Overview

overview

10

Static

static

3

1a9ab9e924...18.exe

windows7-x64

10

1a9ab9e924...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/10/2024, 00:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1a9ab9e924a6856d642bbe88064e4236_JaffaCakes118.exe

  • Size

    418KB

  • MD5

    1a9ab9e924a6856d642bbe88064e4236

  • SHA1

    d9d445e9dcb8694398c7acb33f38d7261c95321c

  • SHA256

    69155f404a1482e4188726cb0f88b6c6fd6ca94d834b31e05f36e88662281e22

  • SHA512

    f41e93d25fe32248f55dbf5c1c721e4af5d2c28531816955094585a00afa94ea2dab0a6e25191abe8896a2185cdbc535d9dcf3beac14b683d05e1c8c7c6f80b2

  • SSDEEP

    6144:/lhEMsxe34/JTpHIOdX2JOVM8aSC4Zl7rOfT+yIaIWk3HtlE0/Ce+Mx62q2jQ1+d:7ssoJhf8JOqQC4/7CfTk/rsh2jQ1T0jv

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+auixl.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/A551FF08BEF486 2 - http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/A551FF08BEF486 3 - http://yyre45dbvn2nhbefbmh.begumvelic.at/A551FF08BEF486 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/A551FF08BEF486 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/A551FF08BEF486 http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/A551FF08BEF486 http://yyre45dbvn2nhbefbmh.begumvelic.at/A551FF08BEF486 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/A551FF08BEF486
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/A551FF08BEF486

http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/A551FF08BEF486

http://yyre45dbvn2nhbefbmh.begumvelic.at/A551FF08BEF486

http://xlowfznrg4wf7dli.ONION/A551FF08BEF486

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (421) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a9ab9e924a6856d642bbe88064e4236_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1a9ab9e924a6856d642bbe88064e4236_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\1a9ab9e924a6856d642bbe88064e4236_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\1a9ab9e924a6856d642bbe88064e4236_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1164
      • C:\Windows\dkshnpwasoai.exe
        C:\Windows\dkshnpwasoai.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Windows\dkshnpwasoai.exe
          C:\Windows\dkshnpwasoai.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2052
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1588
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:2756
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2732
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1440
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1104
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\DKSHNP~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2980
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\1A9AB9~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2924
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3008
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2672

Network

        MITRE ATT&CK Enterprise v15

        Reconnaissance

        Resource Development

        Initial Access

        Execution

        Windows Management Instrumentation

        1
        T1047

        Persistence

        Boot or Logon Autostart Execution

        1
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Privilege Escalation

        Boot or Logon Autostart Execution

        1
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Defense Evasion

        Indicator Removal

        2
        T1070

        File Deletion

        2
        T1070.004

        Modify Registry

        3
        T1112

        Credential Access

        Credentials from Password Stores

        1
        T1555

        Credentials from Web Browsers

        1
        T1555.003

        Unsecured Credentials

        1
        T1552

        Credentials In Files

        1
        T1552.001

        Discovery

        System Information Discovery

        1
        T1082

        System Location Discovery

        1
        T1614

        System Language Discovery

        1
        T1614.001

        Lateral Movement

        Collection

        Data from Local System

        1
        T1005

        Command and Control

        Exfiltration

        Impact

        Inhibit System Recovery

        1
        T1490

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+auixl.html
          Filesize

          12KB

          MD5

          10475349fdd5ef75c191907561386301

          SHA1

          8ab7db7d6d0af26bd3146cfa95079e04a567e83b

          SHA256

          603b6d3fc113c60a8656d28d761ac1f48e67edc8b98ec98468f6a280d3f65750

          SHA512

          41bd8a4f59de8415210aa4116df2149daeb21ec9507be9be5d23ca8bf5a06802dd0cca2f30b00ddd7395fa1b45a316084fed22a2ccd79177d3baeea340c34411

          Download Submit

        • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+auixl.png
          Filesize

          64KB

          MD5

          cc33fc23c696b8f47fdc8842126db8e4

          SHA1

          0f8b82856c05fbda66a55623f1703e8df93f2433

          SHA256

          0ed1de22ace6b5cab3d227e3c4e1546acadfc9374e63f193b03570e9bda1e351

          SHA512

          f2eaa550f7e7732d5d74a8195b887aedfd80bc958b9f0c41e20b7ee11042a5a7d4ffd8b0ea175fbf22644f48e63687aa7a8a90ac4bbc013972f9441439536cb1

          Download Submit

        • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+auixl.txt
          Filesize

          1KB

          MD5

          93d4585b4c08bca630ce78029d43165a

          SHA1

          c0a9d58a338f5635a6d9ded89d3104274e68a187

          SHA256

          d4a422cae470d0f726d13aaad37e28f62cb2e2e2a5fcf344ebb40869399f3929

          SHA512

          760d892bb88fcf6c8d97322ded5eeee4851edaadc04f9bee8b971a2bdcd25ca8532c98a5c8c209230732cb9b92c3e997c0dcd1573db44dad106f2437928a8022

          Download Submit

        • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
          Filesize

          11KB

          MD5

          188036fce78062aa147640c9d4e3c494

          SHA1

          a0c28eaaf05f6a4b926c47c8c42a713a0ebd034b

          SHA256

          40f16b91329024b3ea88a0d53c59c198c57ad56925c3a7f17e5f731560b0756d

          SHA512

          bd848177b790c5275aabe83af060cefbcb76f70c6375d0c1d9b37486d75e35e00e2ef50cfda5b8cdec9c6d2fea525667a046e53f0969a65bf56924b2955b601e

          Download Submit

        • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
          Filesize

          109KB

          MD5

          449f38f095bfeb88e1e32166572292c6

          SHA1

          99990d41b9c09041267c3ca55a43db3825e8e586

          SHA256

          6ff4e05c6ac7caea1f0028a45f34873ed5876ebefb9a89e303b4ab3fbb96e582

          SHA512

          9627a76e841f0c4a4e7e50242a6f83665cd281c966cd9736b0106b6d543a1fa2b71f0163bb1a2e09748d4e1b1bc885ff5e045180dfdea324c5cfb6bef439a4b0

          Download Submit

        • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
          Filesize

          173KB

          MD5

          dd3287c1b0f69be94651e9cf2456a67f

          SHA1

          89325da0cc0fcd4453c5d9cfb993d5214da087c1

          SHA256

          c0a89ba9147cae3afb15bdb67471f3f035125a80ecc9a2089ecae806d48e4ca4

          SHA512

          e5e2e7f0c3524f21ec02ba75d78a3cde23c2f3ed1c2f8b997efa7af8a2e768620cc7cfeae19bfbfc10303c9d2ae5057ec566293091ad44157ae7f14e47b8e0d8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          534d292b9f47776b5559ad39416986a2

          SHA1

          b37f098bb71f69ff235f07aed04b2054bb4ba9e8

          SHA256

          b1d3036e8a85bd2a375c82ca222b54d082277d4e7e1a1387550f472285a554a4

          SHA512

          20616fa7a176b5570e73b114a00759384c0a786d44f577a54a09406c42cbdc1b1f82dc2a16127c1210f1a6fa1639487f2a42d64e96c490524b784c69d3f54ad9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8d6864a9e82a52eedae81bc71162d129

          SHA1

          a6bc90a3ae760d0d71f87f8d02129b4e5b5c34f8

          SHA256

          66b7f36d2c240010b4d53a7eed4bb84eddb9912fe650aa62908fb268a791a141

          SHA512

          7cc9621faccf7e3a81b7b50575e099f655d41fa876bc16bd094061b8de98f556735febc147a341f7704ae78c6a20830a610c45d9d81c51d902eb5f1720ac8ba7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a0094a0a146dd90455c53f95345e3348

          SHA1

          33489ca8a0b62650c6a611d4318af6e6d6a6e466

          SHA256

          259bd46905efea47f1a3222583587fd1e79edbec84a0fb2d903b6c75123311bd

          SHA512

          cec8d322f1c0ef8269df3a616f3decd390f5dccbabf3c051a9ea8cc4b5780cab963ef7c9d5f1b3605295249030d0e8cd663983943308a8ab7daf042403b6b58b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ee2a7bf8e0050d23ad212d240c51f796

          SHA1

          34e6b40b54e42fa9eecb66f237dc0f2c3e22cdee

          SHA256

          e81bb57b68b4bda2bc97e3239355980258d7af49e7e89c62f47c3a0c3c1a3af8

          SHA512

          a822513580d03ef00c7bdb05d743c4ab584b5064ce3c05b6667a1713c95aec968c7ec3089ff79045876487f31d2247338be7a3ba11546ee5cc8383a3cd852006

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f1970c4cc44b75874793f282a61af275

          SHA1

          3e5dfef6fa4f192288a52727112a45a3f2dd2dc6

          SHA256

          6dd04bc9f40c61eb6b2d9e17a065df2b0874eb0df287d254544300b19db526c0

          SHA512

          a9d51aad9f81cc78c918d059a408630f82af635d49ac79c7b8b1aed20f2d1587af25ea1e752a36ed4bbe0fa3b01b9e35889ad408f90b94f41f0877db672b5b06

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          40ea27c0f9ae190f84b82ab6b8889270

          SHA1

          2abd3fcf352b8010737abd94aa1374153f6358b1

          SHA256

          c90b06cae346c9a9bc39a8d9f4d4d89a0894f99b0c08861bf9840e546d4ba126

          SHA512

          ea39d89240d6f21912bb796f619d3f19a65221852ad93b518b4aee29e108a16d4a543b819279f2a73c79dd6957e14d8adf3489433d08be917b594547e0373745

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          63cf45cf79566c378bc5cfe8fe4eccc9

          SHA1

          a2535e00c58e1cf9e9d17bf76b88bcd126a91aa0

          SHA256

          4c9c571d2b62a671f3ae11bdf39bbe1ebe3fb9d1e5d251ea4611ce795f85b3a6

          SHA512

          fc8cae1e87b20c62c1550b49421b6cd064e3fc1d3f3108eb66092679bbc31588f4c8adc66c57a7d05c47a7d64da3cb2c16bd766d252b5ba45da135ece5a3325c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4fc036af1776ca7f36b181979b52512a

          SHA1

          dc1a9b7d46b3410505df5575d922c042151e3340

          SHA256

          1ad2295af6a5f6fe934966a30e6916adb58acd3e482955228ed1bf87043430bd

          SHA512

          b316d7934da5ac57c56760cf02c0e8e0abadf37554ffa804f698cc5171d36e369e534f185e80298d842632ca3963ceb07301925fb364eadc5af1f3c89c522b3a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3278.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar32D9.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\dkshnpwasoai.exe
          Filesize

          418KB

          MD5

          1a9ab9e924a6856d642bbe88064e4236

          SHA1

          d9d445e9dcb8694398c7acb33f38d7261c95321c

          SHA256

          69155f404a1482e4188726cb0f88b6c6fd6ca94d834b31e05f36e88662281e22

          SHA512

          f41e93d25fe32248f55dbf5c1c721e4af5d2c28531816955094585a00afa94ea2dab0a6e25191abe8896a2185cdbc535d9dcf3beac14b683d05e1c8c7c6f80b2

          Download Submit

        • memory/1164-6-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1164-2-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-4-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-18-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-17-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-14-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-10-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-26-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/1164-8-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-6109-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-1812-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-5156-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-6100-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-6106-0x0000000003BD0000-0x0000000003BD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2052-52-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-1815-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-6118-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-46-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-6115-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-6110-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-1334-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-50-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-47-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2052-45-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2372-0-0x0000000000280000-0x0000000000284000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2372-15-0x0000000000280000-0x0000000000284000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2372-1-0x0000000000280000-0x0000000000284000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2672-6107-0x0000000000170000-0x0000000000172000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2748-28-0x0000000000400000-0x00000000004C1000-memory.dmp

          Filesize

          772KB

          Download