Overview

overview

10

Static

static

3

VirusShare...f9.exe

windows7-x64

10

VirusShare...f9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_0633631727771a19c3593b678268e8f9.exe

  • Size

    276KB

  • MD5

    0633631727771a19c3593b678268e8f9

  • SHA1

    2c8af799af11e03abc5face54f3943c2b3071203

  • SHA256

    dd754c7e866babc27f01d9e9b3bbac680dcc3e83b8a748d39e026b871052b527

  • SHA512

    f705f51b7f49f51a13c4509909b80e7eaeecf2914867b41f42dd13f655ad1e815355366cb05b9a6093c1887dae569f204b9ca7ad5761a3f1952b3cbc9b31645b

  • SSDEEP

    6144:wL+ROMHXZ99JX2WngMNSYZh1r0CLf2dWsLf2EUOH9:wQ7J9PgMN7LsqEUO

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+sacou.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/CAA3D01874756BD4 2 - http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/CAA3D01874756BD4 3 - http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/CAA3D01874756BD4 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/CAA3D01874756BD4 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/CAA3D01874756BD4 http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/CAA3D01874756BD4 http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/CAA3D01874756BD4 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/CAA3D01874756BD4
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/CAA3D01874756BD4

http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/CAA3D01874756BD4

http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/CAA3D01874756BD4

http://xlowfznrg4wf7dli.ONION/CAA3D01874756BD4

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (436) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_0633631727771a19c3593b678268e8f9.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_0633631727771a19c3593b678268e8f9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Users\Admin\AppData\Local\Temp\VirusShare_0633631727771a19c3593b678268e8f9.exe
      "C:\Users\Admin\AppData\Local\Temp\VirusShare_0633631727771a19c3593b678268e8f9.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1320
      • C:\Windows\exhkqpjxdgng.exe
        C:\Windows\exhkqpjxdgng.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2512
        • C:\Windows\exhkqpjxdgng.exe
          C:\Windows\exhkqpjxdgng.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2820
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:280
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:1796
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2300
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2448
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2224
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\EXHKQP~1.EXE
            5⤵
              PID:2304
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE
          3⤵
          • Deletes itself
          PID:2868
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1904
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:2152

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+sacou.html
      Filesize

      11KB

      MD5

      0c7c78ea2bd9028a18614e6372db86f5

      SHA1

      14462531477c99e1026d236a7862c26d071bfbda

      SHA256

      154d53b57d3549820dbafabaab1f9647a6bc4e1b3a33b7d3e2fb314cbe33c926

      SHA512

      fc1ce8db2eb2eba18010b1a06d1728be159575ded704ea3f4c66dd24d1257ed95065a0a88f0110f3445e583e2c57d5942799f4d7873c7e2f75c397c87281a6a0

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+sacou.png
      Filesize

      65KB

      MD5

      270f538beceff606d50f7b1c705fa56d

      SHA1

      018e7410ebc50ec631f8a85f7ea78a8268f64587

      SHA256

      0269301b7076291958dbe5e46cb419c108725fc0870b03b8ba7b2fcdfd240793

      SHA512

      b8238644c8548d383d17f42b4faa58f023a6f1c92cd32611d6e3464ce1354269c0c20e3af4d26cf1b9baefc05a0d5282a3cb4c2c25f184768fbcdbe8ef5187f6

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+sacou.txt
      Filesize

      1KB

      MD5

      b4ebc6f86ed2aad763455bb57f8b5b0a

      SHA1

      df316306f07a6a673d2161aaf03b979b435defbf

      SHA256

      089b96c2ea83c7531b87840507eb808652a6ba13d62d8ad7cfc4151d821ed00d

      SHA512

      415ee0f7c32ed4ad2301f74facd7315df2ffa060b7ff133541b8ab3f9ad2c8e985778c314de8f732892f0fd3ab55d59a2f79b4f0ac2d3a5509a800d654f3ce4a

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      8a9d54219e0d7bb18c610b6f44c0bbb5

      SHA1

      eeb74fabe56a82ad703c2846266c7d30b7477d29

      SHA256

      95a31ac43190309f0ed5335eab1444228f6e2d36468bd43ecec153cde9a33ef9

      SHA512

      2886cdc86c17b2b005ee547b0e931056fa4486b285e27801e50887058a60474bce627ef123c948f2b89e90c5fc56b48052a4ac9c1522be8592b2ddfce15a8947

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      cdcac6afb321341f4652ebc061e4b30c

      SHA1

      be0fe861aa8b6e7b97d5097d8109303ba2c13f03

      SHA256

      85df0ddf4f685201ff78e6f35423235580ae59690b6dc2fde99ed0bf24fc6879

      SHA512

      723f55815edaf27e07d89e685850763598f70c52dfb65a7aedfbb48c4572c4bed95deff00de22c6966feabaf2f0e6be141d65d76244692b9bbf7056a8a2da4c3

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
      Filesize

      173KB

      MD5

      9bc019a7eacda21e34f14316390eb8b0

      SHA1

      030dd7c1c2d06e377557d9be0a8ec7376a4ca683

      SHA256

      1c70a81fc0495792f67bd0767fb461edb6e2de08fa8e96527b89d824b649998c

      SHA512

      7f98e8c4f996285e40549d9e31580209599ac9807ea44cfcf9699bc4a6408154bc9d1f1e05228a720850ce604ffd407cfb37b475f495458cb33f3059e52cc4be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e87420ff9e6b9c9f7dce89ae0d208f0c

      SHA1

      17fab44c4c77101686b85aef27098389d517c9e4

      SHA256

      feda70eae758e98d4d257f0ca292c2cf7d1db84ae23d813a51bdbc1b586c0bd0

      SHA512

      b85603ae8b002cccf6b05a6e3afc1f65bde00161899bc6c2f2ff3cef1632d52486466b37901534cbf094718b210bd2b9df8be3192ae93a2c717a4a5f0440ce53

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      505c20a1f36b3408cc19f1150f220965

      SHA1

      2a4d69817d89c8411d0453f0becac390685c657b

      SHA256

      79c6ecc41ea3872b78ba412353ca8dcb579466447d5531ad366ca1ffb4d3659d

      SHA512

      9c1482630e5907cbb452862ebd78dd1a3e242c134ca0b642d4041b06bcaa857441c481fa25ac52c577a45a414f70fb4264d18b7f49445213e9d1b2781717ec0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bedd1870240cfbdd965553278d65e636

      SHA1

      b360aaa76d30f5f84e7de47600f7357acb4bc44e

      SHA256

      b5ae095931204bcb3767e5bf5d585bbbd98a083ec3a4f35ff2e66ddea9f2fdb8

      SHA512

      f742c88a1767a23fae871f27ac7daf74401ff4b6ac522198ef64a63f6900d6d9df22f567aa3dc8b4154ca6b1a84ebcd7f26c0c677a4414910517a9d78d1be3c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b9fcde2eeb5716abb671b95a0ecf0af

      SHA1

      2f5a12e1ed7d1ccc64d2c1806b7fd23db3013a23

      SHA256

      a29b68a236e2fef196269d074fb299bb1b1a120baf81c59341fcbbaddc1edf22

      SHA512

      e6fceee1d5fa5c8d5662c8b0fa996c35968484938953fcd9abbb1524820eff9831a5cef8c0e7e64cb609faee62f672504872a38daa6aec58c3ede4572a2d0d70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8ffcc420c8da9ebd7c1ff17c54412f9e

      SHA1

      a3107afe171314e4d3821b5eb105757a170818be

      SHA256

      e91288dce1a089d36085d1a6a6b2684ebeeb79b01a47b473b24fc65beace64f0

      SHA512

      b54bd5c8be28c22f1fbde49167735ca7769b1b4bcd98c332e859b27393de0acce0ca1ab932d6b1f9bca60a6debaf42a8a59dea7c4f771456900c027de2bc429b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c30a20b6ebbd917628bd1d5eab0afee3

      SHA1

      5839bc71d254531ff728ce508cd9c38d2b033b0f

      SHA256

      213873db9035c3ad28642451d5213f43b030117a04e9571ac6851e6756399508

      SHA512

      ff75424ebd9c6ba88b45d89cc821dfe84134732102ded0cdb5685906d565ba6964c24e9cb767338813f19fbdc26459af7de347e92af20765add0b7b18233c9a9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fe18b701aabf7a389a3dff7bec22d43e

      SHA1

      983cc6e708983b7eebfdb39917f01ff6196156a9

      SHA256

      aafbcdd10e67d46c86513f748897a68bcb9140771b620ebbda44d8d94dedb90c

      SHA512

      b24235263844077f9aedd0955eb1457341a3724151ea2cb95b9e3dbbc6215f46aa838799aecfa72dcf6c716d477f98551a455ce97295ab9af13f27365ef62555

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a4bb96b41d4d22349b8a2adab38000d0

      SHA1

      baf97d6795afdc19510c9d80e130d8fe53ab488b

      SHA256

      e79e0f7e6bd728f7a4fdc526517c9b9377528e8234795a2aa1c0c19b8ebaf948

      SHA512

      976e36381697ed778422d6c4372b9beab3150087d939435cf0692905a58adff6a64c8872f5213b1cb942b7abafca8317006598bcf880717c855851caef32ea94

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6104ff937a832e73ee89acf4fa99cfa7

      SHA1

      3a582c9e4f4a53a671d15a5989c13f34a9d54b5b

      SHA256

      2ddf39ef069ebf48bde82a22613299449571341730708aa85d6783ad058581f3

      SHA512

      69053a7abb09844f71584ae6e3ad79c5a537d3ae1ca478b64bab1756f9a11f98872a6344ae84002aab18e7bde395024bf04403c9f5a2b0e49dbe009bcf12f2b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab98BA.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9979.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar997C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\exhkqpjxdgng.exe
      Filesize

      276KB

      MD5

      0633631727771a19c3593b678268e8f9

      SHA1

      2c8af799af11e03abc5face54f3943c2b3071203

      SHA256

      dd754c7e866babc27f01d9e9b3bbac680dcc3e83b8a748d39e026b871052b527

      SHA512

      f705f51b7f49f51a13c4509909b80e7eaeecf2914867b41f42dd13f655ad1e815355366cb05b9a6093c1887dae569f204b9ca7ad5761a3f1952b3cbc9b31645b

      Download Submit

    • memory/1320-20-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-31-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-16-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-4-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-12-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-19-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-8-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-6-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1320-11-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2152-6102-0x0000000000170000-0x0000000000172000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2512-28-0x0000000000400000-0x00000000004CB000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2820-52-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-51-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-6101-0x0000000002B20000-0x0000000002B22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2820-6095-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-6603-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-6094-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-6104-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-4242-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-6106-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-2800-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-54-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-56-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2820-50-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2928-17-0x0000000000220000-0x0000000000225000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2928-1-0x0000000000220000-0x0000000000225000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2928-0-0x0000000000220000-0x0000000000225000-memory.dmp

      Filesize

      20KB

      Download