wrote to memory of 2740	2164	iexplore.exe	30
PID 2740 wrote to memory of 1712	2740	IEXPLORE.EXE	35
PID 2740 wrote to memory of 1712	2740	IEXPLORE.EXE	35
PID 2740 wrote to memory of 1712	2740	IEXPLORE.EXE	35
PID 2740 wrote to memory of 1712	2740	IEXPLORE.EXE	35
PID 1712 wrote to memory of 768	1712	svchost.exe	36
PID 1712 wrote to memory of 768	1712	svchost.exe	36
PID 1712 wrote to memory of 768	1712	svchost.exe	36
PID 1712 wrote to memory of 768	1712	svchost.exe	36
PID 768 wrote to memory of 2116	768	DesktopLayer.exe	37
PID 768 wrote to memory of 2116	768	DesktopLayer.exe	37
PID 768 wrote to memory of 2116	768	DesktopLayer.exe	37
PID 768 wrote to memory of 2116	768	DesktopLayer.exe	37
PID 2164 wrote to memory of 1736	2164	iexplore.exe	38
PID 2164 wrote to memory of 1736	2164	iexplore.exe	38
PID 2164 wrote to memory of 1736	2164	iexplore.exe	38
PID 2164 wrote to memory of 1736	2164	iexplore.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4ab1e63a9c94c25c54298062c356ed1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1712
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:768
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2116
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:603146 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
435ee73cef4912e2b70b22fc6dc06ea9

SHA1
45534a41d616efcde9038849f92a86aac3c6e95a

SHA256
4e0a501c20271a659156b0f6558935eac538c5acf11501989e1ad99eb7b35077

SHA512
49c8562594ddb6c24b2ce64d96f72f8b9fed8b1fa6b94d8a40285c1cf205bac858616fc74c799e178e14418ff82107ea61320f26d57e2cc5c60560e4c1dea19f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34f8a9854dedfb5cbc6f0af44bcdddcd

SHA1
f052bbde254e110cdb2f567c72da1ebfc0a9d306

SHA256
5fb67cc0eb7f218e6c648a2b0bbc926421816186d6af3ee3592dc7ddf8d820a6

SHA512
dbc82a544545ac94e9f6e948506bfc6183516a4ab8f6e66fe3211579cab0ae5d519270654f4a97976349f36f3d44a20bfae24ef44a91963887c3984590d0fd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4548de904e1c0ff41232c219b97f492c

SHA1
d10ff2e3944b7ebb87b1373c9db5a3ddd95ab3e0

SHA256
9869ddec09fb67ad81609e03d52231218988c0bea5ea3801c7c0e38d862bf001

SHA512
99ccea70a12e20f20e152f15336bb6cf8d9cf222b34ca6b1326639e9db3356877101eac405329599338e82f23d96cdb5f299b4bbc2e80da75bda8bb6f5d19359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d703d5b6387e27f4cc63e8cd5dbeebe

SHA1
1f38d703a0980cda22b4b19a7b77ccbe46e0ca2d

SHA256
144622a1cd7723ad1542718541e1a8d1970227fb8fbd662ae60ea180c548ed22

SHA512
cb9f877f609daeea54923fa2f26178824a8ec82d005340de5194205320c729bcef13f146033db57ec425b5c510d1a8b08f3a8b8de287df29f264293f03234446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc25f415bd97681e85a74186f415c57c

SHA1
acb520d4ed6efcbfc3344255af0cac73f29f2df6

SHA256
08f6487bee8e5bab21b10ce0c0bee184d07270cb306594b5309f09acf17cb306

SHA512
f3f6718c48578cffa3d4a7315d02fdb8030c64942a8aa90464937915a6e22a0bdcdba0b66d9fe0db3e04cad6e6187089b38cdb89e90dd956e61ce92239824e89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f13ed968ac064e7bfdb0c0aac2e324b2

SHA1
32ef01c1c6918c8420dd13f189c70b9a15bc99d9

SHA256
4ab73feb7572221d4112704a000870507f366be01762fa4e83eff4f7c18c9814

SHA512
9dfa2d993351d6d0851570e4daa9e20c7b7dc61f8f4bc53611f8ec4df8f3696dc445ce7a2c6ca29e0c0b342a6c1ad3276a8f621a7f1c7a877fd081bc2097677f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72d38237317a838e3124b8124b7fc03d

SHA1
76bd38a6d3ca2af6c31fdc338d97e5c81e04f384

SHA256
4b6bf4fa70ffe54e21e01a0e3666fa2330704190e7efa1927b3920df191617e7

SHA512
e00fb6f5b5326120f8318217c4c92ef243fac02999e063a3f3ff0694dc4d6cb4a1d9ccf535912562e0f21fa90b9038dff90d5f48ff40a6f46369b80deadb5245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e233f8b9900e1e2495e26fa5e1adbc18

SHA1
c755d049413c39b308c7124ca7022595b9f74dd1

SHA256
9d4ea6a577df7bb32c33717456d186cf103b120249e7ccee27a1c68bf4f1f38a

SHA512
44b1894307516231ea6f1f2a581509e31299d1b0d228befe9f12d498b2536b1c3f4c0960305c450df5611f68f231edc2d3c88b97b4542fdb74aeaec01d5b6796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ab1154a7b1e4eb8b2cd91b994a9d612

SHA1
a9d77bb3007baea06bc7301b433fb4c864d3f5c4

SHA256
53e05dca9c405b86bd06643ab48f2ac9747355e0cb07b712f095522c36989b31

SHA512
599eee1eb37b4fbfbedb4d22d1525b4c0fdeaebc02d1671f62139cf28c24e207ee4b382ccf6c20497a07aecb8cdb284fb0e7f09024fe2e3945bdede96d599b4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6db226b79a43de3ef240653923622eb

SHA1
2b9a68179fff91b55233fef3d5d8492324f491ce

SHA256
1ecf77ea27bcf53d1f52ecfd8c37404a62aac79fa93dd476ca9723c78336a9b9

SHA512
1594d4c1769762996be4868e6fc7f99e4b50d17c7778e931ef4d9c273bab3751404d605fbc79ad16b4775e69932e76ae6615e764cc4e869ffd646ea2807b7ea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6842f1e857da3e21d09698c072c9bbff

SHA1
6c9317018c436078e265a1be1ff5c45d037456c8

SHA256
db9ec964df34cfad650e6c118c36df7fb6a9743c09a507d1f655bd205a73664c

SHA512
0af1b6dd43783cb6872667a41b50f3beb83038d81f61ee210d26e1459cf75ce543f269dcf8d878883745057c8b48d8f22ff872b9d621cf03ddda74895f3f001a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEA8F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEB00.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/768-450-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/768-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/768-447-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/768-446-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1712-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1712-435-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1712-443-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1712-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download