ramnit | 60e066222b4bccdeecd892100e9d5c2077a4848b6fecf28410c81526c207134d

Analysis

max time kernel
136s
max time network
142s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5cc6ae94522542c643bd75be6face51_JaffaCakes118.html
Size

158KB
MD5

f5cc6ae94522542c643bd75be6face51
SHA1

06292f7728ff089fbfca1c5f8bc23267e45cba09
SHA256

60e066222b4bccdeecd892100e9d5c2077a4848b6fecf28410c81526c207134d
SHA512

68f7cbc2b636ed059a47fdbbfb1e98a52faec13bda4f5ddbd610b20df1eda7ba8e90bc5af4f3065efed0acfd3b6ad4799b0a1cfc0767dd4c03f9a90ce9a5dd69
SSDEEP

3072:iRq+7vShNHpcyfkMY+BES09JXAnyrZalI+YQ:iDOFBsMYod+X3oI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1716	svchost.exe
1956	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2016	IEXPLORE.EXE
1716	svchost.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1716-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x002d000000018334-433.dat	upx
behavioral1/memory/1716-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1716-443-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1956-446-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1956-449-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1956-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px1036.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440459766"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07ECFBB1-BB2B-11EF-AEBA-4E1013F8E3B1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1956	DesktopLayer.exe
1956	DesktopLayer.exe
1956	DesktopLayer.exe
1956	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3056	iexplore.exe
3056	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3056	iexplore.exe
3056	iexplore.exe
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
3056	iexplore.exe
3056	iexplore.exe
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2016	3056	iexplore.exe	30
PID 3056 wrote to memory of 2016	3056	iexplore.exe	30
PID 3056 wrote to memory of 2016	3056	iexplore.exe	30
PID 3056 wrote to memory of 2016	3056	iexplore.exe	30
PID 2016 wrote to memory of 1716	2016	IEXPLORE.EXE	35
PID 2016 wrote to memory of 1716	2016	IEXPLORE.EXE	35
PID 2016 wrote to memory of 1716	2016	IEXPLORE.EXE	35
PID 2016 wrote to memory of 1716	2016	IEXPLORE.EXE	35
PID 1716 wrote to memory of 1956	1716	svchost.exe	36
PID 1716 wrote to memory of 1956	1716	svchost.exe	36
PID 1716 wrote to memory of 1956	1716	svchost.exe	36
PID 1716 wrote to memory of 1956	1716	svchost.exe	36
PID 1956 wrote to memory of 1336	1956	DesktopLayer.exe	37
PID 1956 wrote to memory of 1336	1956	DesktopLayer.exe	37
PID 1956 wrote to memory of 1336	1956	DesktopLayer.exe	37
PID 1956 wrote to memory of 1336	1956	DesktopLayer.exe	37
PID 3056 wrote to memory of 2348	3056	iexplore.exe	38
PID 3056 wrote to memory of 2348	3056	iexplore.exe	38
PID 3056 wrote to memory of 2348	3056	iexplore.exe	38
PID 3056 wrote to memory of 2348	3056	iexplore.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f5cc6ae94522542c643bd75be6face51_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1956
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1336
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275468 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c59ba2a0e47aa579273b324ae22bc16

SHA1
6b00920ebcf70add75f111d521c0e0a6483e7cfb

SHA256
a6961daa021f9311c573d907d4dc30ee1e4d277ea966ffa232ad59f0181b2e5c

SHA512
0254b43a7d6f8f0597824c9579bb24c6e36493dcaba235507d4febd865eaf82bc3bfe9c702c92c129e8ff4877d03356c40dfa77256cb26664bad41323cc9e973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afa6e38af17eb145e5cab80f73096a28

SHA1
5b296a99e2235ca4dcb41d7136e692238b44ca15

SHA256
9ede6e2fa4555c1b23eef03de676659abfcb023214a44981b93dbac44fa34ab7

SHA512
bfe126fbad734473e6c8fc3d5814ddf72bea5a90400a308f1f23fdd61bed1a3453e453fd427bb5f83bcf466002f47bca40dc847803320735db4b3361569a1cf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6189791bfb8ff075df126bc960485b10

SHA1
b9cd446edb1dc2f184618bec52c557b6d6206cfa

SHA256
b2e621ceeadd782d2a2c4be08aa9ab29d916fa92922707a993ac7b867795326d

SHA512
3ad954fd5e4a29ac0e1001b5d2d8af62a13bf83753ed65ae7779f8310d5e760514d244d74e9ad949313ecbf492506782cd91c54566fb435541fd1a5a2ad03455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f925f84764e1624b09b9cd2f9b837a70

SHA1
1f4e3a7b35483d20060bf0e0d5d40b29952fcf2d

SHA256
359d73fd136a91e150a52c840d58fbd66a3f0ccd6b4e2ec33ef72fec5f063e30

SHA512
dab53ccbced668a631df85f36be91f01658ee30401d58ebf272e1b3ae017a94115738b3bc0bab93c2e0cd6596e3e063bae9cc3c782b1933c8e9341a52b9c905a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77ae1f3b01779e4509478fbaf5c51126

SHA1
1b5369f585128ce7cc851be7856db1d3946acd64

SHA256
668d6cb872dc2e5377344795c5ae73a3e82f78bcca105d8fedd664b952744275

SHA512
a2567cc0c06402c4f6664b40e780fcf8f64cb756ee25b4f22a1f063b0d81cfa67b3e1116d8937db39032a8c81cb7bf7c8b3db75d8e24d1f4889f7bd9cac75fed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6af87426d80d2f4a5d5669bf09c4a51a

SHA1
e5448314cc1cf527d31fb04efa21ffdd65d9bf0e

SHA256
353c4abc1d63f26f1471405e3297957168fa2d585f73320beeb1b0f8c6513fdc

SHA512
5e7e762f4485fca9bde39c5749f691dc7562ffe16a2c915b2471c993e52d4e6240a3ca06c4fc9ee492f1db7d0d7a528b20d17a7d96744b7943247719a38c5bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8de8abc06048ab29a960576bf40b4095

SHA1
e6e3cc8d520c76559588a8ccd79d692eb07c5da7

SHA256
6e1b3bff1841b14def97c77bf45dd12b2ef026df2abe67ed8b76017c4f17266b

SHA512
1d7e641b9f54b60e86311798c080a8cf2ba037c237a909aee4bb97c49b4781acce11fa1f0ddce5f5e179606ded5f677843766d72e4b5409e430b0153cda1f07b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
266d0f02ba61f115f3e25c1202a64a85

SHA1
2ed9fea88ef62da3832a6a6afcc6c5370816b3fe

SHA256
e0aaa1cb1a56f537b412b3e58884fde6f9b6a133a67900b18b5ec5c6c57b3673

SHA512
6908855393eca1e14a8e06c523990f6334537b9fd97c3c98071566bbd622534bf283c80aee9c970a65890de8a03bc37d788934b15c64d7a4c7c81ac69ac7ce83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8764982054b0732fd64e95d9ceb62c2

SHA1
e6473da722b856301076106198b1549c07494e65

SHA256
52527b4986110c47ba0a47c76f75c2349dbebe71de62b4aec93d650569feb7ac

SHA512
28d1535530b9d3374a3eaf1ee067d07c7c1fe64ed9b760b14804e889ac07dab9abc7895334a7e2530313cdee696ffe283d8b02fac518f8790145cde412af39b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fee2eacfa0f0599e22094576b6b5599

SHA1
c1a1b266432464acc355f8453366b74acf81ac8d

SHA256
d0dcfce640e9e35afe597795e81042a86bbeea379c75abebf751016fe74b3735

SHA512
ecc4663d947748da5fdf5e5a9680b3fba8c2a88f1d5cc5831cb66efad24eb4fd56d3c7d48cad4270e288322408ce3767e85205ca203c05ccb6c501ec9a6f6f15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b8d58a7002884891f08c6d381966b39

SHA1
34d24b310b96528813f455f3ccf54d02fcdd9bf2

SHA256
413327c8a4f72e2788f93edc435e26a7690cc56333abb7f21c319dfe06c73405

SHA512
1c0a2528707f3106f4d45c2f08e750ec9f1adb2815858bdb7f0d66e7bc7af1e4eca1f8b37e18524986a7166020a22c2efccf566c45cb9685065ffbc579b83a8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f882a0dee7a316fe1cc3e85ead5ca21

SHA1
078e676cc7dfa633f5bd3464543cbbb56ec53348

SHA256
f5e818188b631ca59c011a992b3d2139ec57b7b192937b2e494576ebd6503b52

SHA512
953d3c27881baff2623f3062f671081afac9bba02eba25d0fd099b5c3ae6b43db364653b6cf3c8b5b670e97e8d946ce3d97f5d8afd0a94368cfbf2d38ec02147

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab228F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar233F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/1716-443-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1716-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1716-435-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/1716-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-446-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-449-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-447-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download