Overview

overview

10

Static

static

3

2f69faa2ba...18.exe

windows7-x64

10

2f69faa2ba...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f69faa2bacccf5a61b7c7996c558f4c_JaffaCakes118.exe

  • Size

    328KB

  • MD5

    2f69faa2bacccf5a61b7c7996c558f4c

  • SHA1

    172c3b8d22eb08f491d4c90cd86aaa21b95f5b95

  • SHA256

    ac4a172dd0cec7582090313549f3adbba96a7aa11a1bb85f39da11246fa73585

  • SHA512

    712184c799086b5c03605ede0adac41695d620aaa5fe74dee82e30e4fa4d440672b2b2af473233c99de17bce511ccd7641b9562363aa875d6e954554d6f38578

  • SSDEEP

    6144:F4MKA86q6kcKPqCAOFPmvSNQgstAw/u5jp2hnU4ZcRdN1Sgg68:F9x1KNRmKN+/Mk3eBU

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+mrymu.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/4AE985BED72EDE5C 2 - http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/4AE985BED72EDE5C 3 - http://yyre45dbvn2nhbefbmh.begumvelic.at/4AE985BED72EDE5C If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/4AE985BED72EDE5C 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/4AE985BED72EDE5C http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/4AE985BED72EDE5C http://yyre45dbvn2nhbefbmh.begumvelic.at/4AE985BED72EDE5C Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/4AE985BED72EDE5C
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/4AE985BED72EDE5C

http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/4AE985BED72EDE5C

http://yyre45dbvn2nhbefbmh.begumvelic.at/4AE985BED72EDE5C

http://xlowfznrg4wf7dli.ONION/4AE985BED72EDE5C

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (565) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f69faa2bacccf5a61b7c7996c558f4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f69faa2bacccf5a61b7c7996c558f4c_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Windows\uqwrydmhfrbs.exe
      C:\Windows\uqwrydmhfrbs.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2844
      • C:\Windows\System32\wbem\WMIC.exe
        "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2772
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\2F69FA~1.EXE
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2856
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+mrymu.html
    Filesize

    12KB

    MD5

    1c0fb680590153c368357ad3c510a8f0

    SHA1

    b664cbb4c515ae04ea2a1cad5c568648acf4c324

    SHA256

    2282253a4457eac67361806ae8548161dd83405022d201ff6d0a35aa882f8814

    SHA512

    77dab0c9e0ce9bd075950cba958ae4eb007648f2cfded20b176c41eff63d0c35657f5e5e6f7875f76b9e3f83243b47e8d1a8ee981ac4c4900b9be169c31fdbc7

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+mrymu.png
    Filesize

    64KB

    MD5

    e65f5efefc616c8bfd4b14607909ca68

    SHA1

    170d18ad4aacc3d1a2195ed4b186dcd8821934de

    SHA256

    b124dadf160f876977b0dd22b4adcf43afa460e75743aa694c9ef4ad7c2abac8

    SHA512

    ed2eace28be5f4d5103979ae42a2d72f883048f969f82dd697349a65d311b981f0a12170838e3d7d489bf08f298ce632e49b294f77ca35afa055b5db066aa8e6

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+mrymu.txt
    Filesize

    1KB

    MD5

    616b6b0ee824dd536b03e1987867ca57

    SHA1

    68998e319e3b6fe64ce41c78ce9af26ab1f54e64

    SHA256

    7a781a0a55ba232b0cd54954cda6c7729ae6a6f0e09677e668453feee36d96b8

    SHA512

    74b975dd81c2c6bca58dc46dfe47d1da5a694bd9684f545b8c0ab5b1187dee3a5e58e13589dfe9cee42f7ce6e098e6c6e70d64ab6df587043726afa0a1de56ae

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    3ca9b0ba23fc8a041ec330a73983f0e1

    SHA1

    a696258fe2504a6c9ef297944b8d5984f569243b

    SHA256

    b337f02262a382848788d40407ed25ceb88cfd94e50b299b37fdcd5470fd7b78

    SHA512

    b4ba6c35181c462f41d1f381d7b98bcd98d8dc0567dbe4e070b4a529e26cace243b263578cdb97d6c4f70e31e9b2774fa36234aade59093d746e66e31e0e9a34

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    6af75e1bd271930adcd62d8c2107c14a

    SHA1

    2d2f5d78fdf82a5821fd89dbbf651e10d6ed06b1

    SHA256

    15d59e7770faf4e63f753b0550b2fb6ca1bc61b8983957f75f4fe95017419a89

    SHA512

    3a78bc2a6a51bd496f630a34084eec1b65b54f7f8918bb72795b3fd4f444f0ec0e2198ed948d20aecdd6337224723dd7de957f7ecd24b91e300f6822f62b3b1f

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    596bbf9178af7c04b74c1670aacf28be

    SHA1

    7d35fbdf9af9208efecff4de3ee204952068ed13

    SHA256

    4339a253d990172780bf4ec2f85c1011d3cfdbcbdc716b5bdb2daeb6951a48ff

    SHA512

    81640c996f98553edf1fbc43d70ab23276eaec5234c1501242cf87589291e48cff077ddccf8cffc7133a837acdc9e47903925b72e0d9166d415161e83cd9ad14

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sources\license\es-es\eval\professional\license.rtf
    Filesize

    35KB

    MD5

    65e8e63aef9c960a0443663e975e1405

    SHA1

    ef9171be189f8b159061173d4714105b26218259

    SHA256

    fcaa79c2680c86f105198bc1a548d53b8d607d22dd6303bc8a9fbe4c2fcc050a

    SHA512

    d454cf495705e161172999b9865c096d82738f5a1573a239b771baa749bbc8bbfba4addf15e8fe79cd0f5dcf28bc8ae327b1aaea41cf8c4898d73ebbfd6cf3d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sources\license\es-es\eval\ultimatee\license.rtf
    Filesize

    28KB

    MD5

    74e875188b00c26467160ed445ab9275

    SHA1

    750a1934b4c50e00d349c09585da00a1b634df8e

    SHA256

    1c8b51240c6857a20ed38636f3d9874bd6327ee67ba407ad7b1060e759c140fe

    SHA512

    de324fdbe4368e596c4e332617c19731d70ddf1f30a3f9c5f3d222ba91e5f9150ac588577032050813b3d9f0586be61f0afb0f37b0843e98ab2165d17eaf7184

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sources\license\es-es\eval\ultimaten\license.rtf
    Filesize

    35KB

    MD5

    834f827e9053a1ae9f6e66524df86f38

    SHA1

    f4db0fbf518a754bf2bbcebd068fdff68f5bb65b

    SHA256

    968c2489169480776dc73fc2fd883a33e1175441ddf32d4f2ca76600cea1fcb7

    SHA512

    58b1826cb8ff111d86c7019e6bd13c0fd7fccf7fa6df1d99952a57412bdbbe05c8daa3f1aca2d8a96284cc5a396ffb293cfc7e1290d2cdc9de10ca1caca90f5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sources\license\es-es\oem\homebasice\license.rtf
    Filesize

    28KB

    MD5

    079264af13a27cd6081b1cfddc20276a

    SHA1

    adc077c90d45103ec6c52d3a1fa92bd2ea705b8f

    SHA256

    93d678e3d794f509ac49e35a69c2a4d9c3e6b26d8ee426d8ce7f1f7ac66a6741

    SHA512

    46c6ccdcebbc389e9d1eb39d21eaa146f3f74493c975dfe3db5e07f5f310473b4cebec61f78e61602df3590c5cce23a8b44e2a543f03bd0047b979f1f1a315b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sp1\sources\license\es-es\_default\homepremiume\license.rtf
    Filesize

    28KB

    MD5

    80a0236c2c68134f7e19517be20b9a74

    SHA1

    7f66201dfdfe1f5c7aefb712e068530114313fd7

    SHA256

    f4d1928d7ef6dad5f94a9a565ea249a851bc0844d35a90dfd61a0e04ad1aee2f

    SHA512

    4fc00bb923d682fcc3bc7f4faec590928e1e5c746d987eb4e7511f8901941a4043774b438f70d0d5bc92689f707869d7680636589f60770b908168e286f8b526

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sp1\sources\license\es-es\eval\homebasic\license.rtf
    Filesize

    35KB

    MD5

    ab46aa0b8c0d84a2775085a176ceada0

    SHA1

    c73d6ba32f24d706c6c0accd19660aee92c188b6

    SHA256

    2f66da6ddc9f069a90c9077db5044e382d602d77d4a359216effd5537eaa9daf

    SHA512

    6ed95628ee38c172967566c454304aa8c50b4fc0539e6a0bf73f5d3297f70c92ee7efad86621adf77bb48e2a166113f89ae97d6799d73bbffb0a4ab531185e1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\sp1\sources\license\es-es\oem\startere\license.rtf
    Filesize

    41KB

    MD5

    4d5516589c11af863cab6d4f1a3bfc5c

    SHA1

    a977da12e4bd6b124581f57eed5dd5ef7301d5d6

    SHA256

    620ec5c4710c393f3850b41437de0725b389b8680f2a892eff4efd50dc5d5e9b

    SHA512

    19f217c20ca11ae423b6b8f66b07cf3144991b5848663b9750afff0a7d60a21af2af06b6e8e28069f205153f835c4819c85978b46e119f113962e74f92d53b9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc29d5bca5556a09\lipeula.rtf
    Filesize

    9KB

    MD5

    b46794b5982c685377b2248193f35475

    SHA1

    33b1cb42e52a00204604c5aaab7d0bdb7b11d7fc

    SHA256

    63e7d99d6662ac0076bfa6b720e41dcd44b85fe688262462e8c352b1dca020f7

    SHA512

    27f0d5f64aa2c421b11bb07b2f2cdc09c58910e76dea97d969f167600fd882ddb257b88bd7766f100d347bd624278644b36d0b64b649d3ccfa0aacf07ba36941

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9a71deeabfc0d8da\license.rtf
    Filesize

    40KB

    MD5

    5b8976c69623d888f071e13541ae5494

    SHA1

    026039d907c7acb5437639b8bcb6a5f6c0a3b885

    SHA256

    647f0d4719147bf02b8f0c0530a382723aad4d8064aab8a0630c0482c5fb4e59

    SHA512

    4245262835c286ede383d96a35fc863d03a3449f42180c3e3b9cf1353b76c30f6df65a29742bdf3f9acf20fd0c904263aa6b239e7d9038efa84f2b84b2b61fa3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_30cf7a89f238525a\license.rtf
    Filesize

    43KB

    MD5

    70ac2a9e4717a6678aba05671d4cc73a

    SHA1

    20494578f03102a25cbe89da25bcf4f91305220c

    SHA256

    a8d3fb1f5b4a15093b99699a0030a6c4ebb1b77e1a5dab135d6ed1ce84a7d00b

    SHA512

    92b5415b26663a4d55e8e062a854091a092569d1f4915d51748cc62db240e220de7562653718ad07dc2e669e5e0823bc139fc5380a0b26a2a26dab6947da71c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16d3f6301ae8cff8\license.rtf
    Filesize

    1KB

    MD5

    f067b9a8de29ad7a54f316d84b67a18e

    SHA1

    d255067074587d8a959c79ef338152dd6bb1804a

    SHA256

    8a7cf48772b910afbe8f8c4f77084db52264c770a7ceab9ef5341a796f53b59c

    SHA512

    3a23b00df374c6d7bb711027001541029932094c0c4d62dc2e072c1822b6ee48bd27cfb8ab437ff29b892f8eea8e706307bd7ba699fea986cda4fdc960d17fd2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..rverhyper.resources_31bf3856ad364e35_6.1.7601.17514_es-es_b990ce545164c82b\license.rtf
    Filesize

    62KB

    MD5

    991442d7c36e4b2b7c4530800b651d9e

    SHA1

    e63256bc13fa56b4ddd20653a0957994acc9c565

    SHA256

    137a006641763981400ffc4044e350e612a6fa756b1c6f8b30f776283cdcc693

    SHA512

    287cecb200159a07c96c251fd71d188ea3d92506462e8327907835bb99a1f04000b466a10598f08db305b784955d78aec56be39ad5fc70e32210676054d740c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b1cda3731d74e249\license.rtf
    Filesize

    1KB

    MD5

    ffc8404c40bb2f2c5892ff42039b6474

    SHA1

    64119b28c305dfd74b699bd43c5c38dd00935e87

    SHA256

    b1e7660aa42b973067beca1cc11e331a92a9d508a7adf8ac926d9a630065ff6c

    SHA512

    0429f257b003da319d4da7cc335253e162bbe1ac8bc4f3172b57cc2e3cee19bb558f8b0bf32b97892d9cdc3a2aaf2010764d8c3d3473f6167a105e166d67cc3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7600.16385_es-es_18649662a3c65f12\license.rtf
    Filesize

    1KB

    MD5

    7f0212275db33a670a71d4d5bc1a6e26

    SHA1

    b90fdb3dba33f25640acd1f5447881ce2d637031

    SHA256

    3a702deb48003eec3c6af25162f77910f523a8941b629ede829bd758f95b047b

    SHA512

    3a1c5441d9bf80df8777d37e78d8f5ce32bb41e809057db19e6d2cf8e3f2218bb03887e2dbd1aa8964ac9ec1e6e8d7d1daa26115c06795ddb93606781e0b85bc

    Download Submit

  • C:\Windows\uqwrydmhfrbs.exe
    Filesize

    328KB

    MD5

    2f69faa2bacccf5a61b7c7996c558f4c

    SHA1

    172c3b8d22eb08f491d4c90cd86aaa21b95f5b95

    SHA256

    ac4a172dd0cec7582090313549f3adbba96a7aa11a1bb85f39da11246fa73585

    SHA512

    712184c799086b5c03605ede0adac41695d620aaa5fe74dee82e30e4fa4d440672b2b2af473233c99de17bce511ccd7641b9562363aa875d6e954554d6f38578

    Download Submit

  • memory/2716-14-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2716-1-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2716-0-0x00000000004A0000-0x0000000000525000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2844-732-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-7951-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-9222-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-5541-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-4548-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-10349-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-3563-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-2571-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-1479-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-295-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-15-0x00000000004A0000-0x0000000000525000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2844-11405-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2844-13362-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download