Overview

overview

10

Static

static

3

26ecc8c52d...18.exe

windows7-x64

10

26ecc8c52d...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-10-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26ecc8c52d076787daf9a1b627639d70_JaffaCakes118.exe

  • Size

    251KB

  • MD5

    26ecc8c52d076787daf9a1b627639d70

  • SHA1

    02863208de84014a88f8175a555ad7e962ecfdd7

  • SHA256

    689274857c865531e7b2cada6adf79efe6b421bf290f55bd44920944d330d046

  • SHA512

    afd24a115ac2430fa9a8c30c6371151403c6ba41a62dcbd0d9090209c9f72c0dbf42a0c23a59dee10af46b1ee3dd026f34d6819e1a50c6adb0d2665047a78bc6

  • SSDEEP

    6144:h4G9VCVis9LEupKjvjTh3/vo6qPw8CVWnCkHWSVLJCD:hEEieI6klCofHMD

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECOVERY_+twbhd.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with AES More information about the encryption keys using AES can be found here: http://en.wikipedia.org/wiki/AES How did this happen ? !!! Specially for your PC was generated personal AES KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/B0F35970579297FC 2. http://tes543berda73i48fsdfsd.keratadze.at/B0F35970579297FC 3. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/B0F35970579297FC If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/B0F35970579297FC 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/B0F35970579297FC http://tes543berda73i48fsdfsd.keratadze.at/B0F35970579297FC http://tt54rfdjhb34rfbnknaerg.milerteddy.com/B0F35970579297FC *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/B0F35970579297FC
URLs

http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/B0F35970579297FC

http://tes543berda73i48fsdfsd.keratadze.at/B0F35970579297FC

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/B0F35970579297FC

http://xlowfznrg4wf7dli.ONION/B0F35970579297FC

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (415) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\26ecc8c52d076787daf9a1b627639d70_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\26ecc8c52d076787daf9a1b627639d70_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\wffuuaexrrop.exe
      C:\Windows\wffuuaexrrop.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2092
      • C:\Windows\System32\wbem\WMIC.exe
        "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2808
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
        3⤵
        • System Location Discovery: System Language Discovery
        • Opens file in notepad (likely ransom note)
        PID:2228
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1876
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2068
      • C:\Windows\System32\wbem\WMIC.exe
        "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1992
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\WFFUUA~1.EXE
        3⤵
        • System Location Discovery: System Language Discovery
        PID:752
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\26ECC8~1.EXE
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:3060
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2200
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECOVERY_+twbhd.html
    Filesize

    11KB

    MD5

    e077bd90774ba0c47659b64f5e5eeb7c

    SHA1

    214160997581606cbf973f1fe1bd5ed5bfee080c

    SHA256

    4ae153b2a2d9eed994b03779d4fb33a05ff2fe58ae3c5d6161021ef68b2fc9b5

    SHA512

    46cac7fb24343eab3b60682e2f4d4926101c94e63785355e1dc5b851fd3450678d46794b3bad82737b5edfc9ef23aa3338b599dfbc1cc6c652b4499985c36e3c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECOVERY_+twbhd.png
    Filesize

    62KB

    MD5

    3597e273b9bb59f39e9eea7bcc09a478

    SHA1

    746d70cb9d78e299bbc64e47f698fa682173bda1

    SHA256

    9f31a974e1f15578cef135f8ff7272aa5355e48a0b9243eef85420660825545a

    SHA512

    0fc413d4d870abcfec8e354e131f89ba3db42ace08e99a78320b6850676ea36f2ca3ccd77c050ee3c4897331773bcaaa737066b65fd8cbe667f1f6fe08e6c343

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECOVERY_+twbhd.txt
    Filesize

    1KB

    MD5

    7758cdd2100e48a006697c11519ce63d

    SHA1

    619e7c629849408d61aec4d3735a98b371ff4bf3

    SHA256

    e5b7a754f741d54f7d8955b158298f44edca66fd38c4398133a4e5d47be6af0d

    SHA512

    74f51cd31a7098f448c83a744b19bafcb2406ec83e32ea0a149f466e2a7774ed42c8fa71c9d4d791a40717c7655ab7679e6225c46449822c108a93e7f0ac2f32

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    ee5d7949169bbfcc6b337e63e45497e8

    SHA1

    4c238c5cb75c0cddd7264871cb8a21ca625aa7c3

    SHA256

    22e5aadca27748ef3b643023a2c44a6f614ba48c4b53f782eba01b12368283f5

    SHA512

    8eb273a6e5a32fa97e0f02cefec3bcec4cdefd29dbbea105c1f4f7173cd8658a63a7ba035046086b04ba9a10160a42c1f72d992362fa47f39e790c7d6ca79765

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    6ce43f1c5296c34ff8afe5999ec0d133

    SHA1

    b9218c1ef6a880bcef89680388cd73fc81e1bbc7

    SHA256

    8977ba4b0a86b34eb7a3bc68d20812c7ec85ecb3e0f7a54ca8e33d14e754f9bb

    SHA512

    482f4f35d4ad9ddda0abf60a921277bfbb2e4caafa6c44e5016d290d324d14bff32e7b518268a91dd64987215e0a18219032b70dbc101d21e6a98bfac7e23d53

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    7ba7f513d4e54e0193954b202e356571

    SHA1

    ec3a0201b1e669521e65417bdc8e90c60af47a3d

    SHA256

    165f12e6eaacaf4f922f09ae7d3cbb89f2a5c9875e8a6b5cb9b4f5fbad5d0c98

    SHA512

    ed9cfb7131695b7617a19b3dd584f4fdeee703276ba437d68dc36f9fc3b0c823d2795c4bacc20460f7fb3ae6644b612d09706af9aed9b2f9f85b1f59b69e5dfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    532cf8b85f143dacfa9188e457781b16

    SHA1

    9f89d2160d9b1c3679556c12d2e52255354989a3

    SHA256

    a4e44beb19f8277ab0f73e2bee6a3884b33cffe7653efdb5fab4173816368eca

    SHA512

    65896170b1dc5147c6520a09824b9cf5519aa3dcc72ffe20993344cf4fa3d194b76e79c825b6e21f2cbb4ca96b277fc629099c8b57cba3b2b04308f2216e701a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e2ca2438a6e1deb9f4d93c2789b892b

    SHA1

    f73a236947ee50a9019e9a9cfec59833fea58a9a

    SHA256

    643163d40f4bd214a183c8d930d98fe40c4a4f67963d9a4ad2a53fd158601960

    SHA512

    88ab53907476fa6568f159726604017ba445e85476df79b6a6742064f04d86285621e6dfe6a2760642e8ae81efac1cc9b6acf5ebb9175dee4f26e9603afe6d5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdef8f8eb831653f8fe28183bf71120d

    SHA1

    4bd0ebe8ec0ac0e13c311f3ffd74bcf7f60a80e3

    SHA256

    e03e4a7487f73d13608a2c7c3f820b38807435f14f7708a787330bc2227fdfa7

    SHA512

    e8835ef17c01420b7cbdc502ee2d58fea862ff160f5ea1078ae2a40a4ed43f2001be87f34b0d5c18667c61d8400ec22486c5f76be72f57677b6a6dd35053f9b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63d9cb038d5397fa4436838450fc1f4e

    SHA1

    dc813a33d271f142a3736c025c37ba2582cd738e

    SHA256

    c86fd4d6f2b8fcc40c7077c71f5d4e3398540f79507bb841b8cec98d1ac1fc74

    SHA512

    10edc8aa42e78833b339f77756ed51c727810c26c9e6c6abd325895b00e0f577cb10da616b33cf02a4594c9751a235bcf159425d7b7f359c1889ce6a8df322ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3becdc6f4381aa78040ffaa41e64d29c

    SHA1

    a2a74769451e0bedbe697a1da1b5cef96df726bb

    SHA256

    700f128df7004137364e016472edbf6480344be66f1fb83ec4444a11498e9646

    SHA512

    f2305daab1854d4ed9c909b8e3b7572893ee0a237c751b3d97db82c902053725b8e26f0fc457719c43e4b5490b2e7f5aea24322c5c1b1964bdeb31fbfdc5e9be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bb601cbcbb7c0a3d4436191cbe3e559

    SHA1

    0e9ebb477185175af1cbc73c98755ba1153e1105

    SHA256

    dbda37276bbe34b6bd65fe2e8b4bb1c29d74493256542d939fcde74bf3735ff7

    SHA512

    f4b99a8c3aaff8e005c55d1f5291e94c2e31b1e14d58dca228c0ef126c8f2559530a14aea14c0bb9682a8d9ba5fe99b2e7ac96a12d57fbdd9991e0193e6626f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    862632dc0f5e0a44635013d6213491ea

    SHA1

    45bcf53725b30fda6bb628577f17f3d2911b1ac2

    SHA256

    87894d23e8d0f94c85bbf9479c94110d14210abef9a1d71bd285ce41970d84dc

    SHA512

    a78028f48cf35455688833df92b85811dce21fd65a0d17b6da5cf95faefaa6eed769e26346ef21e7e417244a6eaa718f19ff72fafc1288ee19cc33412599df5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4472a0819c3a830e24c620687b0193e3

    SHA1

    735c2d56f9a976288534191d8e2ed71a5e27a821

    SHA256

    30f05334fe1da40951d75a7ef146c1887f5941de33eb77755a29cf7848dcfb77

    SHA512

    413661224169d31ecd938742eb89d456f55933e734a035c4e84d29d3e19fff3934282fef09f52c81a0ee5b350aa41c7973c875b24d52879e3ece8b37ca47a748

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce1467902e8c7a75a7af331bfb572bd2

    SHA1

    36eb1826686f80a2ceabd99ca1535c4cb73c7255

    SHA256

    06d7b96ef9078448bd620d486920226abc9763c40d646324e05589194f720edf

    SHA512

    d3813d0170778e2dcd2cc12a9a4444d5af444d75ce5ded7438c5665c9249e5818c8851297a04ca2b4de478bb28b253f7b9acdd721ac6ccbe97efefe19d09c5cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0703c97a3b94a2b7aeaac2c0bcdda6f

    SHA1

    4d3847cb51d2aa8ab5696072d2c5c3f04ecf4562

    SHA256

    1bbd1590dc32c743b206f47db68a32baf5f9708f4d36184bf9e9c2845905909f

    SHA512

    6821026c3a3ec6cebf46e0e599183c8280bf2be59f86c2890dd96b942f87b688900153ded58a834a7c2d41bb4c768f9b9ab5e9b5ebe8d6caff834e530489d897

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b3efdd7a08ec850a298300d3be023bb

    SHA1

    923580a0ca1df1f33ffc9ce7025d418ad70a37dc

    SHA256

    ac124597cceaf3db5eedd08ee364f16875e0dbea98046da932726acf52681686

    SHA512

    af82e25c7c0e48818f4704ac50fe205255825bd8be64eeb095220fabd42783f2190156ef6238fad0c50a6f2b8786f31223e000bf052ae1e222d11a5834d5c819

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5F70.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5FD2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\wffuuaexrrop.exe
    Filesize

    251KB

    MD5

    26ecc8c52d076787daf9a1b627639d70

    SHA1

    02863208de84014a88f8175a555ad7e962ecfdd7

    SHA256

    689274857c865531e7b2cada6adf79efe6b421bf290f55bd44920944d330d046

    SHA512

    afd24a115ac2430fa9a8c30c6371151403c6ba41a62dcbd0d9090209c9f72c0dbf42a0c23a59dee10af46b1ee3dd026f34d6819e1a50c6adb0d2665047a78bc6

    Download Submit

  • memory/860-6054-0x00000000002A0000-0x00000000002A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2092-8-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2092-6053-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2092-4652-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2092-6057-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2092-1520-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2092-1192-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2092-6496-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2092-9-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2476-1-0x0000000000880000-0x0000000000881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2476-2-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2476-0-0x0000000000850000-0x000000000087E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2476-11-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2476-10-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download