Overview

overview

10

Static

static

3

e5ac3be9b1...18.exe

windows7-x64

10

e5ac3be9b1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ac3be9b138a4e8636c1a85056c3e8e_JaffaCakes118.exe

  • Size

    392KB

  • MD5

    e5ac3be9b138a4e8636c1a85056c3e8e

  • SHA1

    6a945974c9b765dab00051478ffd18e4115636b8

  • SHA256

    33ebc8e7d926b1c4d0a9a67fe1b10af1846276ce55d6efe1bd77ba7bab301d6f

  • SHA512

    f318b64e4821b9b2d467a15aa8c856ab9853e14c1808e62de10cdc06d5d9c943154aa6aa8323abf1b005f27a14950613bcfede7e85bc28b51201a832ab1751bb

  • SSDEEP

    6144:t1sKGiE/bfhcLAiHw4X2QohXd4IcyS3/zTQgdbv9sW9KHkmVfN8HyLW12ZlZL/du:vI/bJjiQ45CcvPzsiKH18Hy73ZhcP1s

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+pbdkt.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/6CA05117A89EAF6 2. http://kkd47eh4hdjshb5t.angortra.at/6CA05117A89EAF6 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/6CA05117A89EAF6 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/6CA05117A89EAF6 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/6CA05117A89EAF6 http://kkd47eh4hdjshb5t.angortra.at/6CA05117A89EAF6 http://ytrest84y5i456hghadefdsd.pontogrot.com/6CA05117A89EAF6 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/6CA05117A89EAF6
URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/6CA05117A89EAF6

http://kkd47eh4hdjshb5t.angortra.at/6CA05117A89EAF6

http://ytrest84y5i456hghadefdsd.pontogrot.com/6CA05117A89EAF6

http://xlowfznrg4wf7dli.ONION/6CA05117A89EAF6

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (421) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5ac3be9b138a4e8636c1a85056c3e8e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e5ac3be9b138a4e8636c1a85056c3e8e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Admin\AppData\Local\Temp\e5ac3be9b138a4e8636c1a85056c3e8e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e5ac3be9b138a4e8636c1a85056c3e8e_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Windows\wyhdgtrroeph.exe
        C:\Windows\wyhdgtrroeph.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2948
        • C:\Windows\wyhdgtrroeph.exe
          C:\Windows\wyhdgtrroeph.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2932
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2688
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:2980
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:944
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2256
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2408
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\WYHDGT~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1032
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\E5AC3B~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:1048
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+pbdkt.html
    Filesize

    9KB

    MD5

    01fec92a67f66fa451af9be80bcc8846

    SHA1

    ea9f6fd7e6e661a3d86c4ec56889e9413c71aa77

    SHA256

    2748e7262a74b2795f656fb7a546dfac9e994badcde8059e39ebd0bccebb2b39

    SHA512

    a0270f8cb2abbc7499d1db09865b531d82fae592b5ca1e1a591b012893ff1a4e006a4b2e0c55262920a3e8427e4146e891102c27bce6d6b5b52329249b11fdd1

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+pbdkt.png
    Filesize

    63KB

    MD5

    f7f86c61f0d2f7e7d11d6168e6aec966

    SHA1

    44e2618cd36932760475259aa0f5abaa53debf41

    SHA256

    0e0cc95b13b6db70af677ed14251a17f51ed9fbdeac33b673c784bf4ed523edf

    SHA512

    ec991b0bf3d4bbc1f8668346fd30be07e15fdb068f96ed721976a2e7ed440e4b59b49bacb6f00b6c92163327b3a5ce05bc920d48cc267782dcaa442b53227713

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+pbdkt.txt
    Filesize

    1KB

    MD5

    835b9c8947b4eee6b78180b1cb767696

    SHA1

    eede8d500898690350ea54e25244febb181c8d93

    SHA256

    7b70f489fd2bb81dd5de8cb3b4dfdec68fd2d89c4de493f55b4c6fd45b6b884a

    SHA512

    d41230ca5d3279a12e10596b7fa4c35499668ad060e093da54d84414f60534c4cd850647623c2e9e75ddfcfc2650ff7e7633e45c7663507b81aff03bb9fa9f88

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    ed07cbf8ccc7e8637178551fc4453343

    SHA1

    c4dae0c51c3dcd3ab6c806eda6244889d880cc3b

    SHA256

    8ba8a1a4b25dd281afca64bce13dc59bbed482ded313392cf6de8634ad3f399a

    SHA512

    fbdd7ea6974dd1c0c690d8a019cba322d2b986fdf690ed546be2b77eb66a07eb0938fb182b0dc7ea8f82a4ba3d062afd9483279feb6048de49a33a77eb7bde44

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    ff82d920593288101c92bb1d0632011d

    SHA1

    dbeb849dcc68efe629e30a9a7a979cb9e2a5bf72

    SHA256

    e5c2ee6a98f04e65941c116d07a1cf256269e90765af30c4392b8e0cd31f86ae

    SHA512

    3d0a63fa79db5170074877952555c43dd2cdff72ebff20b3796bd4575f55cf8c5c873fa5fd7faa6bc1fd8b009eb8af74aa8487e2686c7bbdac0f3b9adb547e8b

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    0151fef278f157ddfed47f67a1fd139a

    SHA1

    b8147b76d20c1c52d3d70f50541b495daddf5afd

    SHA256

    3a33c660c91d5848dba8a23813f6c701d7c59715f7dd685ce14a046bb0d30831

    SHA512

    bc21c80a9506bb342e5eaeedf3b34966808a1ce379e31b7cd3c9f10c5da723f32966427f32b0591fe5403ad31b73ec5258c36969a28f82375a5df68e077bf334

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8658056a9839850e7de33498750ab77

    SHA1

    49a6d836036aef592e683672418b76bdb86b00ff

    SHA256

    0c066770c015c24f0c622664297f20ba2d4016207c0f1640451851baad1a6d34

    SHA512

    95c76eb5ae9391acc048c9b44bd486d19e763763fc4943928ed5f16d87af8f29d029bcd0d7bed97e7841328ad718c211308c30f4dad0ecf545e15e760e01c6f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec5134707cf59866c1380f4a3efaaefc

    SHA1

    61d2517274f14da40cb1abf20e210945f8b93da3

    SHA256

    4e1916a53e169cc57aeb7cdff563156b8375cda365dfb53a4e93201cd4563199

    SHA512

    b1b7a62897ca109a5b9f344661d88719da31dfebd718edd250029765c613306fd821ed1628f608b6321ff4a6d21ee34a8ee8cd24565b70a4845d616b4cd8de4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    433c4753296c1eb803443b0aa8af3ba3

    SHA1

    cad894f060b5397858860561900ccd174c684272

    SHA256

    89811e1353da1b31dca9517d149168dd6e9ef513094a294ea3dc48f8fd1be2fb

    SHA512

    917a7398c6285d0f2ca2bb56373d79c38d32125f437c7ecc85af6c972aed69d5afd9c9aa470a3b93d287558558ee013485c02712c060074eb22894e1e2982ed3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f65029d7a251d5abdafe31204477cacb

    SHA1

    d99d562df099d2550e70b03b59e3cbe6172a5936

    SHA256

    93bb49e48e1ffe620e974a788bd4cb949e21738a438333c8db14a9cd362b0c41

    SHA512

    c3bab185f85978450f5954e34fce3ad12fc13c5d944541e91be74e65f9d426988b8ce91f2d67a68d46501883664e7c8b8db7a3f83cc4e99d8a725cf88ac1d79b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98335a13c2db2eccb04f7ed58be051e2

    SHA1

    1e16c2983c25a8b9c26a18147d576d9086f46e14

    SHA256

    8c38f622d27b699ccf3c898d0a9aae1a720519eda51238e6f104e1b9cbf20867

    SHA512

    eca47d05b1e3a19643951378d80c990bfe717de92dfa3206514045a35b11ea619980edcf940f939dc0fcf5153636e3e8457ae4f319de777816865fc3675f29fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccabd9fcba141ab5232d44c9bfe4cd11

    SHA1

    9b9442c4e5f100c901a62bbc5b099b2031b4c235

    SHA256

    80888920e8d7b307eb625244d7456e19fe0448b7164be3ac0342110500d5655b

    SHA512

    3714316718ec5c57883d9ff012470f6ac0683dfd4e3d969bb91b56949e664d9b65f67770695ba673c2b44b965898a14bdf11f1d985ec22220fdff82207dc834e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b131a0790a6164915ff74ce513fce88d

    SHA1

    29f74d50eac3cf48ab3eb544c01e6639d732d5c2

    SHA256

    20c1448f2e83e6fc9e94c29114219edf841aad793123bd7ae8a7d03d817c4dba

    SHA512

    ba7cc8adaf155d140cc5b888b3700bd7164e09a6cf860f5a3bb20a11a88f72befac54d145b8eec4a68dac487a94a9e0ea483ab2eb68b0035512f5b45b8b21b40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    746abf40ee4b34871e8b0be4ab181d9e

    SHA1

    ed459c0c2122c662a92a53629658283a6dc61e06

    SHA256

    898e7f08dfb330b507b6250f6ea5c43e3e74c63c65131b3b9223441528eca57d

    SHA512

    b3393035e3c8564187cb0fb1bd0dfd7637f71c5287b0d495902d0cb57954764b4ba57ea5a87e0722c3bba7672eecc8f29592c76581fe688441303a087168bd8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d51ac8cdccb684561a439925340d2909

    SHA1

    2401e1e16eec48fbc9d7652ded85bd4a0e375049

    SHA256

    6004bcfc5463dd8c3d3d1e89f4dd23813d61116bed36ecde0a87ca1ac432a7a4

    SHA512

    b0081c5cdb1eef3f6781d29f9c21ab673d31cf3af7fbd323ddd06bae8add49ee26c1e90b4dcc3eaa9e7a60b5478f484f983b608affab0284dc62ab6ef593f7c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2C22.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2C21.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\wyhdgtrroeph.exe
    Filesize

    392KB

    MD5

    e5ac3be9b138a4e8636c1a85056c3e8e

    SHA1

    6a945974c9b765dab00051478ffd18e4115636b8

    SHA256

    33ebc8e7d926b1c4d0a9a67fe1b10af1846276ce55d6efe1bd77ba7bab301d6f

    SHA512

    f318b64e4821b9b2d467a15aa8c856ab9853e14c1808e62de10cdc06d5d9c943154aa6aa8323abf1b005f27a14950613bcfede7e85bc28b51201a832ab1751bb

    Download Submit

  • memory/1148-6122-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2440-0-0x0000000000270000-0x0000000000273000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2440-19-0x0000000000270000-0x0000000000273000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2440-1-0x0000000000270000-0x0000000000273000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2808-4-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-30-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-2-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-20-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-18-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-16-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-12-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-10-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-8-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2808-6-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-5012-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-1888-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-6151-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-6148-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-55-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-6124-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-6121-0x0000000002B40000-0x0000000002B42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2932-51-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-6115-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-57-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-6125-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-1856-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-50-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2932-52-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2948-31-0x0000000000400000-0x000000000060B000-memory.dmp

    Filesize

    2.0MB

    Download