Overview

overview

10

Static

static

1

58b742a8ed...18.ps1

windows7-x64

10

58b742a8ed...18.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58b742a8ed546cf478aa580d3ca5fb4f_JaffaCakes118.ps1

  • Size

    904KB

  • MD5

    58b742a8ed546cf478aa580d3ca5fb4f

  • SHA1

    dfe82e7ebc4193fbe61c041b93d0c6d2df1ecc7c

  • SHA256

    c99f0cdc9ce6460f62519b06cbf3ac42deef8e62607b91410cc02edb75ed2fe3

  • SHA512

    9fac7484dd996ca12fbbd5a50ee6ec3c7ff164ceddc537590247ed6f0f85c22f209e75eedef7b10f26fbf48dccdde5242a474eac1c2d89a1d985dd6db8dd8500

  • SSDEEP

    12288:sOCK75efghgLg/GDL6LOLL7LkXx4OKqWLLLivLYLLL8LxL5R:F

Score
10/10
netwalkerexecutionransomware

Malware Config

Extracted

Path

C:\Program Files\dotnet\AB763D-Readme.txt

Family

netwalker

Ransom Note
Hi! Your files are encrypted. All encrypted files for this computer has extension: .ab763d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. Additionally, your data may have been stolen and if you do not cooperate with us, it will become publicly available on our blog. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_ab763d: a6On7rM/fuwJNyD+M/NeHALHxmykWCxM+dKahPayPoygCLen5R rRR7O9O/n5dPlEICp8pgh4xJyvoc2DaoRVTXXQkGOe5mgXjQc1 +Nv3uU1INfYl7b3PXvSolTz+SSVt084qGDk8EtewaRJAHtzKmn nfyK0UGxHz5opr7Yz2MKN97XDoRXaUV8mpsdXYr41y6+vpFDaP VY0zJDTju/KC7MfR0yaLKbJzdZczfHru0H3JuoCTpRCIvJNCNF X3K+a2nQ4+EhRuui+O7V5QWtDEsahn0qlBw6yN4A==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Signatures

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker
  • Renames multiple (6772) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\58b742a8ed546cf478aa580d3ca5fb4f_JaffaCakes118.ps1
    1⤵
    • Drops file in Program Files directory
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ym1uj3dq\ym1uj3dq.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5044
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A47.tmp" "c:\Users\Admin\AppData\Local\Temp\ym1uj3dq\CSCE22E9F8F22EF462D86B5B191228DCCAE.TMP"
        3⤵
          PID:1860
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\c40igecu\c40igecu.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3920
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A96.tmp" "c:\Users\Admin\AppData\Local\Temp\c40igecu\CSC96A5911334324802B5F54870AA3396E7.TMP"
          3⤵
            PID:4000
        • C:\Windows\system32\notepad.exe
          C:\Windows\system32\notepad.exe "C:\Users\Admin\Desktop\AB763D-Readme.txt"
          2⤵
            PID:6012
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:12156

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\dotnet\AB763D-Readme.txt
          Filesize

          1KB

          MD5

          d9d3afea0c4a8a071cf39b934b261e89

          SHA1

          99a4c606d3a717291cc5368ddc86bd28f40dd21c

          SHA256

          52144275eb478418e1eebd4f43c8a7b957fb7395424bc02f769b53196ee0c318

          SHA512

          240774e943abefa9b6df67c4baae446f555e61d0a19e7d475fc76ff5e7dbd71905d1f6a4d8dd2077842c96f01f16090a3a2b6e435a6e4aff722d54cb4fb5b19f

          Download Submit

        • C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
          Filesize

          3.3MB

          MD5

          ecdcf1046b864a79c980a1aecb837c8e

          SHA1

          24bd217cb9445b3439471f3b1bc4d21f662ec492

          SHA256

          41d68efff307661603dc05f73e9dce83f3b5f4840816b7c7a0c2f8ae474afed5

          SHA512

          eb2757228cec367bb8c040c246f02b565d1b3d62b08e062505b9db2fb2aee80e45b4b5a9b264d80025cdb1fa42b640303ce68a27a5b85e9076b913ae1fc9cea8

          Download Submit

        • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\46EE467C-2874-4C58-A7D4-CDA60D9871B1\x-none.16\MasterDescriptor.x-none.xml.ab763d
          Filesize

          27KB

          MD5

          13a928fe8ee541af779f7f7d4b996958

          SHA1

          7b06d5c5b6a145991ad957c00c5844dbbc620725

          SHA256

          352fcaa554c03d16c6059763b4dffa5bb5629790075fb778390e7cbcae5b551b

          SHA512

          f572e0d2a09d9e9f19bbde3faf6e6e6b32a5c6b5703fa0b06249d8de4cf3e98d59160658154d7f504323205d229241b100e7193bcdc8061355db34b17f1c1f52

          Download Submit

        • C:\ProgramData\Microsoft\MF\Active.GRL.ab763d
          Filesize

          14KB

          MD5

          7ec8fdc2b58a28cfe693fbd794a162ff

          SHA1

          e1fc91a01297479d381625c8e353fc2c2ea17cbe

          SHA256

          5e83106907914b70637213d10aa442f187349d8b3381c721707ca1b3508ccfe5

          SHA512

          5e390a5dfed96b7eaf5aca94ff001d4afa9671b8c629e0f308e649bf804febfd26e3522d451586b29f20ec36912ae215d84f6acc4e9c1947d69298094bda4ec6

          Download Submit

        • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.ab763d
          Filesize

          910B

          MD5

          abe0ddafb0f1dcae0dbffa30b9107884

          SHA1

          c07d7e3fd0c5385b4d89ba84733323c27fe6cdfc

          SHA256

          fd206b51e80193cef5008900eb21d9ec790bfdd5967d334c4aed5a54207f3152

          SHA512

          b6fdb511184dfe1a561081a833fcb773a4e7b1fc7e208172b6d6d2d26c49ea2b177e54be4a72578953da8aa3829ba57bab2240a18b8ff059589e92274998a103

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES4A47.tmp
          Filesize

          1KB

          MD5

          c1b14e20619fb6b2df57a77063600749

          SHA1

          036bb0de683feff46877c7e8399d4fd0a0bdb89e

          SHA256

          09b9523a445a59e10fdf6f224480ee2cf075db2929a10fbf48f685ce876bce55

          SHA512

          24eeb148f4799be8a19c84967e59810b37d724f442113d11510ea4d12d4cdfb74f62284b9007145d441450c3030519f506ac3f572b9db8cced599f735cf6408f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES4A96.tmp
          Filesize

          1KB

          MD5

          03de44a8c51ae958c0490f7e372e803c

          SHA1

          cf66f076a055dfb306529581495056d591f10e51

          SHA256

          0e77981fdb16a3cb997b718898c62f62243497419fd164da24401a314ceda927

          SHA512

          5f40c0dc183e56b1a20c157c0a41d8502a9a6b70672091cf00fbd404df22224341929cf680ee1676a98a503775c84b4f21960bea8673313c97e58bff017e3152

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o1jlz3nr.5dv.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\c40igecu\c40igecu.dll
          Filesize

          4KB

          MD5

          fd038c2ba9b062096347c57b4e4ddd8c

          SHA1

          511b01f0704a1c2f9b28fbef0df0ed1824405229

          SHA256

          6376ebf505d6479d074a5507f749da0481d69baa9fdce53c51ca89c0cefa5d85

          SHA512

          c71e7f3d47e27edb1bf296f545a0f7e84fc0faf5b5d7dbca5780020ed69bc000fb547d9b75df198e32076074dcc921b573b344b5d63a07fa3ccc5fd89719b3e2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ym1uj3dq\ym1uj3dq.dll
          Filesize

          6KB

          MD5

          e465a9ff4466075bb0c0b9653b2d1f39

          SHA1

          2f3b3e7a4931ac354547d615417cdb9a36c05f71

          SHA256

          3bba66d4f3057d5597d793d1f8b0ede8d218662af4136e3ddc1ef823df22c4c6

          SHA512

          c46514295c6163ece0468ba7d8d28121cfe4999f3e3275ad2af8e57dc0003187548fbf3715c6e17772fe1685774cae92ac4a855d933f0f8e51c2a4ef12993177

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\c40igecu\CSC96A5911334324802B5F54870AA3396E7.TMP
          Filesize

          652B

          MD5

          154b0e51a62623ff502cdc81a747be09

          SHA1

          c574b160d12d2b0718e12c2c0a94b770841deafa

          SHA256

          b13a3c2366de0b2835bf69da6225bdafcfd779633e7651c43c594f1ca7a6b11f

          SHA512

          818e601c1e7b35daff4a81a977ea2aa97e1380d8a2df7da9d345cb2fc25a3e5e89722443df41d703e8405ebe6f4512d86906092b3efd610fde6d3eee4f396334

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\c40igecu\c40igecu.0.cs
          Filesize

          2KB

          MD5

          c893ff54420a206c4206af5107a02bbb

          SHA1

          8a90c410a55d545e71425c061973d566a52e1465

          SHA256

          efd3d07c27b013c8b5924d1ec0e58ed4315c38f8261169931f464de78ccf9b21

          SHA512

          8f9c695560994c9db400661ef183328559379c6d722527f9d01ae181dbc6a01984ac007d485cf029ed1be1990a36966d8c6b840623e851fd3a0a32ba7c447c27

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\c40igecu\c40igecu.cmdline
          Filesize

          369B

          MD5

          00f4bf79a9c1a57e2b14869eed22e2bc

          SHA1

          6ce5c6fa53461c0454f436d3c33caaa756ed37b7

          SHA256

          941f6f7e66f43f6a558cf5078fc0cb3c55c97001f2986414536314409d8fdc6a

          SHA512

          68356c4c5ff680864acf23c2686be19c527d1d1ea2d2b5d6fe1ae2277106cb3d9c680aca49491fb0f6b1c26d2dda036e1256e202634da7815bda46eb267a2bb8

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\ym1uj3dq\CSCE22E9F8F22EF462D86B5B191228DCCAE.TMP
          Filesize

          652B

          MD5

          87584315024eb51dd3086d930922e9d9

          SHA1

          5d30b360c8affbf3355d1b81845c8f3b8bb20a46

          SHA256

          c9e83d27e0ef27bfa94a6dcfff7fcbf17ecef2cb9359a192a071a39a61b7b383

          SHA512

          c0146b7957d0eaf1f06f64a215439fb56e7c9954511ecd819cde312b39470d017bb1c7955c3672cf3a3bf4bbb73ff56e93b3bbf1aaa9bf7f8e8a2fef4aade8be

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\ym1uj3dq\ym1uj3dq.0.cs
          Filesize

          9KB

          MD5

          02a0899f755d28aa8ca5b6dbf9d79db8

          SHA1

          5cbb31d741541eb9a6ffff3b5ea404fd462d4d12

          SHA256

          c789d50f8fd9714067788f5f35199ac13157da910695570b7662beca2750d00b

          SHA512

          2d1dfaac2440f630bb391e3b3fe4bfccd4c91dfb6d6382201b8a14c419d89ac97ef52ad0a40490ee50879dd08e14cfd7a760978bd4921e1ac849877d84b5bcdb

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\ym1uj3dq\ym1uj3dq.cmdline
          Filesize

          369B

          MD5

          5c9cd08cfdd60166fe29350db5ab31aa

          SHA1

          9c6b76ff2a6b97c1b22060e9c80b8aebb3c112b7

          SHA256

          5933a585b4937def9f51a196661260686c025b52027aeed0b70f624c291193b8

          SHA512

          09fb9286dc4018cbbca0244f71c6478d04abdbf7142ef209756ab28260d7236035d78f13f27cfaa69f20d3146f41b5a7f111b0c1ca083f597881670fc5f86638

          Download Submit

        • memory/2820-96-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-87-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-27-0x0000026C64B70000-0x0000026C64B78000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2820-43-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-44-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-48-0x0000026C64590000-0x0000026C647AC000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2820-50-0x00007FFD42733000-0x00007FFD42735000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2820-51-0x00007FFD42730000-0x00007FFD431F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2820-53-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-52-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-57-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-82-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-84-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-108-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-107-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-106-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-105-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-104-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-17-0x00007FFD42730000-0x00007FFD431F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2820-103-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-102-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-101-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-100-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-99-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-98-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-97-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-13-0x00007FFD42730000-0x00007FFD431F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2820-95-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-94-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-93-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-92-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-91-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-90-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-89-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-88-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-41-0x0000026C64B90000-0x0000026C64B98000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2820-86-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-83-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-81-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-80-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-79-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-78-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-77-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-76-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-75-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-74-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-73-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-71-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-69-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-70-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-68-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-67-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-66-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-65-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-63-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-62-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-61-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-60-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-58-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-56-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-72-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-64-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-59-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-55-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-54-0x0000026C64BD0000-0x0000026C64BF2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-12-0x00007FFD42730000-0x00007FFD431F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2820-11-0x00007FFD42730000-0x00007FFD431F1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2820-10-0x0000026C648E0000-0x0000026C64902000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2820-0-0x00007FFD42733000-0x00007FFD42735000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2820-25419-0x00007FFD42730000-0x00007FFD431F1000-memory.dmp

          Filesize

          10.8MB

          Download