Overview

overview

10

Static

static

3

VirusShare...95.exe

windows7-x64

10

VirusShare...95.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_1e096e7c6ffb32332933f693d00c6795.exe

  • Size

    356KB

  • MD5

    1e096e7c6ffb32332933f693d00c6795

  • SHA1

    28e7f909cbc28ca3af8af503111c5fc9f42502b7

  • SHA256

    963aafe897132f8bd0fb1ce4beca2c4c2c04d8699a9e2612106c762cccca6256

  • SHA512

    8c26ddc0f8a3da79646851fc39f57d44a654e3967dad708239f882ed273fd14522d771087b0ff0d688fbb15392145e176be519ada7fd94103a05b90aaab6141c

  • SSDEEP

    6144:C94ZeMgE+D+G+33DpgPgRArNZltP8aLK9cdfdCWJATnKH92tIrWuZ/kE7eVmhgst:C94ZeMgE+D+G+33DpgPqArrltP839Yfj

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hrxuq.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/BBE5316D71F092 2 - http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/BBE5316D71F092 3 - http://yyre45dbvn2nhbefbmh.begumvelic.at/BBE5316D71F092 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/BBE5316D71F092 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/BBE5316D71F092 http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/BBE5316D71F092 http://yyre45dbvn2nhbefbmh.begumvelic.at/BBE5316D71F092 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/BBE5316D71F092
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/BBE5316D71F092

http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/BBE5316D71F092

http://yyre45dbvn2nhbefbmh.begumvelic.at/BBE5316D71F092

http://xlowfznrg4wf7dli.ONION/BBE5316D71F092

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (420) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_1e096e7c6ffb32332933f693d00c6795.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_1e096e7c6ffb32332933f693d00c6795.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\VirusShare_1e096e7c6ffb32332933f693d00c6795.exe
      "C:\Users\Admin\AppData\Local\Temp\VirusShare_1e096e7c6ffb32332933f693d00c6795.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Windows\glyadqxsdajw.exe
        C:\Windows\glyadqxsdajw.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Windows\glyadqxsdajw.exe
          C:\Windows\glyadqxsdajw.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1120
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2720
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:1604
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1716
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:868
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2196
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\GLYADQ~1.EXE
            5⤵
              PID:2972
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE
          3⤵
          • Deletes itself
          PID:2460
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1864
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:1440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\_ReCoVeRy_+hrxuq.png
      Filesize

      64KB

      MD5

      b8ae55373132a31cac7f2cc0059c4237

      SHA1

      10c0ab95f0936de14ec1db0ad78497c780134096

      SHA256

      b5c071465cbcb66ef6d953d71bc5ad4199ffce408916a77158c6d8b70f81402b

      SHA512

      b52b446aa336dcb9038b10359c9c0956aaf57cc00eb484375ee379e4c4636dc14d4fdf2a1a0b48bdd55823771ac2d7d5fae494e47f889c0b6bee8316be781c18

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hrxuq.html
      Filesize

      12KB

      MD5

      5deea9320eb402b796e6d90230b75f70

      SHA1

      eb88fc4eeb5bc5bd6b741af28bca9a4b5dec83f8

      SHA256

      fe905dcd63aba8723280ea98142335e49ed1217d30c3477645a3bec6383c0772

      SHA512

      09d6051230c788882461df22ca1fb29418540a480a6ac11b7f016babe76722753d5c1f905f389e38517bcbae9529fc728c48c480f535a80d01b21ce01c00d31e

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hrxuq.txt
      Filesize

      1KB

      MD5

      2cd0684a0f35b14c50890c2187e15ddc

      SHA1

      08059a832d3bf8cbfac00bbe422b35b53acca480

      SHA256

      6ecfd02d4cccf1b10a756707f992cf7a0815a78c28d9a802897b43162662cb93

      SHA512

      0ff6a6a1322120f8ea161b21dc301cfaa810a8a4db21e628533e942142a55f9f2708dc4c3f43305b077aa7effca9bdc2d0de3866b672e789603edb30e8677a58

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      6e6c5716d2b1c985752c1f349f55a090

      SHA1

      31f96e7c3ec873eff795a5681aa1f85c7a1f106c

      SHA256

      26e9dce0de4ec3c8dcc6cc9fa20bb8c23d1b9f9facdcd1b12e189aac92a42c78

      SHA512

      d6f55e9b23e8725c8555a50e1dcab281e7a81618a5ef9bf038d1614c7c7df26b903e953b08519c93d66502addaea2ae8ad2e593505f030ab261916db4f20ef5c

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      669287f0adf2271c92e5bc98a9841852

      SHA1

      eddcab3187071334a2884a0bfe8e1a6076318805

      SHA256

      fc813521e197cb0a431dc2036aa83358c8d32f1687625b744daea651c98744e9

      SHA512

      928252dd59f34bd6a649f90040749135a2f037fbb21aa0dea27f952cd14a9d285216874ab933a9685a57d7e6baaacb8be9e850c7c3decf1d4f8b96581a18b767

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
      Filesize

      173KB

      MD5

      60e385fc60a65963efbdf3e8665d208d

      SHA1

      258031a20503f28398174374ccdb6f276968fdee

      SHA256

      1b8df94b7ee88803263624448f738a2a54e6f20f96198321854299bcd45c8573

      SHA512

      805bfc3e2cf89f26d3c57a81fc20f5302d6051b076a789fd6d5e438a5ee06c22aa501611c1db34f8b85bb9cbd549e7c28522be63ccc9f5f3ab54766ddb08c1ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e9f5c80da5a45c34f8015ed0317648b

      SHA1

      0494ac1028737d07549ee787918f3a8b78a2c880

      SHA256

      aab0f9076d847a9daba4a3117e92e954080cfe88b0d681177a39da2978a7737a

      SHA512

      d741299510227ca1c19e3b44e8fe494eb49c25baa6beb9b6c1348291d7db53adc17554df7144030cf4d7a9c1499f263aab330d0ed6e0254ae29e0060833a4724

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18c9970f5adeaea7b55eb4ada3bee867

      SHA1

      929f83e4ac426cfcd851625000223a58834a6caa

      SHA256

      188d88b03c7378feab982e25751012a4947ad24b9512daccdca57ad088651c61

      SHA512

      a84b27c4e75051b8e9df58c055abbcd8bbc16782af135c55932cc43e2366b946082d08188b25748604818ddab513472a0e45b32bf5e49bc202ef911d2cdaf590

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0413265ade5159e6e99718d670e2b694

      SHA1

      3ffb0994dfda5b897aa9cdbe342b2ca2c6f60028

      SHA256

      ee1819c52520a2197182d0a45fd0e89cc1a42677e4a9ee558a12916553ff08b2

      SHA512

      46bb9708f0e1c943e2bcf966c8a223b0c29694ca2cb7bb1ee4902b9aae5e7423775d418b80bb6aeb15d7dd256d6657fcee09a652ca328e05a92f8ff2af866c61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0de590a2d9a1b22330eafe3e0caf4dc9

      SHA1

      32358d5b5db9c88b346c85ab42fd4ecbe198f964

      SHA256

      d2618fc5633138efdded54e750d75ac2e825e2a0b0eba93e2622ac893afa0071

      SHA512

      41eed8339c9a7b17f2f14955130d3cd0a507cca601c27577dc89fc690e2dcc48066fa0cdce9d5f91c1288d12a7fcb0d61cbef2d77fec1e89e874b473b65a0a27

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      57f3572c4fe38c949e06e90d3121f17d

      SHA1

      7bd7f2976ad1f621aa0760a65d0734c1924fe9f1

      SHA256

      0684196e8f353c048eaa12ccf917b9547935d163724bee9a3655615da3514398

      SHA512

      a318af879700db4997c3dfe4bef1c9589996ee49fd692458718418f8551909399c31bcbc0894861306575c1e00899e165762c69f966b2830e81f4598d7af1795

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2eab130ba69216bfcdd05e4943cba1a3

      SHA1

      63e8c6b43f1be0ccdf6a9e2bb8b462b196eb090f

      SHA256

      541cd06062df94048bdb7821319ee13352fd3a10f36f75f247401700140259bc

      SHA512

      e33a68a71845310760b6a5e3451e7ecd07750490222d6b5c8c7f16cddcf6bf070ab024cb3cfed996921fa4d80389d66356e685a87eb9ddbc959b227d943107e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c69d7b06ec4ebc592d5a0a67e6152b6

      SHA1

      25bcfad896be3ef90abf068c8987e5dc7be41a5c

      SHA256

      07249e7ba5c83f715b5bf4916d5c5fede92ff7a6a995067d70c04ad776947537

      SHA512

      46ec8ea0c3817b445dba1c9f050b2a957b2c050ff39a71f4e2a6f4fb57c6bc4924af73feaef9e3f916bdb573406a7399ff9ee46aa58382a5967f47f855231ac7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      880c66e1915c9849ae3cffe0361a6a46

      SHA1

      37feabdb6c177aab597e071f4df1d56bcca7683e

      SHA256

      db0a951626a5b514a7703b6d5a421ef19fbc774949dc1441356b3aab9407a21e

      SHA512

      fc1c48be3fbf36b45f646c351fcff1545da6ab67df4cc588477eeb86a4e46c4b16dd4428f4fb4c5bc97aff54c99525e39d8b78989367853f61f3aa2bc6bd3375

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b23e0f0878448fea4a84621b183c9fa

      SHA1

      c09f79eeab7a25890138e20c849f05b638bf8053

      SHA256

      500353ffb69371f1a834c101635d6f8fe1db61d7d19fdf34fc1d3bc229daeceb

      SHA512

      45dfcd1e097956fff07227de6b83ef2579dacdb7e0fd4fb829b5e9ce388e109a17288631b1fffe42bed678720731ccd50d8328ceb32c72fcbfc00e3e7af4f6ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2bf14955a7aa3e03f249dd0edcc0fea0

      SHA1

      8ecc3974e53475671352062097af0fd67622351f

      SHA256

      63211f15bdcfa970ba7dbbe2fd7fde294e13400d5a862b3120831bd3dfc7a8be

      SHA512

      fb782b25116b5aefd6f8b2b279977a333eec9efad09ffa903df123cf39a16d79da7d2697a9319cc2adb5045f04a06b47c15f198db6af90a12b18e5db32d125c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8bdede7a773468c60a6268b829fa75d1

      SHA1

      75a16b0cabb5b1f0649c8980b0163ea170f8ee28

      SHA256

      400316bd82f5624e58be5790a5f71d5db98703516a149b1ea7502b8d586ad7f0

      SHA512

      6ca155b4e8620028e5e5d7eae5869ff6760ac239b46ab22d666bd038d3f0d94aebe807f44f27400dfc59a3b6a9ba941eb29f80f0643266e4eca8bf482d2076ff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9734.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9822.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9844.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\glyadqxsdajw.exe
      Filesize

      356KB

      MD5

      1e096e7c6ffb32332933f693d00c6795

      SHA1

      28e7f909cbc28ca3af8af503111c5fc9f42502b7

      SHA256

      963aafe897132f8bd0fb1ce4beca2c4c2c04d8699a9e2612106c762cccca6256

      SHA512

      8c26ddc0f8a3da79646851fc39f57d44a654e3967dad708239f882ed273fd14522d771087b0ff0d688fbb15392145e176be519ada7fd94103a05b90aaab6141c

      Download Submit

    • memory/1120-6029-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-6032-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-55-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-577-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-52-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-50-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-51-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-2155-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-5144-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-6015-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-6021-0x0000000003760000-0x0000000003762000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1120-57-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-6024-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1120-6025-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1440-6022-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2572-8-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-12-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-20-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-19-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-4-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-31-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-10-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-6-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2572-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2572-16-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2752-28-0x0000000000400000-0x00000000004DF000-memory.dmp

      Filesize

      892KB

      Download

    • memory/2760-17-0x00000000001B0000-0x00000000001B4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2760-0-0x00000000001B0000-0x00000000001B4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2760-1-0x00000000001B0000-0x00000000001B4000-memory.dmp

      Filesize

      16KB

      Download