ramnit | 8027347670d5a7aae0dc4edc85d9faf22f6ec4bfc66c67381e71cfce4a6c0963

Analysis

max time kernel
92s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe
Size

120KB
MD5

19aadd28e0448ed853eb0e15baa91a00
SHA1

5d7dd8892cf3229a64570187d6da381bee674cbc
SHA256

8027347670d5a7aae0dc4edc85d9faf22f6ec4bfc66c67381e71cfce4a6c0963
SHA512

05690fc49f85e6515927bd2c6a7309558f2a2e82c67b2df5444501ec81c6783db5b48763d78ad8054750343af7607d8493d7153dc03daf96c742d467530068e9
SSDEEP

3072:L4uvdzGfptdgPVKWVzc5jwaaHw7Koj4rRPUs4Y/xAp:Opvg8WVzc0Pn4Y/xAp

Score

10^/10

ramnit banker spyware stealer trojan worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation 19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe
Executes dropped EXE 1 IoCs

Processes:

aqgjatlnangrydhp.exe

pid process

432 aqgjatlnangrydhp.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2328 3188 WerFault.exe svchost.exe
1604 4116 WerFault.exe svchost.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe

pid	process
432	aqgjatlnangrydhp.exe

pid	pid_target	process	target process
2328	3188	WerFault.exe	svchost.exe
1604	4116	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2957382677"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115583"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426332777"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2955663741"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115583"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3155351879"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DBC9756C-3532-11EF-9519-EABD73F69B33} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2955663741"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115583"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115583"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

664

pid	process
664

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exeaqgjatlnangrydhp.exe

description	pid	process
Token: SeSecurityPrivilege	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe
Token: SeDebugPrivilege	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe
Token: SeSecurityPrivilege	432	aqgjatlnangrydhp.exe
Token: SeLoadDriverPrivilege	432	aqgjatlnangrydhp.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

IEXPLORE.EXE

pid process

2604 IEXPLORE.EXE
2604 IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
1852	IEXPLORE.EXE
1852	IEXPLORE.EXE
1852	IEXPLORE.EXE
1852	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
1136	IEXPLORE.EXE
1136	IEXPLORE.EXE
1136	IEXPLORE.EXE
1136	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 37 IoCs

Processes:

19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exeiexplore.exeIEXPLORE.EXEiexplore.exe

description	pid	process	target process
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3188	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 3356	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	iexplore.exe
PID 1060 wrote to memory of 3356	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	iexplore.exe
PID 1060 wrote to memory of 3356	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	iexplore.exe
PID 3356 wrote to memory of 2604	3356	iexplore.exe	IEXPLORE.EXE
PID 3356 wrote to memory of 2604	3356	iexplore.exe	IEXPLORE.EXE
PID 2604 wrote to memory of 1852	2604	IEXPLORE.EXE	IEXPLORE.EXE
PID 2604 wrote to memory of 1852	2604	IEXPLORE.EXE	IEXPLORE.EXE
PID 2604 wrote to memory of 1852	2604	IEXPLORE.EXE	IEXPLORE.EXE
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 4116	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	svchost.exe
PID 1060 wrote to memory of 2108	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	iexplore.exe
PID 1060 wrote to memory of 2108	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	iexplore.exe
PID 1060 wrote to memory of 2108	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	iexplore.exe
PID 2108 wrote to memory of 2928	2108	iexplore.exe	IEXPLORE.EXE
PID 2108 wrote to memory of 2928	2108	iexplore.exe	IEXPLORE.EXE
PID 2604 wrote to memory of 1136	2604	IEXPLORE.EXE	IEXPLORE.EXE
PID 2604 wrote to memory of 1136	2604	IEXPLORE.EXE	IEXPLORE.EXE
PID 2604 wrote to memory of 1136	2604	IEXPLORE.EXE	IEXPLORE.EXE
PID 1060 wrote to memory of 432	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	aqgjatlnangrydhp.exe
PID 1060 wrote to memory of 432	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	aqgjatlnangrydhp.exe
PID 1060 wrote to memory of 432	1060	19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe	aqgjatlnangrydhp.exe

C:\Users\Admin\AppData\Local\Temp\19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19aadd28e0448ed853eb0e15baa91a00_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1060

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 208
3⤵
- Program crash
PID:2328

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3356

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:17416 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 208
3⤵
- Program crash
PID:1604

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2108

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
3⤵
- Modifies Internet Explorer settings
PID:2928

C:\Users\Admin\AppData\Local\Temp\aqgjatlnangrydhp.exe
"C:\Users\Admin\AppData\Local\Temp\aqgjatlnangrydhp.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3188 -ip 3188
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4116 -ip 4116
1⤵
PID:1508

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
fa34ecb8815a2d98849888cb1cdbf38b

SHA1
84fd0e04586009efb3683c98da8d9aa41487cd42

SHA256
5077a54924f80491a74ed78bbd73ff7bf85a27caddb80ceaa9ccb86f8b9a11be

SHA512
ccfdb76ccedd0076601e17272d346229e2b9c0dd884c09bb7701b32c5dc177da8a91bb539ce751297d8ea44716fc497e8a337a9499c93a474ba85915f28f1053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
d5884a53469f2b878f4106ab04fbc3d8

SHA1
a82062acb088124dc23d95a222e6f30e28c581ae

SHA256
7f6f44710764b8589c5f5e76100c7f6352b60ed1dea7df268c0cd5f10d7fb6b0

SHA512
90ebc205d6fda8a2ac9d5372f7807e0348277ab40ea2d288edb47ff53b50e5c029c4aaba7060295cd11e1746055150123ef37053de8312c6f17b2e45a93a5643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\aqgjatlnangrydhp.exe
Filesize
120KB

MD5
19aadd28e0448ed853eb0e15baa91a00

SHA1
5d7dd8892cf3229a64570187d6da381bee674cbc

SHA256
8027347670d5a7aae0dc4edc85d9faf22f6ec4bfc66c67381e71cfce4a6c0963

SHA512
05690fc49f85e6515927bd2c6a7309558f2a2e82c67b2df5444501ec81c6783db5b48763d78ad8054750343af7607d8493d7153dc03daf96c742d467530068e9

Download Submit
memory/432-43-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/432-44-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/432-41-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/432-38-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1060-7-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1060-4-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/1060-15-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1060-18-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1060-19-0x0000000077532000-0x0000000077533000-memory.dmp

Filesize
4KB

Download
memory/1060-11-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1060-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1060-2-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1060-0-0x0000000000400000-0x000000000043A060-memory.dmp

Filesize
232KB

Download
memory/1060-37-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1060-16-0x0000000077532000-0x0000000077533000-memory.dmp

Filesize
4KB

Download
memory/1060-5-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3188-9-0x0000000000B90000-0x0000000000B91000-memory.dmp

Filesize
4KB

Download
memory/3188-8-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download