Overview

overview

10

Static

static

3

128288b15b...18.exe

windows7-x64

10

128288b15b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    04-05-2024 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    128288b15bfc1adbb1fa5e30154d1a22_JaffaCakes118.exe

  • Size

    312KB

  • MD5

    128288b15bfc1adbb1fa5e30154d1a22

  • SHA1

    1973d1e928f2bbc67644b772f4ca7c453a503753

  • SHA256

    ea366505a9ffb1007fc9abb732c0a9c418df6abdf5c4b27b15ceb4595fd1a878

  • SHA512

    15d17a1892d55f22c5a6d6fe11abc14d2c71f577e0cb513a7d6b6861d6fd10ec685dd115e0ace0002e1a34fec4b11891e8b2112e501cd17d46dae326b11e7f3d

  • SSDEEP

    6144:LmKDzqaykFTZ8w5OAIfw6mkgVA/fSBVOBrKNudQm7dn8e6E:LmK3qaowwrfzHSBVmKAz7dn8

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+iblut.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/E674B5213D1B8B30 2 - http://u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com/E674B5213D1B8B30 3 - http://w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at/E674B5213D1B8B30 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/E674B5213D1B8B30 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/E674B5213D1B8B30 http://u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com/E674B5213D1B8B30 http://w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at/E674B5213D1B8B30 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/E674B5213D1B8B30
URLs

http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/E674B5213D1B8B30

http://u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com/E674B5213D1B8B30

http://w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at/E674B5213D1B8B30

http://xlowfznrg4wf7dli.ONION/E674B5213D1B8B30

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (435) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\128288b15bfc1adbb1fa5e30154d1a22_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\128288b15bfc1adbb1fa5e30154d1a22_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Users\Admin\AppData\Local\Temp\128288b15bfc1adbb1fa5e30154d1a22_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\128288b15bfc1adbb1fa5e30154d1a22_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\nawehhtgbslq.exe
        C:\Windows\nawehhtgbslq.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2284
        • C:\Windows\nawehhtgbslq.exe
          C:\Windows\nawehhtgbslq.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1560
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:352
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:888
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:896
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:896 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1444
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1804
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\NAWEHH~1.EXE
            5⤵
              PID:2540
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\128288~1.EXE
          3⤵
          • Deletes itself
          PID:2572
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2776
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+iblut.html
      Filesize

      11KB

      MD5

      a3afda6d782ea4c59d46c0b0325810b0

      SHA1

      b2fcf977bd5e52545edb7e4e035a3aed7b7cc9d9

      SHA256

      defbe20a1fb453c40e53a37dacb0d411d65de0b9da852552e120bc5438191748

      SHA512

      b88213ef70ef85d9b3d9c2bf9f6cfefacb8fe015af12ff4f79eb145a3cb9c790525b7da052a6a1e77f829b91902450efeba38ecb6b34fb04cfa88fc316f95277

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+iblut.png
      Filesize

      65KB

      MD5

      e60d9259843323491a6fa1d73fac368e

      SHA1

      d8c3e5da82184b0e64ef7cf4710ccb984e557dff

      SHA256

      92bfb6a91dac7756d5c0368a0ccceedc6e21379edce985b8af66a9fde65a8f57

      SHA512

      e9e3fd4d63f63c327c85b22fc5193d86521881bab60161b8708d09941268937aebb3e43f0769ce049797e7fb1f65f82f5858942e2405d4038feb17861c01758a

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+iblut.txt
      Filesize

      1KB

      MD5

      84425d0982e8d1e6d01207af924345bf

      SHA1

      b0f86cbfe5ad2a4818776560143cc1314d1e24f1

      SHA256

      ae45c420e34bf0cd6993b4fc477e9d5c35146097fcc71488397680fce92f0dfb

      SHA512

      e6334a4be3de146e6eab0d3b38e2e0f470847a59538516eba8c71ab9a9bee3737bb436425132bb44038f9d72c728600d0bac937cfd00b6205391395e3dd17f87

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      80fd4aa4d2a8a3f65f21fd3769ff53ee

      SHA1

      1a4dc416feadf703c72e6ba725ae75bedd7c3c4b

      SHA256

      e518ecc56e7a0ef36e34bc24f0435bca4e73599223c70b5db5f9741b25d8c8fb

      SHA512

      186fea3235d5fab2713bfad68df83771a2772ac579f01899e338148fd97724698092d6147de41da341b41cf55ed779bfc966c391eb38d564e7754f181c738cb2

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      ad87bca7f842c71519ded193c0465e5a

      SHA1

      6ea05ed7bf82ba59825f7a37c4e0cf38ae9e480d

      SHA256

      e0cb8ccaba2c6842d040734942a3440ce4c0c04b0e54c9929089c2d272a929dc

      SHA512

      2d36c8e1b5106e949508defed5892edd0ae89fc61dacc5e0cc131af7ed6e77835ee0696e2d343e858ea95fa8e71506403f049fd05bf6c108862a8fac38230dd9

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
      Filesize

      173KB

      MD5

      f9dd595546fabac2eb912e13d9683148

      SHA1

      db006bbe6383a9b22ce9bf92d0db8a7411c6a5d4

      SHA256

      c9e8a2f24fea4b4281e77d71727acee0c1056c6bdab123accbc98d048a700e09

      SHA512

      9cfa9e72838efa1c3df1591813cf5a678f7b6576ea4aa5ca44415cc47bd214bf9d24ad303f8d4440a8d5350fe9ac44da1072d312f0abfabd3537f3fa38ac492a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      97c6c4219da661c6ceb05e277fa8fa14

      SHA1

      adc2d0ea3d59932f8f3cba98f3c84a873d26f4ed

      SHA256

      bac278e864fca3ea5aaa2b4c4adbf3aa2ba2c80204d6168386f9085fade221f2

      SHA512

      c6107f05bfe80154100575d1b74cb07a1ad5ae2191a283d52f4522e7ed3fdce760a52a73e8ca07ccd5a91aae13494455359154d90743a3ffc6f39aa64164649c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c74917efac1a2421970c0d13bafc9ba

      SHA1

      11d17a6f5b929756200d1c6453c49cb03628beab

      SHA256

      5ce434c112c7d31a63ce204d13da7eb7a9180c4a5d371ea208157d413a32d46b

      SHA512

      8616211a6ced5553f5a86bf147319c84b35f956ac174c24a5426395f8ffd073792865557d4e9a9333812daf698a61e48c44db8d6f0203047a022a9c40c0501bf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      58ab5f033779995c12b6a1efbb522020

      SHA1

      78053d55a6fbe3b9e42bae1f9f95de5eca1325ab

      SHA256

      7d89560a63781f22d99d33e0d710a482f35ea022aa0337c0f3a5ea6e9989d27b

      SHA512

      1aa03741c4f3674ded36084909fc2b15eb0b58a315dfd3951f25aac34a7b20fb5261a3ed1272ff547bc24df16015944ef3bf50b93b00c4e58d9c91a8e7b0347e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e7f20ee04aa120241a682f2ab1b1ea0f

      SHA1

      4835c10d7dd3f9510d41fac5f503b5a5c4ad74bb

      SHA256

      2abeb567f0a76202d5114623a8b154418b3b2e34a76f11aa8b30516ba847a3dd

      SHA512

      8c4121b65ff861d92a8870d67124fbd5a31a44c8edaa4dbfc7a115d8e451a8be62a9e19c93d894ce2f235caae0ef3c7e487eaca743bbaa0b70e71c40f10e61d8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6471611abdd2d6ff14178808e79b4ea0

      SHA1

      cee6b07ea6e93727bf6be11766cf3947633de337

      SHA256

      ad314737f463747eeffbfb4be2459768c8cf15b3c5407782ea40672074aab2d2

      SHA512

      f8e58879bbdcb27e2c1e56948ef7d8e1e2cb94a734300bf8633cb35599ff04fcd071b178dda09f55cdaea5025d7a988130146fad427c9a99ac8652bab2c00d39

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0ee19a7a1ef4fce4d8a360d30152cfad

      SHA1

      e3282981311432fd14125308f2f22543dd9c7d8f

      SHA256

      9464873f955516365a0063759701cc476254e41b289d2dcdd5e2262f1aa0c2f2

      SHA512

      84348247923810985ba2c189a52c16286eab7f1cb13f08e09f6f77b0e6269c075c2a067b0e11dc65726517c720349b3a6177d59b9c851a23e0a0f692da4c7f7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a4f945f15ffd7c236730e56a167b7aa

      SHA1

      7adc752396f8b891a1ef574ab2481e6f0748f372

      SHA256

      f6adfcf96261ff015a2563888c04c22faefa72e3a5861d83daf1f8948940d820

      SHA512

      2069dbae81ec3c5088f55b1fc1edcb122685aef0936bbdf3cf89172fb693a8f67cce9bbd24606327117f74d5e75be70ae426f705a743f5f2a97490b0c6b36dff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab91F6.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9335.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Windows\nawehhtgbslq.exe
      Filesize

      312KB

      MD5

      128288b15bfc1adbb1fa5e30154d1a22

      SHA1

      1973d1e928f2bbc67644b772f4ca7c453a503753

      SHA256

      ea366505a9ffb1007fc9abb732c0a9c418df6abdf5c4b27b15ceb4595fd1a878

      SHA512

      15d17a1892d55f22c5a6d6fe11abc14d2c71f577e0cb513a7d6b6861d6fd10ec685dd115e0ace0002e1a34fec4b11891e8b2112e501cd17d46dae326b11e7f3d

      Download Submit

    • memory/744-6053-0x00000000001A0000-0x00000000001A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1560-6055-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-2605-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-55-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-52-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-51-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-50-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-6059-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-6056-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-56-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-6062-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-4468-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-5824-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-6045-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1560-6052-0x0000000002B20000-0x0000000002B22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1720-17-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1720-0-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1720-1-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2284-28-0x0000000000400000-0x00000000004D4000-memory.dmp

      Filesize

      848KB

      Download

    • memory/2676-4-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-6-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-8-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-10-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-12-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2676-16-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-19-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-20-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2676-31-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download