Overview

overview

10

Static

static

3

VirusShare...c6.exe

windows7-x64

10

VirusShare...c6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_6bcc066e2a81f34c7e052895001f44c6.exe

  • Size

    340KB

  • MD5

    6bcc066e2a81f34c7e052895001f44c6

  • SHA1

    6f892ec0287ace1c4c7c86e3945b44de6c9d3ba8

  • SHA256

    39a70938288eacf5eab1002150cb06a8299475ad6064fb131aa6e9118c66b4bc

  • SHA512

    b11b924dfda23d28019879acbd790778049f4f711134b0003967408b28532544745d12081a9da538f9ecd84f3791b621d3d9c1b4a62699b22d7c56274a1f9f2c

  • SSDEEP

    6144:2//b5dx5w2hahQGvPmZ8n0SylbvO+MeTHLlj9HhRbr3ET4b7ODRJT0luqig:SddvwdhHvPmZiyIXgLl3ZoMq4wO

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nfuwn.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with AES More information about the encryption keys using AES can be found here: http://en.wikipedia.org/wiki/AES How did this happen ? !!! Specially for your PC was generated personal AES KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/C6652EAAAAA9F150 2. http://tes543berda73i48fsdfsd.keratadze.at/C6652EAAAAA9F150 3. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/C6652EAAAAA9F150 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/C6652EAAAAA9F150 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/C6652EAAAAA9F150 http://tes543berda73i48fsdfsd.keratadze.at/C6652EAAAAA9F150 http://tt54rfdjhb34rfbnknaerg.milerteddy.com/C6652EAAAAA9F150 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/C6652EAAAAA9F150
URLs

http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/C6652EAAAAA9F150

http://tes543berda73i48fsdfsd.keratadze.at/C6652EAAAAA9F150

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/C6652EAAAAA9F150

http://xlowfznrg4wf7dli.ONION/C6652EAAAAA9F150

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (415) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_6bcc066e2a81f34c7e052895001f44c6.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_6bcc066e2a81f34c7e052895001f44c6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Users\Admin\AppData\Local\Temp\VirusShare_6bcc066e2a81f34c7e052895001f44c6.exe
      "C:\Users\Admin\AppData\Local\Temp\VirusShare_6bcc066e2a81f34c7e052895001f44c6.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\Windows\eqsyjejblvon.exe
        C:\Windows\eqsyjejblvon.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2920
        • C:\Windows\eqsyjejblvon.exe
          C:\Windows\eqsyjejblvon.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2880
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1848
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:1688
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:888
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2376
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2424
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\EQSYJE~1.EXE
            5⤵
              PID:2660
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE
          3⤵
          • Deletes itself
          PID:2536
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1604
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
        PID:2592

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nfuwn.html
        Filesize

        11KB

        MD5

        4a461259c68bb1c1ef40e09c31c8d54a

        SHA1

        78457a310f0effb512909dd278704a016ef5c6c7

        SHA256

        bc187002293b4d37ab3d365d18a6dce9d9f05661bf78b33cbfabcbd927ecbbcf

        SHA512

        6a112cc3251cf932f4610519a1b918c177a67fbc46b4c922f70a04bc3e04df25808ad886014778181e7b68adc0b585ecbac6d170acb699680918ef0390e8e3bc

        Download Submit

      • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nfuwn.png
        Filesize

        62KB

        MD5

        badf7771688af3dca5180c00b3cbba6a

        SHA1

        314c86412d7a2249c7f6f878fba05f46efcae462

        SHA256

        8d56f4020a21b6a7f9238190bcaf632579b30387709422d45f5803c0e8141f07

        SHA512

        f8b4e0da0728488e99fed3ae44a6d6d4fc43160dc5c2d5b1efcf9fcc244663b19ce1babe91a38f5641266c6da7904fd4040699d3cfe297528edeace957376c84

        Download Submit

      • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nfuwn.txt
        Filesize

        1KB

        MD5

        c123d42ea8d2e8616e26d1661d828469

        SHA1

        7ed2a59f47d943e3fc2a68a9acf5f901a65ae8ef

        SHA256

        4a85619ddf9c0a9cfea84ed790350ac58b24dad40e0c1fc981ea8eb9edf908b6

        SHA512

        866d2fa47fce241ad24926c21dca253bd31a0a0923834657317efb8d5c148c9de1e91f8cbf4aefccf219c04f79f7e45a9d5c178fdaceffc6c3d86afab4185118

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
        Filesize

        11KB

        MD5

        094af1d148b4482f4804d1dee095d9f8

        SHA1

        f7806c032715ce70c9e28425d14b464e82b78e53

        SHA256

        ec35fce3a2d0a8139a0bb5a0706e898dbf9f1cdfc68cb9b149c37107fcc0ff6f

        SHA512

        d8aa9d0e190c15407588dc0486737d73dddad2279a2732cf1fe6329e27a907c7079091307c53241039d18fab8daaf445610e8530151876c4eb37a8e0f43fd4ab

        Download Submit

      • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
        Filesize

        109KB

        MD5

        fa30c3bd76064f1a68ec18751a7d04e1

        SHA1

        f0d6cf432086ea49daa2e412ba69e47180232258

        SHA256

        293d81d6c895ac3fe750877f7e5a572885d0390d7293ebc863ae23bd4360ad1f

        SHA512

        d9daa83187048c8b2c1da8c6d9a71cd33d0c43bc2d4f7d6289cd1a2e731fa41727f8d159dc82c9ad7999a459767e3386ecbc235b503db0ac203684d75f44c02b

        Download Submit

      • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
        Filesize

        173KB

        MD5

        ff4258b1af237e334d2e5973ad487e14

        SHA1

        d63b431d1c637c415e3ea2f2a2f1920e00e38428

        SHA256

        4dbf488c1413bc8134537dc25471e05ede68fb58cf9fee7aba4b79931640630a

        SHA512

        e9aa70b7b77215c663f1ef93e1a595e36bb3c2e68fcda78e81988e993fd01196d736ad25992245337db91d457a1fa38e5bd42597d994fd327ab885d7b77552ca

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        acc8356a881709c6999dfe2c7ddc5504

        SHA1

        77c37b5a6e00cf6afa30eb97fcf00dada7fcd051

        SHA256

        d50c46c0000af2ccd79c889cad4f45b3ac361691927674b82095383d54eac551

        SHA512

        2d44f351c1d7073bf5609406296aef6f736bd257b831d917704588b85f98d60a20b69331ad1a679678821869e8862ad4269d93780288713d0bf63a14a1f54861

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        56b82cc7c48150d7f892b4c383d9f055

        SHA1

        8e9839993a85fdbb0d06d2ca6c9be8f108a42e57

        SHA256

        fb0207d9cdb6a3e5aa44d34fb497fd078eabe23e29a3e76a4f65352164872073

        SHA512

        69054d383fd6cf3153846df4172412e8903c608e031089ecb7d45852ed1556f4b39a4967e1b6fbd8c2a797024a3c907c54c5bed2859828b39888c2fe34842015

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f31a84dd656c15657f7c0c8cacf3f5c9

        SHA1

        7e17ccdad39a0cfcec166db112fc99458b803268

        SHA256

        5fb687ad1d7349c7cc773c0583e082db1c2a02ea00eaa0745cf0b2c65ece0b18

        SHA512

        cae25605f9d6e2565bf9cd41e7f856057778eff9aa94d714de5d651c0a380b5f9a15115c54bf05bd39f2bf2723f8035203c6eef1721eb98c552e95d126e95197

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        561c10c9a60f9ee8ac085bfd915da282

        SHA1

        1daaef9258c99f5f68b4a2467e1ac38f15240c94

        SHA256

        cbe7e41a253d18df71827c8c1f06e123a912aa93df6e59ce1b8065d109fba63d

        SHA512

        a44b29cdf1d2bbb058a3a454bce62986241ff209119b4c49fcc6ef831e40202006de162417531ca524541edcef5859ef3b175adffdbd149edf3ef2fa1dd0e04e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ba02f6846a078263a358b19a19b20c4d

        SHA1

        bb6066fbf7ca4eb0f12a1131a3e8f3aff6ec7b94

        SHA256

        9047794c06c15cce6fd0846dbc70d1e9a4d13b150363cf79351f5f9230586421

        SHA512

        f88827b1faa05b11fe977cd3f0c57d8e6d0d994638f61eea84a45ecc9bcf1e09b57a727c452a4b7c19bff2e9aa3940f82003db5d3c74bc3879a3ba2e74a6637d

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        da59a0ee459e15690bc7f8d41a2cd669

        SHA1

        234afe518ea15f25d4a0108313f7059b0c85b0ff

        SHA256

        859358877ef3a2d35ebc9d9dca855e76703b9f788fa62a530dc70f303cc96eac

        SHA512

        9ee132b4aac981fd3aebdae5df961d88a759ad85bf79ed06703de96a1ab0274541359804dd7e4f4b4db12ad7cce6eb9e329955590f54cb27c45f2edfe1e074b0

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        bf8722dffd1d71aaa5288df2824c9283

        SHA1

        617055ec44b55fb1a7779ad71c5de58ba67ad882

        SHA256

        a97a195d5e86ba6780625547e80b8a1e054ef00015ed214f0905ab9878f68267

        SHA512

        75d328a7418563307b819d2b722852ebf7e81c6d9e0e0be0b396aa8ddffc0a3a1c52a8915e8f93cd4a5a7b3610025474d214893e134b17f7ec0b3dfffd1420df

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        e17453dce45dc26c79ed1444001d34f9

        SHA1

        560d9ed7219978bb5025aa5c6707c8ade7df93f2

        SHA256

        23a471ce08237a5fd7d07dea3b2408ff0713822ae964ff26dd43e396385afbcf

        SHA512

        cec598fe6b04677ceb97d2451ca4e5ad1b3941322a35484f41616bc6a5521b15c16002fa3504f7774924d81142b6ca5aeae250ec31d0cb9243636d9a9ca629b4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab8191.tmp
        Filesize

        68KB

        MD5

        29f65ba8e88c063813cc50a4ea544e93

        SHA1

        05a7040d5c127e68c25d81cc51271ffb8bef3568

        SHA256

        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

        SHA512

        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar8235.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • C:\Windows\eqsyjejblvon.exe
        Filesize

        340KB

        MD5

        6bcc066e2a81f34c7e052895001f44c6

        SHA1

        6f892ec0287ace1c4c7c86e3945b44de6c9d3ba8

        SHA256

        39a70938288eacf5eab1002150cb06a8299475ad6064fb131aa6e9118c66b4bc

        SHA512

        b11b924dfda23d28019879acbd790778049f4f711134b0003967408b28532544745d12081a9da538f9ecd84f3791b621d3d9c1b4a62699b22d7c56274a1f9f2c

        Download Submit

      • memory/1232-0-0x0000000000270000-0x0000000000273000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1232-15-0x0000000000270000-0x0000000000273000-memory.dmp

        Filesize

        12KB

        Download

      • memory/2240-27-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-16-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-17-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-1-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-5-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-7-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-13-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2240-9-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2240-3-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2592-6546-0x0000000074600000-0x0000000074605000-memory.dmp

        Filesize

        20KB

        Download

      • memory/2880-5420-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-6048-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-408-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-45-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-6057-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-6056-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-6054-0x0000000003200000-0x0000000003202000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2880-6577-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-46-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-50-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-2324-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-51-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-47-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2880-6580-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/2920-28-0x0000000000400000-0x0000000000578000-memory.dmp

        Filesize

        1.5MB

        Download