ramnit | 7e8c6365635025e9421da10c38918ea393e11b42d8d0460f006ae9cadb5a4ae5

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe
Size

63KB
MD5

fe29c5473a599a089bfd5ef63188fdab
SHA1

17b224ffc8ece6e93079698e4e777224b16a5c3f
SHA256

7e8c6365635025e9421da10c38918ea393e11b42d8d0460f006ae9cadb5a4ae5
SHA512

3abc57b11adadf0469218527a758af24fb3806d1366ed427efe1c844b3c4fc2f4dbdc17f068247282057daa2cd196f690844b2455b5b985475adca25fa6579ac
SSDEEP

1536:k9uFbKi5xntBrEyGDE1whTCetsh1nHUa:k9ebKuxnbFGDn4Lv0a

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2668	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe
2896	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
3068	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe
2668	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-2.dat	upx
behavioral1/memory/3068-4-0x00000000001B0000-0x00000000001DE000-memory.dmp	upx
behavioral1/memory/2668-9-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2668-10-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2896-19-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2896-17-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2896-21-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2896-23-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3068-24-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\AppPatch\NetSyst88.dll	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxEF9C.tmp	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440738950"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F5391C1-BDB5-11EF-8F1B-EAF933E40231} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2896	DesktopLayer.exe
2896	DesktopLayer.exe
2896	DesktopLayer.exe
2896	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2780	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2668	3068	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe	30
PID 3068 wrote to memory of 2668	3068	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe	30
PID 3068 wrote to memory of 2668	3068	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe	30
PID 3068 wrote to memory of 2668	3068	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe	30
PID 2668 wrote to memory of 2896	2668	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe	31
PID 2668 wrote to memory of 2896	2668	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe	31
PID 2668 wrote to memory of 2896	2668	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe	31
PID 2668 wrote to memory of 2896	2668	fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe	31
PID 2896 wrote to memory of 2780	2896	DesktopLayer.exe	32
PID 2896 wrote to memory of 2780	2896	DesktopLayer.exe	32
PID 2896 wrote to memory of 2780	2896	DesktopLayer.exe	32
PID 2896 wrote to memory of 2780	2896	DesktopLayer.exe	32
PID 2780 wrote to memory of 2772	2780	iexplore.exe	33
PID 2780 wrote to memory of 2772	2780	iexplore.exe	33
PID 2780 wrote to memory of 2772	2780	iexplore.exe	33
PID 2780 wrote to memory of 2772	2780	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe
  C:\Users\Admin\AppData\Local\Temp\fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33a07f26c1e7e4065cb1b9aae1e84fe5

SHA1
7ded5537c7d5d12134486fb06ca3815dab7209fd

SHA256
003162628456cf5f4aec02fc08c4a62e815b785964c13270e1c1b55618dc5779

SHA512
febd933425355dc419c61e4db1349e853183a3af725d56a70b1687e2b428784d53282d273f29d55f363667a02ad9a29796620fc9baa14ad18b1f80cab424bb67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4c896dc6e062f06dfe5d7443f8fd0af

SHA1
122897935dd92b57269989997e3dc46cd66b40f9

SHA256
49805b0e221f05727ab889ea7d606fda03c075441722675dccba8d1c05e833a9

SHA512
8300e3e3bda7dfb258170c060eac84eb505a8bafb9a0387ec2725d6f2d938b71e7bf26bd5e8c42ec3c709d98c6e40909c9251adc850749242c2299ecdcf84021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a451e56c055aff4c1ce6f33ea738309

SHA1
73b14cec8d43bbd881bee73eaf3d3360c6835ac0

SHA256
36ec7c436cb0e795831876d7a21f751632fbae33a1899e121c73e2946b6d7609

SHA512
3461cac3675a05db0e8c5b83b327b33dc90e4589337c3e5bb5f597b4b9badac679a4b81c1602e7a0e97103593d241ebb8efe59956b75945edb10bdb29ac7a962

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2b1ae63f6a52e2229e1777dfeb0da79

SHA1
4a13da7e946946065810e555c04f09fb1e0ae0b3

SHA256
72920ac8c526a428d3e70d7cc7644a1dc60a4576edf1b85b7ebc16d5c044553e

SHA512
07da2616418ac9e648444dff8cfaffb1cd4b8a584136c47e7ac7271c2d9d53dfa1acf941fa4818ab6e2eb4b39a03d26ff943c892e9fc0cce8d18b09641834e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aad2cc27321885364661d987a6b2539

SHA1
34e06fed647bf59b0c2d4603f5c25bd6b0a53850

SHA256
1d569bb55c8d966940daa7e722388c9f06253aa3ada8415df94f5cb6fa40520e

SHA512
0835c24cb5934bfd8a378a7dcc76b5367b7ee8bba9625e4896e3e052ae6cfaf7fea54a3b15b17b8663aee9e976cd08086966c15f7d355e32a477e8ada13c117e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd0a19b5fb6bd23f3c26d92d011a593f

SHA1
106069c45a846e57983ab66631450c73526e53b7

SHA256
91cde409bea9a31ec738aba05f43ef180ec76cee868b3e7056e1d39c92d9a9f9

SHA512
e0f466f5497064670ed365ca3314323dbb37436227fe478f1279be999bcde23ba2e9986922223118b06844e1ce04b64de552ad5c2441000e8d64dede8ca0de58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38386518cc218c100bfae0fbc6aa68d3

SHA1
fdffc098e971e18ed959824d4bda3206e2067d32

SHA256
8de92e80772f1126c7f6d32377581011b947b7c6cbe4a8de38a784bc3d7e300e

SHA512
f2f6c941fbf71cecd60050c20f70039cc793c4e8734cac847dda269e3e3b26b224d98f0ba741b515862b2cfccf467dc895c53b006443ce6a1fdda0f034a084c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b2e832f080b5d7cc1e944ff17a8ea34

SHA1
14679a369ecdc1ca6d38638a3d6c95f7079e2526

SHA256
75a65d2a17a48b77542a26be805385421348ff6adb447db7eee65cfbe6e754b1

SHA512
3977084e116bcdfa4fd8d0e29618132534022fb6b2f62facb2331a4951278b7fc24503c2f707b0267e9860a87ca055acb2f5d668707dfcc0a28294e80a7504ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfe1ff740e9a0a04496100e9f81f37a0

SHA1
22c4c5e623fcca3c6f1cdcfb306ccb862fc04c84

SHA256
671b9f01eac569434ca1408e5e35c2debdcef7ac9c5ad7195884753428a2d74d

SHA512
d94563cfe82ea82a89b6a1d92525526bd7483245d2f5198e47b1b63ed75c902a4bfdf2dd99ec925db6e212d44d0ad9c879fb64cbd86dadf1125655332314249d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9c112630bef4ae32c9d727a8ea09cb5

SHA1
16290dbc7c1f2dff1fd6ccaa3252f8fd58a317ae

SHA256
631c82a49b41b2e1de4df1315ef1994e2d3616cbc6bc4bba02f23299289e5291

SHA512
52077d241adf417702ba522c3abb415172cb3ec5c304ed52db8ff8700b4a1563829fee5023369bb91a4793e40eed1ae2529954582b0a9b95e473c287b35c58d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d28367310887b921a0c08460e09ad7a

SHA1
4f9ba1c3a681f5d192837eafd64fb8b3f1069639

SHA256
55784d3b4a03c03fb2088673a0c5793702e5725701b01b64a27027a9f1d87ec9

SHA512
0553b857b53f1ef1659230f06664499050e86e368274ad8f62fc80854b4330c30c71513cb2c3e2d30e50a93e5f097dec6ea4e6fa042f17090ca658ca4e5e2b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c7ba6fcac34cba8ef5ba08bd8146431

SHA1
f3061351a5288fc92d5ed534c6571433bf7e8016

SHA256
f5af967138fdb02e203d1cd6ddfee2045bc9ffff96fe09b859882d83e19ffbad

SHA512
d8db1d4797ecfd069bfaf7f80b06086e6308cae9824928c8e418fdcc030c1c10f2e9fbcb36748be11bad42bcb9e34cc836327120dec64ae6d1114d50e1204abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75e44e5fd2f828ad2ec67703b74e2ba3

SHA1
29207b7e9a91ab2147ddee858b32eba7cb89c050

SHA256
23a59b65b9f561d3078c74f0bd50bc66cdd77be62eabf69f1f8e99394f93887a

SHA512
abc51548c84f392e91594b06542a9a6eabea1bc6d9e46b84c3ac2c34fb37087d1e497368e748909e7ec7198ba10b718fca0caf409ea21aea0deb628a87153355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab57E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar63E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\fe29c5473a599a089bfd5ef63188fdab_JaffaCakes118Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2668-10-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2668-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2668-13-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/2896-23-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2896-17-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2896-19-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2896-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2896-20-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3068-24-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3068-4-0x00000000001B0000-0x00000000001DE000-memory.dmp

Filesize
184KB

Download
memory/3068-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download