Overview

overview

10

Static

static

1

58c285c3df...18.ps1

windows7-x64

10

58c285c3df...18.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    97s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 05:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58c285c3df955356b0de4fd8366aafca_JaffaCakes118.ps1

  • Size

    903KB

  • MD5

    58c285c3df955356b0de4fd8366aafca

  • SHA1

    4573f3abf225c00fddeb3ebdace7bf77bbe04b15

  • SHA256

    0b1f6d6c3d5008efd67b9eeebbea8c2e04a2fe3f9ee5db01004384c1419cc170

  • SHA512

    c6eb9f8a638f221000783451e4dc3576836a4a34d842c9e8850e2f58e0e5c82b942f31fba8f705532c6cc85057872b2a059e72b40644fdd0c64c3e4a6abb5622

  • SSDEEP

    12288:UlKC3i/930kve4tUwcuVJEb1OK4RtGIyc/ZFvRWwajB16I6WY0aMAnbfMeAoJRxI:o

Score
10/10
netwalkerexecutionransomware

Malware Config

Extracted

Path

C:\Recovery\WindowsRE\5CF39B-Readme.txt

Family

netwalker

Ransom Note
Hi! Your files are encrypted. All encrypted files for this computer has extension: .5cf39b -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. Additionally, your data may have been stolen and if you do not cooperate with us, it will become publicly available on our blog. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_5cf39b: XnHZOVZCM8ydqOVf/rzZE06EQWFL02DyKxvBnuxoTf3XFR70Sl ky/wVUDaAwDSK7ids0opEya778N5/uqUvUGk5yf6Iwx2QkWGbS 1855cmI8lkBakbxYq7pfaP+YWYnbVGns3VxNTJoPkrVZQNBIbC tlEvCPNlRJcdgAu35fMB+YyNa7OV32tS2mn5UcNSce8TU2Z1k1 Kh/1cgunCb59qpDzRVrOqEA775PckXgF+SlFAebx7XL+ssURa9 Icj9mK+XVqVIIZLj6kofhXQJtCCFEx4r8AeW27fQ==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Signatures

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker
  • Renames multiple (6797) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\58c285c3df955356b0de4fd8366aafca_JaffaCakes118.ps1
    1⤵
    • Drops file in Program Files directory
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jkkrzamw\jkkrzamw.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES35B6.tmp" "c:\Users\Admin\AppData\Local\Temp\jkkrzamw\CSC983DE544FD1F45E29A4387A0915DE6F.TMP"
        3⤵
          PID:3608
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dio1oo2r\dio1oo2r.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2424
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3633.tmp" "c:\Users\Admin\AppData\Local\Temp\dio1oo2r\CSC89E62D05F6B4740B82F08128B7111.TMP"
          3⤵
            PID:1556
        • C:\Windows\system32\notepad.exe
          C:\Windows\system32\notepad.exe "C:\Users\Admin\Desktop\5CF39B-Readme.txt"
          2⤵
            PID:6472
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:7236

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
          Filesize

          3.3MB

          MD5

          8cb673621df04e7311e836d6de32bd93

          SHA1

          7fb4800ddd3d47d5cf6ecfad3dec2f4249e86eb5

          SHA256

          b2ca5caa32abea39c482c34f4c446e2e6b80d3818e7e173b742dbde6fea9a7d6

          SHA512

          ce02f226a6887621c8f2a3a092f8f14d767207731bc4b433a08c514ef7718e6833a2e541aca4f3de78d39c4b7dda8d84a166b00055b243f416465c162368bc76

          Download Submit

        • C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.5cf39b
          Filesize

          3KB

          MD5

          84fdd5c84f363bd415dbd73a23b33ed0

          SHA1

          614d04f5a18d05a0aa7ae397c0ff2323158330e1

          SHA256

          4ec389826ab8e127d5d1e27001d56e0eafe733a7c2677ab943e6a93a413de880

          SHA512

          e713ef337067a1bdb0d5ba9ffb24ced88b50fe0c7478d6e80628fb39034507dbb02119e6b6e0cb0fc69497516e6929bb0474179fcc2ff21edfe2f7ddc14e3295

          Download Submit

        • C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.5cf39b
          Filesize

          2KB

          MD5

          0e7c4937038fe0aa0428af3904108732

          SHA1

          afa07bbc3596059c2b77cf5db9130ae6eda690e6

          SHA256

          abaff6b73982a15b7ee456ade53c45bed01b6d52258a20c6bb964203f9b6db3a

          SHA512

          d41a5e1440c26938b481fbd6d221cc4e5fa582ec4123d1c8467e584dd2ad3a61b66cc19dfa6819b5d224d62d365fd1c8f20849fef0c9482ad6a20c63d257f7d8

          Download Submit

        • C:\Recovery\WindowsRE\5CF39B-Readme.txt
          Filesize

          1KB

          MD5

          aef885ca9528d45a550f5ac5c4ca95d1

          SHA1

          03e0d37ce552acfa9e7451251b0277a114b8734c

          SHA256

          3d8236c0f01449db0d6677353757e49d72956dcff0c78f180eb704e884ce2080

          SHA512

          370d39892143db64d43effea2b6b1ce45bf652aefda0dc307418d4d07a60b3f63d31dbab68c7ea81d6f001ae7d618b2de0993e148c2da935064c15d484f404e5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES35B6.tmp
          Filesize

          1KB

          MD5

          ce1da830eb3ae439076e214634500a42

          SHA1

          9fe8cc8379a953cd2d893ecbe73cbfaef38b1d33

          SHA256

          e24224a26dd7467348ab1916415f09f2848978583520edb995f128921e71ec54

          SHA512

          f4da0955cbc445010e000716ea0cfe6739a84b639ba21e3b676ec2107a369952cad87b121ebe7746cbfe156b491683d2531b256f8e5f6afb1ecb2842519d5123

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES3633.tmp
          Filesize

          1KB

          MD5

          8ea56a223693fbdd22324a36f115291e

          SHA1

          da61c48df711ba5cbb14e86ea8dc45fb3151200f

          SHA256

          9ee06b196f4ecc707179a5a2c14d1be7573f9bccf930a983cc648d9b19f8b5ff

          SHA512

          30dd167c8d6ff67887ebc1a422c03a78d646acea383c961a918ee1ed4a013482da4d74e2a86c01165f977196486f4c706663261bfb877c80f419c90b7e0d7113

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z2fdqll0.rv1.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dio1oo2r\dio1oo2r.dll
          Filesize

          4KB

          MD5

          86ae40017c4656810d5cf7500019ff01

          SHA1

          400dbb1e83d5bfe0b5455641c2f3212299b3f0d3

          SHA256

          a2754d95b182be6babf2d35809e987936581164a6be2d96b43e7450d8bd10036

          SHA512

          119247bbb0f2b5ff71568fb1a990dfbc501056a1c759cb8ae7a98fa40fdd2106e417aef7e768bf655533e8f26248d4476ae9385b43bc7cefe752a204e7bf9345

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\jkkrzamw\jkkrzamw.dll
          Filesize

          6KB

          MD5

          205804084f4560d6f0fadb86fdf35557

          SHA1

          9635e4f45d81dfc0532a3a9a2b912379e8a42498

          SHA256

          534682b7a5fd707970fc72d24e1434e50fca1742ecdca30028abfa62efdc6ab2

          SHA512

          134f10c14e5ea89aefa490affe80f7c2449417b0d03a048b9620ab735982b9ad6a2880dd59deb9d00eff5feb7b13a5ee68b4736b7e3df86f914838eff67a6704

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\dio1oo2r\CSC89E62D05F6B4740B82F08128B7111.TMP
          Filesize

          652B

          MD5

          e29e69121619393706b7dd15b0ef5a4f

          SHA1

          7131f55286d1fe6a58fd098a197ac8b8d140ed0e

          SHA256

          283a544d638d2eaa5e9cf6a3b0a7e7e185821a5c8f1ce250dd7ec44391f1481f

          SHA512

          d8791060fda5c5fa6bb86f01a7e72b29a547dca256e3a966aedf489a8ae8602cd44a9d19e89eb70833ae9bbc8480640b141d0639bb95bcf2d554d06b75a86b59

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\dio1oo2r\dio1oo2r.0.cs
          Filesize

          2KB

          MD5

          c97bbb0991bdcc70f6cd23e863029f03

          SHA1

          3f21d01b0970a323b090056e285b4261c784cb19

          SHA256

          c59ec8f208e5dd9e310b3ca6a2148c22ff52ada68d15e2cd0ade4a819a20208a

          SHA512

          436100ea9f52ae49a6c5179d12464a1e18bb0cbfddb4545774d582fe2d5c269efdf6bce97ad84deb3419f29f4ba0572a1ccebd5beb70ecd98c7c59ed77f4196d

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\dio1oo2r\dio1oo2r.cmdline
          Filesize

          369B

          MD5

          d13c8341ee50f79f10135541c31be050

          SHA1

          f7abdcd3a6c809c09a6f85c55122c4aafab33ec4

          SHA256

          a2b03c67e87911e28eea2e4a99cd02fa5ee829c14dbbbd5f5655dff85b8823de

          SHA512

          51ea6bad4844015504fa194263bf04aca81f7ab0199eaac1a1b1a0e096695433ec5e0d933de123326bd1018cdf11e13a3488f69c327e38ef34a8974f780674b6

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\jkkrzamw\CSC983DE544FD1F45E29A4387A0915DE6F.TMP
          Filesize

          652B

          MD5

          853e33e917383f53535b750abdc6ce23

          SHA1

          6cb58171c69ea4f86d814cee79c46020686331ea

          SHA256

          ed94b5b092c7cde8dc3c109f1b8a69a88d157459596d6a6d106da71a8de29f64

          SHA512

          231e3281503ef7aa350b6941348523b0ef9e985e426d0d36ccb5900f6407e63b63e24093b4feaa6acc9b7314fc7eaa79e6bbea53ac9661dde63fbf00c80aaaf5

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\jkkrzamw\jkkrzamw.0.cs
          Filesize

          8KB

          MD5

          07086ea98fed0079427b7f0710fe62e0

          SHA1

          8bd780bdb9a03d88f32ebef8549509a697fe0102

          SHA256

          eab011089366b76f3f371a62efbe22340ed3adbd2cd5a46a5558c3faac101fff

          SHA512

          d1b4741ca1d09f5b8e72e43c6d08a8f6d69d14cac46bf3c42004e0105e18e892f2ea44f3b28a984779c3c047f5641431148c39bf0eb09093473d2c105c4d2d97

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\jkkrzamw\jkkrzamw.cmdline
          Filesize

          369B

          MD5

          3ba1af544776cf1df9866960e2415816

          SHA1

          50e6dc9ca12cb12fb25d0e0664cd02b245c1bb04

          SHA256

          c0c0849ca4161f74bce1fa79184308cba7e765e4fa67415dff7cdf513ec77083

          SHA512

          9f6d8931c6d20759f0a2cf62697574e798dbad8018cda8d01b9150a712c2bff8d84f30840bb7a98df4b51450cb0e9846b743419d05ef6530035061a9f72536e8

          Download Submit

        • memory/4560-92-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-80-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-14-0x00007FFE7BBA0000-0x00007FFE7C661000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4560-41-0x000001737A810000-0x000001737A818000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4560-43-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-44-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-48-0x00007FFE7BBA0000-0x00007FFE7C661000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4560-49-0x00007FFE7BBA3000-0x00007FFE7BBA5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4560-51-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-75-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-81-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-85-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-108-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-107-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-106-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-105-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-104-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-103-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-101-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-100-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-99-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-98-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-97-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-96-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-95-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-94-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-93-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-13-0x00007FFE7BBA0000-0x00007FFE7C661000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4560-91-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-90-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-89-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-88-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-87-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-86-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-102-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-27-0x0000017360AF0000-0x0000017360AF8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4560-79-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-78-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-77-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-76-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-74-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-73-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-72-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-71-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-70-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-69-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-68-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-67-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-66-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-64-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-63-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-62-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-61-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-59-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-58-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-57-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-56-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-65-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-60-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-55-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-54-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-53-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-52-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-50-0x000001737B580000-0x000001737B5A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-12-0x00007FFE7BBA0000-0x00007FFE7C661000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4560-11-0x00007FFE7BBA0000-0x00007FFE7C661000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4560-6-0x0000017362410000-0x0000017362432000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4560-0-0x00007FFE7BBA3000-0x00007FFE7BBA5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4560-23881-0x00007FFE7BBA0000-0x00007FFE7C661000-memory.dmp

          Filesize

          10.8MB

          Download