Overview

overview

10

Static

static

3

8b04af13b7...21.exe

windows7-x64

10

8b04af13b7...21.exe

windows10-1703-x64

10

8b04af13b7...21.exe

windows10-2004-x64

10

8b04af13b7...21.exe

windows11-21h2-x64

10

Resubmissions

18-03-2024 13:45

240318-q2hzhaab76 10

Analysis

  • max time kernel
    1792s
  • max time network
    1555s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-04-2024 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

  • Size

    1020KB

  • MD5

    496f86f951e1dbd3c4534d51a5297668

  • SHA1

    1199c5f30f5724841905cbdb9787649d15aae3d5

  • SHA256

    8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621

  • SHA512

    382abc596081ca5d0fdea39b12afe433e446cd50f59e4abca818162d96e46465beb1cda631109083071e7c050af6bfcf867be41d02c1e2ebe5dd99f61f45d510

  • SSDEEP

    24576:es0fVWVbd8fKT0KqTAFFCa/2yDEmdvAkomBbOsn51D:es0fVWVR8fKTeU1imBbl51D

Score
10/10
troldeshpersistenceransomwarespywarestealertrojanupx

Malware Config

Signatures

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Interacts with shadow copies 2 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 58 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe
    "C:\Users\Admin\AppData\Local\Temp\8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3016
      • C:\Windows\system32\vssadmin.exe
        C:\Windows\system32\vssadmin.exe List Shadows
        2⤵
        • Interacts with shadow copies
        PID:4768
      • C:\Windows\system32\vssadmin.exe
        C:\Windows\system32\vssadmin.exe Delete Shadows /All /Quiet
        2⤵
        • Interacts with shadow copies
        PID:1080
      • C:\Windows\system32\vssadmin.exe
        C:\Windows\system32\vssadmin.exe List Shadows
        2⤵
        • Interacts with shadow copies
        PID:3832
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:4636
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4920
      • C:\Windows\system32\sihost.exe
        sihost.exe
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Windows\explorer.exe
          explorer.exe /LOADSAVEDWINDOWS
          2⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3852
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4472
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4556
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4144
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2244
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2560
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3844
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:320

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Windows\csrss.exe
        Filesize

        1020KB

        MD5

        496f86f951e1dbd3c4534d51a5297668

        SHA1

        1199c5f30f5724841905cbdb9787649d15aae3d5

        SHA256

        8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621

        SHA512

        382abc596081ca5d0fdea39b12afe433e446cd50f59e4abca818162d96e46465beb1cda631109083071e7c050af6bfcf867be41d02c1e2ebe5dd99f61f45d510

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
        Filesize

        1024KB

        MD5

        a1727ea80f3962cb3910b6f7c9deff67

        SHA1

        aac78258a863d59b1fdca1a2ddd9e565b60c7b81

        SHA256

        88c42eedb752b848b9ce635874958331ac924899d14aac3840898b020aa1dc0f

        SHA512

        2409affd44462708b3a1a74431f0ec2d7dbd2ca38de8ab3c4c3438d335d05958c20f62b6034a39e03e38db65cdacf3edba9a61dfcba57751bc8c7f321b2d9b79

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
        Filesize

        1024KB

        MD5

        1241bf816f32750e4d54359140402a68

        SHA1

        f4031f2b4986ee4150a4dadd4ea0192bed6b8915

        SHA256

        8e67597ed6eb1ec4fce3fe98f7c99f4cc87f31e327f4587f5589dcabe08938b9

        SHA512

        b4bc61f9a7f7ec79b3ce3561fb30eca2daf53e2fd839cd123ac07fabaa9d16bd99b3e5c5b7737961bae2d77a82260f0e1fa626c61ee4d153521d141237120289

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
        Filesize

        1024KB

        MD5

        a51807dac9bb91c40d055003dc3099c2

        SHA1

        fbcdfa0d785373abc0535037be04b499b81adee1

        SHA256

        78c39bf59038a8591d8e3e6c2aa4effc0b76cf393bbb10307e5b44ab8a284716

        SHA512

        e1e4166337ccdeb05ca2b29ed78a5919259260c0e6f7d691fb03081dfb6d101808ed01378c50eff94f5e6e8ad0ffbaee7a9cc73121000a72b1b296c383543226

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        7KB

        MD5

        624f1772c59b029aaadde33de03bb52a

        SHA1

        d763d1da461597ff18ade2fc1b9b40f9e4c0d210

        SHA256

        591391fec4aa162c417c1c7feb47b13eb21763aca01026f37f6f253bd2958fb5

        SHA512

        f25dd3220fd6bcb19f76248f09ab2b93177fd996d5995068d2a55885ac864964c75dfbd09f5694438efc0bf8402a005d0e44267f2930f6152b8337ebc2f6fcd8

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        7KB

        MD5

        aa59163f961056fc5ec4719e583c3673

        SHA1

        65c6737ba2c94c7f7d29585c3e1d988851357981

        SHA256

        c44eb1d5559d4d802f6380390a2c0ac6a8f7a298b346519f4ee85aa062b0c775

        SHA512

        43dcb89765a69afea7a55b9ed34c33dd709932dea1f038c839632043d912236206ca690ce7469640ed4756303fa50cad3e837771c898ca40b38e54bee6cdafdb

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
        Filesize

        24B

        MD5

        419a089e66b9e18ada06c459b000cb4d

        SHA1

        ed2108a58ba73ac18c3d2bf0d8c1890c2632b05a

        SHA256

        c48e42e9ab4e25b92c43a7b0416d463b9ff7c69541e4623a39513bc98085f424

        SHA512

        bbd57bea7159748e1b13b3e459e2c8691a46bdc9323afdb9dbf9d8f09511750d46a1d98c717c7adca07d79edc859e925476dd03231507f37f45775c0a79a593c

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
        Filesize

        1024KB

        MD5

        7eb500438f3fa0c34db7dbe53649f6f6

        SHA1

        212e7860a64fce11daf322adcafe320b46bc93e8

        SHA256

        07e090ca24a221f60f1e99c6e9830af99e9d1213592c86f8906f24511644ec6d

        SHA512

        e565b9a1316d8b18ade081bb79a8e10a7ebd2b235243a6fe6eec61ee047ea13f11881d2767690af16839cd9e73f6df004978cd39e75dc3cf6da41ef6930da48e

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
        Filesize

        1024KB

        MD5

        fa976cc1b48b8f681bf37a6f04cc8323

        SHA1

        72abc0c19030402b261a4a3553caec63b4dbee25

        SHA256

        94b5e588e549636476a92379cda9741f10f90a795a80b5d54bb16fc7cd945e06

        SHA512

        0e7986b62ee09b4372cb55f04faceafe235d2445ecc3e98f7cfc37c271adc2ce3868c30954dbb681a7478423ccca6d24794008d8cfa4f40c10c5237f3ce29c8e

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
        Filesize

        24B

        MD5

        ae6fbded57f9f7d048b95468ddee47ca

        SHA1

        c4473ea845be2fb5d28a61efd72f19d74d5fc82e

        SHA256

        d3c9d1ff7b54b653c6a1125cac49f52070338a2dd271817bba8853e99c0f33a9

        SHA512

        f119d5ad9162f0f5d376e03a9ea15e30658780e18dd86e81812dda8ddf59addd1daa0706b2f5486df8f17429c2c60aa05d4f041a2082fd2ec6ea8cc9469fade3

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        Filesize

        7KB

        MD5

        5a7e020ba68fa1d472a9720366c289ac

        SHA1

        efbc5340b726dbe321f676118fc6f2edd12159e8

        SHA256

        a45a63cc7d8ee3e6b28ca7fa71539f0968aafefb97b3b1a2c1554595d48eca1e

        SHA512

        2a0d35f7263faea87bb34ff4c30218b49bc6dd0e8d41e72323325406afb60543d31e6be4c2b874a9251e486c6c98e14d6826053ada8bcacfe46b26d0487592f1

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        Filesize

        7KB

        MD5

        bfaa6fcac2717e42323d07e1701811e8

        SHA1

        f7da0e8aa19c16c52332bd4a0cabd814ac66b322

        SHA256

        3c40d06c625fe6a4515e2e60cff06fd82495cd1b73f2ecbe0c32b33889cbb3b1

        SHA512

        076135d34c866dc27edbf980afb33310ddb6cefd27366e954b80c666a9e44ffeaca6ca39edabf509424ca2ba8efdd1608acc39ef16e6dab919aaef0d9a8787a8

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
        Filesize

        6KB

        MD5

        8ad3052c36371b29e2fefa74d6b2893b

        SHA1

        e208e11cae169db557b6c7d9df3adfbbe51217be

        SHA256

        608b722958bd499b5d1ed13b131b273dcd5356a9a0a658a37f065a390f06630e

        SHA512

        d7675e020949711794f4f891e2716b49bae5af843a20d0275726ede778bb8134e8f50d8c575a67bb94c07668a9af1fe887790c9a18101e6ac699441de5630b1b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
        Filesize

        10KB

        MD5

        9a2a41ce229f7f47af3a42afe435fc72

        SHA1

        1c7af19f157026ee5e31980989863ebce55a31e4

        SHA256

        5058b3657d465002c7d338e8de78781a700e9fde5a7427100b4d6fa266653cb4

        SHA512

        7da4e80581fbc10c58feea88b0bd55ac988d79272fe91c1a2bf5fcd5a71ba8e27c3484e74a413ae7517f4615e4b3c02841cb715f08787039bde612e2ab802ac3

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133575664988511931.txt
        Filesize

        2KB

        MD5

        65d939ef67bf440d30c8dee4eebe4890

        SHA1

        5aa8c724f2e458d7c7c6fe7bd6daf0f48b13fc40

        SHA256

        e7abcd543a39be760c610fb1cd8a101abfffc6002e47aaf7dea39b31f94a3531

        SHA512

        8237d8dcab2898614b13f052ca540e6f094b7eb4653a110b572967b3fd34c5d29982cb1ada9a4e38702d08cf736c684ae8269aeac55f0fcbcc2d5b04dfbb50e7

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat
        Filesize

        2KB

        MD5

        91fc9c23af48d4cfc01ea721d44cc656

        SHA1

        43a6e4dee4ae4f552be4b21e247b16ef133e7569

        SHA256

        9cd63dc230be39802a2064cbf77649d1a5b7c80598a18c68dca90744af06c2dd

        SHA512

        60d8cc84165efc20c42307e83cf1247358fe5379740458a2f2f6d7b8dc2f6151a0f169847d2ab56e65c13d7e88f5290a17ea584b501794b7ebd219183b83c274

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoftwindows.client.cbs_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\JNTZF06Q\www.bing[1].xml
        Filesize

        13B

        MD5

        c1ddea3ef6bbef3e7060a1a9ad89e4c5

        SHA1

        35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

        SHA256

        b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

        SHA512

        6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        Download Submit

      • C:\Users\Admin\AppData\Roaming\20EAE25320EAE253.bmp
        Filesize

        2.6MB

        MD5

        993cc909a89f0fb7fe90acc3703c2105

        SHA1

        f422cdcb426718b235a19080b0daf71c9b448768

        SHA256

        4aa6cdb9ce95410f85a05b21967d224cfd49cf8c7fa18d9998304a16d4e4b5d8

        SHA512

        5ec562b1e6f91f8774bf8fd00a6a413b4b4b5be2ede17ff9c417fce7097b7d313b136740e525c19a77f220e80fb0e92f8f4d1866ea185c9fc6755c3b41aa9762

        Download Submit

      • memory/2280-47-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-56-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-19-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-20-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-23-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-24-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-25-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-26-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-27-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-28-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-29-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-30-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-31-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-32-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-33-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-34-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-35-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-36-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-37-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-38-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-39-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-40-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-41-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-42-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-43-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-44-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-45-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-46-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-17-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-48-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-49-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-50-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-51-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-52-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-53-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-54-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-55-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-18-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-57-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-58-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-59-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-60-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-61-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-62-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-63-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-64-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-65-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-66-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-67-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-68-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-69-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-70-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-71-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-72-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-73-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-74-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-16-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-15-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-14-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2280-10-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-9-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-6-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-7-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2280-5-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2280-4-0x00000000024E0000-0x0000000002544000-memory.dmp

        Filesize

        400KB

        Download

      • memory/2280-3-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2280-2-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2280-1-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2280-0-0x00000000024E0000-0x0000000002544000-memory.dmp

        Filesize

        400KB

        Download

      • memory/2280-75-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-76-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-77-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-78-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2280-79-0x0000000000400000-0x00000000005DE000-memory.dmp

        Filesize

        1.9MB

        Download