Overview

overview

10

Static

static

3

6d49cf987b...27.dll

windows7-x64

10

6d49cf987b...27.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2024 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d49cf987b61837dcdb9e3dfc0b26c94649a247f792f27d7ef5788160e404f27.dll

  • Size

    947KB

  • MD5

    bbb8e9a8d0c2d5b8c1de65f108c42700

  • SHA1

    37eaf6d67a2b6b2b2e432bccf3eda803db3f151f

  • SHA256

    6d49cf987b61837dcdb9e3dfc0b26c94649a247f792f27d7ef5788160e404f27

  • SHA512

    11793489d27e1d5b7bc753a9b6d24578d6f6874e3541acca5fbb1a1336180315fe7370561d7a8a1a2167303c7b315462695af7ea520cf023f5c44a656818470b

  • SSDEEP

    24576:pzb1MlCKUQyUmjtczu6Prs9pgWoopooK9kwP+PmS4+xXGeBD+VF3D:pzbKsUmjtcdPGgIwP+PmSdF+P

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 6 IoCs
  • Drops file in System32 directory 2 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 10 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of UnmapMainImage 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d49cf987b61837dcdb9e3dfc0b26c94649a247f792f27d7ef5788160e404f27.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d49cf987b61837dcdb9e3dfc0b26c94649a247f792f27d7ef5788160e404f27.dll,#1
      2⤵
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:3572
        • C:\Windows\SysWOW64\rundll32mgrmgr.exe
          C:\Windows\SysWOW64\rundll32mgrmgr.exe
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:4832
          • C:\Program Files (x86)\Microsoft\WaterMark.exe
            "C:\Program Files (x86)\Microsoft\WaterMark.exe"
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of UnmapMainImage
            • Suspicious use of WriteProcessMemory
            PID:4468
            • C:\Program Files (x86)\Microsoft\WaterMarkmgr.exe
              "C:\Program Files (x86)\Microsoft\WaterMarkmgr.exe"
              6⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of UnmapMainImage
              • Suspicious use of WriteProcessMemory
              PID:312
              • C:\Program Files (x86)\Microsoft\WaterMark.exe
                "C:\Program Files (x86)\Microsoft\WaterMark.exe"
                7⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of UnmapMainImage
                • Suspicious use of WriteProcessMemory
                PID:2608
                • C:\Windows\SysWOW64\svchost.exe
                  C:\Windows\system32\svchost.exe
                  8⤵
                    PID:2872
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 204
                      9⤵
                      • Program crash
                      PID:2280
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    8⤵
                    • Modifies Internet Explorer settings
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SetWindowsHookEx
                    PID:4404
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4404 CREDAT:17410 /prefetch:2
                      9⤵
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of SetWindowsHookEx
                      PID:3724
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    8⤵
                    • Modifies Internet Explorer settings
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:4732
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4732 CREDAT:17410 /prefetch:2
                      9⤵
                      • System Location Discovery: System Language Discovery
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:116
              • C:\Windows\SysWOW64\svchost.exe
                C:\Windows\system32\svchost.exe
                6⤵
                  PID:4940
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 208
                    7⤵
                    • Program crash
                    PID:964
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  6⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SetWindowsHookEx
                  PID:5024
                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5024 CREDAT:17410 /prefetch:2
                    7⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:864
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  6⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SetWindowsHookEx
                  PID:3636
                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3636 CREDAT:17410 /prefetch:2
                    7⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:4092
            • C:\Program Files (x86)\Microsoft\WaterMark.exe
              "C:\Program Files (x86)\Microsoft\WaterMark.exe"
              4⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of UnmapMainImage
              • Suspicious use of WriteProcessMemory
              PID:1432
              • C:\Windows\SysWOW64\svchost.exe
                C:\Windows\system32\svchost.exe
                5⤵
                  PID:1856
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 204
                    6⤵
                    • Program crash
                    PID:5048
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  5⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:4932
                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2
                    6⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:3716
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  5⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SetWindowsHookEx
                  PID:2408
                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:17410 /prefetch:2
                    6⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:980
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2872 -ip 2872
          1⤵
            PID:4276
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1856 -ip 1856
            1⤵
              PID:1540
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4940 -ip 4940
              1⤵
                PID:3456

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                471B

                MD5

                ec237169ada59f1945749967a6d3d7f0

                SHA1

                e8fe32e8fa527409463d3fa0d63b6bdf709d7bd6

                SHA256

                b783f55456ca301f00aab79b6a0720bfb2450aefd094e6026231fab663152d70

                SHA512

                d5b5bff9f6afb36817c2c556e67c4ed7fc787a51bef623eb7150b596cc4cc88bee4b10b5eccae2c2ed0055653166f68bf75f2375ce4689666eb42330361de2d5

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                404B

                MD5

                8457942cee2660fe41c6cbdbd3295d1b

                SHA1

                8bbd37b1b4a68846e657a407467d3c8c630583e5

                SHA256

                c7fce7b1def0f9918db748f696d8eeff6714123b8eb6309af7c3ec9c50e8731e

                SHA512

                c4ff7f04f14e85dde26baa330fdd42e216c863da8a198d8b93e216de099d685ab40db53060ca5e74fbf8dbefa66b36b9d6c1a86238e78d1fedb3f925f0ab162e

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                404B

                MD5

                dc3b9c8fbdf841b24048b9f7c555afcf

                SHA1

                919732aeacf52ab761ab501d4da6260a215c0dd9

                SHA256

                d4704f083374c55c2d4038b32e4fda5242bebd920dc5ddacfad48980d54ceb08

                SHA512

                2044e3e430700606b4d0531c25229292320482b7cbeea428d806dca0403260831dab318f451c49bdd0b115c672141b92328fe205f5f0ada28f6f785087c063fa

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37524BC2-BC05-11EF-ADF2-7ECF469E42CC}.dat
                Filesize

                5KB

                MD5

                3a1aa9f57ef639ca0d66214952dbf1ab

                SHA1

                22266d689686354bbaf9f3d270d6bcc245855802

                SHA256

                2ea2b9280eadf74fab0af36948076d88d17f67adaadd16318d316d25e7f96a5a

                SHA512

                04ce810d664e8db4eb3a77da332a0ea5d788af4ae4426723945c69d32f198f12faac98d0d8a8c261c243dab5cbec71a8d0e71979b6a4ae34374f62c01653f07b

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{375272D2-BC05-11EF-ADF2-7ECF469E42CC}.dat
                Filesize

                5KB

                MD5

                a28ffb2f12d6f68a289322630d69b87a

                SHA1

                147e00596187d1298d2fcdeecb0d7e88fc54fc22

                SHA256

                083a2e77383990b5be4d89e58238a680d49b78169bc9f4c31a50d46d0bf1af6a

                SHA512

                632b66de927a67b41b5ed33a8da0dd4a6e902f0b3b29d938920d07cd74247f2e013b3817e50d06162e2c768d24b787c5c1175b59a61c2d7765ed27989f030e5c

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3754D5BE-BC05-11EF-ADF2-7ECF469E42CC}.dat
                Filesize

                5KB

                MD5

                73b48af26da87c2e92639c54c78d6d25

                SHA1

                4ca7dacadbd5724750a983fe8cb3d950dce94924

                SHA256

                df5dd4fff9ba4f8dc56e435c6891bb52441c39b29701fcb0fb48195f4fd1439e

                SHA512

                772db8a7aebcf3989809fb624246e9b59096c8c355e3fb16d5347a28288de7c2fe6c85f6980aab42ae54487153073a284402d54d5e0ee0fe7f136b62cbaf1f43

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37571165-BC05-11EF-ADF2-7ECF469E42CC}.dat
                Filesize

                5KB

                MD5

                f779d6334e50eef5b4bdf5b287efc8e1

                SHA1

                c326e5d26f4e7c47cd5481ca81ab9251f688603d

                SHA256

                683507b2a4cf2a2d2a813c11e94561cc711d0a5e983cf492c59c80e6fd837695

                SHA512

                2ec52e75cf3ce7ea0633719fbbed8a89750f404082dd325f913328d9f34a2b68426ae73db89566bb69be95de5e9b0a74d3f10082e4d79766e6d30997da8f75c3

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37573875-BC05-11EF-ADF2-7ECF469E42CC}.dat
                Filesize

                3KB

                MD5

                7117e4cc03305a2eb1ed4d1c38b5b1a3

                SHA1

                4810f1fc95ec195441c57381fdfc3559762efff7

                SHA256

                51cf22493dfa8d40bd01b337c97b2aa89f37a35332d6b66f84e29f3520b385ee

                SHA512

                a0607ee1abefc38590ca199e27d84986b3a4aa95be698581df7f86a63d4c343ea8e35353bb15e7957b1212c30b5fe811406c7cd6e183f724176122d3117ced58

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37573875-BC05-11EF-ADF2-7ECF469E42CC}.dat
                Filesize

                5KB

                MD5

                30833f59a891b79a20f0a6290763708f

                SHA1

                fc2a6580ec747d7416a9adf257ce7865f168a757

                SHA256

                21eef8a4900ef3636c20a1965d10178afe11c6eecddab09fd4fdf43fc1e8b3e7

                SHA512

                481d0871b9e3acb14fb02ee5fcb5041659cb841131f298b82b2ced41463ca73cf47c701f318fe562f8557ebdcb56ade85ea5de8144c2d19b90c8f2b58563cb98

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC11.tmp
                Filesize

                15KB

                MD5

                1a545d0052b581fbb2ab4c52133846bc

                SHA1

                62f3266a9b9925cd6d98658b92adec673cbe3dd3

                SHA256

                557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                SHA512

                bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PGH3GSHW\suggestions[1].en-US
                Filesize

                17KB

                MD5

                5a34cb996293fde2cb7a4ac89587393a

                SHA1

                3c96c993500690d1a77873cd62bc639b3a10653f

                SHA256

                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                SHA512

                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                Download Submit

              • C:\Windows\SysWOW64\rundll32mgr.exe
                Filesize

                288KB

                MD5

                7ad8b248824fb32c2994128f02025872

                SHA1

                e909d655af544419bfb1f9057f3f4aae5ab3f6ad

                SHA256

                64d9e990eb96059ac2ea6d0853bf07b0c3499214e09854ac24f6b1f2688a1d66

                SHA512

                f18a946f015ecd3e1f5694a72efbef3111c6c259ef9206f84d3c01ee6804fdc51fb052914143bc24e39583753d6bf15bc0dd9c1b4d5cc607f452cd0a79ced085

                Download Submit

              • C:\Windows\SysWOW64\rundll32mgrmgr.exe
                Filesize

                143KB

                MD5

                963056968f712dce49fed780756eafa3

                SHA1

                1f833526e877d34bda4b7aad52be1b52f25c9bf2

                SHA256

                be71c16ee9e9ea295cf6f266ddf343c4589843e4288a09f60f9e15923d8f8313

                SHA512

                8ff2bd3c17e6a8730940dcc45faa600c5429a1e5e812821350d8c6448ddcc1526f5246608b5a56592276b15a821a78440adf05652c7dfb2b0016707dce9c958e

                Download Submit

              • memory/312-56-0x0000000000400000-0x000000000042F000-memory.dmp

                Filesize

                188KB

                Download

              • memory/312-66-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/1432-85-0x0000000000070000-0x0000000000071000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1432-57-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/1432-83-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/1432-97-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/1432-64-0x0000000000060000-0x0000000000061000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2608-81-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/2608-95-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/2608-96-0x00000000776C2000-0x00000000776C3000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2608-75-0x0000000000400000-0x0000000000454000-memory.dmp

                Filesize

                336KB

                Download

              • memory/2612-0-0x0000000005000000-0x00000000050F2000-memory.dmp

                Filesize

                968KB

                Download

              • memory/3572-22-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3572-23-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3572-4-0x0000000000400000-0x0000000000454000-memory.dmp

                Filesize

                336KB

                Download

              • memory/3572-11-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3572-15-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3572-16-0x00000000008E0000-0x00000000008E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3572-21-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3572-13-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3572-12-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4468-84-0x0000000000400000-0x0000000000454000-memory.dmp

                Filesize

                336KB

                Download

              • memory/4468-42-0x0000000000400000-0x0000000000454000-memory.dmp

                Filesize

                336KB

                Download

              • memory/4468-63-0x0000000000430000-0x0000000000431000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4468-88-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4468-67-0x00000000776C2000-0x00000000776C3000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4468-65-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-33-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-9-0x0000000000400000-0x000000000042F000-memory.dmp

                Filesize

                188KB

                Download

              • memory/4940-82-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4940-80-0x0000000001000000-0x0000000001001000-memory.dmp

                Filesize

                4KB

                Download