Overview

overview

10

Static

static

3

VirusShare...8a.exe

windows7-x64

10

VirusShare...8a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-02-2024 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_b774e9f49d4aa8a2a009d06a6cdb6f8a.exe

  • Size

    396KB

  • MD5

    b774e9f49d4aa8a2a009d06a6cdb6f8a

  • SHA1

    5eaf1e24c495634ecbf7c81b640d10de8a3399d2

  • SHA256

    d3aef7ccd94c55c75a19d3ac6e31ac4af1cfcdd64e77be9afc4e5c8de9301686

  • SHA512

    b1cdb65dd44aefae7933944a824faac70b1fe68267e245a3a1181deda7b8cb9016e502550cd73974b3fd85756602193d4db8a23e9f3622d0ed5c59a780b1aecf

  • SSDEEP

    6144:CT3WR0F1lDPR+bJnm/jtowhxZWVrfQwBcTMMG26uw6fyQ7Q:CT3MA+bJmy4ZKfQRMh6

Score
10/10
teslacryptpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wdmwa.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/205D39C1472B285 2. http://kkd47eh4hdjshb5t.angortra.at/205D39C1472B285 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/205D39C1472B285 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/205D39C1472B285 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/205D39C1472B285 http://kkd47eh4hdjshb5t.angortra.at/205D39C1472B285 http://ytrest84y5i456hghadefdsd.pontogrot.com/205D39C1472B285 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/205D39C1472B285
URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/205D39C1472B285

http://kkd47eh4hdjshb5t.angortra.at/205D39C1472B285

http://ytrest84y5i456hghadefdsd.pontogrot.com/205D39C1472B285

http://xlowfznrg4wf7dli.ONION/205D39C1472B285

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Renames multiple (401) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_b774e9f49d4aa8a2a009d06a6cdb6f8a.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_b774e9f49d4aa8a2a009d06a6cdb6f8a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\VirusShare_b774e9f49d4aa8a2a009d06a6cdb6f8a.exe
      "C:\Users\Admin\AppData\Local\Temp\VirusShare_b774e9f49d4aa8a2a009d06a6cdb6f8a.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\cnwbjiwpcuut.exe
        C:\Windows\cnwbjiwpcuut.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Windows\cnwbjiwpcuut.exe
          C:\Windows\cnwbjiwpcuut.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:976
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1632
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:1512
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2864
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2292
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2952
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\CNWBJI~1.EXE
            5⤵
              PID:2312
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE
          3⤵
          • Deletes itself
          PID:3052
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:2536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wdmwa.html
      Filesize

      9KB

      MD5

      5db86ea0e194af1f2a4005864a682163

      SHA1

      c5c10cfbe7cc8a5cc29222ff9d4eefe59281d1e7

      SHA256

      8805615e35ffbd8a3c25a03044d287d9838e33fabd9458de016d50707ef7b306

      SHA512

      33f236ec82645ed799d5b7ae55bcb8f2b4ea37842d4bdb8ab21ad6d32fb898b07a23d82ea2b7ea96083d840a756fb28d9de0ae4b1988219e886a7acc5198b9e4

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wdmwa.png
      Filesize

      63KB

      MD5

      3588933a6bd664e0b827c9238394a717

      SHA1

      c8689b98b4c42ebf45d1f12e5058c326b9f58a49

      SHA256

      c9b13c62ca3bc4d01b446b00c6746d5da3beec57563a16db58c89b46750b2da9

      SHA512

      39a6f9210670d1b9f64d3a13e9de9e1a1d348be3e82ad2ab7cc5dac842ae4d829b6a2a74564e224f24740b44dd01555b25e6907de4bd7945b07d0ddd1c584254

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wdmwa.txt
      Filesize

      1KB

      MD5

      49d7369d31fce28b80b4f5d24ee92c75

      SHA1

      bd1d90d72715dc8040fb91b0b9cf5f729d4cc040

      SHA256

      ff8cf5da4006cbf7a6922be8a5f1f97f91e3ab5920a881f5ce166b375d624491

      SHA512

      0c01e8ba08ac63e9d136bf7a47310769494170266961fe243a18f896317b68ae5ecca74a20c94cc932eb9bdfa9b001197ff23b62aaacc834bc69f55785fdf9f0

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      19736ca492d199e22d2c796ff3686144

      SHA1

      1837d2dd00619a308e7fe92abb9e34e36e7f3ec0

      SHA256

      407db642d37a2810c4ed5e93508147c5009a0170747851174f24de9c375968e4

      SHA512

      e6ce75369f75c195602fa61a8f43580a521ee3c67bbc70ec4a724f0d1bd1c0c42d97f7c20d348f21bdbef92b7d74009d5926c9eb5e9f9e256480d134b56dbc6b

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      4baedabf423ca1a51c82578e2faf9d7b

      SHA1

      42760fb68896ce6d7a7e5f9a56b4a58258f73bbe

      SHA256

      3123be77afe36676097aba1bb13828c5e8400eaae37ba269677ea2e5e4f43650

      SHA512

      7bfc0a277c73327cbf6dbc29c227ed16c50b93e886b9e66a94311514d4f7a71d7e3e40d72da1a01723e8faf24b6d81ec8ef65eb1290ab3606c5b711731e5cc0f

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.mp3
      Filesize

      173KB

      MD5

      9e92b5b3e84a33825d261fef6bd95a06

      SHA1

      ce2c40ebf0b72dafeb1a2c0e02d916cf8c31b552

      SHA256

      daf9c5cdb92f14d2396b103f0dceeb93b7c9c1f6dbc156fe5fff6538639373cf

      SHA512

      32f2a874819a053cbdcc94b3a688e483940508769eb61a495f22e7738bb6c159e3818df3f93ae12d1db63ef04122e345e187f31226aadfcb22c5bf483e925961

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dbed7b3f37d6ed64a974ed30d7e98f71

      SHA1

      9a54aff18d5423f10b5a3b3a3fb57ffaca266fee

      SHA256

      1871b79f76d3178b4a4afbc7cd08b96f022bc166653665e3c5e9ca6d19aa4fb6

      SHA512

      7286feca7a37eac19170674bcd161efb4fe5ff1607f58196a48f10c7ddf06b1f9917c0ccae8dda7bc5c6effb5547b6528e7cef37ff842e1bfb44844df22b08ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ca9b816d2b6661d5d77d77f4ed2665bc

      SHA1

      9e68dca4222ad9fa9011beb5afe8a2b30b9c06a9

      SHA256

      716bba105e27c50525c87aa6f3e83c6413cbc0f874d0292194a0477752f844ce

      SHA512

      63ba241fb132a3b66822fe7f7f8170014ea200736960086971aa0f5c7e7c8d2b22b55a5bf096629843038961d9cbd896e5a2e48ea6cb289b21ff3b986fc65c66

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d3549974942eae2f8ce0ffe3d86d9d41

      SHA1

      cfa5693e803d35da64395754007f2b41f77b4282

      SHA256

      833bc9a361e8c853a219acc79dd7791b6893af82e7cf96c1fd8641a4022dea3e

      SHA512

      b29ebfe0feac58b77c68a70fb858222e41742c87187e83ad9bdb2bc2fb5899ae99b392fdcdcec5c1643fc1fab65aa0734af9820a8d59912a9c424e8bf02c5b0c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d8c51f907c88436c9954713460b72533

      SHA1

      8b3245091e5a710330543a7cd2449cb718d8de85

      SHA256

      21e6ee8eba13609278ec449528883da055a8929add0cf96aef24f4a85e98b8e0

      SHA512

      b5e982bed67c1fb26a774a7376c24b797b98712a633078cc164a24d7cd264e372a2aafe3378d4fd7bf8ba960bcc581b39b9fc4fd4c7647d69263d59033219982

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      61f8de0eb14ad52cc8881678361a5550

      SHA1

      403fdf3ce3bebd2ebe16d47c0b9d8a58b170e111

      SHA256

      811cc43c6b15ef33a26e616f83d6974dc8e711db2880014615e407c9bf23070d

      SHA512

      4613469de15afd7b30efed9f5ca5028a6e1259c7c57d3d0e6b7ac876995ad85f0ce58911a097053e9afe8a6ba0f7d733af7170480e5a01a57bccbde6b8a36941

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      66b77e856432bb53068dc9643ffe4aaa

      SHA1

      e277e221295c93d82ab1bf3f2530375145e0e3b3

      SHA256

      8ff06b420e0dde38de1ed20b626021c8b4900f6152743186655d74ada1d3a296

      SHA512

      07a698dd714060e3de7b7e1c95a862286d868f478403f511caeda02b48f96032273d88f0d89e8675ac83c85ffee724544a8641942b57341cdcef6f771ab50367

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f6b840a31106e5607f683f3f8a738a8f

      SHA1

      a56ef6d6881d154330492ee222c4fdb45959260e

      SHA256

      e0f64886e18e1d64a8166fe541267a232e5664c88f9e0d5452fb5a25469643ce

      SHA512

      44e7478d5510bc3df9ce287289ac05e4f3b637833a0856eda67c7ee40212a0be287e32324ad47e6a6999b499d0c993ea56b68f75b09f76158148468158252ec8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dfb898bb82dc60078b91601b28fa29da

      SHA1

      7d9c8b73aa1d8be268046c84e6a97ae3de33b0bf

      SHA256

      6e2dba552417100798970488a839ac5e5a97a19e633b5f965127c0779dd8e59d

      SHA512

      e7300521402ad881b9c0f78d6b770aa910cb138bca43bcfe1b058c1295dcb85880e211045ae5c15c6242c0a2a97666fae39412a64404695f90b4dccb892d0edb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      48d0d06ef4c5b8e971c087e8d0381271

      SHA1

      f57e1214a895f821dc62a61f67db05f0a0252390

      SHA256

      698d877e57fd69811fe6da3c68e96257f5fafb4cb758519c47c6caf723887bbb

      SHA512

      98ba662f03e29b75a4697427f96b82d9a30c0865ea624aad067a32ce95e7c15f09360567a3e2435a08547c351afd4d73ad9971c6a0e31a351708ab3f2764ef0e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1df3c5c7691806dff931627bc211caa2

      SHA1

      b704ea888738e577e7df17099f1b49855e5083fe

      SHA256

      997f0e86acedeedf239cb36c34e0b77b1fb7f974d349dfc2c9fa9e56fe80ffd8

      SHA512

      2b28a64856216f3871c7eb80af8abd791990e14ebe62afef29d8e20f0a905ef200f2331450b14d0461ac0a4f89bd8a07bed8af7b8f4d91e1e1e30ae5caff1be6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab766B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7719.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Windows\cnwbjiwpcuut.exe
      Filesize

      140KB

      MD5

      60265c93fc3e3c4c1d55d1a65d2f0d97

      SHA1

      983826601c3f8a4d4cc5b83fb7766dc643cd7a90

      SHA256

      c2e56edb58d8e8515b2bf2482636b49bcf9f00870f6ad25bec7eb49580434ac1

      SHA512

      5371013ab4db0df133b5ea9e455faa5fe3569484d6d852d76ad59f07783dd6a4d89858e99c199340fce93a8995abdff2200b623e06b15aa5773ed56fc6716fcd

      Download Submit

    • C:\Windows\cnwbjiwpcuut.exe
      Filesize

      82KB

      MD5

      7f65dd43c9b9fcdbf8e64425e66ca01b

      SHA1

      4c8e8d30879770f8405a95439684332c9c22f4ae

      SHA256

      e175f44e2525c105f0907949628dd81c69b66846f820ccdb33dcc1bc34f38b90

      SHA512

      9f779ddd57a2abaf9233f2b256d9a5871ac72e9abcaf64758243353155f75554721c570d25c1226caa6f2afcd802d5ceea8c9708bce3432bf4df95479ae5032f

      Download Submit

    • C:\Windows\cnwbjiwpcuut.exe
      Filesize

      396KB

      MD5

      b774e9f49d4aa8a2a009d06a6cdb6f8a

      SHA1

      5eaf1e24c495634ecbf7c81b640d10de8a3399d2

      SHA256

      d3aef7ccd94c55c75a19d3ac6e31ac4af1cfcdd64e77be9afc4e5c8de9301686

      SHA512

      b1cdb65dd44aefae7933944a824faac70b1fe68267e245a3a1181deda7b8cb9016e502550cd73974b3fd85756602193d4db8a23e9f3622d0ed5c59a780b1aecf

      Download Submit

    • memory/976-697-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-5897-0x0000000003E60000-0x0000000003E62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/976-54-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-52-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-51-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-50-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-5906-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-770-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-49-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-1239-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-48-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-5902-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-2243-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-3443-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-4757-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-5866-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-5891-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-55-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/976-5901-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2060-18-0x0000000000340000-0x0000000000343000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2060-1-0x0000000000340000-0x0000000000343000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2060-0-0x0000000000340000-0x0000000000343000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2536-5898-0x0000000000120000-0x0000000000122000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2536-5899-0x00000000001A0000-0x00000000001A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2640-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2640-19-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-16-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-20-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-10-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-12-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-8-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-6-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-4-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-28-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download