djvu | 3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429

Analysis

max time kernel
117s
max time network
119s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
08/09/2022, 09:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
Size

808KB
MD5

5a9f6f5bc19c90a8ba4f46faf88ef4ca
SHA1

69252ec1595eee05f326fcc31a2973d54b625a37
SHA256

3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429
SHA512

cfea982a344e7d815c7ea59a49b1b22585659a66c3e1311dbbd882e4372abb541dd28b35011fb213bb973dfe61adf217fe950d53b4ae4fd69861ca34c538d2ad
SSDEEP

24576:9woH6IYGh86iXDyOy4vYhY3L6DMn1btp:9Xm6iThy4wbwnxt

Score

10^/10

djvu discovery persistence ransomware

Malware Config

Extracted

Family

djvu

http://acacaca.org/test1/get.php

Attributes

extension
.mmpu
offline_id
yd6oYv6aBN90yFzTWdZ34sXSXtXiauzOLXZyWht1
payload_url
http://rgyui.top/dl/build2.exe

http://acacaca.org/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-xuPJqoyzQE Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0554Jhyjd

rsa_pubkey.plain

Signatures

Detected Djvu ransomware 9 IoCs

resource	yara_rule
behavioral1/memory/4748-149-0x0000000002700000-0x000000000281B000-memory.dmp	family_djvu
behavioral1/memory/4376-150-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/4376-151-0x0000000000424141-mapping.dmp	family_djvu
behavioral1/memory/4376-157-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/4376-203-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/4376-251-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/3500-277-0x0000000000424141-mapping.dmp	family_djvu
behavioral1/memory/3500-351-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/3500-387-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu

Djvu Ransomware
Ransomware which is a variant of the STOP family.
ransomware djvu
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1524	build2.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4948	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\8a3740e6-39b8-4f85-ab2d-5edb1588e795\\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe\" --AutoStart"	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	api.2ip.ua
8	api.2ip.ua
14	api.2ip.ua

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4748 set thread context of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4964 set thread context of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
3500	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
3500	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4748 wrote to memory of 4376	4748	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	67
PID 4376 wrote to memory of 4948	4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	68
PID 4376 wrote to memory of 4948	4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	68
PID 4376 wrote to memory of 4948	4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	68
PID 4376 wrote to memory of 4964	4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	69
PID 4376 wrote to memory of 4964	4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	69
PID 4376 wrote to memory of 4964	4376	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	69
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 4964 wrote to memory of 3500	4964	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	71
PID 3500 wrote to memory of 1524	3500	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	72
PID 3500 wrote to memory of 1524	3500	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	72
PID 3500 wrote to memory of 1524	3500	3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe	72

C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
"C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
  "C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4376
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Users\Admin\AppData\Local\8a3740e6-39b8-4f85-ab2d-5edb1588e795" /deny *S-1-1-0:(OI)(CI)(DE,DC)
    3⤵
    - Modifies file permissions
    PID:4948
- - C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
    "C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe" --Admin IsNotAutoStart IsNotTask
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe
      "C:\Users\Admin\AppData\Local\Temp\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe" --Admin IsNotAutoStart IsNotTask
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3500
    - - C:\Users\Admin\AppData\Local\48219f9c-cf74-49eb-a38c-edaf70cdcfd0\build2.exe
        
        "C:\Users\Admin\AppData\Local\48219f9c-cf74-49eb-a38c-edaf70cdcfd0\build2.exe"
        5⤵
        Executes dropped EXE
        
        PID:1524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
215064dd8b4566627489319b46e9ca43

SHA1
7fa698eef5f02a961b5862df135d7ebfd8a12292

SHA256
390f76fdb79029603900524df2f0fbfd05bf18a3bbc74b9b05b2a6dc5938393c

SHA512
2a5b12b41d728ce30f1712d23226bbefe73111b786156b97126d6497ef234e78feaf6db08c7412eaa336c869b93ab239cd46b33cc31ff2c8497214cba5927753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
7c27ffae0cbd6d55b86f387667635294

SHA1
6df10a537a970852086711da85ae84f7355bff72

SHA256
b6a9400010fea1af51104c2b48fdd4383d8b7a81bd62a22c188db3cdb7413503

SHA512
140752fd448ed5cd01c5463d67b7dd2c5c111fd4256d3686b792bc0ff788bed49fdfe901402fdb080b9a6c0789725dda6256280120fadc5aca1f127a552e13d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
02b7788a0493bbd1025ec7fc62787c11

SHA1
3a5d0f660b05725f67d2044dbae7f8472a32e3a8

SHA256
af2509ab090d9df4796adad30e39a7673e162d8c1d146c08d6ae58658d874d0b

SHA512
9e13f1a800291927e72cab688bb6ca7d54ad11ee4f3929ae3e27a4d15f155590483f6fe230cd3e27984e6dcf7b4aee9dc3f2fa457c05c252393f5bce3a2f4311

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
63b5a9b1e4dc3d0f769400bc67bbb9d2

SHA1
63fe4be6c1dacefb65da43f55f5a590469920f0e

SHA256
e61dd4d23f453b89c55eea5290e1b1015d7c740cc4876e8079ad0aa7141be1f9

SHA512
8f5c0f460ddd0a6300693648796e6796f0f267e869c8a1994ecee0be2f058adb1bdaf63fac68ef11b659a3c1c1e710de7b832bd722b28e261e4974dd5e2f529d

Download Submit
C:\Users\Admin\AppData\Local\48219f9c-cf74-49eb-a38c-edaf70cdcfd0\build2.exe

Filesize
383KB

MD5
8d7db6982df46c3b0f0cc879d892c08a

SHA1
64e3d7ab4793aeb05d18a82159c579e05c45fd71

SHA256
116e15e94d70dde65f91f155580bd9b34ff1956b9ebe1a53b6bce912b281c1f6

SHA512
0eeb242e6e1356a2a9e3183f12439ef36fac40e27ac8c0df5f591c7b3c1324145627c92c3fee15aedee2c1e8cc3b966152af73a33196166c2c1bfbbd979bdb5b

Download Submit
C:\Users\Admin\AppData\Local\48219f9c-cf74-49eb-a38c-edaf70cdcfd0\build2.exe

Filesize
383KB

MD5
8d7db6982df46c3b0f0cc879d892c08a

SHA1
64e3d7ab4793aeb05d18a82159c579e05c45fd71

SHA256
116e15e94d70dde65f91f155580bd9b34ff1956b9ebe1a53b6bce912b281c1f6

SHA512
0eeb242e6e1356a2a9e3183f12439ef36fac40e27ac8c0df5f591c7b3c1324145627c92c3fee15aedee2c1e8cc3b966152af73a33196166c2c1bfbbd979bdb5b

Download Submit
C:\Users\Admin\AppData\Local\8a3740e6-39b8-4f85-ab2d-5edb1588e795\3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429.exe

Filesize
808KB

MD5
5a9f6f5bc19c90a8ba4f46faf88ef4ca

SHA1
69252ec1595eee05f326fcc31a2973d54b625a37

SHA256
3688640332bbeda1790bb7b7141fb4889030e60c94c2428927126b2b93a2f429

SHA512
cfea982a344e7d815c7ea59a49b1b22585659a66c3e1311dbbd882e4372abb541dd28b35011fb213bb973dfe61adf217fe950d53b4ae4fd69861ca34c538d2ad

Download Submit
memory/3500-387-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/3500-351-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4376-181-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-168-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-251-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4376-203-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4376-187-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-186-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-185-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-184-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-183-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-182-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-180-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-179-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-178-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-177-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-176-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-175-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-174-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-173-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-150-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4376-152-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-154-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-153-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-155-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-156-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-157-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4376-158-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-159-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-160-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-161-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-162-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-163-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-164-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-165-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-167-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-172-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-169-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-166-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-171-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4376-170-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-137-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-134-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-148-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-147-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-146-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-145-0x0000000002660000-0x00000000026F8000-memory.dmp

Filesize
608KB

Download
memory/4748-144-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-143-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-142-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-120-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-141-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-140-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-139-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-138-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-149-0x0000000002700000-0x000000000281B000-memory.dmp

Filesize
1.1MB

Download
memory/4748-132-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-131-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-121-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-136-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-122-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-133-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-130-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-129-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-128-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-127-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-126-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-124-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-125-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download
memory/4748-123-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

Filesize
1.6MB

Download