Overview

overview

10

Static

static

3

2025-01-03...it.exe

windows7-x64

10

2025-01-03...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2025, 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnit.exe

  • Size

    3.6MB

  • MD5

    7c7a53883b80f22bd881903a16de54d3

  • SHA1

    7ca6134a736dc8f52829f8e30cd13a95af53986c

  • SHA256

    c4abf6ae6c226c4824446df015cfc1ce0517e361e4e0d16808b124ba3b7ca0dc

  • SHA512

    10723ed0eeef5f392d3251e03a6adbca537db0a5b8f79bf8463a6fb08feb19d638023ec17e7e447dbc607ae126badc92c178024655b12e664354e106d6658c32

  • SSDEEP

    98304:z1fX1YJdXWdlfmkfldqgVMgDnwo+kUNWvI3npO9Dz7vYzLEEvBZ0qwmy7mpmm9mW:z90dXwgSkpWfDz7vYzLEYBZ0qwmy7mpf

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnitSrvSrv.exe
        C:\Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnitSrvSrv.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1972
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2684
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1644
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2060
        • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2332
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2692
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:340993 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2808
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2836
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    498ca2607d677c88cc5731fa9064e2ab

    SHA1

    55a9747225851f92c8f130e618726be92b853b54

    SHA256

    a8fe4431f98b5b05682086a440c6b65d84577db96277f2febc4ea37f69f8acce

    SHA512

    32f119f66a47a33c6684761319d0885128298ac5fb3583cd7b6c0b3016c30edd2d59556be98e2239f389834fadcc481cc61054cc7adf3d25963ac10a8b20c98e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32d64c1f612dbfe0e9cb0e9a188225ce

    SHA1

    4e5f2e5d2f03f39b50dd1412f740f11c1045d198

    SHA256

    693eee919351998c96db23336d36d08b2492768ba108041a17710752b04895b0

    SHA512

    a0b02975a3dbe5fc8ad33d4b4506d6c0fd5c448e11da67cec072b0220dc648e537f0d35f7ee0a13617e8df173dc356ac6e1bcf4c1448e59d6417f03e04fdc840

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d735803228ca21fb4b3c7c0116b20772

    SHA1

    379090e60bcec33c0673d30e2fd84658e47e486e

    SHA256

    4dc3a1704c03b9a66c7f2d6df00544e0b15cde3601995901ceb821f8cf551328

    SHA512

    44f37fdf92bf223f963983b78784b23ef8c667fdb69903fae00a00a5930ddf7d7e3235ed50389f90743b71df62ceb3b18ca7d3296f731c5b0a4f2dd4831be54f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dbde4d7400ad426579a0b2ab904d8a6

    SHA1

    ce74775a674f1d06c54f4c55399adb665de6f49f

    SHA256

    e9ea78ab7291d3679443e5731d49db7ec0e1fa666b4b3ae1c244a41cc969939c

    SHA512

    6ff2dfbf55f7e36e40da65d6ff3a66993b9a2d7c2a9ab448ed720adde558b35ca0ac765585ab7ab3ca0920cea65b97d75751ca0798c7e9305e1db09b3f894e0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a971b83cad3d127bc9642075fc504d3c

    SHA1

    ba3a4792f11e4aede9262f394e2d136b44f4353a

    SHA256

    e0278ec3339bd5e11c5fea552d95f418d3254aa75f0f68812f32a4df61f39a44

    SHA512

    db5e0f99e40ce8e96ded4419b406cf5a60214eb6e173e26267023f7ec2a2e72be9a5b81578495d99472fa4af69cc15f9e64f327d442972da33e5d0eca532720d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8093d5fa5fe0843d4a266646600696f0

    SHA1

    42a7bf3eac22a63609d1d94e4a24659e0dc22a80

    SHA256

    47a2fcbb4279960d6393201358ab6504c95c92eef8a84d1899c13fc6fb9129c1

    SHA512

    44e6bb2aea6d0ac253c92475172609163a986de7b831a77d7a8c7e5fb84612dfef7c89c0cbd5dd513f55f82e6620bc6570cd6601b5fd4ff353cbd2dd02e76712

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6feb6fa5dfcd366da4c0b11d2e902ea1

    SHA1

    4357d10ee050a7e309bbd340dcdf1abd6b8f3ee2

    SHA256

    357a63bf5c488383236538bb6a6332c019a718a6440d30219449888595e74d34

    SHA512

    ecd34070405d2547037a0d45aad56ab1c18a41d6d77224ffb709cea6c85e748243611ed2da8b5906e7ff90aea124c56d4a66dc0c4e2560eae82fdee1cf9c5cdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    668a18d179f9d0f4fd727fc378649e86

    SHA1

    3bfb01aa7437ae3d9b9a003c7b45ecfd206b19cb

    SHA256

    990d0c42620e91cd6f5579b6d9567b61445674da33ef6bf74a0ff7da91f9629c

    SHA512

    deac57e71e4c942e98cf490e266190eb9076c9729d4aba267df5b3ac3dc2642c9bc9e043b20d46edbb40216272dfdf8d5f788d9d282fc4aa63e057dc95646bea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d2f7d4ed705e5300e2ff5ecd99921ef

    SHA1

    1b941a2a4ddb626e150a200fd8c1a676c8e82fc4

    SHA256

    e9412e4f66b5a5e9e0f6c85554878e3b78a27bee043af78c7b6d239ec5a28dbe

    SHA512

    b37f18d293a249d195df18d7219360c55543bb5249ac9424e634790f3a55b729abd37f628157fc32b32580a88d972f5e035766568977c82f29dd8c65c7ad5df0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    286acbf661bd11daff7c7b1165d2ff00

    SHA1

    dc314971f3471c62a7e048828a84569ea39e0bb4

    SHA256

    4a9603d20b31cd828461d0b2bb461a965c999cb42c6c53b0c523740501f243e5

    SHA512

    d9accee2c6255ed633545c790ac89a1b5ef86e839473b7fd384d31b3beb6fcd7380de9ea44837622e424b8ed155e81884e0ed8345f1bf45bafe31b87ac2bc892

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f52b77eb817f83017abecfab38dd207

    SHA1

    7e374892d84ae69ec0a9c60c2fdf2cbe78c529d0

    SHA256

    dcad4e8433d9e3d9ffb819d3c0af19910e7eec4c599ab3ea5db920ab2bc61a21

    SHA512

    bfd561f89a24c4ca4d0b85a8a3f3c0b18c79de53c120041953b1c6015a69c0a5b67e316ddf3493936bfdeb7fd3028b840a5c9b0434970f2385b0693063c0653e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d98e7e96d8c82a9ccc4f740be7233f77

    SHA1

    6362b033903aa48c67ffd41480354cdb128f50ed

    SHA256

    508ef9b4e56c1f1ec4c20f7618009c986a19ae7852fce4299668691ba681dcb4

    SHA512

    d05500920e6b92fc4bd323aef693ac93e61051c7de3f2c8e8145186c68d2ec807de0db08b778289d4ae25eb0852ea7dea2b24a0a5b387afd74f774e91f34a470

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21b0eeadf5fd3bcc2384db3291a146f4

    SHA1

    f81a9d5210f9da0dcaa83f456216f7e6b66620af

    SHA256

    af576ebf67389a6a18e30878819e607e1ca765e2d2466fc3d5e36f071c5d6f38

    SHA512

    099c815b32bf2d10d1617d50f7fd4f75a28a26fda0329e1f6a157c3ecb222b826069ee6a4ccbf6a2c6e48fc32d0efe945f28a551dd10ee9dd7689b6b8d6ad3a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01f5bc787378c248bf41dffdc2fe931e

    SHA1

    f1e18f7b3a1b6bb44cdb4e27488c31b78fcdea6d

    SHA256

    2227ea6f4b22262e594279386dda2a2b026b089e2d91309a98cfe86c75fb9dbf

    SHA512

    a521646a0f1f872314c504d658e2ad8a4d93c4755315ad5c259c25c61199e183a73d4138172b629fae277fedb78390b858fff2719b6e9949602701d2c3a7cbe6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1734261391ace45f56c81cdc94c284b8

    SHA1

    f1e51bb141c21576572832ee9cd187db4b407207

    SHA256

    de05c85ac2891910acc577791d16a4fe3d6073ae7a372bdb8ef442c4592cf2b9

    SHA512

    740328e1ad0327e8828d577675dba5ce186240a9bb81b85b02b93938c3e09ea2a9b6b505f8f14226ab8273083ccf0a42d7e2189a2674f4d0ee9fc0d077d33c6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3eb518cf7cf64ab3bf757fdae2f7e5cb

    SHA1

    1d51e8013c7fc1cbaaec8564481dd463e1a6ca86

    SHA256

    8d0728fee4b95d4a2c47eff5d3193a41a2668f3d523ca16e7192e4639d138fc2

    SHA512

    9877b9b70f1804df5b3aecbcb8eee11dbfede0820670ced4d93e50ca8f75087002ddb044af28ad64332a4e5f39060d416eff5bd70330d0399390363b2a49f618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    450629a34111a43f55daab63346ec3d4

    SHA1

    df7b026b7637ac87861b1c7245eafbaca0db0126

    SHA256

    91ef88742b9e30e60423d632ad263843985f1a38639b8c2742712c6d602db1aa

    SHA512

    7ab1c2445f911d9c5ce2f05cc00faf5353cc8c135c0464756830b9b7c30062c2073c2fd7491a4e0cae070810ff70c1d9bc8d29dac46095ad8d67f1bf55fdf99a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40e409c239f2f704ec4b7fe5da0a626b

    SHA1

    82382cb15935d62ede60dd1429f07cf13624a8c7

    SHA256

    0548536a6c131d0706623451b568c36bce460bfc09f32ff3d073339f2f72d98c

    SHA512

    80cc81257586caaa0e9ea45186e4bfcd65e08d5ec8cb3947c780f9831f29e5edd4e2837068aebdf0e0adf23757be964707c7bcdae239ce1486a6ca3600371610

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{510983B1-C9CF-11EF-8334-424588269AE0}.dat
    Filesize

    3KB

    MD5

    75d1d31eda3b5a3b896f2ac0dcdc1784

    SHA1

    deb67b71cd03871543e517ae877f2cb0624adf34

    SHA256

    c3be888cb771045812e8cffb2cfec85a356a099d18323fb37f0da8d1aed7b037

    SHA512

    cfd617ae320d0b74bff41168720c39ae86df71b668db9e94c442a3156e80fed7c25b6cbfe4af27c25dd0023bfe1ddfbe410f1cfce0cac3f4874f27c95c184ac0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{510983B1-C9CF-11EF-8334-424588269AE0}.dat
    Filesize

    5KB

    MD5

    615c6cfc3902d0f96d36e5e9e9431353

    SHA1

    eeda1846bc96ea5a2a0b778bb10c3280b763e4eb

    SHA256

    78bd7caaf77be1628965a8cdb891747747a503cb74308c172f5e11f4a4f2aa50

    SHA512

    fff9e1dc1c8cf1b998ce0ae7b041367ad596fc97de05e90562351f2d1354223b146f81595dd06d58c6264b0f1e10e3cc10ba9fe2c7187cf61258421d8eab483a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{510E4671-C9CF-11EF-8334-424588269AE0}.dat
    Filesize

    5KB

    MD5

    b4ce9c2d973fbc689b8439ee454c1a74

    SHA1

    8c33d3ee03299a12cb18bd74a2351dbf1cce00fd

    SHA256

    cb7360a23e41c7e15d80aff9bbead89394294f76c0e36c45f24bc5c768c9e6df

    SHA512

    49d7e1927b7b98211f22ae0256acae76cbc02d1b882bf5918700a2451891155913c785f5f2e84f4ce09adda0e61e79d787ee8a8aa01459c18729be0330ac2f32

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDE8D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDF5D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnitSrv.exe
    Filesize

    111KB

    MD5

    0807f983542add1cd3540a715835595e

    SHA1

    f7e1bca5b50ab319e5bfc070a3648d2facb940eb

    SHA256

    8b492fd5118993f8adb4ddbba5371a827fa96ff69699fe82286ad3a92758bf5f

    SHA512

    27161f765072f32977bfae3737a804492251514bd256336ed9eee985a760f11c8c778bfb45760bdbf94cb69ed49fa6831f2700548a290412a577fbc70a5b7d77

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-03_7c7a53883b80f22bd881903a16de54d3_mafia_ramnitSrvSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1972-26-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1972-45-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1972-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2060-37-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2332-40-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2332-38-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2984-30-0x0000000000FD0000-0x0000000001373000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2984-4-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2984-0-0x0000000000FD0000-0x0000000001373000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/3048-15-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3048-16-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/3048-11-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3048-20-0x0000000000240000-0x000000000027D000-memory.dmp

    Filesize

    244KB

    Download