Overview

overview

10

Static

static

3

e31915acbb...18.exe

windows7-x64

10

e31915acbb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2024 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e31915acbb7c015d82dfaa72646f9815_JaffaCakes118.exe

  • Size

    368KB

  • MD5

    e31915acbb7c015d82dfaa72646f9815

  • SHA1

    7c29d83215851c4d8be83a15bfcac0747304d602

  • SHA256

    69058d92f560ad03fbeff38d50ab8ffdcf39f3e7ddfca4bc5adb440b2b6de7c5

  • SHA512

    76a86bc9f0d8086a56c768ade02a0b2aba468631d98d4adc53f578e364d06e1c48b7e3f6c309b1fa9be0090c1aec4042d66e134537c377bc39ec764bc2e428f5

  • SSDEEP

    6144:DbXofeVfgK9bZrUmn3t49U9fW/g3C2qvSXt/XbYHJ6HfBnMwnctf12VSPkdJoLeC:DbX4eVT9bNUm3KaZTC5veg6/X/oSBq

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+xubsd.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/679DC7C60503FD5 2 - http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/679DC7C60503FD5 3 - http://yyre45dbvn2nhbefbmh.begumvelic.at/679DC7C60503FD5 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/679DC7C60503FD5 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/679DC7C60503FD5 http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/679DC7C60503FD5 http://yyre45dbvn2nhbefbmh.begumvelic.at/679DC7C60503FD5 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/679DC7C60503FD5
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/679DC7C60503FD5

http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/679DC7C60503FD5

http://yyre45dbvn2nhbefbmh.begumvelic.at/679DC7C60503FD5

http://xlowfznrg4wf7dli.ONION/679DC7C60503FD5

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (430) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\e31915acbb7c015d82dfaa72646f9815_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e31915acbb7c015d82dfaa72646f9815_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\e31915acbb7c015d82dfaa72646f9815_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e31915acbb7c015d82dfaa72646f9815_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\dsvuwmbodojl.exe
        C:\Windows\dsvuwmbodojl.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2104
        • C:\Windows\dsvuwmbodojl.exe
          C:\Windows\dsvuwmbodojl.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2628
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1616
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:2576
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2528
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2788
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2916
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\DSVUWM~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:604
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\E31915~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2684
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2732
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+xubsd.html
    Filesize

    12KB

    MD5

    83a9d0dd02737487af2aa9e96368ff57

    SHA1

    5c82f9ecf4f09d71655102179dfbfe8479cd2064

    SHA256

    7cec57bf2202316d594254e4fa5bb6ed8de0de81f08dfa6e20dc98cd3d051670

    SHA512

    79750c959ffa86f561a2265fcc133846c94b24bba8d336e1020a69f7d99620a5a353b3b77d189885191848cd6bf7fad12e07547ba1ab3fdb4b9e41dece1001c8

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+xubsd.png
    Filesize

    64KB

    MD5

    bdad4fb63fd8ead0d63d99dac9b9404d

    SHA1

    5f76dbce3ce24b7b113a215852cf6f1104b02c62

    SHA256

    a1fbfa85048dec2640df5922246f0b2132449541387cda2e903bbb8102331877

    SHA512

    1d620ce0430c42de6bf8072be6035dc28cdef0421410b0c90d691c454652a8604f8a2aefc1cb8a1a0d38686bf91c0763ae3d5b8970c3b81a1cb6bee8702191bc

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+xubsd.txt
    Filesize

    1KB

    MD5

    e19b7c090fea67a5a95e24945ba58aff

    SHA1

    88a1a9f9dfd41ea65064dec811b8b268edee102a

    SHA256

    2819a459bf7a4611e536361f5ad0d624da2e2beb804387b4bef1c2f6d96aa746

    SHA512

    ffe957ddeaa274f7e0f993352399fc639ed837a8ac2f3b49859a3a2d77519142aa9a9d195fae90d08ddf2174abecbe81b8f0e0c63b5b97d0071293666e05cca6

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    6070f268474e148e5b35122b74583fa2

    SHA1

    b7ad41f3c8dfad0772db2a7ba322f9a4f5230335

    SHA256

    fefb5b7d44e7cfc44c2f4b3c7eb429edd3b4c174550ac83fd776f0e2ae8ffec8

    SHA512

    154e2142520d2fd068efd025436a302a1b451aaf0a2c674cda0f15beae3c0a9d08c7b2a0b6f695a63bca06d731275ce683bb67d362c02dcad43d8b8252b1a15e

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    291333acd44a7fab1cd812774b8c7c7d

    SHA1

    5f3842103641b7b4787b8a71e8bbf1cabc3d72f3

    SHA256

    bcf9b0648672fb03e6b80f057a2e50742fd81143251b044b037c10f4d6973392

    SHA512

    3bc9347b1c9893c74d6701a6339c1a03be958cca8b4785771c8d18335100543b94635f29d0394c56392184dda32e5bc5d97533a66a75299e420a52af08a46037

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    89c9a1b542da660e81d5029d49362927

    SHA1

    c33698be4b7e17df607ff7ef124113f8d7883645

    SHA256

    bca32908f1698b06e5a08b2c9191b63a43cca46cc7ff777459946db71fb3b701

    SHA512

    8a067c17566204c7d4ecf1f80658520b8ac74fa34d9689f190d294d912b858a0715a2fa4bdc2d486997e2617a43ac37a637e76e2ccd007f1f095c828ecd437e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60e4e404ed7bdc9fbcce07785afd39da

    SHA1

    96592e81c47b83a193065b2e6f15f04bde755f16

    SHA256

    89657011b0da54c8759ba08c110e8c03aa1e6602a600cba1e61b5c9252c6c8bd

    SHA512

    d5fc8a97cfd9b15d6d3d6ded46b2ce8acba82d44a9d2f99e733884db9ba12ebda036a8e6b96487c1051c603fbd35e6239e0ed412c427ce6371cca3e631e53f16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da521ee7c840d77f54457554edc756b1

    SHA1

    f0d239f811903d9c9afc75816a8cb1983587c747

    SHA256

    b225edcde42b173bbcfc111b4d8b9d7b9ccb14f4381846497fd0c8edbd1e3f5d

    SHA512

    04065cef47043ca60d4ffad7830c409b10aa3a606d55e05a3e108473d3ddd8a1465fbba392fbee3c8de84aa2f533db0fa1f7e2df016e987de8c736048cfdc202

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e0b30439e029cd94be275b6e0826666

    SHA1

    dd27ac5f9df5c29aa26a41544bbbab2e86dbec21

    SHA256

    eca8a1429d4fb52c801690b7b649e2a292d78ca20cfc07ebd8802018736195ff

    SHA512

    65c0c6822682bdac0c563623a72c6759c0bfb85bee69b736c49c17f62e274ba41655422d00df80d64e06508229cb20130b04db234ea6593e9d4a8804234704e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffc7a5141ffae05967c53303fb7dc843

    SHA1

    a25b35b132fe336582540a70ae7726edb44f2244

    SHA256

    70f4690f6a2451ce10adafd4866415e43e1e3e3a12f72d399651338f40dfae7b

    SHA512

    fa2a1c81edf8696a03aedc9d62b219dd05da249882ab176e66f2bd6d5d3567a12128017c9a29a38ce11ed2d2bbc155dffb606cf5772e65e4beb8b02dd919a338

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    963810946185d6b16a29f9b395f3cca1

    SHA1

    9a7589245614bec53032c6f6a66114a8da1509ed

    SHA256

    7204a78d88d7251f8d333e6ff2ab0b7c287fe642731d42af2ec7be017155adb9

    SHA512

    d4efb32c8ee1d07e911ed51f98a0b718946c1532c2c156f888108e4e54e7046d19f59640130a040d49a9bac4f7fc8fb560263fca76370c3a0257e3764812f6eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    433d33bf3f92c1284f54f484e975c522

    SHA1

    395713edb39a049a96950af0c826c2a011ea9cf2

    SHA256

    ab07eaec0a35bbd96600f44bdd06ce14d7e4a917a731bc319959b427217f723c

    SHA512

    17ce5108a898e33ba09633b63c0ebd6b3909802ebe96983ad170e76f1c8ec969e20ddf607134f74f65bbfe2c9ffcc687c13076206e393bcf3ff5c6bc951ad8c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11b5fa00e59984ef57f565318fbc8806

    SHA1

    ec33930e2e007e002cac729e923fc85dafb21592

    SHA256

    d708475f3d59778be9087b6432ecd28da2496cf90fb9d6635861b531ca2b4bb7

    SHA512

    d824f1b711b0056480ee07dd4858c4a7edfe5e189f12ada0c825f0ab9bdba7fb1831322b389588f23e5af1196616ea0f37db6e75fd570b361c33e9fe5f39b64d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc8ff0baab1d699d571f5c5285dc987b

    SHA1

    d4d08eb018ab0111837e149192785a0968c59547

    SHA256

    3870a6b876a6f79eb54491734d57f1cb20eeb80e507fecc31cf4e8091d402d0f

    SHA512

    390dd090178c7eade6b95386740541f2d0ae3de8647120b44271fce93f10f5ef32eac4e51396f500498f30f0fda2af747a15df9bc7af78409a211ae076b708b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f8daa93c609f134fabc1b6568f4b321

    SHA1

    8a5bac6ebbdb74ee35ab39f8d11291ba2b3913c3

    SHA256

    7a0892d6734be2ab8d05e12a2209b64a06a60cdfcec619f744d7b61659c3889d

    SHA512

    625d6f668dcd628bedb5d893d8f287c4cc8d0337c1da0bd8e8dce80bb26e85a2b5864e3598b225b18c519e74273d93e2fe29d0bd0eabab4b32ab1e1d1aaa1859

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab64B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6AB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\dsvuwmbodojl.exe
    Filesize

    368KB

    MD5

    e31915acbb7c015d82dfaa72646f9815

    SHA1

    7c29d83215851c4d8be83a15bfcac0747304d602

    SHA256

    69058d92f560ad03fbeff38d50ab8ffdcf39f3e7ddfca4bc5adb440b2b6de7c5

    SHA512

    76a86bc9f0d8086a56c768ade02a0b2aba468631d98d4adc53f578e364d06e1c48b7e3f6c309b1fa9be0090c1aec4042d66e134537c377bc39ec764bc2e428f5

    Download Submit

  • memory/1712-0-0x00000000002A0000-0x00000000002A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1712-17-0x00000000002A0000-0x00000000002A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1712-1-0x00000000002A0000-0x00000000002A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2020-6110-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2072-4-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-31-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-2-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-12-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-16-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-19-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-20-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-10-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-9-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2072-6-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2104-28-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/2628-5453-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-6103-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-6117-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-6114-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-6112-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-50-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-6109-0x0000000003080000-0x0000000003082000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2628-6120-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-56-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-2095-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-2083-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-51-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-52-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2628-54-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download