ramnit | f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94

Analysis

max time kernel
121s
max time network
137s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23/03/2025, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe
Size

425KB
MD5

923545729087b398afe72a816a1c1eaa
SHA1

068a11e2d07b54933ccb603ec3948b88ca09ee89
SHA256

f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94
SHA512

a28179456673d49bc54507aa60e54c577c991ee1389bed00743cdc81ac6ee2a97bb2639316c04c68c7ded61eb9afabe4f0d150a7425b1d5eebee9354e1ebf7a5
SSDEEP

12288:30X0KOnD/voMRQlNmrbhod2hiRAXQNs44BF4lIyHLhdQ:kX0hD34ShYVRyg0gHQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2448	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe
2992	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2772	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe
2448	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2772-31-0x0000000000D30000-0x0000000000E24000-memory.dmp	autoit_exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2772-0-0x0000000000D30000-0x0000000000E24000-memory.dmp	upx
behavioral1/files/0x0003000000018334-2.dat	upx
behavioral1/memory/2448-16-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2992-28-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2992-27-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2992-25-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2772-31-0x0000000000D30000-0x0000000000E24000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px35FE.tmp	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "448889726"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E707D91-07D6-11F0-BE2D-CA3CF52169FD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2992	DesktopLayer.exe
2992	DesktopLayer.exe
2992	DesktopLayer.exe
2992	DesktopLayer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2112	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2448	2772	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe	30
PID 2772 wrote to memory of 2448	2772	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe	30
PID 2772 wrote to memory of 2448	2772	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe	30
PID 2772 wrote to memory of 2448	2772	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe	30
PID 2448 wrote to memory of 2992	2448	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe	31
PID 2448 wrote to memory of 2992	2448	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe	31
PID 2448 wrote to memory of 2992	2448	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe	31
PID 2448 wrote to memory of 2992	2448	f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe	31
PID 2992 wrote to memory of 2112	2992	DesktopLayer.exe	32
PID 2992 wrote to memory of 2112	2992	DesktopLayer.exe	32
PID 2992 wrote to memory of 2112	2992	DesktopLayer.exe	32
PID 2992 wrote to memory of 2112	2992	DesktopLayer.exe	32
PID 2112 wrote to memory of 2728	2112	iexplore.exe	33
PID 2112 wrote to memory of 2728	2112	iexplore.exe	33
PID 2112 wrote to memory of 2728	2112	iexplore.exe	33
PID 2112 wrote to memory of 2728	2112	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe
"C:\Users\Admin\AppData\Local\Temp\f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe
  C:\Users\Admin\AppData\Local\Temp\f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2112
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
683711d0fbd31ebe16c2486c00d6b536

SHA1
f699c5fc62af108dfaa82ff11586414d3dc849bf

SHA256
0cf85a2e85c40e2d17f1a5f6c54e57e81e17e9dcaaa779556fc8785ffcaa0bfd

SHA512
26868762491c6c355d49b123063a537de98293c646d43c1bc05e62b3119cec6a4aece4dc54477510926b5ff705d0846fc95cba6bc933d3ad02b393640548c48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84392765a6abd036de4272e4e623f494

SHA1
feaad6e7c996654dc82cc4170e443efceba2a7c3

SHA256
b807f0889b87f40649afa44564d9ba31db417bfad0726a57e1d9a2d49a582653

SHA512
ac6cb7e00013a92b49d69f9c6c1f628d61bd4b830335ebc02ea8669ebc93f3164f5ba4a0404a44af0089f4f66b03c690afef9d894f97a9e09248e3a79ede0f22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4340a7c12af2a0b8581357015bedfb26

SHA1
25035364f0ed6925e5349739a9ed7e413c516217

SHA256
e1b8603ad85ad5d1564a2595fa9d106313c436ac179ff5934a0c6ec43a98b7bd

SHA512
07b91b2b0148848d10a464a3fd342cbb5f88eb04a1e02ea0209e298a3f5d3b8ce9d68233917d662edadf015c4d8e24e07ee25e4a4ca4de3aa95f4df3217e51b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc8ae41b04cfc94c2ceec2349cd86749

SHA1
156428e0d8cbb2e3d97db12adba10258b9df50fa

SHA256
1c6938ec9f69effdd0038f78e9ab35ae3e48d14b26b9f98f4f4d7b38b6141e73

SHA512
cc988116509470148e14478f4f66277436188eb86ed0ad663458372d90a18638240737691bf1d7a9d2825030cd1f2054d316d217e654423c303618cb7ed55bba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95866892bd2632fad76cb9449193e2bb

SHA1
4c28d4d9635f18e276ff497edb0bbd3aac62757c

SHA256
7d8f8c21b5141e9418174865585cfa7c3f99a96f31b2d630a271c693388e66b5

SHA512
5edd7380b451b2e322b91cfdef43447ce88ddf12cd16fb7ee562351f08ef0a0258c22b97d141be1647f8ff598930a90c504bd606be0fbe45ee22ea59405fb4c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d33d74c4bd42c0d4dd8343a10af51323

SHA1
1cef0a7f3c1868808c5accd644edddb3e527545c

SHA256
3a01d379b59fea910fa0aacc917c06dc5684641981097fe7653488d0f4efd2ef

SHA512
74d363ed3a6d25cf7900b83912e7f89ff03e1e417a8fa95c800409a09988aed1783f33ea0962316f97b82fb6346956bbcccbe9b5aba73aa2043e83f6d2908371

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
336ab98427aaa4bf3103151115b780d3

SHA1
55115b2df096ea4b72abd6df10a6f5cb116976f5

SHA256
4b1712500085e92db0cb344ba70be18f800396140d4c391bb3fba57490fbb1b1

SHA512
f81144554d728d1bd0f1cbc064adce7ca2c2d74a7bcd1b245258a1841ab93f27fa272d3857fdd224169df2ccd58af01848f4bd11cd8937dab6a17aa0fc0b0923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fde1fc9bce811cda99aedc3313b1f8e

SHA1
adee8b54aa6a771778193a4e2f95a1d5dad6cc6a

SHA256
69727acf0cf7309d1fe964edc1b1e25dcf5b4fa62ac72523298d6bedceb4f487

SHA512
bd48d515a4f1dbdee980389f144276bdc0c01f52d2ae6b6753e73fcb58f5db4c34098ca8d2cead3d1896a4eee75f8aa69f7a21d74107ed769518dfc87dd96544

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84cd27c58ee908944c4b3ec48093f5d0

SHA1
f38224f69a19e2adbef66159e2b1d27631bb8905

SHA256
587596576447b65bb66072454d28d4dad61373ced3e4f6e0b5a75b1edf2af4a2

SHA512
cf263b33f399a6bb3f1311ee68388f282bc6d5cb6881f4c36b6a667e7c2938faca23677c44eea85d1864e29830390abbbe1dff64817a27604e82f32ca2108b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4F2A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58A6.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
\Users\Admin\AppData\Local\Temp\f78e269059bcc7facc79d28dab4d1063ea24a78d121f5363ac47cff21233aa94Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2448-23-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/2448-17-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2448-16-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2772-31-0x0000000000D30000-0x0000000000E24000-memory.dmp

Filesize
976KB

Download
memory/2772-0-0x0000000000D30000-0x0000000000E24000-memory.dmp

Filesize
976KB

Download
memory/2772-5-0x0000000000150000-0x000000000017E000-memory.dmp

Filesize
184KB

Download
memory/2992-25-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2992-26-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2992-27-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2992-28-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download