Overview

overview

10

Static

static

7.exe

windows7_x64

10

7.exe

windows10_x64

10

Analysis

  • max time kernel
    102s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    22-06-2021 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7.exe

  • Size

    21KB

  • MD5

    555aee36e8e1c0e684e658b9ef65bc83

  • SHA1

    f8afbddf6e6ab23f914f961b2eedc51f8b78fabd

  • SHA256

    9f72ed1dc20575f4e19a75256a0df8871561008ce1387e12d932598c21a5b16f

  • SHA512

    b65578a6c9ed2d9262776a73ebb230aa3deeb7e4aa829add17024609261c58dd9e941d6ebde5a6dcac824b56df8d7dccce4938d498069800cc63f14a05513b52

Score
10/10
magniberransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://228424a07214c040fadezwvaw.ndkeblzjnpqgpo5o.onion/dezwvaw Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://228424a07214c040fadezwvaw.lognear.xyz/dezwvaw http://228424a07214c040fadezwvaw.wonride.site/dezwvaw http://228424a07214c040fadezwvaw.lieedge.casa/dezwvaw http://228424a07214c040fadezwvaw.bejoin.space/dezwvaw Note! These are temporary addresses! They will be available for a limited amount of time!
URLs

http://228424a07214c040fadezwvaw.ndkeblzjnpqgpo5o.onion/dezwvaw

http://228424a07214c040fadezwvaw.lognear.xyz/dezwvaw

http://228424a07214c040fadezwvaw.wonride.site/dezwvaw

http://228424a07214c040fadezwvaw.lieedge.casa/dezwvaw

http://228424a07214c040fadezwvaw.bejoin.space/dezwvaw

Signatures

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Process spawned unexpected child process 10 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 9 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of SetThreadContext 3 IoCs
  • Interacts with shadow copies 2 TTPs 5 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Users\Admin\AppData\Local\Temp\7.exe
      "C:\Users\Admin\AppData\Local\Temp\7.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1088
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1448
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:876
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1996
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1756
    • C:\Windows\system32\cmd.exe
      cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:560
      • C:\Windows\system32\wbem\WMIC.exe
        C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1724
  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\system32\cmd.exe
      cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:324
      • C:\Windows\system32\wbem\WMIC.exe
        C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1612
  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
    • Modifies extensions of user files
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Windows\system32\notepad.exe
      notepad.exe C:\Users\Public\readme.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1296
    • C:\Windows\system32\cmd.exe
      cmd /c "start http://228424a07214c040fadezwvaw.lognear.xyz/dezwvaw^&1^&46644069^&96^&389^&12"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://228424a07214c040fadezwvaw.lognear.xyz/dezwvaw&1&46644069&96&389&12
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2088
    • C:\Windows\system32\cmd.exe
      cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:328
      • C:\Windows\system32\wbem\WMIC.exe
        C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
        3⤵
          PID:1772
    • C:\Windows\system32\cmd.exe
      cmd /c CompMgmtLauncher.exe
      1⤵
      • Process spawned unexpected child process
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Windows\system32\CompMgmtLauncher.exe
        CompMgmtLauncher.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2220
        • C:\Windows\system32\wbem\wmic.exe
          "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
          3⤵
            PID:2540
      • C:\Windows\system32\cmd.exe
        cmd /c CompMgmtLauncher.exe
        1⤵
        • Process spawned unexpected child process
        • Suspicious use of WriteProcessMemory
        PID:2120
        • C:\Windows\system32\CompMgmtLauncher.exe
          CompMgmtLauncher.exe
          2⤵
            PID:2292
            • C:\Windows\system32\wbem\wmic.exe
              "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
              3⤵
                PID:2604
          • C:\Windows\system32\cmd.exe
            cmd /c CompMgmtLauncher.exe
            1⤵
            • Process spawned unexpected child process
            • Suspicious use of WriteProcessMemory
            PID:2144
            • C:\Windows\system32\CompMgmtLauncher.exe
              CompMgmtLauncher.exe
              2⤵
                PID:2244
                • C:\Windows\system32\wbem\wmic.exe
                  "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                  3⤵
                    PID:2572
              • C:\Windows\system32\cmd.exe
                cmd /c CompMgmtLauncher.exe
                1⤵
                • Process spawned unexpected child process
                • Suspicious use of WriteProcessMemory
                PID:2080
                • C:\Windows\system32\CompMgmtLauncher.exe
                  CompMgmtLauncher.exe
                  2⤵
                    PID:2204
                    • C:\Windows\system32\wbem\wmic.exe
                      "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                      3⤵
                        PID:2588
                  • C:\Windows\system32\cmd.exe
                    cmd /c CompMgmtLauncher.exe
                    1⤵
                    • Process spawned unexpected child process
                    • Suspicious use of WriteProcessMemory
                    PID:2072
                    • C:\Windows\system32\CompMgmtLauncher.exe
                      CompMgmtLauncher.exe
                      2⤵
                      • Suspicious use of WriteProcessMemory
                      PID:2260
                      • C:\Windows\system32\wbem\wmic.exe
                        "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                        3⤵
                          PID:2472
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:2708
                    • C:\Windows\system32\vssvc.exe
                      C:\Windows\system32\vssvc.exe
                      1⤵
                        PID:2840
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:2856
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:2916
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:2960
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:2932

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PE8QWAO4.txt
                        MD5

                        f56464c04f904658619fe015f1aac79f

                        SHA1

                        c9cc568c24d114bb12a05eabfb88a29920ca29b4

                        SHA256

                        09905f2ec4d3dc4d3a5adba4532ddfad5292c6985fc0f13e96da5a468490ce91

                        SHA512

                        5b988f86f70233f3e31cc91e08bb6561f1384971c707d15d529923e3c0fa8a6b4fa0561c3432103d07cef947b9f1e3447a94603e2eae108bc0a591d20a9d0b9b

                        Download Submit

                      • C:\Users\Admin\Desktop\BackupEdit.dxf.dezwvaw
                        MD5

                        e34c6e2818bf69e1c669096d433f466b

                        SHA1

                        5fbdc7db44e5ed2428b19d051d58d0b56b54a695

                        SHA256

                        32c9e39f29fbf044efcd31628cef89211412be7baaabdcae1760889e9f3f13da

                        SHA512

                        f46c315a84e1a39d15c6e1aa6fadc92000abfb2df204f95ef1fa6b7db4e1ab40ffef1c796362adb59cc6da07d82af610c43282d0ac7dbb13e15eff4dad859b35

                        Download Submit

                      • C:\Users\Admin\Desktop\CheckpointImport.dxf.dezwvaw
                        MD5

                        322d5625dd00b0adb5031ac24c332a0f

                        SHA1

                        f4f6ecaa327fe9908bd2d48efcb8a961283d3b04

                        SHA256

                        e7d84723f849ded2290a9d5af158c27a5e52486e8e900aafc20bc952f29b365f

                        SHA512

                        5c2894734005e86b2a2d380379349fc0104690f74f363099a1252aafb3b2a8000d5258a600d46f168e1bc5b7e965b36534f71bd1bda59e24b8415b86bc4844a2

                        Download Submit

                      • C:\Users\Admin\Desktop\ClearRestore.emf.dezwvaw
                        MD5

                        5428ef3ca4fbc6ab3b2501716e2e55d7

                        SHA1

                        0441e62dd734df1d975537906777ad520579ae5d

                        SHA256

                        d0c0a8f5901cfe5bb94ec9911322d500971bf686974cd7a467e18401ba4f445a

                        SHA512

                        be4c3d83e742b13d1488c37790b40d9d6ef5acaead8f370e0749cf34d4a8a64fe4d5dc10aa58672a3d2380a454191fa9adef53fa885cd19328feefb7b1943f8a

                        Download Submit

                      • C:\Users\Admin\Desktop\DisconnectDeny.emf.dezwvaw
                        MD5

                        877509de6b829637e4d6309d65cee4b6

                        SHA1

                        971dcc4ca044a762d41da1cc387cd0fe31b3aa2a

                        SHA256

                        b49d2ddd13559ab0fc1ecc4430c45187bfa0fb3b70225be0f8653f93d94fe924

                        SHA512

                        2e3eb631e91ed2f76baa8cb8cadb58cdf5b32c4dd1de3634850b46d158a61d1c7d2898bade6eda611e5233de13049da217048e2796816a6cb5b5e2699a608e06

                        Download Submit

                      • C:\Users\Admin\Desktop\DisconnectInvoke.wmv.dezwvaw
                        MD5

                        2f35fd22cda2ab652cf125e0e7566313

                        SHA1

                        f20c2f90391bce083bf3b6f8dff9fc28dc59b77c

                        SHA256

                        8fd4d0aaea1bcbf48384dec0bbd85d6628f31e371a1a2c403c4c312c04bce5eb

                        SHA512

                        4c59d3865f67293b9371b9aab43cb36e7494fa3325743bf321a4cc7c40c819e365250d332afd5d7232132540decfb12e9b46721d86234602c759380858171abe

                        Download Submit

                      • C:\Users\Admin\Desktop\ImportCopy.vsdm.dezwvaw
                        MD5

                        edf5b78621f8e5da2d4956c419a72e8f

                        SHA1

                        e8bd5cc34c8616ea6813aa1856bcc86531e240c9

                        SHA256

                        9548514262be768fd0c0c70a3442b61feab431ade7493bbb9a782cbaf122e815

                        SHA512

                        c8a0a00b30ee040bcaab8e7162d46387278433220f39b182c6ab7d9e0dcf6ad5e59ce2fb9e7f7c741c1bc66a9a2bef9569e6f261ebb12dcadef377792a934ce8

                        Download Submit

                      • C:\Users\Admin\Desktop\LimitEdit.vsdm.dezwvaw
                        MD5

                        c6d58a07cafb66342a40e6765bc0b110

                        SHA1

                        74ba2534744ab3995372232e22e528962f444aee

                        SHA256

                        bdbc0ad023500191aff0880a4b4916e3639a2e1b57bee466a839741ddd57309a

                        SHA512

                        edec34a7e0011b98c51701c4b7edee9bc55175404da260335305e78cf8405177d04e3c7427a85c3c12d8337ce1970da2dcd412f5d6e073a3ef1ed5784afbc867

                        Download Submit

                      • C:\Users\Admin\Desktop\MountDisconnect.asp.dezwvaw
                        MD5

                        09a926add121e7e134db5b7ccd04485b

                        SHA1

                        3160b969190222401d9a0f9153eca08e840f090e

                        SHA256

                        4908e13834a341169affe2dcb3873e2f253cd8b9bf0ad5ce79023efa327ed0cd

                        SHA512

                        36ee90c54ee5e73e455c2d4bfda9cd7042d31e0c0cbe695598e301db62db32c0f5e10b24053db337450f68f7ecfb01dc40728d4cd91dacc2bc7efbbfc0713a65

                        Download Submit

                      • C:\Users\Admin\Desktop\ProtectGroup.xlsb.dezwvaw
                        MD5

                        0b7ae9a0904848058b8c22c182133de2

                        SHA1

                        b3487e51919139bbbfba7c94cd713833e0743ff7

                        SHA256

                        d962f5d2ef6e694c51e22b8dc46c43623b5f1295e587359275c58b3f332d97e9

                        SHA512

                        5966b08226044a313ac0f62eaea35a6fb523fa254d3726f468bf03443a75977156c654da78bfb4bd6d073c964ccd1c4d4ad85e6efdc9a78c3b1e62fc47702997

                        Download Submit

                      • C:\Users\Admin\Desktop\ProtectShow.nfo.dezwvaw
                        MD5

                        bac630bd15fd8cdf52e8a7a3a921fb17

                        SHA1

                        fa7667621d6d43e921d3aab7e58bc38020354487

                        SHA256

                        fb8754b2ff5eda5b1f728eb5b28f9249e994dccaa32bb1dab90a9554a1708797

                        SHA512

                        2773e15db23be9624549d20f38b6c504a4a9a35009ee8b97bf6a78ceadcad5f1721ebaccf70fa6c5799130a62df73879c67a3665396002704a545c6aeb0b3d5f

                        Download Submit

                      • C:\Users\Admin\Desktop\ReadResolve.mpeg.dezwvaw
                        MD5

                        249f65c73ad1b927aee34678fbcfc9c4

                        SHA1

                        706190d3610f9e2890213a87683bf85f2074ab27

                        SHA256

                        a01eee5055e55aa0659574aeb18d8c43dd8637da8bc9fea6699a3608982309a2

                        SHA512

                        98761e78cb32c2682f113e42d4d9eb9f7bff09d9e9eed6bfcc2d1729a0ca7839b7ddf78ed8a7e4f0e56f9c3b0ef8ee4306ebcae2394be7daa15f5a76e38e9371

                        Download Submit

                      • C:\Users\Admin\Desktop\RevokeLimit.ppsx.dezwvaw
                        MD5

                        a1e9b56e8d9805310fb386e5af6c30d1

                        SHA1

                        d917e4053aae17e7d5a664c9f5d72b4959afc9c7

                        SHA256

                        a0e17f0d21cb5511c46117a3fdd2c6de60408038b2377b219e547b4d30801de3

                        SHA512

                        2e4c6b5aad9ace7a0af87bfff9a5d1f9bfa080a9a7ccaaf77ae5d17dd0a9518c8106e7e4c6b906088b5c63003eebb55b81fb6ed1d701d24ef0826301898fd3cd

                        Download Submit

                      • C:\Users\Admin\Desktop\UpdateSelect.jfif.dezwvaw
                        MD5

                        586c34d4228104baaf2c9746139c4011

                        SHA1

                        e65e8a2df7b0994c1274072034eb37c3e30f1148

                        SHA256

                        96b0847169f7b0bc31c2aa09bc2f935e1fe28aefc60ccf9d0ecee988d8e0ce32

                        SHA512

                        a9da73b36791221d344598fc90178df5dcc04e7395e37204f1d63e940c93a1a24058a38adeac2b47a78d39b1e5b41ea7adc167623e694fc8c37f71c6f7d03e51

                        Download Submit

                      • C:\Users\Admin\Desktop\readme.txt
                        MD5

                        645249e3f4422e10b8dd54b6544303a6

                        SHA1

                        b3e171b70a44c5da2aec62c47c87717113eb2055

                        SHA256

                        4513c32e7f4ef0153480184a843e5ff3ce637379c1ae38a8c2a1fda9ee0a5af9

                        SHA512

                        669972fd52a72ea16b1da47c091ac9ccfca9da1b1d35c184780af7ed6af3faa4c6d4a1933b56545243542e31909a7372ab92bd498b973053c1a5fdd7d1942ffb

                        Download Submit

                      • C:\Users\Public\readme.txt
                        MD5

                        645249e3f4422e10b8dd54b6544303a6

                        SHA1

                        b3e171b70a44c5da2aec62c47c87717113eb2055

                        SHA256

                        4513c32e7f4ef0153480184a843e5ff3ce637379c1ae38a8c2a1fda9ee0a5af9

                        SHA512

                        669972fd52a72ea16b1da47c091ac9ccfca9da1b1d35c184780af7ed6af3faa4c6d4a1933b56545243542e31909a7372ab92bd498b973053c1a5fdd7d1942ffb

                        Download Submit

                      • \??\PIPE\srvsvc
                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                        Download Submit

                      • memory/324-142-0x0000000000000000-mapping.dmp

                        Download

                      • memory/328-141-0x0000000000000000-mapping.dmp

                        Download

                      • memory/560-143-0x0000000000000000-mapping.dmp

                        Download

                      • memory/872-140-0x0000000000000000-mapping.dmp

                        Download

                      • memory/876-148-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1088-61-0x00000000000E0000-0x00000000000E1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-91-0x0000000001D00000-0x0000000001D01000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-62-0x00000000000F0000-0x00000000000F1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-63-0x0000000000100000-0x0000000000101000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-64-0x0000000000110000-0x0000000000111000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-87-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-88-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-89-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-60-0x0000000001D10000-0x0000000001D11000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-59-0x0000000000020000-0x0000000000025000-memory.dmp

                        Filesize

                        20KB

                        Download

                      • memory/1088-93-0x0000000001D20000-0x0000000001D21000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1088-94-0x0000000001D30000-0x0000000001D31000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1124-96-0x0000000001BC0000-0x0000000001BC4000-memory.dmp

                        Filesize

                        16KB

                        Download

                      • memory/1264-92-0x0000000002CC0000-0x0000000002CD0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1296-118-0x000007FEFBBF1000-0x000007FEFBBF3000-memory.dmp

                        Filesize

                        8KB

                        Download

                      • memory/1296-116-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1448-144-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1612-149-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1724-151-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1756-150-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1772-152-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1996-146-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2040-147-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2088-153-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2088-154-0x00000000753B1000-0x00000000753B3000-memory.dmp

                        Filesize

                        8KB

                        Download

                      • memory/2088-166-0x0000000000AB0000-0x0000000000AB2000-memory.dmp

                        Filesize

                        8KB

                        Download

                      • memory/2204-155-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2220-156-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2244-157-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2260-158-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2292-162-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2472-165-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2540-167-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2572-169-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2588-170-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2604-171-0x0000000000000000-mapping.dmp

                        Download