Overview

overview

10

Static

static

3

VirusShare...c0.exe

windows7-x64

10

VirusShare...c0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_09b500283366eafb809963ae3341e9c0.exe

  • Size

    336KB

  • MD5

    09b500283366eafb809963ae3341e9c0

  • SHA1

    628610489c41e78617f4e51d0d0143a07b245f85

  • SHA256

    8506824ad4a9aabf540bbf58741412448178b846e540fbbfdf2a4e48acfe46da

  • SHA512

    7ecb3ed388e2866cbb0331d50d910ce3810f8b9bc1ece963e2cc67c5eaff017d2109e7ccb9d022b8960f78cca243c36bbdb29e0f78fdfc32a78cf2daea6ea796

  • SSDEEP

    6144:r1w0U6D6x4kyjf+g0uc2RTqWmx7Ikw9NShXvSmk2OpXaP/EBySkQ4:ri0Uu6ikyjcuk5y0hXaxpKkB

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ynhye.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with AES More information about the encryption keys using AES can be found here: http://en.wikipedia.org/wiki/AES How did this happen ? !!! Specially for your PC was generated personal AES KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/FD8ADE14D064D4E4 2. http://tes543berda73i48fsdfsd.keratadze.at/FD8ADE14D064D4E4 3. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/FD8ADE14D064D4E4 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/FD8ADE14D064D4E4 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/FD8ADE14D064D4E4 http://tes543berda73i48fsdfsd.keratadze.at/FD8ADE14D064D4E4 http://tt54rfdjhb34rfbnknaerg.milerteddy.com/FD8ADE14D064D4E4 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/FD8ADE14D064D4E4
URLs

http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/FD8ADE14D064D4E4

http://tes543berda73i48fsdfsd.keratadze.at/FD8ADE14D064D4E4

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/FD8ADE14D064D4E4

http://xlowfznrg4wf7dli.ONION/FD8ADE14D064D4E4

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (432) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_09b500283366eafb809963ae3341e9c0.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_09b500283366eafb809963ae3341e9c0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Local\Temp\VirusShare_09b500283366eafb809963ae3341e9c0.exe
      "C:\Users\Admin\AppData\Local\Temp\VirusShare_09b500283366eafb809963ae3341e9c0.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\ajwgbkftrbar.exe
        C:\Windows\ajwgbkftrbar.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Windows\ajwgbkftrbar.exe
          C:\Windows\ajwgbkftrbar.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2712
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1604
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:1772
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:228
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:228 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2068
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2868
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\AJWGBK~1.EXE
            5⤵
              PID:2836
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE
          3⤵
          • Deletes itself
          PID:2720
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2644
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:1616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ynhye.html
      Filesize

      11KB

      MD5

      db522e37c853215e738f0ca3d28b077d

      SHA1

      f6298996c098f803f67964952585ca087c1e29bc

      SHA256

      334f4eea3e59cdd5eccba3fc78908ab45ab84468e448f593da8c0576039ea0dd

      SHA512

      87b600393d4e87b782e76034344cfe7901efcbc260aa38ed87e6a24ca34fcef1dc5b36f96b593392d0dea27c55125b47f463837840657229d7e44d63ae25ef18

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ynhye.png
      Filesize

      62KB

      MD5

      dd383e5532d3607322f09796636ae9d8

      SHA1

      c606e72d937a0a645342cf65930d6b3da0f1e7d3

      SHA256

      f87348beca7431cdfd8d1bd6512b7a33c38816fa30c3fd4210cbdd9f04b84e2c

      SHA512

      33469af972ac8fa3a41c37a1dec93b056b72f55756fca387c7eb835e2f3c043b39c23d70075a42423e33a2f98e0547b5dacca42e4acaf5c413407d1638b624bb

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ynhye.txt
      Filesize

      1KB

      MD5

      fa9bc9f9c96964275d5e6e2872019185

      SHA1

      9ea60c014f40774aad7b0c9e156a7b796a61c419

      SHA256

      167adc47efaf6a3e8d178f5d83b97347fe33ae3465d195ea8c51d304f3964b1a

      SHA512

      eaea6090dbf8c0098eaec6d9f9f286dd7ef28da44051f540bd2611fec9ce610b9009fec5c89c9464db646c8ccae36584b2a37e53d839dd8adef884922887b2b3

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      5478f027da51d8fb280b79760659f857

      SHA1

      f59e24be234131581469b982ad3c036650cb3c74

      SHA256

      4ac54acaac59781e2bdd4f6356aa8e752c15f7af5db3d5623e58b1fffb508f7c

      SHA512

      31f2357c4166670a0abe04041248eebb59353c2df4a8400d80ddfd82a1a4bdd2bacb3e3060f6c13af9894dc6143337ac4b3f75f73d13ee4cc35490e3c733726c

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      00e5072b640f7a037d510f4c364335bf

      SHA1

      d349934d1541343ade95ff78045254e2aa3c0478

      SHA256

      e9606c84388b60c2bfb63466c90f13e15894e6903c0c7b19d43672058c9557df

      SHA512

      0cbc077e7eebe35e16d21b59f7b1ff628156cac8bad0da0d9b6ac7664d18e2a309db9ac2594f5162b3ca07b57d011e128104acf528f0c19bc778d10e66da7f3b

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
      Filesize

      173KB

      MD5

      4978189e46f38ac64599b2ad8b0a3d3d

      SHA1

      d6617755bcc61773e74b85716d76f18c494ae03e

      SHA256

      30616192165beb49c93e0db0c40744cadbeff139a643cfc8df7e419423a5a64a

      SHA512

      da3055ce531fc956c27bed51ab954d136796d1276145945284dbd7f921292e5c49eb8a0bed322bf2a318dc5989485524dae89c979f9198d3ca7850bde3ca4245

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c9a0500e637564680ed907da3feb456

      SHA1

      9331f0a300bcb83dcc6238521852037d360f30b4

      SHA256

      f3baaeb53756b3efc1dbdeace2a45f9f0c4ce8813c03a8ca5eb46a4e515237d7

      SHA512

      ade4fb9cf15e6a3c2684aec834b92a5905d50a1a5ac22230da6135b948ff25b0f191b4926f6b3ca1fdeb8ad1dfe083b7f619c673368f98f0700343357de4f4b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb745770ad6e8d78ceb7c174ec99bc7d

      SHA1

      3a3c18efed542a50606664839b8ac3353a32b3c4

      SHA256

      6772f581f007595f936c14172731de1b298343e2845f2041bcb84f2bc3da7e61

      SHA512

      9ab490872cad99d28a58c6dec76e459779104dd579ebfa51c42160f7894d72818aaca44e0b09be32ad1b09aaad476f0672d6f6432a42fe6f55d2aee14bd0cc7e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a0a63c7ec953ba44a0714f1f7051fe4f

      SHA1

      ee323f54621b73b3b6f0d8999e3945c16f709e81

      SHA256

      77745c978f80023b86181f5cfe767a44017f58540fb6ecd22a929f2dee40c3ce

      SHA512

      a3adad15c09a230d8c19585a6d2e9427545049dccae3b4ec267cbf4ecf61cee11ca22dfdb8d0d21115bf240d42b08e9eaed4cf11376b2a8a388a3450eebfe449

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d07ce746356f9c1e9b1b3572339445d

      SHA1

      a835c44fa2b5e245b8b17f25c0f3ed6d50ebdf9f

      SHA256

      da28ab76cf96c47718fad86a895ad92cee32a5c109746721e1159067e3227ba7

      SHA512

      b1ab81cbf89703b9596b55733c112e004a63b071a6923d25ae3b62079ecb088a85846868b68da6c7374a92a7d20c4fbea739704c9c9bb977cef2d85100b09c82

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f027bbf9a3ba7ed334ef84ae36ca58a2

      SHA1

      1655cb6759da3d6bd94a89b38fb94c52ebca48b0

      SHA256

      00006a770a3603b04d769402b0b34ce0157235bfbe00fd9ebd28252a000e0e14

      SHA512

      b9bb73791fce4715f02f985d73e0c1e4c064837a57585a7e658565d1c878694ba9f5d6aa59a681c6c0a30d7c5c64ac9ec1cc99260e49d20f6c525bbd0bea7af0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4dbcba3124a3c8bd4de890c3a976bda9

      SHA1

      867d8af58dd624af3ff36da3debe5953189fda97

      SHA256

      5c8cac1a44a7d5e75f678f996dca5c8de04c31b83845a53b9e6db3452593618a

      SHA512

      276abb1e47f72fa493853821dfcbbae1a28c766e79cd3d3b5602931360507e702dad814b3b952117640928a0ee6e2a37708ab6e94b948c0c31973ecd99a8d12c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2b13bea1647fb094e0e72e3573e7b748

      SHA1

      4029251aa15f97bbb3cbc549e1b9ed5471c54039

      SHA256

      2623e8671dc8020b5401645ad8236aede296e47870f215c69e7ab9e0722c9421

      SHA512

      4945b9c4165c5e97a1e6c3020b42f30f408227558b32ccf9f24eca675ab4dd1f6e78528871908261018b6a63a6a9a1eb734fe29eb3ad45c02756201ee2cc8e44

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      523187fa91a690c765a43f77818cb06d

      SHA1

      33fefb4647f2a40c3ddeed67374ba0362159da38

      SHA256

      237510b191ad6d79629dc75e0e8027f409648c9cd4b78af5b024e9ac35758416

      SHA512

      1fa63c12902216168a2b082419645da1c8c18abc23d16ef0aad1fa937a1d0eac5498a3f6fafe10d4cdf72fe2bf24730877082b055414c7962cc65a00b962e339

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      49ed285faad6115b9cb7db0dfc33ca3f

      SHA1

      446a917b3273aaed6f4548dcc5cb14d901f4eb3b

      SHA256

      6383daa2824e53da5714726f9bb4607d966a702abefd1b503ee53c6aba0fcfbd

      SHA512

      b3250053418077349556d7dfed65357f1efcbe07603abfa210eee0511a4275ab51f7652388d4fc4be3bcf96377991fb98b64dde4ab35ea10b3cbc9da68f0d3da

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8A75.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8B92.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8BA7.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\ajwgbkftrbar.exe
      Filesize

      336KB

      MD5

      09b500283366eafb809963ae3341e9c0

      SHA1

      628610489c41e78617f4e51d0d0143a07b245f85

      SHA256

      8506824ad4a9aabf540bbf58741412448178b846e540fbbfdf2a4e48acfe46da

      SHA512

      7ecb3ed388e2866cbb0331d50d910ce3810f8b9bc1ece963e2cc67c5eaff017d2109e7ccb9d022b8960f78cca243c36bbdb29e0f78fdfc32a78cf2daea6ea796

      Download Submit

    • memory/1616-6028-0x00000000001F0000-0x00000000001F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2304-14-0x00000000003E0000-0x00000000003E3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2304-0-0x00000000003E0000-0x00000000003E3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2548-25-0x0000000000400000-0x0000000000748000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/2712-6030-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-45-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-2594-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-4963-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-5905-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-6021-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-6027-0x0000000002EE0000-0x0000000002EE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2712-44-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-51-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-6032-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-6038-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-49-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2712-46-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-16-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-5-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-13-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-3-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-9-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2728-17-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-26-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-7-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download

    • memory/2728-1-0x0000000000400000-0x0000000000485000-memory.dmp

      Filesize

      532KB

      Download