Overview

overview

10

Static

static

3

91f480971a...18.exe

windows7-x64

10

91f480971a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91f480971a54e41cf899c9bd0d7bb009_JaffaCakes118.exe

  • Size

    276KB

  • MD5

    91f480971a54e41cf899c9bd0d7bb009

  • SHA1

    150d74e9ba69d69dac4064c8966b3f192131d872

  • SHA256

    a4754955412700a50ec0778aee21e500c6a0b64a5e82c472f87af87cfc7c9de6

  • SHA512

    14f50fb4445f2c5409e434f8ab3166e610485c2d2d87bfb65782b5d81860176529d6aa914ed89f30c5d70ad88e0085d78a0c9aa719507e0960349eda0b115a5f

  • SSDEEP

    6144:ML+ROMHXZ99JX2WngMNSYZh1r0CLf2dWsLf2EUOH9:MQ7J9PgMN7LsqEUO

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+fyndr.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/34556B9214AD24BB 2 - http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/34556B9214AD24BB 3 - http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/34556B9214AD24BB If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/34556B9214AD24BB 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/34556B9214AD24BB http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/34556B9214AD24BB http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/34556B9214AD24BB Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/34556B9214AD24BB
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/34556B9214AD24BB

http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/34556B9214AD24BB

http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/34556B9214AD24BB

http://xlowfznrg4wf7dli.ONION/34556B9214AD24BB

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (408) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\91f480971a54e41cf899c9bd0d7bb009_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\91f480971a54e41cf899c9bd0d7bb009_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\91f480971a54e41cf899c9bd0d7bb009_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\91f480971a54e41cf899c9bd0d7bb009_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Windows\egnctpuqixca.exe
        C:\Windows\egnctpuqixca.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Windows\egnctpuqixca.exe
          C:\Windows\egnctpuqixca.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1584
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:348
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:1400
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2816
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1672
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2324
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\EGNCTP~1.EXE
            5⤵
              PID:1552
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\91F480~1.EXE
          3⤵
          • Deletes itself
          PID:2496
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2848
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:1912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+fyndr.html
      Filesize

      11KB

      MD5

      90062bf1d762a09304b4e96ceed55681

      SHA1

      d61037945579d305b8472cf5858d418a4cef176e

      SHA256

      61994d65da56b73f7b5ee88017a53ac965de8936c5d701055c23f5ee6e5fceb0

      SHA512

      0eac54fa10db7a2fe54a97826870e484fadf892b4afb4fa394a1a7689e2f4867917fc157bd42ae7f95bfe94b22b421063558915de0a15e7ce8d22cd3bf6e2e3a

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+fyndr.png
      Filesize

      65KB

      MD5

      89275b78d84ea99fa42bee74d00f4711

      SHA1

      040e929e991203ea8461acec3601979fd2c6dfcb

      SHA256

      7b65b59ae65f5c0b08c5424ca4aace0950c76aa00f24a19ee6bfb6b9de7e7d1a

      SHA512

      3322854498e156b870a1bd47f4ed6af47f58602790b99990b723a6231b7e61cc28652b1a316c47ab48c09645d00c2b55dda7a583908a5ed4003bb77051192492

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+fyndr.txt
      Filesize

      1KB

      MD5

      7f63189653eaf87002c03242329d9050

      SHA1

      4e04edbbdc390868c552e9352ceb5b204e4f0f07

      SHA256

      69fc32baa82ef782ca6aa7a7d1d4d58de6b980c948d6391bb40ceb064cf0f92c

      SHA512

      aae949fcddf5e268c3da562059f786c6fc2e1e99d38979c3f2573a7e2d6b42033fc2861a2505c409a3d229a01fc48bc1f9f45142f14b9018a4618b3c8b3283ad

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      6674bd046dae9333a9b089e219546ab9

      SHA1

      cbf28add09b98a0f753db2a07366d2bd41ad0875

      SHA256

      4399257eed8d80213ab31f7206bfd7bf17708cb5d9789972f0beb5087c8a8722

      SHA512

      03bf5131912b0b0dfc61a8a7fe997bf06d46db9a6b1af204da448140b058f4fc9d8135c253f11a503a5c608b7ba0cb41eabc9879c69209ce62d43d5a9ac3f1c7

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      5df67703ef1cd0630cc23db2227f1685

      SHA1

      d07123f58e7b9e5008e65805c52ca5d6d0ba3178

      SHA256

      632b76277e9d0f88dfe331ab882b5f3445aed939392ebae82575fd497e400d80

      SHA512

      1b2c9c7dfd251dbca588b9740946985ed7d3e94068b51c84366c2b638dc36a19abcad203d097df75c79079a9057f600cfc313d2c1b2c9c3cb89cc9818dc617e2

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
      Filesize

      173KB

      MD5

      f310c7c7380c2db07c553c8d59d49b46

      SHA1

      2ac64109644b5437691dc8094f723701cd316767

      SHA256

      38cd977dc173793ce4ad6011158dc2b50d37592ff5f3dc0bd72a2816d2cce008

      SHA512

      4aba9e933997ef47db184aa229fa7b7049ee37ef19d64140907eeff7caa70d5726f7c9971107c6132593ee7474ba84c7fe12cd5bbe50cfca2688a832fa5bebde

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      32cada3564b5c3bcb00b1e38cae7d8d4

      SHA1

      b1172e46321600919f13fcb7c4b128d88ffcd725

      SHA256

      90ad35e2e87f626da363bec4eb6f9b42c807f4def8096736747ce80873a7204f

      SHA512

      2c1632a63349e774c8662cf06aff39a0181e5467bae4085a7a5d4c26e82a8c5f2fe38045c95abfbc248705c4000b3eb9257b62a6f2d6176cb88e9ed4c736f125

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1d58c990d09fe13598fd137a46c6f45

      SHA1

      a559965a1083bf9e809a131635c855f87c8b83f7

      SHA256

      48040f8a9946b078d6d59b32271e2cf2d4a731be11ac44f94943c72924eb7cdc

      SHA512

      0df72ebcb62be63e16bb8f928f7d2508439346e711db0dc0043fa24e468e969dd52bfa81e5fadb3dbd806b3666707216270c89f1a80a8bcb6012b8e9a04b500a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      54f07f914147eb8b4b4c99ac0bd92c21

      SHA1

      7fd28fc08c11b504ebb04d7179ec8f3ae6bdde0c

      SHA256

      d71a66a2341316fc45b907ca4b88c1e5a17553310bd193e237930cdd999996d1

      SHA512

      059cd7b71574fcf7b55ebb9920c37d3907cb78f3896b9d11fc1b32cef3ac1d43b362df572c956629e744603d84cf361173718098cf56a3ecbd2ac1e907628a80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d51411107b4e6ae55bfa83cafd09d7f

      SHA1

      4ee2a0ef08983d798f38589c2e101335b95b8ecc

      SHA256

      9892b8a91c28e5356d669ff811e11631112c1b9ec1881e16eebc6793cce6b776

      SHA512

      35369182cfb5f02e184dcb5825c168d1a6127ca86c3305c6408ef4269f66510cd5e5f62f4bce6f6a5eb67469108d0ee3aaa582ee4926b926c690e7115a2e458e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f150225881352eddbd90d18b83a658dd

      SHA1

      8eb90bcb0c3c3c4b6fb30287946d03553de5bac0

      SHA256

      f5934bfc45a3e8966791226404f8f371c38fd20165873cd66543d552af364385

      SHA512

      a19b66c4e2a056b5b3c2035cdd218a6fa1927647dbbd51ab90ecd026d18455caa8629239473f25311271cd542bf7e5d1aa61919c87c74e3bd28e7159aab83e84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      263e09966c7b5dfa579fe4fe844b89c0

      SHA1

      6fde3ccc2174c0653a7d25e0e454ce8f4e69ffe6

      SHA256

      c5315d36cc1c327eaea6bce298ee4438579ff02dd1fdbb14566352657c597a78

      SHA512

      f07672ab064248fabd5324b1b9718927ef2caa59427169aa1e7ee22aee145ed8ea8b5c12937ed965418622cc9efe8e546eb747033a07ccf818d7b453af87fce3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0b66862ad6e30061b8c144a151363f86

      SHA1

      dbecc0997f00a86ffe292956ca35b663c4b72ef2

      SHA256

      fb2fcdeece5f0cd33cb2db65b94cd053802e4a1ba2dce30491aad2a850f7932a

      SHA512

      cdf678f54cfd8f8ca9f66c5b9d61dc6e9381dfe71dfd63a26ee6a0b439d0046a1a1445612eb684bc9f93a66cb3bd0b2e2fddfcd266d1ba271605e8d99c08cc8c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73e7fadb6ce3bc3fbe8f04a31a3cad94

      SHA1

      b36e4d3e371fdfad47017e1fccea27585e907dff

      SHA256

      06a4a1d8badf80f9ffce0fc1ff225a6ab8c041d2cec11a8781b58fde2e1386b4

      SHA512

      0e1d9e1be8efd99332b1cdd9a80ab38d17717844cf12dd6fef096119ee25bb21f6fe9fe986d96510e3063c6c9b050e4be86d2a9f97855551025f5d34a28b0a09

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d74c6a51e3689e5ed06ce064c740c90d

      SHA1

      5ee5123a376dc1100633c2b28e2ba1c3ac286c1f

      SHA256

      a2ca4d61ae8370028179b08491937fa7cdee497bf7c81c9743c40dd033916ebe

      SHA512

      e49d1539f50fd4f33553ac08095129f4be343dd6444c44e7d42c2920dee7042750a864a644a13582765d7846227199d4bde374c06dfac5acd1c0ef0244b76fb6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7BC7.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7C56.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7C6B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\egnctpuqixca.exe
      Filesize

      276KB

      MD5

      91f480971a54e41cf899c9bd0d7bb009

      SHA1

      150d74e9ba69d69dac4064c8966b3f192131d872

      SHA256

      a4754955412700a50ec0778aee21e500c6a0b64a5e82c472f87af87cfc7c9de6

      SHA512

      14f50fb4445f2c5409e434f8ab3166e610485c2d2d87bfb65782b5d81860176529d6aa914ed89f30c5d70ad88e0085d78a0c9aa719507e0960349eda0b115a5f

      Download Submit

    • memory/1584-6053-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-2245-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-55-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-52-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-50-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-763-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-51-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6056-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-56-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6050-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-5186-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6039-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6045-0x00000000030C0000-0x00000000030C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1584-6049-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1732-17-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1732-0-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1732-1-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1912-6046-0x0000000000120000-0x0000000000122000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1936-31-0x0000000000400000-0x00000000004CB000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2668-30-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-6-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-4-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-8-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-12-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-16-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-19-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-10-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2668-20-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download