Overview

overview

10

Static

static

3

c24ec3c4c8...18.exe

windows7-x64

10

c24ec3c4c8...18.exe

windows10-2004-x64

10

Resubmissions

04-12-2024 11:27

241204-nkqxnstpgz 10

04-12-2024 11:23

241204-nhcl9stpbv 10

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c24ec3c4c8bad4bffe0a30c5da5fb33c_JaffaCakes118.exe

  • Size

    376KB

  • MD5

    c24ec3c4c8bad4bffe0a30c5da5fb33c

  • SHA1

    6c27f9f02c94dc9ce3bf23970b9071f7b7a0d455

  • SHA256

    6a7506d51f1a4c93555351464c571c856c01c020eba666f4182a201e3f5b7ba7

  • SHA512

    bf4e4dbd10559d601fbc93d9099c15fba4d40812a1f539acd07b2b5a9feb843ed005892f313624039de4f4e04b3cead9ad759723037ab2a0f7814e7158416d6c

  • SSDEEP

    6144:Te3rNhMeYq4CGRTs4kadSoKVStcmTVn57CpSCwsUbg62oXd:TY5hMfqwTsTKcmTV5kINEx+d

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+mxyuj.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/6EC42A4C93734FF9 2. http://kkd47eh4hdjshb5t.angortra.at/6EC42A4C93734FF9 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/6EC42A4C93734FF9 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/6EC42A4C93734FF9 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/6EC42A4C93734FF9 http://kkd47eh4hdjshb5t.angortra.at/6EC42A4C93734FF9 http://ytrest84y5i456hghadefdsd.pontogrot.com/6EC42A4C93734FF9 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/6EC42A4C93734FF9
URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/6EC42A4C93734FF9

http://kkd47eh4hdjshb5t.angortra.at/6EC42A4C93734FF9

http://ytrest84y5i456hghadefdsd.pontogrot.com/6EC42A4C93734FF9

http://xlowfznrg4wf7dli.ONION/6EC42A4C93734FF9

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (432) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\c24ec3c4c8bad4bffe0a30c5da5fb33c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c24ec3c4c8bad4bffe0a30c5da5fb33c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Users\Admin\AppData\Local\Temp\c24ec3c4c8bad4bffe0a30c5da5fb33c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c24ec3c4c8bad4bffe0a30c5da5fb33c_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1964
      • C:\Windows\rvnaturmlwsk.exe
        C:\Windows\rvnaturmlwsk.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2712
        • C:\Windows\rvnaturmlwsk.exe
          C:\Windows\rvnaturmlwsk.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2068
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1048
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:2764
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2928
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2220
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2776
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\RVNATU~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1720
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\C24EC3~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2884
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+mxyuj.html
    Filesize

    7KB

    MD5

    346c7f7fa67eee0a58452dfe412f42b8

    SHA1

    6b61048da8bb958b11e8e2947b912c96fc013b5b

    SHA256

    18ed009e0223c40aa10d7a67f90f50dec98f11ea736f6969753715bf5c5874e8

    SHA512

    f5d07fc5cf204021aa77d93d2fcaa21d932a8e1a5f0fef94433a42ec955e1e3451037bd7e94f5d335c79f40146362fffa0c9a4bcace78ef20f3b7dc4182b5bd6

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+mxyuj.png
    Filesize

    63KB

    MD5

    bd70ae535af8d1ba4a861b4edb1ff38d

    SHA1

    2cc97ed13ada092f34de38556efad8aed36b75f0

    SHA256

    3f486555bb5f4ad1dac7258fb6d2c1b47fca46023ca7e08876b4adcc928274a0

    SHA512

    fcd41622f6c66f248d664e0d8d711d670ea466f08e94f5646f53abaec3728b54da5a7abbacc9fa067348e8c8ac4893c805cfc8931a3a33700391fed46dc65610

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+mxyuj.txt
    Filesize

    1KB

    MD5

    3c10e7758a39ad3ad43f730a85a17f3c

    SHA1

    52244e2d3b21678663178ef792d99249adf962b5

    SHA256

    cd0720acec1977482e03492be3571050dafd42481ef9178138d4bee99ace5251

    SHA512

    0a897c17d565134edd625c26bf157e304b5e4f2dfc0eaf50d24c49346835e2c11381fbbb57410b29add2791f2b5940a12499e8d9c5bcea6b31a0b869fb017ebd

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    259ee41b9ca34b0a20d187e00389f397

    SHA1

    3815ce9179cd9975c716866574156ee518f6911e

    SHA256

    932238319b03e441d2b1fd452e82ded62eb435ac0cbc83e15580beca5198493f

    SHA512

    c3f8183ef8799f736d9ce7ab07e5edd7d691cc5e20584be35d1ee0902b8dbad4d432f4fbdaaf31e6ac5c20505fdaa066debaef11271b128dd26744c8573b6314

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    a9506a8bca69af1698803c716863cc4b

    SHA1

    c43ca4b1305d3149105f9dbf85f3a4f640eabb21

    SHA256

    8c92f6bea950d248c0d50876f13ca04d938af0c0816e719ca1008bdff9488449

    SHA512

    685e9d15e5ad7f2703146e437d64a3cd3bbe7b4a1318e16ef6e02db7c219414902dd3a94b05c43341c732c58be7097bcb44bcdcb75fddabf68233c737aff216b

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    987cb49b57c001c0f973ada112fce881

    SHA1

    8f394fb6852566789cf44b4bda558c3fb09554d3

    SHA256

    da75b164fcf7b99681f65a1cedd376944e70218b0b6fb7fac00961818748684a

    SHA512

    ba486e1568d7294bf9d87619a3e562bc36b404260f08bdd012e0c6d941e1948bc6bb2b54a8033e7ebbdc76e8f4472d4bc21309c843faa9cf0539cb5f4b782c72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ff560c612a04162ba7518231c48cf1b

    SHA1

    b4c3b14d0c85cfa19980215be1ef668be215294a

    SHA256

    bcaa14594b7102d49c7276aad9c4f37af9e782a55977e2106e1cb37dce155797

    SHA512

    94417cfe34ce1cd414184e367e41a9b3959c5fcfbfd8fa5b5a85edc648baced3ce5cb96b5ecbbe705e82a09cb106266f848a340ad5bcd6e4abee380e7c6a55ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4796aa162e04a79d3ccacfed4f9eda3e

    SHA1

    7370c35f34f5bf39280763b046185d000a393eaf

    SHA256

    8438975e685765c27cd4859dc3338a0cc0e4c090e8c317cdd260cf517d24c5b8

    SHA512

    0a42fbd40112d8676049443c4dec2aee76c99e01768438dc11dc3240abde1c6b53dbc417ecfa3fbbb2f92329df1a95a2da5c2eb2691eda1e7905e56ea37aa7ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9bd9a5f6b834ad2ad55d4931d4f5aa6

    SHA1

    ee2043d18787dbab7f6fbb66d8b8984b20e393f8

    SHA256

    6796c91197e5aeea1d5e13bacc50bcd1c88a1b622f7c0e5069df0233e47d319b

    SHA512

    0dbb22d4ac53432662d9bd0dafc2b7b1a4b45c5536a5031e307cc541171f9cd9ecc77df06148e48344091280c7d91cd89bfc598b9eee82fbb9f787e2389669b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e0f6e088359c4f003362b2fbabe59e6

    SHA1

    e40d4708c7bd0b26978e3de4970cc927e97041b9

    SHA256

    4a0e693f270b1d97668c7faf79f294ab35a54fc88b555ff69af5700d05712f88

    SHA512

    49e263388b5af384fc38de2c7298e2ab9dbdbb59ed25f08541dd0e9869c8b29a65bc46a7b433883bd4c2d36dbb84122bc5998e1dc95822fa00820405c87e1dd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e913c2c2eae7582586e44dcdb0286945

    SHA1

    3be6f0ebdf851e66f5051c2ec780c38d26bc2611

    SHA256

    62fe72a6e1fd7d60d238daa21f65b6ecfc850141afe67b11757000fa9a1ed672

    SHA512

    4ea304dacfcc5b75f388a81e7dd89d595488e017a623cb7a61150492d340a6182a7b2e031c008f40e3e6b97483dcdfd38cf8bd0dfc99211ce86dee2a51341d08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4802a9bde1fe5b1eebd391b61c33dac9

    SHA1

    781b8559876e7566a90c7031199f1be7100e7501

    SHA256

    d6c905a26ef0ad1af36cd63a0b739d828e65c4b6ff41a6ae2c5689ee78e792ca

    SHA512

    f7fedbdbf04e0066f0c3e98518d187e82d362dbe3c09c7e25ca6f7fd088b509a58439f20a1c82e0aab166b57e9c6fd9c5a829d1cacefdc8c7fc5ad195bb12c48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c1effb31568353e8b2e9405ad51632f

    SHA1

    27db64f9c73a53caa50624074d8ebd10d93bc762

    SHA256

    2089d36e34838d30ac104bbec7c403adda7462a6b93837ebec3d82b3426ca386

    SHA512

    fc29f644c5283e4986c645c4019082f7346cdde872aa1b10db8db4cc2a756c83c8336d52253529cc8f55f77f1da7ad5d36cbf175df9a20db1c141e12a9e759ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afb1887e007f7294c321eea1687469ef

    SHA1

    e5a257fe71e3777a22aad901a7f4a8c76d8471e5

    SHA256

    197a490b6247aaba6c96c71fb7a1b2cd2b74f571ef47871ecaeb4918660f4434

    SHA512

    cddc4909273c17d5c18d297fb15ff3114943db8a40229b7e1946120c79fa0a1df8120e301938764d38586300e177cca99fe713efe1b8f47732e82712ae74a203

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3FA1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4012.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\rvnaturmlwsk.exe
    Filesize

    376KB

    MD5

    c24ec3c4c8bad4bffe0a30c5da5fb33c

    SHA1

    6c27f9f02c94dc9ce3bf23970b9071f7b7a0d455

    SHA256

    6a7506d51f1a4c93555351464c571c856c01c020eba666f4182a201e3f5b7ba7

    SHA512

    bf4e4dbd10559d601fbc93d9099c15fba4d40812a1f539acd07b2b5a9feb843ed005892f313624039de4f4e04b3cead9ad759723037ab2a0f7814e7158416d6c

    Download Submit

  • memory/1964-12-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-30-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-19-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-20-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-16-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1964-6-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-2-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-4-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-8-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1964-10-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-56-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-1915-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-6114-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-1869-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-6503-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-52-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-6123-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-1914-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-6120-0x00000000023B0000-0x00000000023B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2068-51-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-6124-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-5095-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-50-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-6506-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2068-55-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2456-6121-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-1-0x00000000002C0000-0x00000000002C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2564-18-0x00000000002C0000-0x00000000002C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2564-0-0x00000000002C0000-0x00000000002C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2712-31-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download