ramnit | 11dbfe38e3817e2d2e8e100e0d138a5aaadbce9843fb61ae966a81efde7d1085

Analysis

max time kernel
141s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e34b50cd60f6f06c84e88edd1aed0c9_JaffaCakes118.dll
Size

186KB
MD5

1e34b50cd60f6f06c84e88edd1aed0c9
SHA1

e5e3aaa4ca6120ce7dffc45646c4d8b87936a77a
SHA256

11dbfe38e3817e2d2e8e100e0d138a5aaadbce9843fb61ae966a81efde7d1085
SHA512

8847120bd7f678a20c8d96e2f73c786b7a9105127013ff40e813ae99abc64d916319056d188c5544558fee2df7b840630c27c01f59699996cd515ca2c35eec54
SSDEEP

3072:E0o5AOcXUXcTF7LkFvoMt9+l788zHwojD5K132RC2ph/T/S32S8HUsKTP:E0wYFoQ7NBYMh/T/S35

Score

10^/10

ramnit banker spyware stealer trojan worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

F4e6nQ4Q1

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation F4e6nQ4Q1
Executes dropped EXE 2 IoCs

Processes:

F4e6nQ4Q1ckxkcsppleanwlcd.exe

pid process

3824 F4e6nQ4Q1
1492 ckxkcsppleanwlcd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1776 2140 WerFault.exe svchost.exe
4632 1376 WerFault.exe svchost.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	F4e6nQ4Q1

pid	process
3824	F4e6nQ4Q1
1492	ckxkcsppleanwlcd.exe

pid	pid_target	process	target process
1776	2140	WerFault.exe	svchost.exe
4632	1376	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B0464A02-3836-11EF-B9F7-D2E65CF77D40} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2309084126"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116355"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2249241123"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116355"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2420646999"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426664283"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2249396468"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116355"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31116355"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656
Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

F4e6nQ4Q1ckxkcsppleanwlcd.exe

description pid process

Token: SeSecurityPrivilege 3824 F4e6nQ4Q1
Token: SeDebugPrivilege 3824 F4e6nQ4Q1
Token: SeSecurityPrivilege 1492 ckxkcsppleanwlcd.exe
Token: SeLoadDriverPrivilege 1492 ckxkcsppleanwlcd.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

IEXPLORE.EXE

pid process

3140 IEXPLORE.EXE
3140 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid process

3140 IEXPLORE.EXE
3140 IEXPLORE.EXE
2420 IEXPLORE.EXE
2420 IEXPLORE.EXE
3140 IEXPLORE.EXE
3140 IEXPLORE.EXE
4120 IEXPLORE.EXE
4120 IEXPLORE.EXE
4120 IEXPLORE.EXE
4120 IEXPLORE.EXE

pid	process
656

description	pid	process
Token: SeSecurityPrivilege	3824	F4e6nQ4Q1
Token: SeDebugPrivilege	3824	F4e6nQ4Q1
Token: SeSecurityPrivilege	1492	ckxkcsppleanwlcd.exe
Token: SeLoadDriverPrivilege	1492	ckxkcsppleanwlcd.exe

pid	process
3140	IEXPLORE.EXE
3140	IEXPLORE.EXE

pid	process
3140	IEXPLORE.EXE
3140	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
3140	IEXPLORE.EXE
3140	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

Processes:

rundll32.exerundll32.exeF4e6nQ4Q1iexplore.exeIEXPLORE.EXEiexplore.exe

description	pid	process	target process
PID 4728 wrote to memory of 5100	4728	rundll32.exe	rundll32.exe
PID 4728 wrote to memory of 5100	4728	rundll32.exe	rundll32.exe
PID 4728 wrote to memory of 5100	4728	rundll32.exe	rundll32.exe
PID 5100 wrote to memory of 3824	5100	rundll32.exe	F4e6nQ4Q1
PID 5100 wrote to memory of 3824	5100	rundll32.exe	F4e6nQ4Q1
PID 5100 wrote to memory of 3824	5100	rundll32.exe	F4e6nQ4Q1
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2140	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1132	3824	F4e6nQ4Q1	iexplore.exe
PID 3824 wrote to memory of 1132	3824	F4e6nQ4Q1	iexplore.exe
PID 3824 wrote to memory of 1132	3824	F4e6nQ4Q1	iexplore.exe
PID 1132 wrote to memory of 3140	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 3140	1132	iexplore.exe	IEXPLORE.EXE
PID 3140 wrote to memory of 2420	3140	IEXPLORE.EXE	IEXPLORE.EXE
PID 3140 wrote to memory of 2420	3140	IEXPLORE.EXE	IEXPLORE.EXE
PID 3140 wrote to memory of 2420	3140	IEXPLORE.EXE	IEXPLORE.EXE
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 1376	3824	F4e6nQ4Q1	svchost.exe
PID 3824 wrote to memory of 2488	3824	F4e6nQ4Q1	iexplore.exe
PID 3824 wrote to memory of 2488	3824	F4e6nQ4Q1	iexplore.exe
PID 3824 wrote to memory of 2488	3824	F4e6nQ4Q1	iexplore.exe
PID 2488 wrote to memory of 3336	2488	iexplore.exe	IEXPLORE.EXE
PID 2488 wrote to memory of 3336	2488	iexplore.exe	IEXPLORE.EXE
PID 3140 wrote to memory of 4120	3140	IEXPLORE.EXE	IEXPLORE.EXE
PID 3140 wrote to memory of 4120	3140	IEXPLORE.EXE	IEXPLORE.EXE
PID 3140 wrote to memory of 4120	3140	IEXPLORE.EXE	IEXPLORE.EXE
PID 3824 wrote to memory of 1492	3824	F4e6nQ4Q1	ckxkcsppleanwlcd.exe
PID 3824 wrote to memory of 1492	3824	F4e6nQ4Q1	ckxkcsppleanwlcd.exe
PID 3824 wrote to memory of 1492	3824	F4e6nQ4Q1	ckxkcsppleanwlcd.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e34b50cd60f6f06c84e88edd1aed0c9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e34b50cd60f6f06c84e88edd1aed0c9_JaffaCakes118.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:5100

C:\Users\Admin\AppData\Local\Temp\F4e6nQ4Q1
"F4e6nQ4Q1"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3824

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
4⤵
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 204
5⤵
- Program crash
PID:1776

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:1132

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3140

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3140 CREDAT:17410 /prefetch:2
6⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3140 CREDAT:82948 /prefetch:2
6⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4120

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
4⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 204
5⤵
- Program crash
PID:4632

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:2488

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
5⤵
- Modifies Internet Explorer settings
PID:3336

C:\Users\Admin\AppData\Local\Temp\ckxkcsppleanwlcd.exe
"C:\Users\Admin\AppData\Local\Temp\ckxkcsppleanwlcd.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2140 -ip 2140
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1376 -ip 1376
1⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:5076

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
df3b51cc5929f3af03350336b1afc568

SHA1
48453c44facbbea059f9da8565cf25b1c2cb9ce0

SHA256
2375353160c5f8c4cadce5954ff4a7cc5b9c403890f0404791ff85c8ec0dd748

SHA512
d8eaa0761def6d74462748aa794198b5f32fa593662bf373c81e1d300f3f76ecc1c723cef52774caa6482527f26524fd2677a5e2253285cb6d0984b044347e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
3c55e4d7dccf07a6977d9b1acbe787f0

SHA1
776e93623bfc1d69a1597a33b8a3218943a7245a

SHA256
045442d0e62b8aa8490e8ab0bb993c334752466597be31efb1e4554c3963b8c7

SHA512
aa4edfec3daa6eaa045160ccbc38a0ae61ed9843943e6afe8369c489d10810411788b0246e88e7c8cb9701b9e5dbe8d19c0534e5efa0542155f8764e5ef0bb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4e6nQ4Q1
Filesize
95KB

MD5
728a53df2a3d2f5307fe1cc77179d2a5

SHA1
a3c9de63748878de218c872e97eef0de767df853

SHA256
d9ee5d0e2dd387be3a501cc88cb2b2b310016cdedd7a83be402c203e4dc76e9e

SHA512
7496a435296ca0b08b554fb779ab3eb6709064a480a93e6f948f14a072cfbc1fe7e7ac8a31ea572b7a9910ad6b3d6e2019993bfd609d199cefd61c609c7fe893

Download Submit
memory/1492-48-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1492-47-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/1492-45-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/2140-13-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2140-14-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/3824-9-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3824-10-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3824-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3824-21-0x00000000775C2000-0x00000000775C3000-memory.dmp

Filesize
4KB

Download
memory/3824-22-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/3824-24-0x00000000775C2000-0x00000000775C3000-memory.dmp

Filesize
4KB

Download
memory/3824-11-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/3824-15-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/3824-39-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/3824-43-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3824-4-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/3824-7-0x0000000000400000-0x0000000000439F6C-memory.dmp

Filesize
231KB

Download
memory/3824-5-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5100-0-0x0000000060270000-0x00000000602A3000-memory.dmp

Filesize
204KB

Download