Overview

overview

10

Static

static

3

VirusShare...0e.exe

windows7-x64

10

VirusShare...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_2b15e8b996a5e439f4bb7c9e98a2ae0e.exe

  • Size

    388KB

  • MD5

    2b15e8b996a5e439f4bb7c9e98a2ae0e

  • SHA1

    a8dd6a2388e0e75add58a86bc0b72448e969e7c5

  • SHA256

    0349b7b5d9d720f8c454b69716f21346967bfff297ac2f6ceec40ce80747054d

  • SHA512

    ed6e2b79df27034d2f72230db1b3c83ed1d5acdc6cdae3ce9ce456884f682a18cfe6995b7169cb6c7cca668d662d0e72b6bd971799de5e5e0e280df3d089e1d3

  • SSDEEP

    12288:z+QA5i2ipjoMARxOJ7dLQsNeqKLGrDh/:CngLpjoMARxOJJsLLG5/

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+uewgj.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/9FF5D9A548799C2F 2. http://kkd47eh4hdjshb5t.angortra.at/9FF5D9A548799C2F 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/9FF5D9A548799C2F If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/9FF5D9A548799C2F 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/9FF5D9A548799C2F http://kkd47eh4hdjshb5t.angortra.at/9FF5D9A548799C2F http://ytrest84y5i456hghadefdsd.pontogrot.com/9FF5D9A548799C2F *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/9FF5D9A548799C2F
URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/9FF5D9A548799C2F

http://kkd47eh4hdjshb5t.angortra.at/9FF5D9A548799C2F

http://ytrest84y5i456hghadefdsd.pontogrot.com/9FF5D9A548799C2F

http://xlowfznrg4wf7dli.ONION/9FF5D9A548799C2F

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (428) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_2b15e8b996a5e439f4bb7c9e98a2ae0e.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_2b15e8b996a5e439f4bb7c9e98a2ae0e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Users\Admin\AppData\Local\Temp\VirusShare_2b15e8b996a5e439f4bb7c9e98a2ae0e.exe
      "C:\Users\Admin\AppData\Local\Temp\VirusShare_2b15e8b996a5e439f4bb7c9e98a2ae0e.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Windows\sjycxcjiufol.exe
        C:\Windows\sjycxcjiufol.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2640
        • C:\Windows\sjycxcjiufol.exe
          C:\Windows\sjycxcjiufol.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1584
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1624
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:2884
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1960
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2696
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2040
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\SJYCXC~1.EXE
            5⤵
              PID:2972
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE
          3⤵
          • Deletes itself
          PID:2164
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:1496

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+uewgj.html
      Filesize

      9KB

      MD5

      4c9e1f951fd0a2343c756cfcba275db8

      SHA1

      f2a788285a0af850dfc4e713d35d8be9f719bd7f

      SHA256

      601f7e7fd5d57b702b60421dba51495752e017c203da0ee23ecbef704fe76d91

      SHA512

      d51f4c16a918e074ae4f0e2e8dc214fced6a11097ef9305241b2629a9a63a9c0dee0444594e6476d3dfe3871e0eb1520e75fccefee1c1640cf53da67574c7344

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+uewgj.png
      Filesize

      63KB

      MD5

      fa38e712b8b4f87505f9395c4bd2641f

      SHA1

      e5d36d2571fb91e71c24144d8f9a5a4a77b81d22

      SHA256

      2b8d6bd9c141ff734abb96f9a2040488e59cdcced813a753c1f65c4dac8ca9c2

      SHA512

      17f3441cb8c61cb7eb74b6eec317ab5d957bc7c6c0771ce4eaebaca9d1cc0731af15063c9f7c8433a2526bafbb856f965ac0d847e55d01be5a5fbd247ae4a938

      Download Submit

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+uewgj.txt
      Filesize

      1KB

      MD5

      abcad6503971c49f89ea699958fd2409

      SHA1

      536e0f9cfd5d786e431b49c3ea2e9b7f19887a7f

      SHA256

      559109d879dacf323006af8e390f4c8933ccfea401f70b220a37da22dd8709fc

      SHA512

      022caa7baedbe3782b092cadb323ff65cc222e2889afedceafad18c1c1abf2cd83e57f1ccd9f0fc94d02d7b6305b8b8071e7cc28150dbe10a75e1c7fd862ad35

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      Filesize

      11KB

      MD5

      69598d4de4f5d65a4f076b259858c105

      SHA1

      570c7d33aff41e5a5f13f882c78f87da7f4d5c1f

      SHA256

      ada6d44c2dc941bbfd74f529d10ac1702a7d8f73c3d33fba88ddef440292b535

      SHA512

      50f2db3a6584622472aee8df98d4792048e426c9653157baa909828d364a293bc7a3b93add86bb6266e4c7ae615df38f2e34699cda7428de48aab7eff768d4ca

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
      Filesize

      109KB

      MD5

      bc8cd7a3f0581a464c059b9a721bd0dc

      SHA1

      8a575b3acaae47a46bfbb2fbbccc0a81df101ec3

      SHA256

      36cd683f94209df38ebdae3d6905eb72092c5dc85ffda50bfd6054f34f2bf094

      SHA512

      736bc4a4b1d80e041e2060e686946c5622191b66c2edfb8f7a282e8eb8d3cdaeee52d1624ea4726cf0ba18abf2c6a932d930046bc7780a59e5b5dfb5eca1232e

      Download Submit

    • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
      Filesize

      173KB

      MD5

      a891458e32fe8e3a233bdaf4cf1fd2dc

      SHA1

      089d33b7a7c6fd52f58133d325edab5a74bd727f

      SHA256

      4f975777e551ee3849262cdf947b053dad407502c221701e06978e8964348aec

      SHA512

      6b16e290ee7f1f18d2e6ceffacb21bb0ecc54a33cb1ee85860dc46fad8404281175999bd140ea80964957fefcfc6e787c09692292aae8d40ce6d88daa2503aeb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4cc3d982fb9b47703df387998765564

      SHA1

      d15bde4f8970c63ec9c223f6bcaddd7466bd0bbd

      SHA256

      fcde269b553a95a8d7d071c5b27aff6ab57e6498f376697f85a2fb71efc3027d

      SHA512

      dc4df323dc291ffc885a9e87c976f47987c7c4ea9eda885a2495b6f47bf3c0032496a3097fc4fa6150578368a7a64e9d8c15efef7b00efacd3b9da1ddee4bfb4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a3b60bbf4059c0418c6c8cd5177c38ec

      SHA1

      80b8f88de90ebd9100fe2b38f4d8930956de662b

      SHA256

      389087a9b038f2f0fa2b76f78e67e51a6cd8da748d444077d78ef98ba5af59fc

      SHA512

      7ed19b73673cdb49460187842570977960b005bf27b360a4d22029a1c524a113daeffb733c6901c659313f6751a61e7f55c6cba7962eef29004bd86d7030eea5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      744cd7b3b8f1c9b9ec458cfa71402f40

      SHA1

      966bb1bd475294a65877d6098358d46f8e51af73

      SHA256

      ee2a50d523c5e8a6e302bf8336b47d40de938f261ede68c52f7239277164ab8e

      SHA512

      bf0f7e3249aca3fec0bf3db428fd844edb02d28afc6250f78e7be3319afcf3101649f345c36f302f33dd2d6d39e3dd3892bb3fca2141b34c1fbd84cc4ef7af97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f442e622744bdf74c5587c2fb304b08a

      SHA1

      9878dd0d3141a4fb33fac2d629ccd1947363ceb7

      SHA256

      9dffdd6d34e081bcfd247d3f9b418e82bac23e67b2b044a6d8c2c53980fedab2

      SHA512

      ee7420b3953c885ccae56329ed3a3489dce30a40bbc814db802c732b7411579c3cac4296a00844717ce67c278f56269510338d23cce22941291b5a8fa651338e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1cbd8dc563d6575b1aa503a0ba027a63

      SHA1

      35ea604ce755a9473856d0d69ad2a3048ba102ed

      SHA256

      ba4d7f3110671396a307fcceaa7cbce57d1f34c8e97bbff59615b833c91fefc3

      SHA512

      1649ee2750142dddadfbae3aef4283ad5568e5fcca8ad29bcf781a9ed74067e69701e0b3b4922c593bda9247d456cef815c37d2ed2a6f705560dfcb3e99f4117

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b56f0d64ac01cdb03764a31160436e8e

      SHA1

      5be3387a275a360a24126a79f75413a18906a012

      SHA256

      5a5184dec7f5f224fdb30d3cec64ea01cb78e48ead870befb7cd926dba113edb

      SHA512

      12a49bea3566d6597f9cad78ad348dd24362fb429ab019baf424361066fefabde182c87d8c8d55072704bd0ab47309b70499ca27439b618202db2a0dcc1cc77f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46aa45414cbb9d84975eb3fb9b39e76f

      SHA1

      2bcae22ada39bb5f0de5b8b0b8e8121682c6b58f

      SHA256

      3696d8a58141ba5380e16e066cceb269da8b03ef2ed3f2dfc8f1109b43abfabe

      SHA512

      f3826b8ee89154637e6a25eea04ae5285df85d7923d05fae722bc343c1f75f889e953ed5e332eca5fbc6ea1dd2a1a8a2ec81b151719c46bd2157c5000537aa4d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3eac3834dd0c34b972a8562d458da753

      SHA1

      08f8c0339d0318463ae0dc754e7454fb592f18c4

      SHA256

      92055f66972fae17ad8422d90e6e2501f91b22732247a7e91718ee8ff0b8b4a7

      SHA512

      442f050ba1b848c1a323ae7d5aec67ce0659ad7d7bf47a56ffc60b209ed6b8d37d4025cb0395b762de3fa8ed9ac31d0035ad0dfc5923133523bdf69081b881df

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e1ce1cf6437e107ed68c6d7a94551ed

      SHA1

      1be9a9c4dc8a4e3e625540b9f0f817402c2426e0

      SHA256

      e4bde30bd07fbe44e1826c71e31cf08450453cfd5251e3458c32c163ee72c078

      SHA512

      ddb1b5dda226ef7790b5fafd33c731d07a05a3b1772a5fab94bcfcc783aed1170c61804fc17bbf4deb3dc544a352eba51aad5cc59a80fd26db4df85b1069c487

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c02b519cf7bca094dad8f92c6da1517

      SHA1

      62e4718108257b7fc1455d35160228f1f870db69

      SHA256

      a0d47e04ada80e6d231c2bd6c8d23f5c4954ac5c9f1d1979bb5a09eebeda4607

      SHA512

      b4f95f81e782dbe41835cd57c88fed57dcf4b193bae24f870391bd753a9e5405d989ca2155fbf8312106e27c619cdd145a5c1e87973577b511eb594e65bc3bab

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1B64.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\sjycxcjiufol.exe
      Filesize

      388KB

      MD5

      2b15e8b996a5e439f4bb7c9e98a2ae0e

      SHA1

      a8dd6a2388e0e75add58a86bc0b72448e969e7c5

      SHA256

      0349b7b5d9d720f8c454b69716f21346967bfff297ac2f6ceec40ce80747054d

      SHA512

      ed6e2b79df27034d2f72230db1b3c83ed1d5acdc6cdae3ce9ce456884f682a18cfe6995b7169cb6c7cca668d662d0e72b6bd971799de5e5e0e280df3d089e1d3

      Download Submit

    • memory/1496-6094-0x0000000000120000-0x0000000000122000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1584-6109-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-56-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-54-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-52-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-51-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-50-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-1196-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6096-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6120-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6123-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-2527-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-5497-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6087-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1584-6093-0x0000000002BD0000-0x0000000002BD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2088-18-0x0000000000270000-0x0000000000273000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2088-1-0x0000000000270000-0x0000000000273000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2088-0-0x0000000000270000-0x0000000000273000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2608-12-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-20-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-6-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-8-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-10-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-4-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-16-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-19-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-2-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2608-31-0x0000000000400000-0x0000000000486000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2640-28-0x0000000000400000-0x00000000004FC000-memory.dmp

      Filesize

      1008KB

      Download