Overview

overview

10

Static

static

3

2025-01-03...it.exe

windows7-x64

10

2025-01-03...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2025, 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnit.exe

  • Size

    1.9MB

  • MD5

    4a65bc7f8169b7856bcf301224a778d3

  • SHA1

    91ae75d9cfa2d93df53a39222bd4b482d719e1db

  • SHA256

    21cb862b0e7b729a973f6a2a7171c0dbff0065f625ff58bee734abc55c11f857

  • SHA512

    8d9ec6697566b546f1fd905bfbac9aabe33b45cdc757e2d806c8dbea1ca76f66b6f248b8b8e6ad06e63cdf0ac139a96100cd3e9a44795a40661c6186bdea53dd

  • SSDEEP

    49152:GfH9d7Hq+fTD6aHf3IFLeVsxKaEwudNNNkeeBqocYdAt1HKgD9vBZ:GfdRHq+7OaHf4LxxKaEwudNNNkeekt1d

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnitSrvSrv.exe
        C:\Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnitSrvSrv.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2076
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2892
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275458 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2856
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2600
        • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:368
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2808
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1032
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2228
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08fc7edb6925f222f1254241c326bfb6

    SHA1

    d2035e1854a99def35b739df793ee50e80c38d13

    SHA256

    240ee03e8c689ff0d3591475e4682c44f65e729f921850ec8ce105e53252c27f

    SHA512

    5b939882433342ad04e46422af91015e6e99ed807b94103a9429baa9c00e29eac8b8ea90baed66b75e4d599071b4ea0bef22905682ebf0e515242c00ce92bb69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4f330056e70d749bc90560d796ec2d1

    SHA1

    d3fb7e4f5179ec5a4846cffb59c50ecc09dfef45

    SHA256

    96af13d80cf5f08b551b36a28624424b0c45f2461c3896d17a2d1d2d194902fa

    SHA512

    85c3b33b9202ad22ae27bcbf9d43cbe93fca8e2b4c87f19c67be6f59f52b5bd036b4375e9254cc9f07922efc3b2826854b68a7a93b0c267ab23a38b371762d42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cc4015b9ac67d2a1b3377f16e9eeec2

    SHA1

    db7c5d979e91c99c5250df3bcc9e0ba069bdbedb

    SHA256

    d00afed09182c9ca2e04be4ebe73695271caa4a63834a4eb22942d8e415494da

    SHA512

    41ddc627ed9dba8c0e17d53c02e7d8691f2612577898520f4f6638f7c2832ef1f9c0a2626677fc03aa04233a6145a884fff988f2d216c043f4c35b9e65eeba71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13264656d0154d469b2a2d20cb7994e3

    SHA1

    66422f0ed73e588af7adb51bc4b7788df182ca90

    SHA256

    266c0de149d406c32f5fa7123b75fd1650035d6b5e09eb86cb92f53981ee67d7

    SHA512

    02f6dcf2e2b95082aa3ef9dae14104129d45400c377562e911bfd1ba045038f2af4be5faa571ebc009cc0668eec52fb39ff0ebd1dc7d7fd74eec193d45e28784

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    161d722acfcfbabfc74d6b3820c0f8dc

    SHA1

    0b374bf7ffe7b398dfbcced2350f5a63f237fe3c

    SHA256

    351a78acea98de16d7b818922522c25fc0c5f7e586a39c03bf783c52af5e8b58

    SHA512

    a5570fde441d940fcc9f6d8602f21f1ced47e40c175bf68730c62672689fea55d2741bfd5a1bdb18e522d6158186d5fefeae81cff939da681935cba7893368f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0a2951d25eb4a233acc839f0acd0208

    SHA1

    71088197d1343556608c9b6088cf9652ced872c2

    SHA256

    be80f2fb214e38239bca893160a171a833351ff97a42a1a0d2f763eb2957fbfa

    SHA512

    5f4693a02febf2c787b6879ecd9694d20d5a203e0b94b4602c848b5801a7ff3eb8c2fc5c7ce00fd1dd01f800ede04b9c0d392f29c0aeb3ce8553740a0c83ef84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d391440bdb282bd5664e95de36c9349

    SHA1

    035450dd37d8999b611be20a4d3dacb05f2c2551

    SHA256

    1cffe70a4f51cd6a3be17c4f38a906607bf586c867f54c5627733e7552451063

    SHA512

    8123b2485b9a8dc381dd63830110af45203aec2d18cf87649e5b7bd48a109fc22cae8d5718e47302b4ed308dacb85a41f8da8572e4545233eec1c23b442ddc6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40990eaf2b89467ee2fbcc732d07cd86

    SHA1

    5c0dc2f5a83ca2fb049f0e8c417c7ec7a43933ea

    SHA256

    57351fead73898243e5fc454506a12fa5bbffcb5fc1dd7f3473ea04d8111577d

    SHA512

    d7469be1d3057bb63393dea6a9b725e076d0157ac63798727b83becaea046923fd2d1963f024b899b3364a06b4dfebf927220617e63da7a2db02e24ec708bcef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2a3f4e3fdb85c294a7825dee7d9e154

    SHA1

    a5d5f4027a4b7bfbc88b56ed0307ea1a7a189eff

    SHA256

    e6e11c5ac7719780a43be87ea8937612eb0d191df5c65dfcaa8be3e0f8988ec0

    SHA512

    9062b5c932fbaf5071f21f78146d8eb7b07cb8c82eb50710029801678b035088d7aee8d0436a3c00ab65bad573ed5b5e02753736dec440fbd14b27f7d8a881b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61782c9cf0925f4bc1ec2496c3bb49b7

    SHA1

    d9147a36af9d33ff82c4f435e0914414c1c776ea

    SHA256

    34d9fd73787740063dbdc4c9f928283f454fbf684fb821e29941b9e69b2a25ee

    SHA512

    87f2674560174a69a090d61db5be55d72cfaff8e9fc442f4633dc9a9971cac8372ef07254427f8845c2a23945fd1b7e2bae72373723ce9f61cc8fd83558b5f01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87e990946732baaf044274588f3af3af

    SHA1

    4389a8ad55a1899c243f32fb68deac1c83cd7462

    SHA256

    ea0beeb6b9b16df208e4a1798256997147b0a8623c777a95eb0ee87e257839ef

    SHA512

    103c9cf008f5f3b7f871362d561115bb74d6d6e88dc642879a5945a05a39ba0ca8827a722bb7e1630d801a0466315e35f635223377d74bc996f967bf3ad0a372

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c237f80fe9d4b92145906c35e595607

    SHA1

    7ba1204bff49b2072402d06cd1f6620a1e98db4b

    SHA256

    fbde408070fc85e64e2e03467a7cb6bbc46396e276cf56cc0eb530028dd0ef0b

    SHA512

    abdb2854743221e7bcae26079c7d647791bf731df2594fcbff33bdf354e12b7b57eab3895a34862647c186f7dc09727eaed72e0ea67971d1ca64c2288fd38f5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17bfd6864c84d92316246db4172df626

    SHA1

    1aa8e858b9a17ca8c21724f0961fdc9242ec3b74

    SHA256

    5ba9b58cf72be52fbc2bd49a2463b32433fed59414b8eccbe89b05f77a913e3d

    SHA512

    ded13a6d05f02c13cfce51dad4a753b50312f738c382a1fe6e8634b5a5a26b1762b7b8f62e03f703ebb811e3b698ab2480ddca9d12fba1904e3098136d621eb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    648f4349b9a124aa544db9e1bf46ec02

    SHA1

    9ed6c010c2cd62e040c7440402e1e314524613ed

    SHA256

    a4bd1b9e3239965171c1c427dcdf66ab751ea416a5f4814fdf279993ffddc3f2

    SHA512

    2a8688d155a552c204f7054a2f0736528834d574973d4b3fa55fccf7666a2522d6c1eafd0a3f2f5dbfb7a7ff36db28c253a44c1f06b95c0c99db76c47096bf5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62a7e47604c7e979c36e7712e9424f59

    SHA1

    5a3b9bb178213b2520dd7d83abcff7a313915cb1

    SHA256

    c021128b6b54ad25582bb90de8cd595d184c424c6a41c6578d643f8b75d8e95b

    SHA512

    d704fe998b7ea63058595d78e3993ddeefab826e41537b2361efb595c26213a8e23aef51e0eab6e9a975c63c066a5182532d234cd29bd90e52fabeb2d7d99aeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f980f4db5dabeaeaca27b5cd3a392d56

    SHA1

    3cb921d76098f4755d448b6ae2a37c5ef5cb964d

    SHA256

    20ec72bd162ccf3cc5099166d83226617907e37d8feec6b1d7146a589af843ac

    SHA512

    20f1c810ed027dd05c563503e670aaad134803b0040f94a72ccb31256ce597eb81294370b1f834d6192b8037ac57271ec4c40038e04df846a4347a3e9f4f164a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{767D7491-C9CE-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    3KB

    MD5

    46935cbbc56ea88efe9cd4ea170ff83c

    SHA1

    53d68ce180987f30ba15aeda4e6367c2d4945a9f

    SHA256

    1674e9ab8e6193f1f18ee17c9d875ac7b9a34f4bb8e1eb375f4de02cb17828b7

    SHA512

    763d82e3d910acb4ef4647da83fb2072ae6bc37bd5ff3b85639493d729547736b6582a0b2a8c248c587ec08f686eaa05d4fd3c944e00606e232dcca422f0af15

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{767D7491-C9CE-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    5KB

    MD5

    e3aefeaccc517eb37245f5bf0cad5e2c

    SHA1

    04dca23ce5a408b43ba8fc25a789ebde4b603dc4

    SHA256

    b9267632597b134ee83a8f8cafe7d127c8404c445a76e96d127230d832c6cc7a

    SHA512

    bd2b8dc18ee11c10e049eeb1d87a0ab32dd5dc04b1255436ee5b367b9130732d7c368c9147aea0aa20269d5a689f88ed734f7f5a9c534040433c6806b9f0fee7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{768498B1-C9CE-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    5KB

    MD5

    bcf2a2da138414e577e465a50c34d9c3

    SHA1

    58eee1181a119c298b03d0da2d44d3c347b2996c

    SHA256

    a573fd9ef5fa41bfb28ee8afed1007ca46b9e8fcec1a7f2d8ac83741f5ff2d88

    SHA512

    e308b1121a80de54ef769889c0c0c589c7688a1a6350b2be44fa9eca0638897eb66c03ab971f60fba73136c5676c3eab291cb933bf9e840261f32da09d484ea8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF9AD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFA6C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnitSrv.exe
    Filesize

    111KB

    MD5

    0807f983542add1cd3540a715835595e

    SHA1

    f7e1bca5b50ab319e5bfc070a3648d2facb940eb

    SHA256

    8b492fd5118993f8adb4ddbba5371a827fa96ff69699fe82286ad3a92758bf5f

    SHA512

    27161f765072f32977bfae3737a804492251514bd256336ed9eee985a760f11c8c778bfb45760bdbf94cb69ed49fa6831f2700548a290412a577fbc70a5b7d77

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-03_4a65bc7f8169b7856bcf301224a778d3_mafia_ramnitSrvSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/368-39-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/368-36-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/368-38-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/368-37-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2076-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2076-44-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2324-5-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2324-46-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2324-43-0x0000000000C90000-0x0000000000E85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2324-0-0x0000000000C90000-0x0000000000E85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2404-15-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2404-7-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2404-17-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2404-16-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2600-28-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2600-31-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-25-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-35-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download