Overview

overview

10

Static

static

3

3aa3ee4e65...3f.exe

windows7-x64

10

3aa3ee4e65...3f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2025, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f.exe

  • Size

    371KB

  • MD5

    76b0182e3dc2f368facd1446a78d2ae0

  • SHA1

    6e6f6df8ef1a845e335995fbfa48dab3526cea29

  • SHA256

    3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f

  • SHA512

    e301da3a0a9d211c239675c78f727ccc73e633fcd223b3cd26ba486f1fd3ffb8e2acb021b6596460a4660c2eac647f213212b989d33687cb45fcdfef2648d03a

  • SSDEEP

    6144:QtttRvGxiRcePUSrcTQ+Yd6v6AlYhZ+ddp5GuZEE86Yrp0eWIxQO6kUUecBlzJbu:EttRveivPrcqd26A+hcdp5GYEE8D3WIe

Score
10/10
teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+iwxag.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with AES More information about the encryption keys using AES can be found here: http://en.wikipedia.org/wiki/AES How did this happen ? !!! Specially for your PC was generated personal AES KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://yyre45dbvn2nhbefbmh.begumvelic.at/8113B4449D559D60 2. http://uiredn4njfsa4234bafb32ygjdawfvs.frascuft.com/8113B4449D559D60 3. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/8113B4449D559D60 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/8113B4449D559D60 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://yyre45dbvn2nhbefbmh.begumvelic.at/8113B4449D559D60 http://uiredn4njfsa4234bafb32ygjdawfvs.frascuft.com/8113B4449D559D60 http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/8113B4449D559D60 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/8113B4449D559D60
URLs

http://yyre45dbvn2nhbefbmh.begumvelic.at/8113B4449D559D60

http://uiredn4njfsa4234bafb32ygjdawfvs.frascuft.com/8113B4449D559D60

http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/8113B4449D559D60

http://xlowfznrg4wf7dli.ONION/8113B4449D559D60

Signatures

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (407) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f.exe
    "C:\Users\Admin\AppData\Local\Temp\3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Users\Admin\AppData\Local\Temp\3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f.exe
      "C:\Users\Admin\AppData\Local\Temp\3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1296
      • C:\Windows\dakfjprvnatu.exe
        C:\Windows\dakfjprvnatu.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Windows\dakfjprvnatu.exe
          C:\Windows\dakfjprvnatu.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:752
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:772
          • C:\Windows\SysWOW64\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
            5⤵
            • System Location Discovery: System Language Discovery
            • Opens file in notepad (likely ransom note)
            PID:1216
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1236
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:700
          • C:\Windows\System32\wbem\WMIC.exe
            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2480
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\DAKFJP~1.EXE
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2792
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\3AA3EE~1.EXE
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:3000
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2764
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+iwxag.html
    Filesize

    9KB

    MD5

    347ab51eb34f8c68d813ffb4489b3aba

    SHA1

    5b14b5904ce0b6346d4b68038f45db618c8ebce5

    SHA256

    76283b752b08a3b081494f6a9993748e8c68f4b26817c7a94d5a0b5554474a85

    SHA512

    751852e41fe519e5011c1f8df6d58fe48b0878d1854fcde3fdbda97f0c6dde1a7d1f062483747f03267666f32227b2db989cc4e338a314a9d19794e510b8183b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+iwxag.png
    Filesize

    63KB

    MD5

    75eee0569e25e9ae9f452ef29ef0d08e

    SHA1

    29fc0f471596fe2c0cd9cbfa83ebd60f2ba0d9dc

    SHA256

    98f1e93cb96d95013c3d837f568b17c76ac4b7ad99d55bb70777cd305fa21051

    SHA512

    71e62ab4245e08709858763804130884a7aa4edc4de4bd23fc1f6f3f42471e059e5699be8451645b83fc13d1df0c1b13fce13bf88dd1db9128753a07790dd05e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_RECoVERY_+iwxag.txt
    Filesize

    1KB

    MD5

    de745cf681a6d79663d1a122cd2a8e56

    SHA1

    eb28f46e53c30246a2c7513d38e717e506816a11

    SHA256

    73d7ce7b5e4da05cc56e4a6199cd9b5254c9d415bde40111209fad5892353bc2

    SHA512

    91f8465b1965ff0de69cb153e42f0e5345641e0e6f2fed6cbaef94f80d03e6807817d5040073176792b0956a1e91d79ba72a18b49308ac7c142a4474092f5754

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    2ed304b9347d3f41c4ccc6542e3c2461

    SHA1

    306742e1b8628df74f3f226e2b07fb89747b9674

    SHA256

    3ecb17e7a85c8e92d8dc7348c4cff032aef746b3ba3ec0a823eb94374e6a51ce

    SHA512

    b85c56bef0ec8184c97dce42b7a13478f048f082475105f98290849d3b211d536105ad2d33c0cc4db49e75734fa3ca3144e532bbde80671a6945e7c7db1f90b3

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    d9960cad9463342570a870740e49ae89

    SHA1

    a5e41c3662b8ced534d74b2993f060b35b937875

    SHA256

    1f8c5994dd63eadd802bdd9b191e0e457e42f68d78edd27414cb9f001dbf32d0

    SHA512

    cce443884ad552724ecd179955dfe3d30bd6670933c36509d4ab25b0e8fe50a0334c8364107f9045ebc3df5417b4e092d30e85b58c99beeaf866b4547626ecfc

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    85700501b4b9adb4eabbf7968085fbc8

    SHA1

    e102152df4c3cbd3204c8393f2bcb8b777555239

    SHA256

    de88c50036f8443a4b829f7d43c01a4af29b8e53f4f684174d827de9edd4bb2c

    SHA512

    4da822de7edeb78b9993908b7f3fec4e28c420ea2ea27fdfa0f21c246ee2e78ebd4c27467684c45ef0eca65823a2904507344c414fcf020d8e01ffed26ba58c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b2d6281fdea7dbd078ddb77b6260a7a

    SHA1

    1a2fde30593cdb59d158854625d2c255c2af29de

    SHA256

    d32aed0b40b292a7c3d4b1f68466b3d1afe8d37cc4ebdd9d83927591aff7009d

    SHA512

    a9a23e0e24f41c5195646e84e5f4608b24ba365ff6344cec0add84f28bac3909a32ecfddd0fbe0d78cdde6d1c940b4c19d4dc085a19a9c0c97a977052528b841

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90fa67d36864c25a3e6b4132d064240e

    SHA1

    d3dd8a757eb161a461d1529fed58d39c0445c6e2

    SHA256

    9d47cdab46524d5871983a28dbf1241f6a7dc7e887c94f77b11d02d4e045da8b

    SHA512

    0bd9ee52185f08827dcea291a12f145e6318404e49bab910b373d7177842840c9802e491de039b7c2f59a0f7f325b5c9ba5a9e47a4898cc039ffb39650adc95f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c32e964daa07f70624181205b53b2c0d

    SHA1

    ccd82d9631adba2a1060210f5a1bed27b1ac0a45

    SHA256

    f3dcecd31d5eedb15894cc5e539331e94830206baf634b8ca5f0e257e2c9eea5

    SHA512

    98148fd4d666e0c7b7911ced82f82df13c794720f27e80c510097b170a9fdbc169c5a8eb3bc4f452fafb430a3d7e2a59e83487dbbbee25380f60956d85e6fac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f43033b87140b0faba2252c29ebd98a

    SHA1

    96481ebab856993aa9a885b6d74f04ed2f997ad9

    SHA256

    54565f5f656be7e9db66894ec98de03cd980f77af7bb5c5dc5002188884af2fb

    SHA512

    a34b9f1883ff16bd3122363839176853ab1e32aaa22ce812c8e1c2b3a70be15de91b0daacd4780a54a344b7fb6b1ba0f439201fb301cc335b65d216c5474896b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7ecf78338fd0b503709287af1e9c4de

    SHA1

    1507ba155360fe4ac59b2f49697b3acec90bd215

    SHA256

    bed0be7c3328c4a242438ff9f682bb8b9ac6b9155e1387d8b4a94f9f7a012f3f

    SHA512

    211bb7213c74f0b212ef4b8690ec2798459fe4d32ef1bfdaba9111ad679be75ac674ce2875e660d3ddec7395353477ccf1b6ba2373f7dd55ec589f7833613570

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    091cc3b2208570ad28e93e836325d62e

    SHA1

    3a3da77f14747f5d486aa924e9802afb06d2897e

    SHA256

    649428e555f253aa92af7bcb4285ea197483bcd738a31ad87ec3617a91b7ee19

    SHA512

    dba0658e4c5ecb97771758bc390af455b383fb5ab5c2642404b94f362f1732fed36e4426c0bba3fc9e7f6ed70efcce362c775a4ea23038be0e1d33dda3e186fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46c9525f92fe3d3b28e8e467157a4318

    SHA1

    b65c4742f03b3d875a92a6e62f4377ba860c4e2f

    SHA256

    9fdee33d38a4156441206fd91b6fc2a24a5c8ec13ddb2223628a097713be98ea

    SHA512

    47b0ab0431e005f952e82b95adfd62089fb567cc83b2f5efb0670f79d00fd055421ab4be35a72cbb13528379be519523dffbcd799db8bf81022e89194791dc99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b4cc935f67631453d9aec838ceed3e5

    SHA1

    f4b8b6a9125a71b0f5d02f76f7811ebbe3447394

    SHA256

    7e1386a51a61b2bd4cd77a26f6af89a56078d878a89f1f5af3b910e7b5a53558

    SHA512

    d53f7be6600df58498ed33be2349efa3d952823dc603171d46045b552045e1c159fe64c3abfa57d81c42f12c88c9175189680d7b48a5e0ac59668a9eb67d4c5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8833f2fd4eb1a409ce845f3c6f476f4

    SHA1

    fdc5873dfec46b5d84b088ce40135eb6e555c1b6

    SHA256

    b33ce8c02dceb67d083c91785812f4a15aedfad2548aff5223776d6a59af0e35

    SHA512

    ed559fb7844bd7dcc32b6906e73bd30028e54c5edc3f0c3fb8f36244dca0f17f897fea18415f47d60120be9278d8b48e2ba78255813e17926f4e28b39787ecd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3B1E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3BDE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\dakfjprvnatu.exe
    Filesize

    371KB

    MD5

    76b0182e3dc2f368facd1446a78d2ae0

    SHA1

    6e6f6df8ef1a845e335995fbfa48dab3526cea29

    SHA256

    3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f

    SHA512

    e301da3a0a9d211c239675c78f727ccc73e633fcd223b3cd26ba486f1fd3ffb8e2acb021b6596460a4660c2eac647f213212b989d33687cb45fcdfef2648d03a

    Download Submit

  • memory/752-51-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-5228-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-47-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-46-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-45-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-1494-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-50-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-1970-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-6081-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-1971-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-6090-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-6072-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-6078-0x0000000002BE0000-0x0000000002BE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/752-6087-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/752-6082-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-7-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-9-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-1-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-13-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-3-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-5-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-27-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-16-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1296-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1296-17-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1968-6079-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2384-14-0x00000000002A0000-0x00000000002A3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2384-0-0x00000000002A0000-0x00000000002A3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2784-28-0x0000000000400000-0x000000000056E000-memory.dmp

    Filesize

    1.4MB

    Download