ramnit | 77605a9119c90c68b78b1502de1442565a529d92408dcf45e8b6833835ab092e

Analysis

max time kernel
92s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe
Size

104KB
MD5

51cf908178d2711d83eb1f4bba3bd202
SHA1

333c2161b1530af4bd726754be0ca32d472c986f
SHA256

77605a9119c90c68b78b1502de1442565a529d92408dcf45e8b6833835ab092e
SHA512

4c8b6164431a8a55b73fe6629a7f7a803974bac7bb3fb38e6e2997137efb8a6ad901ffa5a653e01132b1a299a81a1fec7c6401e8a9868ae9d1eeba9c9d5cf84c
SSDEEP

3072:L4uvdzGfptdgPVKWVzc5jwaaHw7Koj4rRO71S:Opvg8WVzc05

Score

10^/10

ramnit banker discovery spyware stealer trojan worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe

Executes dropped EXE 1 IoCs

pid	Process
4712	cxaovhgwyljknoat.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4820	4972	WerFault.exe	84
3636	1640	WerFault.exe	96

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cxaovhgwyljknoat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1419470958"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158886"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444931120"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1419940140"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158886"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158886"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{801ECB74-DE59-11EF-ADF2-E24E87F0D14E} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1617752598"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe
Token: SeDebugPrivilege	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe
Token: SeSecurityPrivilege	4712	cxaovhgwyljknoat.exe
Token: SeLoadDriverPrivilege	4712	cxaovhgwyljknoat.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
3124	IEXPLORE.EXE
3124	IEXPLORE.EXE
3124	IEXPLORE.EXE
3124	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
4996	IEXPLORE.EXE
4996	IEXPLORE.EXE
4996	IEXPLORE.EXE
4996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 4972	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	84
PID 1340 wrote to memory of 1896	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	88
PID 1340 wrote to memory of 1896	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	88
PID 1340 wrote to memory of 1896	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	88
PID 1896 wrote to memory of 2976	1896	iexplore.exe	89
PID 1896 wrote to memory of 2976	1896	iexplore.exe	89
PID 2976 wrote to memory of 3124	2976	IEXPLORE.EXE	90
PID 2976 wrote to memory of 3124	2976	IEXPLORE.EXE	90
PID 2976 wrote to memory of 3124	2976	IEXPLORE.EXE	90
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 1640	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	96
PID 1340 wrote to memory of 4676	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	102
PID 1340 wrote to memory of 4676	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	102
PID 1340 wrote to memory of 4676	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	102
PID 4676 wrote to memory of 4372	4676	iexplore.exe	103
PID 4676 wrote to memory of 4372	4676	iexplore.exe	103
PID 2976 wrote to memory of 4996	2976	IEXPLORE.EXE	104
PID 2976 wrote to memory of 4996	2976	IEXPLORE.EXE	104
PID 2976 wrote to memory of 4996	2976	IEXPLORE.EXE	104
PID 1340 wrote to memory of 4712	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	106
PID 1340 wrote to memory of 4712	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	106
PID 1340 wrote to memory of 4712	1340	JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe	106

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_51cf908178d2711d83eb1f4bba3bd202.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:4972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 204
    3⤵
    - Program crash
    PID:4820
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:17410 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3124
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:17416 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4996
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 208
    3⤵
    - Program crash
    PID:3636
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4676
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    PID:4372
- C:\Users\Admin\AppData\Local\Temp\cxaovhgwyljknoat.exe
  "C:\Users\Admin\AppData\Local\Temp\cxaovhgwyljknoat.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4972 -ip 4972
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1640 -ip 1640
1⤵
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
735889089a4e16ba45c92c32a4c246c1

SHA1
d85e55baa14c4b80205d78c6bbc5b379a4cb1a36

SHA256
c27873858e2f658f18d9800271c89047a70518d52fbfdeb8e7cdd7542cdd6bfd

SHA512
372bd23c89f7add13d23ace311fb3eaf732d43d3411a9b4e0645e62632200fec306bcd1258b35c7066797357ccdf606af9e294bf85bf9c6a14c70c60f8f45b59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
41694fe83343fcb303d3fe7c4dbbb533

SHA1
d4034952b4913aaacb283458650edc3ad12ca218

SHA256
be59866b087b631a071d715f2642a58374dfb7c57beb6c4d27e496bab5005a63

SHA512
0e19c87c4531ed73248cf05f8ad412f71be0ce0624d477afd1a57e77743315ff5295321550fde48bfca6ade02279e3fc98c910bb169ee389bc85386067f22996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PGH3GSHW\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cxaovhgwyljknoat.exe

Filesize
104KB

MD5
51cf908178d2711d83eb1f4bba3bd202

SHA1
333c2161b1530af4bd726754be0ca32d472c986f

SHA256
77605a9119c90c68b78b1502de1442565a529d92408dcf45e8b6833835ab092e

SHA512
4c8b6164431a8a55b73fe6629a7f7a803974bac7bb3fb38e6e2997137efb8a6ad901ffa5a653e01132b1a299a81a1fec7c6401e8a9868ae9d1eeba9c9d5cf84c

Download Submit
memory/1340-4-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/1340-19-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1340-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1340-34-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1340-10-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1340-11-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1340-13-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1340-17-0x0000000077CD2000-0x0000000077CD3000-memory.dmp

Filesize
4KB

Download
memory/1340-18-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1340-0-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1340-20-0x0000000077CD2000-0x0000000077CD3000-memory.dmp

Filesize
4KB

Download
memory/1340-6-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1340-5-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/1340-2-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/4712-35-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/4712-38-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/4712-39-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4972-8-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/4972-9-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download