Overview

overview

10

Static

static

1

73660e46ac...18.ps1

windows7-x64

10

73660e46ac...18.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73660e46ac9fff2eaf11cc854b587fbf_JaffaCakes118.ps1

  • Size

    2.0MB

  • MD5

    73660e46ac9fff2eaf11cc854b587fbf

  • SHA1

    b4f77a59b94b2f53795803cb5f43b8c455d9fbfc

  • SHA256

    7132baedf3b72b93ae2d9917170fb7ec4d4f0fe6be235149c256b257347f685f

  • SHA512

    67715ca727e7e4a165e19890deff5eada442c1fb621bf97fce8175803e00575194cec9df2038eef9510738311ef23d6d2cdd465aa45e4c4b61ef25d86e7ae507

  • SSDEEP

    6144:VbeUcV3jSCijLDyDYCCqDYgPjnCUf4oHeljCr63VO6hRcIIKJrlSGAacKEK0usez:j

Score
10/10
netwalkerexecutionransomware

Malware Config

Extracted

Path

C:\Program Files\BC0178-Readme.txt

Family

netwalker

Ransom Note
Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .bc0178 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_bc0178: oDjcPVJTvdu2jUN6TcgGoBQwiQdOsqnJQNgrO1Ua2MsHOWHkQT pWMifDtC4VE6WMrlvgWXDaLDO2cY7GDQF6S6XgUQWH4TRB65Yy i96Yld4/bk2NReZXkSrc0YpQ7n+NDRlB5d9In2NgMRADTiPVfb MyuLN0UaIPMcUXmB4+b13aehsLIosYxMTM3Bh77D+gm1DUBnSm W/PnZxQActKzMuyB2kAGHqFF5eSg2mdp09X+b8WLD2n9awnWxp NJh8vS2w/L8NPHQDNxpCZsXQdBuqyjo2hFFz8zTg==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Signatures

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker
  • Renames multiple (6816) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\73660e46ac9fff2eaf11cc854b587fbf_JaffaCakes118.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\njityx51\njityx51.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:876
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES51D9.tmp" "c:\Users\Admin\AppData\Local\Temp\njityx51\CSC7D3B704C65E545FCBA22B1B733A044C3.TMP"
        3⤵
          PID:4576
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ypos4vvh\ypos4vvh.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4780
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5227.tmp" "c:\Users\Admin\AppData\Local\Temp\ypos4vvh\CSC7F13EC4AB80A430BA7BB13088A4D8F3.TMP"
          3⤵
            PID:4932
        • C:\Windows\syswow64\windowspowershell\v1.0\powershell.exe
          "C:\Windows\syswow64\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile -file C:\Users\Admin\AppData\Local\Temp\73660e46ac9fff2eaf11cc854b587fbf_JaffaCakes118.ps1
          2⤵
          • Drops file in Program Files directory
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4540
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\o1gl4f43\o1gl4f43.cmdline"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:860
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
              C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6263.tmp" "c:\Users\Admin\AppData\Local\Temp\o1gl4f43\CSC3935AB58E3B5493DBCD11A534CCC2946.TMP"
              4⤵
                PID:4484
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zancsz3h\zancsz3h.cmdline"
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:1592
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES637D.tmp" "c:\Users\Admin\AppData\Local\Temp\zancsz3h\CSCF228B7C6B01141B6B06C64745A79771D.TMP"
                4⤵
                  PID:4556
              • C:\Windows\SysWOW64\notepad.exe
                C:\Windows\system32\notepad.exe "C:\Users\Admin\Desktop\BC0178-Readme.txt"
                3⤵
                  PID:13556

            Network

            MITRE ATT&CK Matrix ATT&CK v13

            Initial Access

            Execution

            Command and Scripting Interpreter

            1
            T1059

            PowerShell

            1
            T1059.001

            Persistence

            Privilege Escalation

            Defense Evasion

            Credential Access

            Discovery

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Resource Development

            Reconnaissance

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\BC0178-Readme.txt
              Filesize

              1KB

              MD5

              acc664891bd0d8c81885fa4fb3a6107e

              SHA1

              3af6ce4db29c54f7a2595cb39ce4fcfc57a32d47

              SHA256

              05be1daa338e90e6e1fbd674a4286ffecefd33652bc9b59d4964d72bc29e0c64

              SHA512

              371a5376bd8efb701617a67039497c5186aee40acbcd72222b5e933d25ebb5e3c371e98a54adf85f044ac9182aa6a3724d397c69a03eb1f26f812e992233de41

              Download Submit
            • C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
              Filesize

              3.3MB

              MD5

              c81767a1dd0ee351270f245d1b752d85

              SHA1

              b67eaf56dde08404508f58946a1ce5e3129406d5

              SHA256

              c4760bd4f686c62ee761e023fa546c7c46d8fc9dfb85cdf72d3223b44341c392

              SHA512

              5d17fb0654f8f6b6a41fff610077d036028db963f3a6575a983f09beea5151c348410f396eb9d108c76ee5382822b7d1546d650725f6eeabac13e8c156023006

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
              Filesize

              1KB

              MD5

              43f4bec966ab901ac034fc136a642fa5

              SHA1

              8e7227cefec8b05c9a79b2751d1261187b9c0422

              SHA256

              09ea65cf68920d08638db30c86eb3c90254b9b2d9f73246bc0176c86ce687ae4

              SHA512

              a65a2fe6acf4cb0dae8361af3e42e35c6bfaa93859e744a7779630d785a56bb030161c92a74b88a223769fdb912911146a762cf6a8afe33642e2695ea08ceec0

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\RES51D9.tmp
              Filesize

              1KB

              MD5

              7cde7d63100928d64f5cb21e35a27a10

              SHA1

              cf156900034dfe0aba7c8012f71b5f6dc00bb252

              SHA256

              8b9789322af7685b7a6887dc27288db0d047885236a7b70d4391fc9e5402d478

              SHA512

              553c8ae4ead4e539c66d94563225859e95c56951a11e6fbe0d30f880a7447ad79b67090fdad8f33648f90eafce2ada723732b84169b41a0b75eb8d6086f3971b

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\RES5227.tmp
              Filesize

              1KB

              MD5

              4eac9e2b7f9c35fd223b98c3ed607d53

              SHA1

              807015e51720cac2055ac868aae399eedc431153

              SHA256

              0f0ace2290385940cee7db3bc0fbb8da3bbdf30d2e0649bebb860abe8409d4f9

              SHA512

              7cda10739b82aa7de6759ec4f87f5d6df657ad1049109f448d169144ff11f9cd048f755fba61f93e3810483d35e4df1f32bc5b5ddb99f2b0034816a1f5ceed59

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\RES6263.tmp
              Filesize

              1KB

              MD5

              30f020febf1f637e6f6d58b74a9e8215

              SHA1

              82714ddd38e1a58db717937a2d3dc1aa4f70a22b

              SHA256

              faef0370293a3b4a77e313c25bb29ddf76f587aa49ed4cfe8c91bd1edd2c6b44

              SHA512

              2d98deec038477f49bf2c6023bba0bd66ba457223438d0d5ce357c0dce464179852ac1d458e3ff0232d86504b851fdb3a0693c7da70eda313abce4469304da12

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\RES637D.tmp
              Filesize

              1KB

              MD5

              8008b96ac3862aba9c3b0eed6502f5e7

              SHA1

              760c01e843d81ea0aa18544bc911f58f0762a640

              SHA256

              2c069d7b0ce8190945d4e30f91ea9760a6d869f294de357ac04ff81d32b70e74

              SHA512

              10fc645cd34aea04f2998eb1726bc485b5fc9806efb375e7303c78c14dff809c0a9fdaca80cb6b06f25e75206e4106146169d01a42d23bda4e896ffa71ef0fc5

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ui4xyvyh.eti.ps1
              Filesize

              60B

              MD5

              d17fe0a3f47be24a6453e9ef58c94641

              SHA1

              6ab83620379fc69f80c0242105ddffd7d98d5d9d

              SHA256

              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

              SHA512

              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\njityx51\njityx51.dll
              Filesize

              7KB

              MD5

              b74a0ff1518bdd20aac9da6effa556f5

              SHA1

              d11311167829e1897b4de158aa3d5c226fe1d586

              SHA256

              ab428c91bfe760155f57f76327a46ea0fb872287e6e98935c83db8a30b5f15cd

              SHA512

              35d416baac7037f6f29d3727a12a796e24e3f6cd99dde55d733c28e973f028257a846e9158f5f78059a3b3e6cbe73fc066623f8aa34359e49e2832fb8f6d02fa

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\o1gl4f43\o1gl4f43.dll
              Filesize

              7KB

              MD5

              ca25d12fcb49315cbf6b12e3a6f9cb55

              SHA1

              72219a92737912b559572003a12f13793d2f3428

              SHA256

              352ad4ca252cb26e36d16dcea970f98d254a201bf730bab485cdffe18188ab71

              SHA512

              c51645cb3aba20a3ca189ab05e4519dee58f62808483b85643780c53b4837f329d9590ff9d84f09f3ad0a2264b4b473b25a882ff9f98c5dcae49c6bf6ba60418

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\ypos4vvh\ypos4vvh.dll
              Filesize

              3KB

              MD5

              b2539368671f61f8aacff9f4444403dd

              SHA1

              bae4ae478aea0e0152375427dafce60ea9ccb9ab

              SHA256

              0905ffe04e89f3bc25d87d7c0b940cd5949ee4b3156bb62625dce2936daa78c3

              SHA512

              cc9c049d6988b51bd3ddb20fce01ce750c8a4130cf9a30dab046663dcb066b43a39c9b14f91c3bbf5efb2a879a83dc5e0f77729cb4cc80e3320558c8ceee5f29

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\zancsz3h\zancsz3h.dll
              Filesize

              3KB

              MD5

              54ab37d8691bfbdd53d194fab4a56c3c

              SHA1

              2471355c22ba8070a29289f139c1300c87e60e4d

              SHA256

              00943f16a094f8f51b4f4dd7ac520c70530ec739a7c4aa04792ffae009b185ac

              SHA512

              e23c36c9b66e7206e29763de64d6cb62fade6224be83f02227ea03682144cac42d3249822d27a0e438ee8a8d6a0d845f007d68b0120632a41e126e3bd7aeaa93

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\njityx51\CSC7D3B704C65E545FCBA22B1B733A044C3.TMP
              Filesize

              652B

              MD5

              c76ed83db27deb39d46e13ec9e478b59

              SHA1

              ac448bbb1726180d76999ed9b170b51fef0f809b

              SHA256

              4dd0b20c786128a355640c0c698401d2f7985e5173d45d8238070509098633a5

              SHA512

              838f3accfb7636de23a8b2181f6dbd3622e1abc9dc95cbc2ed97310b9da26fc30af4032e684869ba1a75a8cacdb813270f0b709168e0104f6a816c93458f4240

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\njityx51\njityx51.0.cs
              Filesize

              8KB

              MD5

              1125b72cab5de2a6e102a92a092019db

              SHA1

              32376932a85ec9a4c9f90d3e5e8d212421334df6

              SHA256

              476ff345c016c05949f93ce31256126e492d353e268b1ec964a641814038b80f

              SHA512

              fd127d7df72be3e560e420ad2646720db37d6b21b88fcbba6639498105ee1be5f1b9446914ed17d4bf03290b34d617f4cf7fd70b8dbde5ac73b9050403c29cae

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\njityx51\njityx51.cmdline
              Filesize

              369B

              MD5

              4d899d76ae1fbdeb9f6152f0fe30e83a

              SHA1

              20f8810a1bdb6499a1c064bcedf8ae656277b05e

              SHA256

              4e20507d052a7354657d0debd420ddc405a706d5997e8a49448957f0d38ab37d

              SHA512

              1ff2cac3e14e4f6d0a248440341c3579971823aca23d26e2ae820ec879f2b82314b9d971c670cac4778364e0595e4d4ac8bc91df1778c79be84bec493a4ffbf7

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\o1gl4f43\CSC3935AB58E3B5493DBCD11A534CCC2946.TMP
              Filesize

              652B

              MD5

              29c07164dc9d7c9c4222c0b156180c22

              SHA1

              bf6d02e5df09a47a83028a332ce05f05d3294cb8

              SHA256

              b6c506970da57b513f3c318e3a1646667918efa8fe1462ced6c72479f70d3107

              SHA512

              88b67115bb9a3c02407202028adf5ae8266e450591e5665dc0563e9549513666d1adf7bf4c8a3b44473e2a03394580ed16a30fa202883501fdb9a44d5bf95f58

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\o1gl4f43\o1gl4f43.cmdline
              Filesize

              369B

              MD5

              5f2a8648f8e5c21cfee3ebb21f70d153

              SHA1

              dcbc09a0dc48c7c3b37f182b25d92af576e9b334

              SHA256

              fd601f0cff214fc0c89fc8d6717a50dd927f4a8ca67d2dcaafd05090cb489977

              SHA512

              30ac130882e516e8386661fb398a354ccee2c5279feb20430b199cda38f4cd079960ba4b91c7f0221c73e952d7f6dcbee58b4ba1ae7f3143cd940f83f3739d15

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\ypos4vvh\CSC7F13EC4AB80A430BA7BB13088A4D8F3.TMP
              Filesize

              652B

              MD5

              5a6bf9516aa589f750dcefe1e1a3ed18

              SHA1

              390a558d9c5c07edcddb1076ca1044e5746fd2c3

              SHA256

              1cdc63fb276b61f4d5d9cc1b47291f805d7485d923c3d4c703dcbb7fe6b509e5

              SHA512

              6e91861487d98e225b90fb4739797d978e9122e8404af8fbaac390865a1732a125ce14aa589a856f76f6b0aea9202ced7ed0a8ad0465d4897307d33fdbe88252

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\ypos4vvh\ypos4vvh.0.cs
              Filesize

              809B

              MD5

              b293513080d87dd37a6c7b80c14b83b6

              SHA1

              043e29a0f6c7ceeb34ff8680efd380bad05f1dd0

              SHA256

              4c99940943de5fdd8d512c1a1fd277bdf7e9a831887f267dcbec45e7e98dc497

              SHA512

              83d097c259977fd7e0cd999e10b87d54bb14695ac8e471f8e5957f10c93618df598787e4bf1f178d3a33a3db6fb77272213a77be3d1039794d044e992c9525a8

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\ypos4vvh\ypos4vvh.cmdline
              Filesize

              369B

              MD5

              f6a8e30b441f8f2bed47ea17e7106d43

              SHA1

              01196b58cdb2098ce3c8ef0ca3ba350b544c39ca

              SHA256

              33f4d829564844076b400055270c8bd477dc650cd89717fabdbc5b61321eea17

              SHA512

              cef52d51a68cf9e80386d0d9a969f06bb75f78a3067293988f69bdf13bcd694ec33aae7c30d86b918053c2cae41bc1382f8111e5bcb317dff5e68947fef340f8

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\zancsz3h\CSCF228B7C6B01141B6B06C64745A79771D.TMP
              Filesize

              652B

              MD5

              06af69cd18e8184a2f05a24bf7fbac41

              SHA1

              994ed315ef80522a54e2d1d3f33ac78c11d5dacd

              SHA256

              0d1fadcb1cc51fb631811659a157f55a16af3195b87b0c6c7a55b798a069eb84

              SHA512

              d60e3e47a6ccf79c84b94227f7026255b0dcdbdbec211cec222f83787eee32b1d5825446ce70d59986934be2d4db0b62acf9ee0842a10a9cae4cc5efb8aa0bcf

              Download Submit
            • \??\c:\Users\Admin\AppData\Local\Temp\zancsz3h\zancsz3h.cmdline
              Filesize

              369B

              MD5

              468335eac0942e8f26a54231ec319edc

              SHA1

              7fd3e37824e7a9d80a0c3820dd555a460cf87be8

              SHA256

              ed6007c7c6bd2c6965ba1cbc7278be91a6d13221cbf511482b78174c004af3ad

              SHA512

              479b28535d19a72bf59a146ed52e5cd5fb03faf0485935d9b6d64fc9850763660feddb877740f0fc31160cf800e82321817282901c716cc7a619fbaa19e58cb9

              Download Submit
            • memory/2156-26073-0x00007FF841563000-0x00007FF841565000-memory.dmp
              Filesize

              8KB

              Download
            • memory/2156-23193-0x00007FF841560000-0x00007FF842021000-memory.dmp
              Filesize

              10.8MB

              Download
            • memory/2156-0-0x00007FF841563000-0x00007FF841565000-memory.dmp
              Filesize

              8KB

              Download
            • memory/2156-26122-0x00007FF841560000-0x00007FF842021000-memory.dmp
              Filesize

              10.8MB

              Download
            • memory/2156-12-0x00007FF841560000-0x00007FF842021000-memory.dmp
              Filesize

              10.8MB

              Download
            • memory/2156-26137-0x00007FF841560000-0x00007FF842021000-memory.dmp
              Filesize

              10.8MB

              Download
            • memory/2156-41-0x00007FF841560000-0x00007FF842021000-memory.dmp
              Filesize

              10.8MB

              Download
            • memory/2156-39-0x0000021E19C60000-0x0000021E19C68000-memory.dmp
              Filesize

              32KB

              Download
            • memory/2156-2-0x0000021E7F990000-0x0000021E7F9B2000-memory.dmp
              Filesize

              136KB

              Download
            • memory/2156-1-0x00007FF841560000-0x00007FF842021000-memory.dmp
              Filesize

              10.8MB

              Download
            • memory/2156-25-0x0000021E01730000-0x0000021E01738000-memory.dmp
              Filesize

              32KB

              Download
            • memory/4540-142-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-126-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-87-0x0000000007E10000-0x0000000007E18000-memory.dmp
              Filesize

              32KB

              Download
            • memory/4540-60-0x0000000006330000-0x000000000634A000-memory.dmp
              Filesize

              104KB

              Download
            • memory/4540-59-0x0000000008570000-0x0000000008BEA000-memory.dmp
              Filesize

              6.5MB

              Download
            • memory/4540-90-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-89-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-92-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-105-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-118-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-151-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-152-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-150-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-149-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-58-0x0000000005E50000-0x0000000005E9C000-memory.dmp
              Filesize

              304KB

              Download
            • memory/4540-148-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-147-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-146-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-145-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-144-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-143-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-57-0x0000000005E00000-0x0000000005E1E000-memory.dmp
              Filesize

              120KB

              Download
            • memory/4540-141-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-140-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-139-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-138-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-137-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-136-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-135-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-134-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-133-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-132-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-131-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-130-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-129-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-128-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-127-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-73-0x0000000007DF0000-0x0000000007DF8000-memory.dmp
              Filesize

              32KB

              Download
            • memory/4540-125-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-124-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-123-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-122-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-121-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-120-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-119-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-117-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-116-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-115-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-114-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-113-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-112-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-111-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-110-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-109-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-108-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-107-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-104-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-103-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-102-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-101-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-100-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-99-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-98-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-97-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-96-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-95-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-94-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-93-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-106-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-91-0x0000000010000000-0x0000000010012000-memory.dmp
              Filesize

              72KB

              Download
            • memory/4540-56-0x0000000005860000-0x0000000005BB4000-memory.dmp
              Filesize

              3.3MB

              Download
            • memory/4540-45-0x0000000005550000-0x00000000055B6000-memory.dmp
              Filesize

              408KB

              Download
            • memory/4540-46-0x00000000056F0000-0x0000000005756000-memory.dmp
              Filesize

              408KB

              Download
            • memory/4540-44-0x0000000004E60000-0x0000000004E82000-memory.dmp
              Filesize

              136KB

              Download
            • memory/4540-43-0x0000000004EB0000-0x00000000054D8000-memory.dmp
              Filesize

              6.2MB

              Download
            • memory/4540-42-0x0000000004830000-0x0000000004866000-memory.dmp
              Filesize

              216KB

              Download