ramnit | 850d8de52e9d88bae530374aac943fc6d60d6661933d9953ea5715e4433cceb4

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176aa5ecb5a01649e4fdaea9915ef131_JaffaCakes118.dll
Size

312KB
MD5

176aa5ecb5a01649e4fdaea9915ef131
SHA1

801f6060755f8e4afdec41aba0c062b4890d0a38
SHA256

850d8de52e9d88bae530374aac943fc6d60d6661933d9953ea5715e4433cceb4
SHA512

fd781cbad48d079c02bc14e268fb1717f2c40a571e811c3f36e727546be1cfcfd04f158d2d0c6302faae990b0f8546e5f67b77703451b81151b5130c93dbc084
SSDEEP

6144:hcTbuKgqP75mDbeWQztbeO3BUd2BfQzkfP6F:O/HEDbeFtbeu7gYY

Score

10^/10

ramnit banker spyware stealer trojan worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Q0WW71P3P

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation Q0WW71P3P
Executes dropped EXE 2 IoCs

Processes:

Q0WW71P3Pnngxtsifuscalhiy.exe

pid process

3392 Q0WW71P3P
2296 nngxtsifuscalhiy.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2028 932 WerFault.exe svchost.exe
2384 4440 WerFault.exe svchost.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	Q0WW71P3P

pid	process
3392	Q0WW71P3P
2296	nngxtsifuscalhiy.exe

pid	pid_target	process	target process
2028	932	WerFault.exe	svchost.exe
2384	4440	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115472"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115472"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4047692769"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115472"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3847535449"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3847535449"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3849566886"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{10F2590A-34C4-11EF-B1BC-D685EB24A7F4} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115472"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3849566886"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115472"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426285192"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

660
Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Q0WW71P3Pnngxtsifuscalhiy.exe

description pid process

Token: SeSecurityPrivilege 3392 Q0WW71P3P
Token: SeDebugPrivilege 3392 Q0WW71P3P
Token: SeSecurityPrivilege 2296 nngxtsifuscalhiy.exe
Token: SeLoadDriverPrivilege 2296 nngxtsifuscalhiy.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

IEXPLORE.EXE

pid process

836 IEXPLORE.EXE
836 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid process

836 IEXPLORE.EXE
836 IEXPLORE.EXE
4568 IEXPLORE.EXE
4568 IEXPLORE.EXE
4568 IEXPLORE.EXE
4568 IEXPLORE.EXE
836 IEXPLORE.EXE
836 IEXPLORE.EXE
3616 IEXPLORE.EXE
3616 IEXPLORE.EXE
3616 IEXPLORE.EXE
3616 IEXPLORE.EXE

pid	process
660

description	pid	process
Token: SeSecurityPrivilege	3392	Q0WW71P3P
Token: SeDebugPrivilege	3392	Q0WW71P3P
Token: SeSecurityPrivilege	2296	nngxtsifuscalhiy.exe
Token: SeLoadDriverPrivilege	2296	nngxtsifuscalhiy.exe

pid	process
836	IEXPLORE.EXE
836	IEXPLORE.EXE

pid	process
836	IEXPLORE.EXE
836	IEXPLORE.EXE
4568	IEXPLORE.EXE
4568	IEXPLORE.EXE
4568	IEXPLORE.EXE
4568	IEXPLORE.EXE
836	IEXPLORE.EXE
836	IEXPLORE.EXE
3616	IEXPLORE.EXE
3616	IEXPLORE.EXE
3616	IEXPLORE.EXE
3616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

Processes:

regsvr32.exeregsvr32.exeQ0WW71P3Piexplore.exeIEXPLORE.EXEiexplore.exe

description	pid	process	target process
PID 4660 wrote to memory of 4208	4660	regsvr32.exe	regsvr32.exe
PID 4660 wrote to memory of 4208	4660	regsvr32.exe	regsvr32.exe
PID 4660 wrote to memory of 4208	4660	regsvr32.exe	regsvr32.exe
PID 4208 wrote to memory of 3392	4208	regsvr32.exe	Q0WW71P3P
PID 4208 wrote to memory of 3392	4208	regsvr32.exe	Q0WW71P3P
PID 4208 wrote to memory of 3392	4208	regsvr32.exe	Q0WW71P3P
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 932	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4824	3392	Q0WW71P3P	iexplore.exe
PID 3392 wrote to memory of 4824	3392	Q0WW71P3P	iexplore.exe
PID 3392 wrote to memory of 4824	3392	Q0WW71P3P	iexplore.exe
PID 4824 wrote to memory of 836	4824	iexplore.exe	IEXPLORE.EXE
PID 4824 wrote to memory of 836	4824	iexplore.exe	IEXPLORE.EXE
PID 836 wrote to memory of 4568	836	IEXPLORE.EXE	IEXPLORE.EXE
PID 836 wrote to memory of 4568	836	IEXPLORE.EXE	IEXPLORE.EXE
PID 836 wrote to memory of 4568	836	IEXPLORE.EXE	IEXPLORE.EXE
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4440	3392	Q0WW71P3P	svchost.exe
PID 3392 wrote to memory of 4276	3392	Q0WW71P3P	iexplore.exe
PID 3392 wrote to memory of 4276	3392	Q0WW71P3P	iexplore.exe
PID 3392 wrote to memory of 4276	3392	Q0WW71P3P	iexplore.exe
PID 4276 wrote to memory of 4492	4276	iexplore.exe	IEXPLORE.EXE
PID 4276 wrote to memory of 4492	4276	iexplore.exe	IEXPLORE.EXE
PID 836 wrote to memory of 3616	836	IEXPLORE.EXE	IEXPLORE.EXE
PID 836 wrote to memory of 3616	836	IEXPLORE.EXE	IEXPLORE.EXE
PID 836 wrote to memory of 3616	836	IEXPLORE.EXE	IEXPLORE.EXE
PID 3392 wrote to memory of 2296	3392	Q0WW71P3P	nngxtsifuscalhiy.exe
PID 3392 wrote to memory of 2296	3392	Q0WW71P3P	nngxtsifuscalhiy.exe
PID 3392 wrote to memory of 2296	3392	Q0WW71P3P	nngxtsifuscalhiy.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\176aa5ecb5a01649e4fdaea9915ef131_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4660

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\176aa5ecb5a01649e4fdaea9915ef131_JaffaCakes118.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4208

C:\Users\Admin\AppData\Local\Temp\Q0WW71P3P
"Q0WW71P3P"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3392

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
4⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 196
5⤵
- Program crash
PID:2028

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:4824

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:17410 /prefetch:2
6⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4568

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:17416 /prefetch:2
6⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
4⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 212
5⤵
- Program crash
PID:2384

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:4276

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
5⤵
- Modifies Internet Explorer settings
PID:4492

C:\Users\Admin\AppData\Local\Temp\nngxtsifuscalhiy.exe
"C:\Users\Admin\AppData\Local\Temp\nngxtsifuscalhiy.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 932 -ip 932
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4440 -ip 4440
1⤵
PID:4992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD91A.tmp
Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Q0WW71P3P
Filesize
93KB

MD5
c4d56cb7809887c0c38e91f95345d7d7

SHA1
2d6cfe1611afaa8629aaef88ce167109b8684c29

SHA256
ae44ddada123617ce27f953bcccbf47f1bfd98cf6e78a805fbb1caea6945170f

SHA512
df01aac72b65512796defc1331bce54158fa5f764a5135440ecec5edc13b1307501e4d96c8f0e558c9a284b14f184733bdcbfbb61dad1e2cd1e7d44de05eebdb

Download Submit
memory/932-15-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/932-14-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/2296-49-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2296-50-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/2296-43-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2296-44-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/2296-46-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/3392-11-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/3392-42-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3392-21-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/3392-22-0x00000000778B2000-0x00000000778B3000-memory.dmp

Filesize
4KB

Download
memory/3392-25-0x00000000778B2000-0x00000000778B3000-memory.dmp

Filesize
4KB

Download
memory/3392-24-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/3392-13-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/3392-17-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3392-10-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/3392-6-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3392-7-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/3392-5-0x0000000000400000-0x0000000000438B40-memory.dmp

Filesize
226KB

Download
memory/4208-0-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/4208-4-0x000000004B099000-0x000000004B09A000-memory.dmp

Filesize
4KB

Download