ramnit | cce7558183f5f495c03c64dff12b8e8e6dc72ef5ebbc94753804bea9012b84f5

Analysis

max time kernel
65s
max time network
133s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc86147239138d0ad579b08fa0dc90f4_JaffaCakes118.html
Size

158KB
MD5

fc86147239138d0ad579b08fa0dc90f4
SHA1

dceaf1780ea0b2a14ed50e6d227f4e853d909b47
SHA256

cce7558183f5f495c03c64dff12b8e8e6dc72ef5ebbc94753804bea9012b84f5
SHA512

0cc5cac322b3e4f2da05aa080d410381ca50db6c230180617b7072342ad071037a9827750f5e532bab5d5dc7db9fe3169e398826a68321ffce94655e04c0d356
SSDEEP

1536:ixRTAApLt/50yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:iH7x0yfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2456-446-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2456-450-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2456-448-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x000c0000000194b9-445.dat	upx
behavioral1/memory/2456-444-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1284-437-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1284-434-0x0000000000400000-0x000000000042E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3E4AD91-BD67-11EF-AE37-6A7FEBC734DB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2396	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2396	iexplore.exe
2396	iexplore.exe
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 1960	2396	iexplore.exe	30
PID 2396 wrote to memory of 1960	2396	iexplore.exe	30
PID 2396 wrote to memory of 1960	2396	iexplore.exe	30
PID 2396 wrote to memory of 1960	2396	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc86147239138d0ad579b08fa0dc90f4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    PID:1284
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      PID:2456
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:603146 /prefetch:2
  2⤵
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c463308f2d8cf5d92a4d44839de60e7f

SHA1
9b7f64eab01decceb396c6b6b2bc4e074e514bd5

SHA256
a43c4e5a30be2944c50df95f5f8087c75bc32e4345cbda0619ee95f3d6a24342

SHA512
3a252471e9b038faec6a35766bfaca37ccd775e07d54174740bb0f71b0eca8e758bc47fdbfb6a1f9547f864bf61ff21dfa21664bb0e105521cd83ff389bc8a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5691d750193993545888659722f00913

SHA1
3da341e6df841c8bdfadf943d5701b40ca29c729

SHA256
4bb7831949ae59612be95257cf3914986a61f0af3255bbad947589be615e81f8

SHA512
83b3ebf3c12091189256897e0e9d622068a93570662ad43be6b3a1101639af626da0f058df9c3a3ca8a126fde9b395fa10919e92c8b27522707b4f3ca67d7148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a9780c07a3e6aa8f25d91d22f02d532

SHA1
9fae3505323807a8a974c458f382f410eae0f67b

SHA256
f94243103ff0d0731fdc72f7d007d5b34e035a33480ba1d2539e9765b5a567a5

SHA512
cede3820bdf0a7bdaa72aee142361eb54d47a138bb7493281390407a333fd5a53b29d3b786a354ad5970f5793126e3404fd515c3b61df6597689ede3c0a6af2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68175b74437f73e5d9ae4177a5192acf

SHA1
efd6d87021dfe6f75cd95c3b26c8df0cb0c7f844

SHA256
b0c44ca187b433ab823c25f5bfb9c01ba2dfa92af2207e7babbf1f94022cf555

SHA512
237ba9e3464adb303897e0b9f3372dababbeb4945bab53f628849eb5e7e991cdfae6569502d86d4e8b47d347151ffd17a77ce938c8d7c3a3b3ca7bceaabb6489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
803b5c78658823f4ad9d261897252795

SHA1
5e308de8e46ff708ea013df0339c65f576e2ae78

SHA256
5070400cef0c2098826fded2a02db6d92d74f463da3982985ffd81311956be4c

SHA512
f1655fb53a2c9d1ceaa7744c331a2ee6e5c3de90758b4ec969365cd2e3a721e9ab3a21e444e55eea6284665910675b14d1f41f27e02269415c85881ca2e81c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5d5306996c1730c18f4697ce05f3e16

SHA1
f8076ba8243fbaafe7ad0c240848a44f490d4da6

SHA256
993afd28aeb33e008cc6e1f93eb641bf0b4b27e045cc0e15f0df81bb595386ca

SHA512
94104a293afe4eb394b1bd0b8fb6648b4a80963a189de40a0d231facecd0d70a6eb42d5761582544137eea3f14f49fb2842a2779fafef22295b196f64ebf39da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdac6e12bc7988641d15dcf6e536274a

SHA1
0555772246a9dd86fca78f0839f96f83b05c602c

SHA256
d81a1d11ebbebe76d854ce9f93d6d6f55b3b9282a7d39f59d9819d55bc324711

SHA512
407511228560d2a1f60faacc02e34ebf058ad1832c9f0ffd4ef2bd57b246cd907f9c0388896fecbdc76a56c4e38f44589ed4ab6c139e28ea2ab2ff2be46425c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61be2851ff71d64c46d410f86bbf9792

SHA1
837a7bc29ca94461985835041803146c7937e6dc

SHA256
63560d8e245b1cb260a1bfb9d453b0dd9673ed8e600f9f2d7aecac3fb0cb1e06

SHA512
2d5bf9da21caf86ac22b34c5fea3b0cc18490241abc3b6cf0ab5b4d59c8c0353c656e4e7346cd7ffd970007e3f0c37f6c1435eb5458730f0352431bcc0f07d30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3d224b15e0110020797660aafa8db8c

SHA1
8f27c197c73660c50712a071ad9588b1a70788de

SHA256
2983c86bcb1bf85ff93b7bbc5d2df5375b462c55301aca2e38edf08c5cbf784f

SHA512
f98edc51114071a7a0aa26759c195289972381ae930e033a98ecadbb00f7d9b6e29c1961967e4c01d1e4f18059d733dd2123efee1fc66078198e0331068b37b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9a2a52803c325c67c095a4fc9a2061d

SHA1
785e7c7babd1ce8f32a8647871feb86822f7ae26

SHA256
83577c75012f669b4d66d1dcc8a221da5b8bf65476bea6e80bdc6c61c2de7c44

SHA512
1117ec69a8dd7c39afc0ed4c49ceade333d6ecf8352d4df988eb4f22098d433a9be83c6b9ea3fb1de8869dcc4ba03ee677cec4e1ac0ce7cb5cae84fa5c34881a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9faac95a1a186c6a042670e643f69d4

SHA1
0a4d5a3015f84fdcfdc51491e961e5f6655c487b

SHA256
ae45e96784a3f957340a62e6554f3ea67584b0377765e052b1d3b693acf5d1cc

SHA512
ba786fc143f659bcfdfe14f7b9fa44d1736ccc0d1326f3748af68c69b7087ab6c30394b908d203b2f7bce8b8faf6fccb4128fee966a23f7852abb1c188660b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b79bfe01e605664240ca6c52e10c64f1

SHA1
0b3a12184e507d54cbba1ba1e9d83fcc1702967c

SHA256
1a05958c5ac346e4f79417d5fe76876359120939e69016357b26158d5b266de1

SHA512
d78292979dcf7adddb0810497c73fc4eb1b995152519eaef461fa4da20890bd4c18a53e5418187cc2a86730bef160b71b8a254ae47ac79021969d256369faff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9eb18835c28069ee16a2f5e9d428e94

SHA1
cc13e78ce29111acbe14092c2c1239dbc2c1bf18

SHA256
6dd72a27477074fedf3a940756304f4a8553d2e699b5a4a055f36b40bb4e557e

SHA512
725483b3cc4fd64bfb9629c2f0d1925ab73a5d6b6a8a675954543912d8dacbe619689d3bf5f3a386d0fc23148277e764ea750176574b688fe222057201e4f7a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5decaf2c6c5cf314540ed7e426befc51

SHA1
943152a04bf1d750b56be6e8be9937f866eb0b31

SHA256
8eeec6204bb9249818a0bf7c699b700a92c81ca6f3d8dba879a4cab62ed0a084

SHA512
3cd7c6894fd454d7e71f699a553fea3eaf869f74beee343292fac9a727109a060c511e78b25418a03a7520529a5400b4f97d76c6c0caf7ad83c4aaf8a0766525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9845bafb28ba95f921ff47278c226c49

SHA1
bda28e4aa4d65adb91d6fa640e42749de0243247

SHA256
d83ef933f4e08834b09596833b088b5c63d9bc274258f475bb4dc395e0004faa

SHA512
96cbc533871d465307ce572c87088bcd72d8a0820de87c74ce9aed71066056a328e21545a28cde7431282ed89b44a3699600ff3bb54c2a8bc179c5a3730d7c82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f757670ddfc39dc470fbb3bd630f5802

SHA1
150e8738e029d055407508a58bdd241075f5affd

SHA256
7f302fbd94a1a89834d6f6994cb5be1d2008de231663ed32f132e3315c4e696d

SHA512
b04f6360abf1fae79ff92446317e0e3352ec6fc8cfd91e14f32c421d4607f6957b627d57157eafd6b7b581f0bfc0fe08785f2c987cc7074cce44b562a6011d52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efaf195dc6e9a58394bccabb8624403f

SHA1
128e6adc0635911a7255c2fe04d846b9f3363078

SHA256
33408d900e1155d001c61dd05239c887f239d5abc4677af422fee63df353526b

SHA512
94fea2411446f945038ddd351637a2b41cedda7efad2628598923e5fc450420f031b52a66958715987c9af5b1089f6201e602b665a0eccedcf92f31e1c734e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13a00eb8b328d1499aa526c6bc8349a5

SHA1
cb952109411df1eeb15e85f3ee048ca967d2b84e

SHA256
a1d0b43b18c158f6713f3d1a56668fba93d74cdc9c5524b067575f5a53f59af8

SHA512
7d8eab62ad21c85ccd4a8e15e852ee5e89198bf2829be15e568cbef426e4e7995988d4e70197027bdcba0b5f6c04d19b8fb89feb35c59af0133820ad9a86fe8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
383ed969216d0c852810962f60af88d9

SHA1
2a8a93d8dc510536ccf48ac3ed4bddbb1f89895c

SHA256
87e224f520729abcb82ca732664ecac0919ee3c9fbf01146a477d43638e4d635

SHA512
e7d2118484c71f60c9cafa75ebfc37ffc90692513fba505fcc9e7e5bf1d7b34055ac8e4c0fb8fbb8f9f3ed5527286e121323c08ceae80ea9c229c975322247d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB7EB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB88B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1284-435-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1284-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1284-437-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2456-446-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2456-450-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2456-447-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2456-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2456-444-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download