Overview

overview

10

Static

static

3

d96103542a...18.exe

windows7-x64

10

d96103542a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d96103542ad88b7dd63633e1402d004d_JaffaCakes118.exe

  • Size

    368KB

  • MD5

    d96103542ad88b7dd63633e1402d004d

  • SHA1

    f139d0cdf959da734adb8218bb9ab1070589f0ba

  • SHA256

    73da1b9b157a7d2ae3a21c90a114ca7251c32545511a38a3e92b777e59009c45

  • SHA512

    c39095411c803ffe51d7adc67b5ac31897fad8914c3c09ea53fee4c3123ac3655dec98af425db093405b079a81aa97e2e5f6a2dc8061a5c812347d2a476753bb

  • SSDEEP

    6144:oL9rKjvNvkH1sGf7L4JZ9oL+5b/OcGBJL8dxjHtgWECmCTPqsUPpII:5jo1sWUCL+5b/DGHL8bjHtgWL1TPqsiC

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+pvebs.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/2E65B6F81B88A8D 2 - http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/2E65B6F81B88A8D 3 - http://yyre45dbvn2nhbefbmh.begumvelic.at/2E65B6F81B88A8D If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/2E65B6F81B88A8D 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/2E65B6F81B88A8D http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/2E65B6F81B88A8D http://yyre45dbvn2nhbefbmh.begumvelic.at/2E65B6F81B88A8D Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/2E65B6F81B88A8D
URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/2E65B6F81B88A8D

http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/2E65B6F81B88A8D

http://yyre45dbvn2nhbefbmh.begumvelic.at/2E65B6F81B88A8D

http://xlowfznrg4wf7dli.ONION/2E65B6F81B88A8D

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (424) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\d96103542ad88b7dd63633e1402d004d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d96103542ad88b7dd63633e1402d004d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:764
    • C:\Users\Admin\AppData\Local\Temp\d96103542ad88b7dd63633e1402d004d_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\d96103542ad88b7dd63633e1402d004d_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\ujyrjqiiptut.exe
        C:\Windows\ujyrjqiiptut.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Windows\ujyrjqiiptut.exe
          C:\Windows\ujyrjqiiptut.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:3048
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1364
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:2472
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2548
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2376
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1072
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\UJYRJQ~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2804
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\D96103~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2904
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1988
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+pvebs.html
    Filesize

    12KB

    MD5

    7245ce7d92b664e968d1820f2d0a6bbe

    SHA1

    f63c7bb42090c9c1cc97dbc6dc8093e53f8e91a5

    SHA256

    9f36e776efb4805e1c7326bd3b351a1625a56b47decf61e5feed5ebfa2377c55

    SHA512

    3d34cb7ddeb617ea5ebe0b36e8a722e8c8846b60a52fd9d18a90663fae2073de64d30020813adc3283ffff1c95f9a0122977fd379571a6040fc61f9920d0e8c5

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+pvebs.png
    Filesize

    64KB

    MD5

    ad1e54b498a2b1901bfb20d463d59394

    SHA1

    32165282c527f44f6e5cf93c32c45761b0d4372b

    SHA256

    f5eff6ad20904d13f9353488c74cadbcf280010c6daeb145a138e13012025724

    SHA512

    83389331aee70bb310e39e9a612bd31227740a7f818f74bfa1a998b56af969232dce7cebdbe3fce99989a6cb1dc5bb11b16f6dc3680552f4a80719bc12afb709

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+pvebs.txt
    Filesize

    1KB

    MD5

    9320e9ff5072070763885652f12b21cf

    SHA1

    25ed2b30fdc0f4a9e0266a82e87d8bd8f21fa5c0

    SHA256

    9330cac6cc3e6cd094963f2c63ed2c9bfeaddeafe0e54263466af4d6fb691bd4

    SHA512

    6ee4093369b513cf1994d254c62d95fe030ff25065455d679afe5eccef743ad88ab63adcce091d960d5c33dbf43a409327feb5d70d0b7aa53c02d36699cd2882

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    daf36139463a22d491b6c24edaf7f191

    SHA1

    75e51dafeda8b802c1248a65246e2abf051191e8

    SHA256

    a9b23682da57a37fc4dd6396b18d079a31ce084d23dfcd85ecc24814c557a52c

    SHA512

    6793b8c9fe3f7a93fa33cc9e1a0c40a14cb95f0e86481ca9b00b7e1223a4fbfafe5f2fc6e4464358912d8e2d4de71387c7ca5811428e3510e4096bc60513840a

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    582069d9bc143d2873ecb180cc84c39e

    SHA1

    04dc866c7775fb78928b52142ecfd1f0d5a3234c

    SHA256

    97f497933d7deaaf897c511f93a9e2fc16c65eb83ecdddd8f871cd4945a4cde5

    SHA512

    ce11e1845074dcd14cd957132e2e6ce1ffcd1d8c6f53179f88fe57e0f6704963c9d31f387cdc26a5341151b817297412862eb02f15dd7b0f064976c17c0a3a23

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    2da2640848ac51370ae12b1a43c65e76

    SHA1

    50759d4a9469610c77a36746c3024644b1fed42b

    SHA256

    ac88beba84ea6dcaf4e360701ddff9062b6661d1d19909de07618ae2bc3b85ab

    SHA512

    bb56d241bfb1735dfaffc3ea30a9e85e90d604184b8d065787b72ed3d53904ee6cb377fe2ca4aa3eda85fe8466362df155d02060ff254f8479f1999b9bdd340e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a881f67192ed3aaafd1a7fd99335e2a5

    SHA1

    94ca39ec00d30b95194e32264d322d51ae60c7fc

    SHA256

    dd7abfc4f7c253d0def1a1de423b49814753815815d43e6235eab852838bfdad

    SHA512

    d551fd6878f2b26b67e1f6355074d2d827c6efff4806adffa012b34c3b47b645961a3f2a053bbdd37332724b851872377c5b4396e9ccac2030788cb78d86ddfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8acba80cad471d9e107eb8aa945a186

    SHA1

    9a7f82828d38988f37b5295860f09c0318c52a24

    SHA256

    ecfb1c3505207e433e9dbedafb88fdbb012d793a6d63891b3997638882688a0f

    SHA512

    5bd93d0207adf568d1000ab07d5cf960c1d717825552cc9821edbfe5528d5691b457678cc6638322d1b3d87f32feb9a8ae06fed86dc7719836787442f1412f6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1563bda1fda720fadc717c7c0bb19186

    SHA1

    06692bebbecf522bb761588ca8a1890cabb1dd77

    SHA256

    f840d83bebb95178d6a3e08f25e7d3977ec1ba43c014418fe6300fcf2d1b6e2c

    SHA512

    f564a4ec0db4cead865e1ed16d107f649c8e7f14095292f14a6ed349c88aeac67e01e67fefe86f900d631313b230c0786ed75163ed51820198975250def33ec0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2047f69206fda3772b2ce0382a989752

    SHA1

    b7b4f73351c946250cb2b1d4f02aca3153a4efc8

    SHA256

    9849535cc77bac5ea244c945f097ffa736819e84bceddf7c3f4224d3e6eb508a

    SHA512

    05a29c9fa84b4f06bd9e1d217511b32506441ee1bb99eb666075cc919347f96b17d0dbd35a31c6d4edf8d0da44f7b72b64f989cd4f42d5ae05978c95b88b221c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a4e5fed21946f4b1573827176aae150

    SHA1

    1a2457112106b905df42ee1ec33068f1483fe200

    SHA256

    f77361e08e5593ed1fd2a8526abcf8a3104c9634d48952e0d4bd554f3b5dd7ed

    SHA512

    036be07be3ee9d94fd029814adb486ab852d27b744561159e1eca054e6df0c6afa06c3f0fe7b931da4d481e1fbb6afc203c5c5c2a60f17d3737e93aeeea4fb59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3084a3601e6b305c257a57840bf0c5cd

    SHA1

    b9f6c9ea613fb57786817d5fc89455aacf5802ea

    SHA256

    7c4613dda47c5971427cd3deea7414d2860a755468b68a6df230587d9972e012

    SHA512

    bc80e67ce1bbad4d9f729c53615ad1f065f65774a93b5d6b8cdb8514e44ba52d1a5a1e6825049f3519f0bb67a8f85a28a814e5c4bb9405328c5e6c26feb30f4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef80bc1ccc8aca3c63e45125515a37b2

    SHA1

    18deca2cd36fd2ac0c811a7c324f4addc55d368c

    SHA256

    b4d9c656e45b6cf8b945594839395b21b46f221c5fa8838941e4c426ca7b9812

    SHA512

    83e311728b4d34e0134492bc3ab740ccb5ab8d001d66e74e6dee03394d369ebac9d5fd395c24fc23167d3f04875023a2d568b54d27e1886c459123629a7a8668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25e4d62ea9e87ffb9887a113d794a432

    SHA1

    8a36b3941c47741d92e8650354de9129e0b11086

    SHA256

    31a17e3efe992fb4536628a7c1ef6b0f35d45e5bb3ad3460b5ef53382fa84eb7

    SHA512

    69b7a7809f6b6c9c95ed881bc90a19b068945282c2c392b26a953a82c5bbd19f871aca9c237b41f3446818d138dd6811092e04c9f11a93cd315f99dc8ecb2503

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7805473c6a09a0dae835dbb4617a65c1

    SHA1

    81cd41dfea65db89a2aad29e608f85f09d06a452

    SHA256

    30da2d95fa7081e90324d417a10a53ca578b7d53bc41c91b438b1959600d41a3

    SHA512

    a075a8fe8353eb8a6f8b14b55318b5532d59a139be518cbe0d159c2fb7d2beacbf584e86f37cfc8521f1aebe1b6e2e1e5cd57b21d57201fc9144e26d64daad84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2D97.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2E18.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\ujyrjqiiptut.exe
    Filesize

    368KB

    MD5

    d96103542ad88b7dd63633e1402d004d

    SHA1

    f139d0cdf959da734adb8218bb9ab1070589f0ba

    SHA256

    73da1b9b157a7d2ae3a21c90a114ca7251c32545511a38a3e92b777e59009c45

    SHA512

    c39095411c803ffe51d7adc67b5ac31897fad8914c3c09ea53fee4c3123ac3655dec98af425db093405b079a81aa97e2e5f6a2dc8061a5c812347d2a476753bb

    Download Submit

  • memory/764-0-0x0000000000220000-0x0000000000224000-memory.dmp

    Filesize

    16KB

    Download

  • memory/764-17-0x0000000000220000-0x0000000000224000-memory.dmp

    Filesize

    16KB

    Download

  • memory/764-1-0x0000000000220000-0x0000000000224000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2156-19-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-2-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-20-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-16-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-12-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-10-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-8-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-6-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-4-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2156-28-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2248-6117-0x00000000000B0000-0x00000000000B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2844-30-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3048-1838-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-5057-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-6125-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-6128-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-6119-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-6116-0x0000000004460000-0x0000000004462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3048-6110-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-6121-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-1839-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-56-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-50-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-49-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-1313-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-51-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3048-54-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download