Overview

overview

10

Static

static

1

58b742a8ed...18.ps1

windows7-x64

10

58b742a8ed...18.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58b742a8ed546cf478aa580d3ca5fb4f_JaffaCakes118.ps1

  • Size

    904KB

  • MD5

    58b742a8ed546cf478aa580d3ca5fb4f

  • SHA1

    dfe82e7ebc4193fbe61c041b93d0c6d2df1ecc7c

  • SHA256

    c99f0cdc9ce6460f62519b06cbf3ac42deef8e62607b91410cc02edb75ed2fe3

  • SHA512

    9fac7484dd996ca12fbbd5a50ee6ec3c7ff164ceddc537590247ed6f0f85c22f209e75eedef7b10f26fbf48dccdde5242a474eac1c2d89a1d985dd6db8dd8500

  • SSDEEP

    12288:sOCK75efghgLg/GDL6LOLL7LkXx4OKqWLLLivLYLLL8LxL5R:F

Score
10/10
netwalkerexecutionransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\MSBuild\11F453-Readme.txt

Family

netwalker

Ransom Note
Hi! Your files are encrypted. All encrypted files for this computer has extension: .11f453 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. Additionally, your data may have been stolen and if you do not cooperate with us, it will become publicly available on our blog. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_11f453: UvE3jWF7bXRO0iHnyMxa6QJMwuikXXrogQpyVJI1e0u6RcR2jF Ee1QxUQA4pCVgBoVejO0pNkepGzWAHWGBVoR4GJyJeMdJwjQc1 +EoSuYDHvkTEMPzLKFRc/uz0O7lsLeEON+PAoHyDRL5k6Cift4 801KB6DuKtm7E/kZo5cjAPOicj2Vy90kZz7yQ24Us1l9VBNiLZ ANq/4zz50SyEdnqkLi2piYhLYVYhW+087c1ns4Dg3TPTLnbTR5 ptyC8ZhMzlHp/saPFXVOmHWdY2nemlGq4ogZTEEA==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Signatures

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker
  • Renames multiple (7469) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\58b742a8ed546cf478aa580d3ca5fb4f_JaffaCakes118.ps1
    1⤵
    • Drops file in Program Files directory
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pt2munqo.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2D68.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2D67.tmp"
        3⤵
          PID:2824
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
        "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u_yg2zky.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2512
        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3064.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3063.tmp"
          3⤵
            PID:2420
        • C:\Windows\system32\notepad.exe
          C:\Windows\system32\notepad.exe "C:\Users\Admin\Desktop\11F453-Readme.txt"
          2⤵
            PID:9388
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:12576

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\MSBuild\11F453-Readme.txt
          Filesize

          1KB

          MD5

          adfbcee0e5ed8f5a6e67cec5913d9014

          SHA1

          ffa602a9ab4f6ac30baaee5c844f841b667d2d1d

          SHA256

          13621ae6ec477ec0bd44aa9fa3d19e1e839397684918dcc944c13726bd2ac37a

          SHA512

          de4ffc46d0d97aa52e861baa7ad50d69eb24218463cd47cac9e32d45b9e9ff38cca964f538b848a0d063aae9ffefacad3ac34bca700ea9b598c2e28be89f3537

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.11f453
          Filesize

          52KB

          MD5

          d12d9aa8c300dfafcd8b98bd390ab026

          SHA1

          637f5e663490b58c2809ba86cea961f5727c7b2c

          SHA256

          262d0e8588de93c33f39580f9b231861b56498c04cb928a031743ba9aa2725e6

          SHA512

          292fabcc0ed4e000cab685c932de56467a87b313797be9ec4a71b31383943fc7df9035f9f2bdc4da74082edd2703bfbed6b3c0c0ab9ebb27bc7cf50637585f47

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.11f453
          Filesize

          105KB

          MD5

          1d4ae15db97fc1cd02b8178eaa901140

          SHA1

          741a9472704a9d721af2c0172edf2cd7a531ca6f

          SHA256

          02cb7ce98d5934de1dc145bfc1b4df17d71eccec51e4bab26d1899695f566dde

          SHA512

          e95712a80f8792ee2a505eaa755a9844b2f55c4a8e90ddab45d2d5df7aefdbe56ac09797e7d0dda1ac5dedc455194a6928b4666fc3bf03cf3b63d32afcfd2c0d

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.11f453
          Filesize

          352KB

          MD5

          a6a07acfca2f5cf812ba1e5484fa2d65

          SHA1

          68613a8dd063193f613e5d1627e3393a44ea2a0d

          SHA256

          3d8bcea2800e661efe1b64ab2ce862239d97624da26d78254af30fe78a2bab93

          SHA512

          cd61c93b3806e02eafce1bc2ef82884b62b6fca6a09dd55760e5704dbc6a0c077be2a8b29d05e79dc2fb4ab65bff5963f9fd9db213e223f882b4f37d65813d63

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.11f453
          Filesize

          13KB

          MD5

          02235897fc4f18579d5d1331b93ebf42

          SHA1

          7d32be387970883c18601dff407986e8020489bc

          SHA256

          30131bed38f9f6abfbc9312046a138df030e561bc024ae484bb7e6b031139222

          SHA512

          d8e76ad29f3e6b5d525c1d75bbb4f8148c48a6c6b19515119cd499d944000449ad65b37091ba3b8dfc9c3aa0e4a7b5c38a25d7cc0f135063592da896b7e62afc

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.11f453
          Filesize

          17KB

          MD5

          820f8fe3a9cfad67a49443a9b7d25624

          SHA1

          b8719e36854ad9cc04fbdd23b57488ed2a60b03d

          SHA256

          cc54394106bffea85ff88453b68abd61232abb31b36f6b5a951a8a4cee64e261

          SHA512

          e7d428f3a0b46eba875a62635ff3f72e94863e80138734ad6e8d9f0b0fe97889318648e33e517eebd92cd5d97951e43fcf5f4653f7792278e503597a1e6dfcf5

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.11f453
          Filesize

          462KB

          MD5

          e1ecc74b5da44fb540c563e0ee688761

          SHA1

          effd72f8c3f2e9aec61c52c9ef30d743f5f03efe

          SHA256

          61774cf5e04e13a72ad6740800acc22213d8f96fe607ba9b2447ea2ff92f6492

          SHA512

          824ca533f5a9a35c8009c9ce036c48855e45098262332bd90638710e0b4102684381c135fdf2b4369c347df1ebb5d2089b5b50f1ea7da1ddc7e76207432f83b8

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.11f453
          Filesize

          1.1MB

          MD5

          229af2372a4374d7a965a128aef74776

          SHA1

          5d55e8525e800e93253d05e9ba377ed940b9150c

          SHA256

          7132d1db1dfbe6fbd7788c964a16f6f2e80fd978f286a84619ff135f32e0e2df

          SHA512

          ca6e9dc0e0ba5d898d1e5de8f03f467295f4ec1b420e9e4c886c9456d4517f01dccb8e113132818a7e0cac8dca8735fb122086b9884f996b8cb52d652f0ee1e3

          Download Submit

        • C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.11f453
          Filesize

          1.2MB

          MD5

          f323f827731651514f1d6f9e169165f3

          SHA1

          2c6019142e36adebf1ef2326bef486fbc841e8ce

          SHA256

          6c2ca017d101ba0227b61c8821957cd6200d0a648f9781e50cd83834bb0e5a7b

          SHA512

          de6088a83080d9f87e1a38a032008198d46dec9606451ab7c6a7e13ae6d2005405930dc28a0647f77792864445f41b56286899446d44eb4830ca1be341fe47f6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES2D68.tmp
          Filesize

          1KB

          MD5

          462ed7c49ba33c4eac212cfcf1656bd5

          SHA1

          bbae98c47d97f5e3adc58caaec636a31520acc3b

          SHA256

          854015e348ccc92300c9f96543e0c6342bb5be2f9d0726046f1ef277f6de288a

          SHA512

          2784d04b845d54cb89c7825b8025f3a36f4733290e02d49c75bf293fd3a6d931627487e12838dd73f35f3a67cdd27b31752948d01e9c64c0cf741a5cdfde880b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES3064.tmp
          Filesize

          1KB

          MD5

          5163e6dcbca7219ea51a71bceb2911f4

          SHA1

          4f7cc36c21c20b70e38456af2867de2da2f5c94e

          SHA256

          a9722ab053e08efe6540e6a627c8dd6c60701b6b3359434be3e24dfa8b4fea5e

          SHA512

          69bb247301841eb331e1d4315867aef784469aa694041b454c62110ae6b6d57c519eb9c8b17b0deb143477fefaa3243aa42d085e53d90ac66730c62e67cee17f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pt2munqo.dll
          Filesize

          6KB

          MD5

          8582fa4b2093add463a6b96a9e2eca8c

          SHA1

          46689c784f33c1e91a94d515763293595041fd18

          SHA256

          7aeebb9580ad9651a13ad538c1921bb88abae20dd866b424984ac15dc6189430

          SHA512

          859792f1b7bbd14a0bcd0ffb9482962735f531290c56aa24ae8a9a433a44033f7101a88093853fa7fc9dfa0d319e0f720e5a04a1e2418e0de617dfd217c493eb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pt2munqo.pdb
          Filesize

          7KB

          MD5

          b19bcfa3c15e2bba7395ab3e52ebeaaf

          SHA1

          8e055488fd215578cc2f077c0abc012f99d05549

          SHA256

          61097cdb663bd2a7dfec3d532b8891ce82b05fd993d9b4ad3e405b9d967dd1d8

          SHA512

          8a1fcb26c8aa8513c57f0d71232935a1b225b0d2971469116c1b94d410ae7bb3ef2d12728952d0c3393e569d0498d722be0637e93726fdae867f26a4ff55105c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\u_yg2zky.dll
          Filesize

          4KB

          MD5

          074e2ee85e6c56217d1e31a7d614ddf1

          SHA1

          be3ad6fee01a296f88214c349feece1244999e65

          SHA256

          3a9d091402bf7c1c1fc3ffe9d4e41b37f53704c5700a6da9a6e81705c2d4ddd4

          SHA512

          327be9aabeb21175fa84e8c099ecadf1bacdb61df16755ffb8fa37308c8b92044584e09b9ea5e6fd7ca6dde478ba1ae5335865add48ceb712a4bee6354b4ce77

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\u_yg2zky.pdb
          Filesize

          7KB

          MD5

          f4d5db846d8e775fd43435757a19aebd

          SHA1

          f45b09580ee71d24803c22e7041c16350407ba55

          SHA256

          a0167e1d0285fe5a0273d48dd13caa37fe6912bfed6b2d02f7d40f9431d4087a

          SHA512

          94b00eac0d1cd03f166b2461d142568c43e51eb3070eee236d59e158fea4e54ce8f46b7b9b9cd636971c128747bab7720094d108b2b0299e0c2cf548d1f1ebc1

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\CSC2D67.tmp
          Filesize

          652B

          MD5

          335ce19046681d91dd5831a1f69c214a

          SHA1

          047e1b7cca5959995ae74ee256843c8d0ae6e14b

          SHA256

          b2ce5119de931b2c0fa3738b147bf9a30689873e450e043215cba59e3cc1cb4a

          SHA512

          f4bb6f152b50c7577e45a9e29b9070548fb9e944e689e8b7b5cec94db0c629b996ed3adbcc0b3a11e499ce168d71f686ca60b8143ece5c92afba144ce280bbaf

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\CSC3063.tmp
          Filesize

          652B

          MD5

          3578de27ffa1440e26d61f4c63bb6ce2

          SHA1

          159473f75c5db334b92bb16bb17a2deb64748b4f

          SHA256

          6b7d7641e592418bb5ce0d395689a021303398360cf561fa1e2e16af92a52be9

          SHA512

          69d3f3c7523b9fecba5b84fa6428f78b696d30f5afce0248196448ed3da63502e5d0ec574ca13de085f658ad41264900dbe2d38106fa0df13241c8628f2ff0b3

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\pt2munqo.0.cs
          Filesize

          9KB

          MD5

          02a0899f755d28aa8ca5b6dbf9d79db8

          SHA1

          5cbb31d741541eb9a6ffff3b5ea404fd462d4d12

          SHA256

          c789d50f8fd9714067788f5f35199ac13157da910695570b7662beca2750d00b

          SHA512

          2d1dfaac2440f630bb391e3b3fe4bfccd4c91dfb6d6382201b8a14c419d89ac97ef52ad0a40490ee50879dd08e14cfd7a760978bd4921e1ac849877d84b5bcdb

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\pt2munqo.cmdline
          Filesize

          309B

          MD5

          9265bd236821127968cea6e6f96c9378

          SHA1

          ac282a40039ebaba414c095dc56a9f47049558f5

          SHA256

          967334a90a54debd55f93332a6cdffe438e097ae72ac716bcfb694bb892dc3ba

          SHA512

          36e9540fdd184929c905fe8433a8b9640da127fb7f43d163b3d3a888916a537d609b41c5be4321ba341551c89f07e6aeb1340d258a8c693a1b17e70a6fa4af8d

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\u_yg2zky.0.cs
          Filesize

          2KB

          MD5

          c893ff54420a206c4206af5107a02bbb

          SHA1

          8a90c410a55d545e71425c061973d566a52e1465

          SHA256

          efd3d07c27b013c8b5924d1ec0e58ed4315c38f8261169931f464de78ccf9b21

          SHA512

          8f9c695560994c9db400661ef183328559379c6d722527f9d01ae181dbc6a01984ac007d485cf029ed1be1990a36966d8c6b840623e851fd3a0a32ba7c447c27

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\u_yg2zky.cmdline
          Filesize

          309B

          MD5

          706fe45b0bf6664b06b16a2ebb61e7c3

          SHA1

          3af7dc680c64be52a45b5b5e1f3306a8e8b04878

          SHA256

          21a2aaee87647255fe28c2fd303aecf65f6261a53dc823c8212241a35179b17d

          SHA512

          8dbede08c07e092154c375253e9fd9f8e5244da2a8f95630e4c280e456e93d47361779a6b5f728f5d2712adb852dc2479005383c97b483e73b2058bfd3055915

          Download Submit

        • memory/2132-91-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-73-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-47-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-45-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-51-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-52-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-50-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-49-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-48-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-53-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-57-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2132-58-0x000007FEF5EEE000-0x000007FEF5EEF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2132-64-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-62-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-63-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-60-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-65-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-68-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-69-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-66-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-61-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-70-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-80-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-84-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-88-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-42-0x0000000002D10000-0x0000000002D18000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2132-72-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-79-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-78-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-104-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-77-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-76-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-75-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-83-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-82-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-81-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-74-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-46-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-85-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-86-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-87-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-89-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-93-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-96-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-97-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-102-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-101-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-110-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-111-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-109-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-108-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-107-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-106-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-105-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-103-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-100-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-99-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-98-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-95-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-94-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-92-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-90-0x000000001BC80000-0x000000001BCA2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2132-26-0x0000000002C80000-0x0000000002C88000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2132-25395-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2132-10-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2132-9-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2132-7-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2132-8-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2132-6-0x00000000027F0000-0x00000000027F8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2132-5-0x000000001B500000-0x000000001B7E2000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2132-4-0x000007FEF5EEE000-0x000007FEF5EEF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2584-16-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2584-24-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

          Filesize

          9.6MB

          Download