troldesh | 50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83

Target

0a0ae5d804271f56c1fa5e1e695cc514.exe
Size

1.0MB
MD5

0a0ae5d804271f56c1fa5e1e695cc514
SHA1

e8d307b58856cd38c5b43f576a5dfd451f29b11c
SHA256

50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83
SHA512

27d1a4cb2e8a62ea02191db8171d66d2cd485cae7649be03a65e5bf936d6d92e98a888d33b3c4826f47eae26b3e45cd8efeca7b73626ae9913b055fd2b5bfe11

Score

10^/10

ransomware trojan troldesh discovery persistence spyware

Malware Config

Signatures

Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

Checks for installed software on the system 1 TTPs 29 IoCs

discovery

Query Registry

T1012

Processes:

0a0ae5d804271f56c1fa5e1e695cc514.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573\DisplayName	0a0ae5d804271f56c1fa5e1e695cc514.exe

Adds Run entry to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

0a0ae5d804271f56c1fa5e1e695cc514.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\	0a0ae5d804271f56c1fa5e1e695cc514.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	0a0ae5d804271f56c1fa5e1e695cc514.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Suspicious use of UnmapMainImage 1 IoCs

Processes:

0a0ae5d804271f56c1fa5e1e695cc514.exe

pid process

888 0a0ae5d804271f56c1fa5e1e695cc514.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

0a0ae5d804271f56c1fa5e1e695cc514.exe

pid process

888 0a0ae5d804271f56c1fa5e1e695cc514.exe
888 0a0ae5d804271f56c1fa5e1e695cc514.exe

pid	process
888	0a0ae5d804271f56c1fa5e1e695cc514.exe

pid	process
888	0a0ae5d804271f56c1fa5e1e695cc514.exe
888	0a0ae5d804271f56c1fa5e1e695cc514.exe

js 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/888-0-0x0000000000400000-0x0000000000608000-memory.dmp	js

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/888-0-0x0000000000400000-0x0000000000608000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\0a0ae5d804271f56c1fa5e1e695cc514.exe
"C:\Users\Admin\AppData\Local\Temp\0a0ae5d804271f56c1fa5e1e695cc514.exe"
1⤵
- Checks for installed software on the system
- Adds Run entry to start application
- Suspicious use of UnmapMainImage
- Suspicious behavior: EnumeratesProcesses
PID:888

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/888-0-0x0000000000400000-0x0000000000608000-memory.dmp

Filesize
2.0MB

Download
memory/888-1-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-2-0x0000000002F50000-0x0000000002F61000-memory.dmp

Filesize
68KB

Download
memory/888-3-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-4-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-5-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-6-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-7-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-12-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-13-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-14-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-15-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-16-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-17-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-21-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-23-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-25-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-26-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-27-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-28-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-29-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-31-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-33-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-34-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-36-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-38-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-40-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-42-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-46-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-47-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-48-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-50-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-52-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-53-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-55-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-56-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-57-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-58-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-59-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-60-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-61-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-64-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-65-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-67-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-69-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-70-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-78-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-80-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-81-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-82-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-83-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-84-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-85-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-86-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-87-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-88-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-89-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-90-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-91-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-92-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-95-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-96-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-97-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-98-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-99-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-101-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-103-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-104-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-105-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-106-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-107-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-108-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-109-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-110-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-111-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-118-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-120-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-122-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-124-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-125-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-126-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-128-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-129-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-135-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-136-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-137-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-141-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-144-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-146-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-147-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-148-0x0000000002F50000-0x0000000002F61000-memory.dmp

Filesize
68KB

Download
memory/888-149-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-150-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-151-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-152-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-156-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-157-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-158-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-160-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-161-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-162-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-164-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-167-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-168-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-169-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-170-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-173-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-176-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-177-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-178-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-179-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-180-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-184-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-186-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-188-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-189-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-193-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-195-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-197-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-199-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-200-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-201-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-202-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-203-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-204-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-205-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-206-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-207-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-212-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-213-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-215-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-219-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-232-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-235-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-238-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-239-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-243-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-244-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-245-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-250-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-259-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-264-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-266-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-267-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-268-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-270-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-271-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-276-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-279-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-280-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-281-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-282-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-283-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-284-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-286-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-290-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-292-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-293-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-294-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-296-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-297-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-299-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-300-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-301-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-302-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download
memory/888-303-0x0000000002B40000-0x0000000002B51000-memory.dmp

Filesize
68KB

Download