Overview

overview

10

Static

static

3

7a4d85a1be...cs.exe

windows7-x64

10

7a4d85a1be...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17/06/2024, 10:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7a4d85a1bef0ca4cecfe376e0ee91090_NeikiAnalytics.exe

  • Size

    388KB

  • MD5

    7a4d85a1bef0ca4cecfe376e0ee91090

  • SHA1

    0eaab4a4cf009d2d0d2d525bad4742356ca06317

  • SHA256

    0cfff9ddd855236e2c89d1778e88bd87db965a29d0e4e6b75178add06fd4fdb0

  • SHA512

    963509e2871858ba356a6b1e2af71b05c22019ffe4172a3ed8d70d54597bf10a67607d8083fef90e549521cf194d76af1112f7628b23943d0da0ebde0704e280

  • SSDEEP

    6144:VPHkQ4ydZZb+Q7Qf4+4/X+8PvjAsYcHte9qYJkIb/VNIFNgQfo/Xse6+pA+Z0S:BrZZbJu4+Q+8RBe9qYacVNyN/l+pn5

Score
10/10
teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+cedmc.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/47E1DDA5B81473DC 2. http://tes543berda73i48fsdfsd.keratadze.at/47E1DDA5B81473DC 3. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/47E1DDA5B81473DC If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/47E1DDA5B81473DC 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/47E1DDA5B81473DC http://tes543berda73i48fsdfsd.keratadze.at/47E1DDA5B81473DC http://tt54rfdjhb34rfbnknaerg.milerteddy.com/47E1DDA5B81473DC *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/47E1DDA5B81473DC
URLs

http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/47E1DDA5B81473DC

http://tes543berda73i48fsdfsd.keratadze.at/47E1DDA5B81473DC

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/47E1DDA5B81473DC

http://xlowfznrg4wf7dli.ONION/47E1DDA5B81473DC

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (423) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a4d85a1bef0ca4cecfe376e0ee91090_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7a4d85a1bef0ca4cecfe376e0ee91090_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\7a4d85a1bef0ca4cecfe376e0ee91090_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7a4d85a1bef0ca4cecfe376e0ee91090_NeikiAnalytics.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Windows\tcyogklqnrhx.exe
        C:\Windows\tcyogklqnrhx.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Windows\tcyogklqnrhx.exe
          C:\Windows\tcyogklqnrhx.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2348
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1992
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • Opens file in notepad (likely ransom note)
            PID:2156
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2456
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1916
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2964
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\TCYOGK~1.EXE
            5⤵
              PID:2752
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\7A4D85~1.EXE
          3⤵
          • Deletes itself
          PID:2876
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2128
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:1592

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+cedmc.html
            Filesize

            11KB

            MD5

            f6df4701e1b9bc30720540a1798d2ab0

            SHA1

            cff77997a8e36a0d292d151b330a88cbd2774e95

            SHA256

            7493300bee0032972fe7924d3bc6d64825395138d06f990e8f52670d16747f05

            SHA512

            c1141efc68fe57fa4dc6ebacc56b83cbb0123db5c6b07667c514f5fd70b09ed76f66cbb24ac6c9d4bfdf27c99dffc3b55790d3a000cab5f9bf76c8e802c81c90

            Download Submit

          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+cedmc.png
            Filesize

            63KB

            MD5

            7949db287dae97f3b52944e837a90688

            SHA1

            cbb3001c175219ad95761a2b0ac126a4478b5ae4

            SHA256

            b1c37ed84fe19d90a25e9dccc33d710fcb66a162b473943c22f6789b9779b639

            SHA512

            b9518a38f7a26b8c6f75465b8c726006041a3b7ca6ccbcc7315d33455d9ee97f578bf2ec0e0b47cec54726ab4b774bb45c0e5c568658322e516803d06fdfa827

            Download Submit

          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+cedmc.txt
            Filesize

            1KB

            MD5

            1d1017663b59c59185034895e444df65

            SHA1

            8bcd61baecbcf8e6e9745f1b1bb337ef3a1fdf53

            SHA256

            4d34ca2277fa2e45ec75232c105a5138ce449a3581e3c3fa45900447c7bdbd99

            SHA512

            e90c842677d7ce6a91ca7ebafd1a306fd9ea6e66c17971b0a5f174a113eed2a11ad719cf4fe1b4f8aab1f77ab6d2a1c1833d601f513d5591b9136110b98a3efe

            Download Submit

          • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
            Filesize

            11KB

            MD5

            291476b4140fea72c58e2fd59f005bd9

            SHA1

            191add9ab78c7f4cb25ac2e53bba8255e4aa47a4

            SHA256

            8db47d8c4010126d0c023d265c5854a494b6fcc7096fffd12d65622089b99766

            SHA512

            4a74f5c78c776d63e46c10284319f405199d071df06fd7360dfc08f68b14615785a5a0ecc4c3f1f5d46d9430f9ce1cd0ab5a97dc2ccaccd675579c74f26fac0c

            Download Submit

          • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
            Filesize

            109KB

            MD5

            da306e9806f74cecf5af1dd2a78477d9

            SHA1

            8d3c5fe616925a17bc14fa73165ebcdfb34c87ab

            SHA256

            f753b9d31aaf1ec40bc7c5222b5127f88e5c9f5a08d18822dc51b0a96643f24d

            SHA512

            669c9e05c0282171199e0b71cc0f9211fd0ee848eb03187e984a977f75c1728428dbf7051e56a918228de32f8157e168ff07981fb3f794537a5a7d58f47e34e3

            Download Submit

          • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
            Filesize

            173KB

            MD5

            27d9e4e5f89a90ea0cf45170013bc33f

            SHA1

            c735c3b89435bfc1355834c87e09c861088dc153

            SHA256

            d70a3edf088a0d688511d04025aa7d33da9a644f1001a19beb6ab7966094a66e

            SHA512

            3e481c63b92525edfdd86195520a4e9216cf8cb38f7a68525f51f734260f66ea2287a4bf32d8f15046c110af5229a6b312de67a6c272449075e01d9bbafdb9f6

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            b436e640fe153b92e70311b478ae97c3

            SHA1

            7ad5daa86efa21a1afa60b6e5b62b605f3ee47e9

            SHA256

            1675ef9c6d6a164cd173a942be133bc53a98b7cdea0b38e06e52c3141a2aec4e

            SHA512

            3973d0efb37868da5a7d9ba9ea0540a1361381b112dd2df1e8773531e90e002fb6d72a8c0dbce891256e7ddd04507dab5c578554138dcb47dbbc2e8e06bc26a3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            bd0e9748552f3425c16d1010623e1607

            SHA1

            8238d8b707a2da3cf9b6b0562b2396b838224fdf

            SHA256

            77d45006d3b02820438993ca4c027e1feb5f4865a85a1300d20def36f4d15643

            SHA512

            929929d83fabdfe33b35812739a718ec2255fbc2095b92eba95991d92c897dcfb16623d7167c4826c2221e3dfd45bba6d246cd3158ed87a5da6b875223738201

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            f9a60fe8c588da77620ac43fe1d61357

            SHA1

            545645852ad4e783a97a9aed5d8cf73410a3f557

            SHA256

            bd5ceb2b84b350995221f8d368e4e9e56b8dd7118355469e338ca2009532bff0

            SHA512

            9af80de8071522a113b0ff138a3e413bf45effb32ddc95a825aab8d351332b9b1a535c198f504367ef47ad7c8d450edb115d0bdf1f13dbdf310d65734b192484

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            1e012d9b579be85463c2e7256f04cffe

            SHA1

            44d3a6a9b20e92a0f89eca56c926e71b30779f79

            SHA256

            bd1b9d0faa9aa8e05bdbacbed29e8cd9b3a4d046ece140678471cc9cdccab235

            SHA512

            cff4601d579afcf5c55cd9ee42f718b3f491d40887380fb7071d839c42c576fed7ec13b114e2fd90aff8504ec71283741454f62b53bda2565a0b831d8e69676e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            391899f706c376ba26d66abbc07ace65

            SHA1

            4ae08d99fa4f44e02f6780af4b718b0321abf53b

            SHA256

            61f0828e1f4a44e4d315ea358f2d9038e8cc3ac7558992c8a8b64edd2047e7f8

            SHA512

            bdba0c70859a3ebec804401855fd79facb0eef6e8d784bd6bbf12e8402372fda3f588eb92d8ed2f6bb136a0b6f99f850193c27f373593a4ae54950df3ee66c2d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            597e34d13bbbd11cad8a8d7ec483591d

            SHA1

            1299b3afdc30f58972ac2b3f9c5640d2aae920d8

            SHA256

            41a6a5a919fe233e2c24978da4a320827d38d1177a1fab12f6aff2f915c5250c

            SHA512

            26d9b7c1d7e996e91fbe96faa66c938f87d7c349c741d8d76778e0658980f215e998f409869042273b265846060f57e79f485f36f0c54a0bc02f1682cde312be

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            1197ebe01ac9b45e90bb998885a4e054

            SHA1

            699016736ce1040fac6c5bbeead719475d94eba1

            SHA256

            8ae90bd735d6ebaf5550e966267ce4bc8ea67defbf5bba1d9994095b6ba86f3d

            SHA512

            b89c75457bb7420f10d93b9f77ce82f5b8a893637347da22f1fa30384ec4bf0ee27248833ba0909cf107c65ba374699a23f9256f0b80297f8f3805247fdbdc31

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            be02bec07bdd54a939a9899d3e0e1d1f

            SHA1

            d13e1593bd2c029913994c4c6b551857124daa0c

            SHA256

            02aa693931f4677accef702bf92ae6cf09ec969617a8ee04952208bd3a00b96b

            SHA512

            4d2c150b38058136f2577d44ce395d2fb20ef8388332f825dc88ca9bf1ad135c0bf1b66dd4262e42e5e3906a6e0ac81fd436503508683dd9fedd09b4f63ac2b3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a5349aa3f2afc474e9732a61dc6c7200

            SHA1

            fb1483ec2afb85561784ffa231408b5a47c09957

            SHA256

            61c2a8270a1975bd758cd4adb4a96a760fac97c52dcae3f5fc5d7d5404f709da

            SHA512

            498d2346230643cf8659b0bf211bd73f63378f9b849f49c7e7944bc7c8488726d515dafc31ffcc0c2f73732246691fc548e8e329584089e9ecf2af91420d10dc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            544a2258592167a587527a4a561d6587

            SHA1

            65ae14cd4d5f0d8361a5519ced2f8a588455c8e6

            SHA256

            dc7c9c4d16814c8fe15f4d870facf030b6c3bf90d97676c97e66d50eea0b3d07

            SHA512

            4b05c3acb489dcd55f616d5dd16dab7f2fa4f659cdc66e636e9a5a50b22355a1957640825be4a616737e34c4128fd1337bedc4e3f069a5b2801d327a655413b9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab7762.tmp
            Filesize

            67KB

            MD5

            2d3dcf90f6c99f47e7593ea250c9e749

            SHA1

            51be82be4a272669983313565b4940d4b1385237

            SHA256

            8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

            SHA512

            9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar7815.tmp
            Filesize

            160KB

            MD5

            7186ad693b8ad9444401bd9bcd2217c2

            SHA1

            5c28ca10a650f6026b0df4737078fa4197f3bac1

            SHA256

            9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

            SHA512

            135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

            Download Submit

          • C:\Windows\tcyogklqnrhx.exe
            Filesize

            388KB

            MD5

            7a4d85a1bef0ca4cecfe376e0ee91090

            SHA1

            0eaab4a4cf009d2d0d2d525bad4742356ca06317

            SHA256

            0cfff9ddd855236e2c89d1778e88bd87db965a29d0e4e6b75178add06fd4fdb0

            SHA512

            963509e2871858ba356a6b1e2af71b05c22019ffe4172a3ed8d70d54597bf10a67607d8083fef90e549521cf194d76af1112f7628b23943d0da0ebde0704e280

            Download Submit

          • memory/1592-6057-0x0000000000130000-0x0000000000132000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2116-0-0x00000000002E0000-0x00000000002E3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2116-18-0x00000000002E0000-0x00000000002E3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2116-1-0x00000000002E0000-0x00000000002E3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2348-6082-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-50-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-1272-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-55-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-52-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-2800-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-5997-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-6050-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-51-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-6056-0x0000000003010000-0x0000000003012000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2348-6059-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-6061-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-6085-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2348-56-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-30-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-4-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-6-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-10-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-12-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2696-20-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-19-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-16-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-8-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2696-2-0x0000000000400000-0x0000000000486000-memory.dmp

            Filesize

            536KB

            Download

          • memory/2728-31-0x0000000000400000-0x000000000052B000-memory.dmp

            Filesize

            1.2MB

            Download