Overview

overview

10

Static

static

3

dc56ff2ad2...18.exe

windows7-x64

10

dc56ff2ad2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2024 01:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc56ff2ad208373e7894272128dcfd13_JaffaCakes118.exe

  • Size

    332KB

  • MD5

    dc56ff2ad208373e7894272128dcfd13

  • SHA1

    492b49938fe3b9477d9f650ea81ea44e1bce2c79

  • SHA256

    1ec6d16bb03201b4bb5bf1f2912a037e9f0470b9037e04a1cd40081887ad4f0a

  • SHA512

    a944e27f309f003e392104bcfb54bb165793c049bc6cddf562296136038571602abcad2ebfb3d20ad62abbb02f95f0954718da052e6b90d05d2fb6873ca7dafe

  • SSDEEP

    6144:tBRwPAvE5Ugv5yEMhQzwKSPKx+f2DmkAKLYmbCT597:tCWacQlSPGhmkx0

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wqiow.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with AES More information about the encryption keys using AES can be found here: http://en.wikipedia.org/wiki/AES How did this happen ? !!! Specially for your PC was generated personal AES KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/A32121785C1AABB 2. http://tes543berda73i48fsdfsd.keratadze.at/A32121785C1AABB 3. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A32121785C1AABB If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/A32121785C1AABB 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/A32121785C1AABB http://tes543berda73i48fsdfsd.keratadze.at/A32121785C1AABB http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A32121785C1AABB *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/A32121785C1AABB
URLs

http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/A32121785C1AABB

http://tes543berda73i48fsdfsd.keratadze.at/A32121785C1AABB

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A32121785C1AABB

http://xlowfznrg4wf7dli.ONION/A32121785C1AABB

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (407) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc56ff2ad208373e7894272128dcfd13_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dc56ff2ad208373e7894272128dcfd13_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\AppData\Local\Temp\dc56ff2ad208373e7894272128dcfd13_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\dc56ff2ad208373e7894272128dcfd13_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\wyhdgtrroeph.exe
        C:\Windows\wyhdgtrroeph.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Windows\wyhdgtrroeph.exe
          C:\Windows\wyhdgtrroeph.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:3060
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1224
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:2984
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2736
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2864
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2656
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\WYHDGT~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2436
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\DC56FF~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2832
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2112
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wqiow.html
    Filesize

    11KB

    MD5

    9479919c593a4dc26d61fe8568445a1e

    SHA1

    769fc0181ca30f62156b2a6e23ee4b560a437e71

    SHA256

    bde436b40967a4d1e5cc3cae6bb0d52756ec4aad0cc8654356c09e5e771b6a41

    SHA512

    3e603eea347420d50f45b0eea72d442c9a6fe6596a5ab004514f83bff76249fd46100246def98884cd851c0aac7fa036ac810470fdaf85cee253f772ec7bc003

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wqiow.png
    Filesize

    62KB

    MD5

    8102a2716dd77f8c62f788e861d3bb8e

    SHA1

    d49371ab3b5a732f0f613d0c4d5d2472622d9bf0

    SHA256

    a0f5b126156266db40b122c21e2e163381116a969b531594730dcffff0714cde

    SHA512

    afa9397436edde513dba87dbe245d33636d85443692ad727fdc267b77455acf6b310cf7611c388b98955b18ba78e176ca7ab1edf7f026e0c22c4dad7d387a1af

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wqiow.txt
    Filesize

    1KB

    MD5

    35bed2b554ea11bd03d0ba73121b109f

    SHA1

    1c7cf6e0d7ad4dc7ddadca8d6b4556491d157af3

    SHA256

    e79ecc2192d012caed24d4d8fa180a2c1e8531a817543a69defb9b38eec25eee

    SHA512

    9060212875e377abc6d0559cff9cb578d1db4bd8193eccba7338665687df20817a1e222878a5a61dea2f02fe45f45081f8d645310a774812b150f89bed1ea0fe

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    a343669f80408c14a29f09c8fca9a3b4

    SHA1

    cf7ee5faca7760cfbee53c15a4c221c46c464bba

    SHA256

    331af7380f54195ef1f4768f2624120274a4951b540c34c44669c12a2335cbab

    SHA512

    f0765a5194d2715954b86bc22490b3194be8769a1db235ea956bdc68015187827822aab4b551c727034bc984c71a858ba28eda073487b149a69270c68f26177f

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    18ae44fc092b51488aee096e9293d03f

    SHA1

    2243e0b9c04e98aa7ffd1e54520f09731b7f95c0

    SHA256

    b28371defa9674eb9a44394ddf7f4d665e23d79ae3b9a75a0c9960e5a0e86565

    SHA512

    a233521d26f94e3e19acb927b2d3caa59f21d0734b970b3dd34659be95cba48c17f593c83b53d88cdbc0d86c3c5586171228d6ab993f1e186dc898cc93c73b49

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    57f76058d7aba5521c58df67f216940d

    SHA1

    dce3f17ddae2c55c5b54e0e410eb0b83c0dbfa6c

    SHA256

    68ac70e502c55c9ad933a782882a6bae9b3ad6a4aa4a2b385fad3db8aa64aba6

    SHA512

    8245da01cc4921563885e427cd4c7070a6290a9d517717c1abdb47d4522d44c1ce4a2aa794d56836bbfd2d29518f5036a49b012394168209df9f33595ef3ec8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5b2facc7f28e3abbcdad35de19de116

    SHA1

    ddb758ac8e05adf244166fb3964413f16a9387ce

    SHA256

    0303387f1552606c938d8abd706bb37a061dfd4d0813a608973bf70693fbfcfd

    SHA512

    88c50c0aabdb900cc2835ed29e4781b2197bf09d14ad4f57a11be0fe92c39f498ff681babe48d26915a297d0f3a8834adf5cded3b244bf80d5d85f1b4cd98dc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99dfdb14af2631927685aeb55df79078

    SHA1

    7c4f3d824e8a01b1f20c12e07856f75cc53f393f

    SHA256

    0aa5778815c9631ab796eb27df7dfe284c999a36a8c852cec60a888a2d903e1e

    SHA512

    a01cffab1e80aeacfceedd9940525dc19bfea46f9a6c8306c24509c39a3d5ba6ebde55bc09299720dafdd3c8184d01f739d1445ce5072e29cea9c6b104b1ed23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5404749d6a9b5abf995fd51bf9ff5f73

    SHA1

    4ff7eb403cb8fa69f19baba7e60f5e1c84845234

    SHA256

    6d7c528c682fc781aa2d28c2376593313d7182084f870362782b1fe75edffb99

    SHA512

    c05adb670740901103c2145e4daf3744dbda35832442f81c74a3c44c98bf928f74a0de5f40469a246948514493945564c07f9d42d2b71d47f0d9587299a56408

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc8d517cc897e881d5bce4ed37c954c9

    SHA1

    45e1ca52e29862301a0c99a1ffd10f777f80ac16

    SHA256

    5d8b5d20db0fd15806dbdcaf528653ffd1e085cf5cd2ae611f7291bda8f516eb

    SHA512

    ee86dda469ee44397ab953cf09ecf0fb947200edec78edead13c893c4b98d83e77dbd19eca8ce33bafabf5a8fcb05269350c1d31bbe68ddfb608d6a62d70b26f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84093f7cfa2078c088aa11306e359747

    SHA1

    8687c1d52e0d3e2944adf9a2cb8a0e9aaaf4d435

    SHA256

    8702733a31f6e1808960197c5b8e2f5d13939860ecdd406a02116fbed03c32ce

    SHA512

    ad4189e845a2d68de8f5c33bed762cb77106168fec6f78c9f98f2d85fa5a7443d6f049354882ceb998ac4c927ec722ec4415fb715c656c0a53b91601ddeb749b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e0fd5fd8a9c159d5cd81325aa20c1ad

    SHA1

    1bc5de6e155258394a7a2299ea37d64aacfb37e1

    SHA256

    8679a2476c84615d2c211f7888b38b3930fbe6172dad5934f0eb5fbf614e0883

    SHA512

    400a1d9bb6137a43859635c871ae548fd62063e24cbd37ad00696674c91e665bfd63d8d4a9a60cb1d357a0e8aecb455c23e306a3eb3469d83556893f520b925f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f2334d00b0a12faf1964f9e937180db

    SHA1

    37d98e2d690bc0cbe2f4b27dfc2283285f110fef

    SHA256

    df14ef84d8b5ce45569ddef36c10cdb0563089cf83e56c5dc59084d20e728fa9

    SHA512

    5281c07c72432113689f2ad150a76e363083cdae3be5b9eecec0e9e74021da21ed6e9038245527459c563de8bb7bb36e2bd68697332d0ffdeb38fa5fe33a775a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7404148063f6f5252efa6c11214d1ae7

    SHA1

    409d21c607a67e1c202616a937839d0f4bc00ec6

    SHA256

    62c927f8a3b240d507be738b2fe7b39465f891f4329954330374d3b6c099a486

    SHA512

    4e47169048050e8792b0251784dfdde6b2b494f35016963df1db64d3d6655ca0800d6af138d9aefead3dc249e46d3dfe7443f73926e8d350b0142c7bedf71ef6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d825e9a2db624b5fe5fdc772cfab638

    SHA1

    095703a744ea779331930d67f516fda4f210fbd4

    SHA256

    3451af9ffe0b425c47af06f3ce929eb4f20a90b5d66d52f74055002068fca4d2

    SHA512

    6a6d150059f5f174df2610b104582d9a3cab3119ec79f8a8a03a5a5b739329dbb845e06f520c162c4923ba3d96f7444b52ef6994c7003e5c0cad650c4b9a60ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2426.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar24D5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\wyhdgtrroeph.exe
    Filesize

    332KB

    MD5

    dc56ff2ad208373e7894272128dcfd13

    SHA1

    492b49938fe3b9477d9f650ea81ea44e1bce2c79

    SHA256

    1ec6d16bb03201b4bb5bf1f2912a037e9f0470b9037e04a1cd40081887ad4f0a

    SHA512

    a944e27f309f003e392104bcfb54bb165793c049bc6cddf562296136038571602abcad2ebfb3d20ad62abbb02f95f0954718da052e6b90d05d2fb6873ca7dafe

    Download Submit

  • memory/1600-0-0x00000000003E0000-0x00000000003E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1600-16-0x00000000003E0000-0x00000000003E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2244-5-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2244-1-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-13-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-17-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-15-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-9-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-7-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-3-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2244-27-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2776-28-0x0000000000400000-0x00000000006F8000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2900-6079-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3060-5399-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-47-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-1950-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-6078-0x0000000000740000-0x0000000000742000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3060-52-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-6072-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-1946-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-45-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-46-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-50-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-6089-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-1523-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/3060-6082-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download