ramnit | 44a0d95bb5a1682e023bb4f3db1a48a7c9788c85e9bf4cbbcbc4e7f7e30ce50a

Analysis

max time kernel
132s
max time network
133s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcf053aff7c6bfc7d860959a5e00c815_JaffaCakes118.html
Size

158KB
MD5

fcf053aff7c6bfc7d860959a5e00c815
SHA1

f1e024f85dde15616d6caef0964379f9287ef9c2
SHA256

44a0d95bb5a1682e023bb4f3db1a48a7c9788c85e9bf4cbbcbc4e7f7e30ce50a
SHA512

23a662574161d15dc6c184a5bd29048bfe4825e3fd3266a6681b2481cd1a203d3b387fe92475e8cd179890056c80343e96f767b674371697db809f47458c5b97
SSDEEP

1536:iuRTsm2E/DGoOXJVyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:ikn/DGbVyfkMY+BES09JXAnyrZalI+YQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1212	svchost.exe
2656	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
1948	IEXPLORE.EXE
1212	svchost.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0036000000019451-430.dat	upx
behavioral1/memory/1212-435-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1212-438-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2656-444-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2656-445-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2656-447-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2656-451-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2656-449-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxA286.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B096BAB1-BD7B-11EF-AE37-6A7FEBC734DB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440714311"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2656	DesktopLayer.exe
2656	DesktopLayer.exe
2656	DesktopLayer.exe
2656	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2408	iexplore.exe
2408	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2408	iexplore.exe
2408	iexplore.exe
1948	IEXPLORE.EXE
1948	IEXPLORE.EXE
1948	IEXPLORE.EXE
1948	IEXPLORE.EXE
2408	iexplore.exe
2408	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1948	2408	iexplore.exe	30
PID 2408 wrote to memory of 1948	2408	iexplore.exe	30
PID 2408 wrote to memory of 1948	2408	iexplore.exe	30
PID 2408 wrote to memory of 1948	2408	iexplore.exe	30
PID 1948 wrote to memory of 1212	1948	IEXPLORE.EXE	35
PID 1948 wrote to memory of 1212	1948	IEXPLORE.EXE	35
PID 1948 wrote to memory of 1212	1948	IEXPLORE.EXE	35
PID 1948 wrote to memory of 1212	1948	IEXPLORE.EXE	35
PID 1212 wrote to memory of 2656	1212	svchost.exe	36
PID 1212 wrote to memory of 2656	1212	svchost.exe	36
PID 1212 wrote to memory of 2656	1212	svchost.exe	36
PID 1212 wrote to memory of 2656	1212	svchost.exe	36
PID 2656 wrote to memory of 2204	2656	DesktopLayer.exe	37
PID 2656 wrote to memory of 2204	2656	DesktopLayer.exe	37
PID 2656 wrote to memory of 2204	2656	DesktopLayer.exe	37
PID 2656 wrote to memory of 2204	2656	DesktopLayer.exe	37
PID 2408 wrote to memory of 2492	2408	iexplore.exe	38
PID 2408 wrote to memory of 2492	2408	iexplore.exe	38
PID 2408 wrote to memory of 2492	2408	iexplore.exe	38
PID 2408 wrote to memory of 2492	2408	iexplore.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fcf053aff7c6bfc7d860959a5e00c815_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1948
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1212
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:537613 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a65c0e474245b9a84c58065abe0c5205

SHA1
10f1ce00955284aec2a27729b49d6e8c07bf2635

SHA256
0bfa702a7d0004a3ce85426eb68ccff2bb50fb7d0863f01b83bb385b0b7ac332

SHA512
4ab727276215ea77485d719aa977e23d97fb6945721dd111626dd159ab0b3531f1709f67a95309c23ee0c69b41bb8142bceac8a6682b717d41733eb40425d2e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84671fa4271dbcb57f709d1728e68984

SHA1
0cdfd5a4e5c838d7860542d0e013577ee8fca58a

SHA256
9342b37ae85331c05f56daccfa2cfa933cf23b3ed93c8e4bf15cf2703e49857b

SHA512
d58eaef14561cf702fa800ca646066ed5cca092e887ef8e2e980a6503af8304b3649bc1ea2d650fdeb4d996ddb8d5e7f86a6759cb25fe0a4b8cbd9a2ec5ea722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
683c8c26f2a2e07ee70f32def7f51ace

SHA1
64077debc8ba6cac9ece07d40ae7dd3e30a92a32

SHA256
ac9a6d422df543c954ed50dafe6a5ade4467ee7ffb9b7845ca5c97837b60b360

SHA512
83d28d604039891a16bd8e7c77d4eef115c47bdcd58e78b8f9fe996c3743a7a304dbba04b47d63311a79a704556f1d1004694deaf9ca1a356566ea162e1598a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6432760a3aaa9279db43779d02724b8e

SHA1
c646c0dea98c1d8213a46b8be1d5b1df1e02ec6b

SHA256
a3a534e03dd18852f52fe5455e8787b8b40471ad0b8e8ee65065bd1584d6da70

SHA512
fc161e753d4236e59047b922245822140b776fa83ddc451046d1a5b9aa22152a41c346a9eb5f4f5f0c5849ad7d51f515fd4e4f61123f097d1fafccf6520fe407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d35c76bcc2f273bc2637df91c0cb6b4

SHA1
b7cde431aa715e7c3a8ef3099cabbf85144ec4cc

SHA256
7c837806046cb3d187daf1aecc3a0d8f5e84b715fadd8fd0dfff2b560ba20f55

SHA512
c69cada4755a2e873cd5506e759baa6a5370b3e5593d21778286d6d226d2c0705981ed1aacc373a3e1d36d03116d81c9ca82df4e3cf367223cff93b291031713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0b147b37559a7085bcceab9fcd11ec4

SHA1
0b8b7a674ec4a236ae9b8284b023eaf7bd04cf7d

SHA256
b628d6fa71fd33fb0970e030864ce9b01722aa63577a8eed64054339b49d134e

SHA512
35a260e395278f56cc47e34ea54e7a1fb41fea8c27f6b209fafacf0100a92d6fe0afc6f7d8b1383bd8b44551b24c2027ac3fc983a3d61362c0a59d99366801ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53bc6612cf10c8ee8e5af36b3b808d43

SHA1
7c3ece3b12764fdc646a538535ff4905c2391536

SHA256
59e15c6091943ef3603a416d1ffbde1fc623b9ef9624ff15ba19fbb57764ce76

SHA512
fad7c71cec19c754a1656d197ddeece7b60246c21e11d0cb750b9cda1e2ab9ef1a9af2421151f0b5a3af42eb439101ead2ede490904217060adb3ec7a498bcae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
539afa14368f646a75c0a569f2d2c8b7

SHA1
49cfb2e225f1eba480bd995159e1c7cc1f647932

SHA256
63717a7d4d0b00fd3fe5f1a088204abf0afb44c56b8ecf80cbb0bff68a7d1456

SHA512
c28ec4e0bb6545dc52aa84dca99ffdf8bb931a157416a9e0edba032ae748ea6209366ec6a2a458f431ff64597201955ff1ec600b89f425272321b07b60a1ee02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65c68ceef2769935d84d44ebf3fd43b1

SHA1
c0cd1a0fa43058fc8407d3d62b15dcc3a27329bb

SHA256
288f8bcd1f56b42a5995058be547e5aaf6f158c95ab7c1a8a66dc5c9b2d3f4c1

SHA512
dbe4d18abbe480a089743e413ce66497146f7243fc56178c66aff2bc4d1c208c6e9acc83d61a6f1ec7a5f8ceaff0525af3741b9e2daeb4d3775de0478928e579

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f550cfc6c7bab480050c5ca2e0edd422

SHA1
bfe6a49ee6d5ac3c16c52695a7f62cd456b867e8

SHA256
0b8f9758c3f7fd2daa4d8e6fcbcfa8d94d873df539eb5a05ef5ec2e85e48b46a

SHA512
b21f84a8f39452ec513feda8a2889fd67cd15a3cc031cfb2ffbcf3f9dcb88676b651eb769e3b41ded05c023947cb7e1b9b3f77f74c0766266654ae877d88dc26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46b180b9308b2d15c80f1eb58f6d20e4

SHA1
8b0759ce3bccd1fcba1c6e5837d30b8db1595c64

SHA256
07c8130e7e3e5bbd415c713470785847b68dc9e0c8c6aaede7bb401f1e02f90a

SHA512
c81f2cb8054e4425b6116af65c6ada02b98d507201727108cdfac6efa8010a01d833520096f7748e4d1a706f05177a59bb1659c666cfbc4035089b8306f61aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB867.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD6B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/1212-438-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1212-436-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/1212-435-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2656-449-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2656-451-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2656-448-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2656-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2656-445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2656-444-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download