Overview

overview

10

Static

static

3

8b04af13b7...21.exe

windows7-x64

10

8b04af13b7...21.exe

windows10-1703-x64

10

8b04af13b7...21.exe

windows10-2004-x64

10

8b04af13b7...21.exe

windows11-21h2-x64

10

Resubmissions

18-03-2024 13:45

240318-q2hzhaab76 10

Analysis

  • max time kernel
    1199s
  • max time network
    1180s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-04-2024 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

  • Size

    1020KB

  • MD5

    496f86f951e1dbd3c4534d51a5297668

  • SHA1

    1199c5f30f5724841905cbdb9787649d15aae3d5

  • SHA256

    8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621

  • SHA512

    382abc596081ca5d0fdea39b12afe433e446cd50f59e4abca818162d96e46465beb1cda631109083071e7c050af6bfcf867be41d02c1e2ebe5dd99f61f45d510

  • SSDEEP

    24576:es0fVWVbd8fKT0KqTAFFCa/2yDEmdvAkomBbOsn51D:es0fVWVR8fKTeU1imBbl51D

Score
10/10
troldeshpersistenceransomwarespywarestealertrojanupx

Malware Config

Signatures

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Interacts with shadow copies 2 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe
    "C:\Users\Admin\AppData\Local\Temp\8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5252
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3308
      • C:\Windows\system32\vssadmin.exe
        C:\Windows\system32\vssadmin.exe List Shadows
        2⤵
        • Interacts with shadow copies
        PID:1472
      • C:\Windows\system32\vssadmin.exe
        C:\Windows\system32\vssadmin.exe Delete Shadows /All /Quiet
        2⤵
        • Interacts with shadow copies
        PID:4052
      • C:\Windows\system32\vssadmin.exe
        C:\Windows\system32\vssadmin.exe List Shadows
        2⤵
        • Interacts with shadow copies
        PID:3808
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:4224
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1344
      • C:\Windows\system32\sihost.exe
        sihost.exe
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5720
        • C:\Windows\explorer.exe
          explorer.exe /LOADSAVEDWINDOWS
          2⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3228
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3060
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5568
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1796
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:6004
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4272
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3000
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3476

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\System32\xfs
        Filesize

        261KB

        MD5

        0ec675d04bb7b9c43371943670433395

        SHA1

        d7869bacebe9eaa3a5e6aebf56041e51c1944fb6

        SHA256

        31a1ffc0672adbbc69238e9b3ad22f00628f726cf256a4e2362f947a994377ca

        SHA512

        cb0c02fe23b67cdaaad35d971c2cff9872792452607f85c2108aad046e910a88dfd8eb6725ec3b4045669aa759e9b79d93e3878dbaf308b4ae212a59cc0ac9bd

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
        Filesize

        1024KB

        MD5

        c7817478c8c270389fde422c6fe3bea0

        SHA1

        f37cf6f624303e508d217dd19b2d5d381e1b9344

        SHA256

        5b9735213b3050ea1713a4644951b9d13536532b122c587be84a2346f8a892cb

        SHA512

        968503b56e30e5e3c546e61aabcdc97bcb0704d1761ef39a4affaab2426dad3f2fe96f1ed910ed8788f21b8f5e78c0fb849a585861a46e3f00a09841cf2ffa7b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
        Filesize

        1024KB

        MD5

        11ae612cb19da75ad54549a9690db99a

        SHA1

        b44f9fc4ce5684300868a1611f64f71ea514865f

        SHA256

        751bb02ddffafce04230550655eb738d861ee4787fe7971a3757516fee41773a

        SHA512

        0abb1ff83e5e3c28a58a9b6bc6f98987573679be8c82a96b27db490c11a3e0f1f47aef4ef65d41d8bd3c4d53ec48bfa61787998dc25534c1f2276a733853ee78

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
        Filesize

        1024KB

        MD5

        ac2c0a304aa9b97d85fa136da74e642a

        SHA1

        1c250095a678e2a3e811c58a17806615c98fcd46

        SHA256

        8fa4d5968eb5817f0eccfe368ffc842b7d63c82c7c89a87de0b92ecb0afbc24e

        SHA512

        bec405f2bce20b159d55871148420c56e3e1daef5c1918db90a7a94918e6090abfd7828c95588446df29477ddb08419b816e02e1c1f4550a7021899c57b38589

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        7KB

        MD5

        fcd9c071663797458ddd588e3955490b

        SHA1

        4699a3e531e03953718496ae04a70355710d756a

        SHA256

        876e87ae2d94ec57b5080030439ab5bb55b3a41ea2224430a25e1f31aadef6e1

        SHA512

        3523423e469524a69cc3c2a20dc82a4c5e301cb957052d1e519a60e1d4d6a818f361a758549e5fe95e78caffbe338cab0721c5a522ad4fceef985061beab1b1e

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        7KB

        MD5

        f7633749d264f5b89ba03914f73e072f

        SHA1

        92831a8bea53a8bea3814305a2ea26bc31923158

        SHA256

        088f548833e3a30f67272820a25ec06e37c49ee4af74ad0c5eefe0a01bb21ad7

        SHA512

        772f02f68e0e7820c78bfe1928e55ca323a87f5fdea4522ddfe2e281d9e0697eb38f5df8c74ed43f01046761f059a5b693e776efaf6dfdb223271a815882c1ed

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
        Filesize

        24B

        MD5

        419a089e66b9e18ada06c459b000cb4d

        SHA1

        ed2108a58ba73ac18c3d2bf0d8c1890c2632b05a

        SHA256

        c48e42e9ab4e25b92c43a7b0416d463b9ff7c69541e4623a39513bc98085f424

        SHA512

        bbd57bea7159748e1b13b3e459e2c8691a46bdc9323afdb9dbf9d8f09511750d46a1d98c717c7adca07d79edc859e925476dd03231507f37f45775c0a79a593c

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
        Filesize

        1024KB

        MD5

        c1c141c0ed601ce64de2ec0f9d2c352f

        SHA1

        6a73f70f6c1e20d3c71e89c5db9955021dcb4622

        SHA256

        80b5253e61ab086e6490e7db1fe73af6b5719bbd2f9552408d3438b54b0466d4

        SHA512

        80fcb14e2dac59326b8106b7643d4794abc8bc5375b0bcdf7ed8d9e488edf0f39e7590bec354ba9fa4bacd690ee75db1e4d9ac883b40052e2cb9c7e49b33fa57

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
        Filesize

        24B

        MD5

        ae6fbded57f9f7d048b95468ddee47ca

        SHA1

        c4473ea845be2fb5d28a61efd72f19d74d5fc82e

        SHA256

        d3c9d1ff7b54b653c6a1125cac49f52070338a2dd271817bba8853e99c0f33a9

        SHA512

        f119d5ad9162f0f5d376e03a9ea15e30658780e18dd86e81812dda8ddf59addd1daa0706b2f5486df8f17429c2c60aa05d4f041a2082fd2ec6ea8cc9469fade3

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        Filesize

        7KB

        MD5

        5e654a5b94d8bd3712cc361adf122482

        SHA1

        1f89fee499995d781342e92250eed407e33f14a2

        SHA256

        93013c9daba885c1283a51c5f0ea20436407770237f8b90ebd95ab60ccf26366

        SHA512

        4827ce70cd580120360b10bee39cdd91116f1c37cb6801e92fbad78beb7c4f0bfdfde4ced7e01891f92b5c54731e5862f17d74e58a0ff87d8dd354a2bf21d32f

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        Filesize

        7KB

        MD5

        159295fbd65ff99541590b17740c19b3

        SHA1

        a68e1a261b672bff11941eb2b1b49538a65c9bea

        SHA256

        9fca0d127e6b4ecf40df6b243c80fbaea028758541452bce45abc5abefce78f3

        SHA512

        7f50e723dc3e68ae17e16a873e0154b96abde51dd3af0d0fc4fbc19211515c960dff90021f4d65822bb461df47345ec6d704d0a451be749f9bac97a00b64f68b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        Filesize

        7KB

        MD5

        16e8f0c9df4ff301951b5bb1e3a2a428

        SHA1

        9dea66f8025c9bbd6cf9425a891f157822f4d2cb

        SHA256

        0d5443597d1911652abf170b7023bb8011e895b7d355002b2f0ac8431b3daca7

        SHA512

        bbe5fd407d63d0defb260634af5934df422f2cda093425b85f7df173470106580a8443cbf7e6272a757a0313ca5c84cd523f279a7a0a83f6325f6e46e9269d74

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
        Filesize

        6KB

        MD5

        9c4b0ce99e2d52fd612f16cda670b61d

        SHA1

        dbc8bb05e533e1576f3472be49ad8c5bcf2a015d

        SHA256

        4f32df5af5469a3e89d6e751d4b3519086b9b31b0a01e44345d2c309c3c1815c

        SHA512

        6e96cb5dfe7d59fe605aeaac95d1f6ddaacdbe4b04ec42d0bfbd98d415284ed4faad77b2843ee26204ffaee9132db7097511bd4e97dbbad9a7ca48f11738efdd

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
        Filesize

        10KB

        MD5

        9fcb1da445376bbe5b12616f7fa49915

        SHA1

        ba84525d67d825fb3708fbe9666ba317a9d83889

        SHA256

        f48b20bf92f6503a43764f35850c6fa1c110d5359f210bec79d3a6f4fb0dc9e6

        SHA512

        cdc162113f87c828d24e7a29bc1aac62f3db05252460939108d9de3a4c764e3b692e7195f40e2b1d090c45cf831e2247d8018ae7c099491a1a036bcec1ea7cad

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133575698083915423.txt
        Filesize

        2KB

        MD5

        65d939ef67bf440d30c8dee4eebe4890

        SHA1

        5aa8c724f2e458d7c7c6fe7bd6daf0f48b13fc40

        SHA256

        e7abcd543a39be760c610fb1cd8a101abfffc6002e47aaf7dea39b31f94a3531

        SHA512

        8237d8dcab2898614b13f052ca540e6f094b7eb4653a110b572967b3fd34c5d29982cb1ada9a4e38702d08cf736c684ae8269aeac55f0fcbcc2d5b04dfbb50e7

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat
        Filesize

        2KB

        MD5

        3da55326f6ccc7abc7ec74b99e78abd4

        SHA1

        1da84b1cdcca51be598f42c428f55bdd20958a65

        SHA256

        c2306bfc342a02778ec91db9c9768fd69c4e938676c33c435999dfcfd8268c24

        SHA512

        33f0c98bf93b899e3fa95b694108765e82d12860b4ee14b4e14e960cc3a088c6c460cf94b21628a00f19ae6f0f2a0f04f49f0f72a5e8ae417381076b09e06d65

        Download Submit

      • C:\Users\Admin\AppData\Roaming\1E7A96921E7A9692.bmp
        Filesize

        2.6MB

        MD5

        993cc909a89f0fb7fe90acc3703c2105

        SHA1

        f422cdcb426718b235a19080b0daf71c9b448768

        SHA256

        4aa6cdb9ce95410f85a05b21967d224cfd49cf8c7fa18d9998304a16d4e4b5d8

        SHA512

        5ec562b1e6f91f8774bf8fd00a6a413b4b4b5be2ede17ff9c417fce7097b7d313b136740e525c19a77f220e80fb0e92f8f4d1866ea185c9fc6755c3b41aa9762

        Download Submit

      • memory/5252-45-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-53-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-20-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-21-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-22-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-23-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-24-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-25-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-26-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-27-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-28-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-29-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-30-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-31-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-32-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-33-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-34-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-35-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-36-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-37-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-38-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-39-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-40-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-41-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-42-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-43-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-44-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-16-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-46-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-47-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-48-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-49-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-50-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-51-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-52-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-17-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-54-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-55-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-56-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-57-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-58-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-59-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-60-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-61-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-62-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-63-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-64-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-65-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-66-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-67-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-68-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-69-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-70-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-71-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-15-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-14-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-13-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-12-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-11-0x0000000002560000-0x0000000002561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5252-10-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-6-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-5-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-3-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-2-0x00000000027B0000-0x0000000002814000-memory.dmp

        Filesize

        400KB

        Download

      • memory/5252-0-0x00000000027B0000-0x0000000002814000-memory.dmp

        Filesize

        400KB

        Download

      • memory/5252-1-0x0000000002560000-0x0000000002561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5252-72-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-73-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-74-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-75-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/5252-76-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download