Overview

overview

10

Static

static

7ec95111e0...ed.exe

windows7_x64

10

7ec95111e0...ed.exe

windows11_x64

10

7ec95111e0...ed.exe

windows10_x64

3

Resubmissions

18-08-2021 21:21

210818-5xegav1ypa 10

22-05-2021 10:53

210522-fad5v5zgre 10

Analysis

  • max time kernel
    104s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    18-08-2021 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe

  • Size

    22KB

  • MD5

    c6b6ec00b64069d66c8d14d65f7cfd8f

  • SHA1

    b90e6bf12728fa3b0984aabc32b39f1db082a1da

  • SHA256

    7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed

  • SHA512

    c9d7c97c63806e87804c33530f48ba950542ba28421d354cb287c9bf027ff5a853b76200e87eadd3cde0469f4b8c93f8c4bc0e71f5e4aa1cdf33e05c0673254a

Score
10/10
magniberransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://76240cb06414c040c2csnwyqmwa.erpp3f6j634gmj33.onion/csnwyqmwa Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://76240cb06414c040c2csnwyqmwa.jobsbig.cam/csnwyqmwa http://76240cb06414c040c2csnwyqmwa.nowuser.casa/csnwyqmwa http://76240cb06414c040c2csnwyqmwa.boxgas.icu/csnwyqmwa http://76240cb06414c040c2csnwyqmwa.bykeep.club/csnwyqmwa Note! These are temporary addresses! They will be available for a limited amount of time!
URLs

http://76240cb06414c040c2csnwyqmwa.erpp3f6j634gmj33.onion/csnwyqmwa

http://76240cb06414c040c2csnwyqmwa.jobsbig.cam/csnwyqmwa

http://76240cb06414c040c2csnwyqmwa.nowuser.casa/csnwyqmwa

http://76240cb06414c040c2csnwyqmwa.boxgas.icu/csnwyqmwa

http://76240cb06414c040c2csnwyqmwa.bykeep.club/csnwyqmwa

Signatures

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Process spawned unexpected child process 10 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of SetThreadContext 4 IoCs
  • Interacts with shadow copies 2 TTPs 5 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Users\Admin\AppData\Local\Temp\7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe
      "C:\Users\Admin\AppData\Local\Temp\7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:860
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          4⤵
            PID:620
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:532
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            4⤵
              PID:1552
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:972
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1164
      • C:\Windows\system32\Dwm.exe
        "C:\Windows\system32\Dwm.exe"
        1⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1180
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1732
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1424
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
        • Modifies extensions of user files
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1128
        • C:\Windows\system32\notepad.exe
          notepad.exe C:\Users\Public\readme.txt
          2⤵
          • Opens file in notepad (likely ransom note)
          PID:1740
        • C:\Windows\system32\cmd.exe
          cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1320
          • C:\Windows\system32\wbem\WMIC.exe
            C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1004
        • C:\Windows\system32\cmd.exe
          cmd /c "start http://76240cb06414c040c2csnwyqmwa.jobsbig.cam/csnwyqmwa^&1^&50256948^&77^&339^&12"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1716
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://76240cb06414c040c2csnwyqmwa.jobsbig.cam/csnwyqmwa&1&50256948&77&339&12
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1500
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
              4⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1376
      • C:\Windows\system32\cmd.exe
        cmd /c CompMgmtLauncher.exe
        1⤵
        • Process spawned unexpected child process
        PID:1680
        • C:\Windows\system32\CompMgmtLauncher.exe
          CompMgmtLauncher.exe
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2256
          • C:\Windows\system32\wbem\wmic.exe
            "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
            3⤵
              PID:2460
        • C:\Windows\system32\cmd.exe
          cmd /c CompMgmtLauncher.exe
          1⤵
          • Process spawned unexpected child process
          • Suspicious use of WriteProcessMemory
          PID:1536
          • C:\Windows\system32\CompMgmtLauncher.exe
            CompMgmtLauncher.exe
            2⤵
              PID:2268
              • C:\Windows\system32\wbem\wmic.exe
                "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                3⤵
                  PID:2500
            • C:\Windows\system32\cmd.exe
              cmd /c CompMgmtLauncher.exe
              1⤵
              • Process spawned unexpected child process
              • Suspicious use of WriteProcessMemory
              PID:1724
              • C:\Windows\system32\CompMgmtLauncher.exe
                CompMgmtLauncher.exe
                2⤵
                  PID:2212
                  • C:\Windows\system32\wbem\wmic.exe
                    "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                    3⤵
                      PID:2776
                • C:\Windows\system32\cmd.exe
                  cmd /c CompMgmtLauncher.exe
                  1⤵
                  • Process spawned unexpected child process
                  • Suspicious use of WriteProcessMemory
                  PID:1080
                  • C:\Windows\system32\CompMgmtLauncher.exe
                    CompMgmtLauncher.exe
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:2220
                    • C:\Windows\system32\wbem\wmic.exe
                      "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                      3⤵
                        PID:2444
                  • C:\Windows\system32\cmd.exe
                    cmd /c CompMgmtLauncher.exe
                    1⤵
                    • Process spawned unexpected child process
                    • Suspicious use of WriteProcessMemory
                    PID:1528
                    • C:\Windows\system32\CompMgmtLauncher.exe
                      CompMgmtLauncher.exe
                      2⤵
                      • Suspicious use of WriteProcessMemory
                      PID:2240
                      • C:\Windows\system32\wbem\wmic.exe
                        "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                        3⤵
                          PID:2484
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:2632
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:2696
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:2716
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:2736
                    • C:\Windows\system32\vssvc.exe
                      C:\Windows\system32\vssvc.exe
                      1⤵
                        PID:2868
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:3016

                      Network

                      MITRE ATT&CK Matrix ATT&CK v6

                      Initial Access

                      Execution

                      Persistence

                      Privilege Escalation

                      Defense Evasion

                      File Deletion

                      2
                      T1107

                      Modify Registry

                      1
                      T1112

                      Credential Access

                      Discovery

                      Lateral Movement

                      Collection

                      Exfiltration

                      Command and Control

                      Impact

                      Inhibit System Recovery

                      2
                      T1490

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\Desktop\BlockResolve.ppt.csnwyqmwa
                        MD5

                        9d8134354a1c2f734dedae6918e1511b

                        SHA1

                        46bbd9b3f7cf1d0a5bcfd8fb8ea88cea717d9be3

                        SHA256

                        9e6f5636c1d481dc4cbe022f725a38841bf6fd2adf02dfb8eb86c232aa691120

                        SHA512

                        223f24ef4601f01e20e007e60988cb23b80882de88e06c445261c41a67e330354e4d42d982a3bc70d0b7ae063f39f785f00c62633065918c62aee3fbcca4fed5

                        Download Submit
                      • C:\Users\Admin\Desktop\DebugUndo.rtf.csnwyqmwa
                        MD5

                        9c17cdf93ef1cbb8819f9d60fcf3a260

                        SHA1

                        b43b0c0f2478a35bdab387602f42fcedc0a23400

                        SHA256

                        fc1c25dcec46d8e539e86b8023f50608fc738b1ec5fe10cd206db4839567f5c3

                        SHA512

                        375819a4a055bf2a38474ab8fcd1ba4fc3d7f3b1a19d9ea24147af5860049b46e0cbf5dd3866c67f1e2326555965bbe318d17bcee3d1e17eb33eafa4db99f75d

                        Download Submit
                      • C:\Users\Admin\Desktop\EnableInvoke.tif.csnwyqmwa
                        MD5

                        11be7909bdd491fbce7d683d988450ca

                        SHA1

                        7b36463f03282ead31c0f764b0157c1edfa9b144

                        SHA256

                        7d2935a77c0528db4766b88769ac1a2de12be7eddf2957d7ced68ed853c0ff86

                        SHA512

                        fc5f8c0488bb6ae82aa85312fe570c3deb06c19e5b99285f58d70e5d52937766bd9d58bb7f1ef655b9017dfcfba865780e82c58ed7581740999e2c85f4a4d558

                        Download Submit
                      • C:\Users\Admin\Desktop\ExpandSuspend.wps.csnwyqmwa
                        MD5

                        bb2f4702215926cb47f7426f7107474b

                        SHA1

                        84ea6bbf98aff4b91895e9670c228784ff6e4f11

                        SHA256

                        32bfc17cdf002e74af850debd197c336c1d4ab65cb5bc2d0577f74974d5f6515

                        SHA512

                        2dba6a518ab618054ac886d0ff8a570ca70a529321e8217c0815acc40102b1ebf79e63c184553a4e338515001d4fe3bbfb1751a87fc12daf4f79483376350e3d

                        Download Submit
                      • C:\Users\Admin\Desktop\NewDismount.xlsb.csnwyqmwa
                        MD5

                        3d3988f7ce23ca5f807ad22f821a93f9

                        SHA1

                        7ddaf6a6866b4842442002830cba89c44daf8983

                        SHA256

                        3618cf7a12aa01b859af2986559d52d35d35c772fe33bb9c4b1f9ecd40731714

                        SHA512

                        be830217de476f6664096f9a77eedce267550d3ed56d55fdb1f4001e4749440aab06cc8281133a29932acddeae073fc7fe4424248e1b8745a99f3657e6e25cbc

                        Download Submit
                      • C:\Users\Admin\Desktop\OpenConfirm.mpeg.csnwyqmwa
                        MD5

                        d91d5d2154a4a69ab14e82327a0acd1c

                        SHA1

                        38584cf4e8540ba71a2c564b782cde6e348242fb

                        SHA256

                        9f16a94c7f65d92691a6868b3b4d5f0c76d2876aef3f6319a1f2dd2a788b58d6

                        SHA512

                        eefc0c49ad03e0fb6e0594d781d9109e29f8bd3f4f0a31f6f764b071b54f8d6f6547ddca86f31b69549d7236be642e99edcedc02077955d727b0d4860da9b63e

                        Download Submit
                      • C:\Users\Admin\Desktop\PushReset.dot.csnwyqmwa
                        MD5

                        b49c0d883dda0bef50709468d74ca74c

                        SHA1

                        e17a1acfc6823393ec0efad98adae42f7542f54f

                        SHA256

                        471b85fd262377dd063c0e5f39994485d0282c285c61fbf13f76dece7ad5153e

                        SHA512

                        257dfcacff282b387b7010d12b5971f019c2bef1dd6fd47f1d51044fce03ff143dc547b335b577e7c3f152a96cbc194e651f81c80c92da955f7e8c2f022823e2

                        Download Submit
                      • C:\Users\Admin\Desktop\ReceiveApprove.pdf.csnwyqmwa
                        MD5

                        651c00c9cf81981057aed9df60b9bfc3

                        SHA1

                        0c1f8e1e05353a8d15a71b68a8011dbb2d768554

                        SHA256

                        48aa4be988565beae6ff5ba15e5db076af1014a8694cb855e73aa6974f583341

                        SHA512

                        d0e9302a85eb0211ff54020d018effded3b5cc35cb189399e8d2b1d6eff363cd6f32de0fcfb05fe7ea0d2f5ce7fe737d3d18fb5fa3f7003c68a31e17b134db83

                        Download Submit
                      • C:\Users\Admin\Desktop\ReceiveClose.pptm.csnwyqmwa
                        MD5

                        1f2b70fb873c0c5e042828d2918ec958

                        SHA1

                        7e0ca404f507c7c111c255430620805ceccf70af

                        SHA256

                        92008b8bee978ea217e1688b626a218517332814a58f4acc093f4b60c77789f5

                        SHA512

                        7715365b826c480386edc546100f0a34a7eef38eb559793b2fb2a237ac7144640708853fd0d38fc83f54724c597d21b3db8d7f0026ce36309a7aa2cdfd243813

                        Download Submit
                      • C:\Users\Admin\Desktop\RestartRedo.php.csnwyqmwa
                        MD5

                        c7b92e61a25569d4bcaec447c1830e8a

                        SHA1

                        aa166ca1f33ed876a870ce71d41391028b7444d2

                        SHA256

                        d74f7081e1bcd24865276e8d5666646d9467b5864d35b7ddf89e0a3bc9413ba3

                        SHA512

                        d8b0432fa77f0a1efe56085b9419183905e91d58840bf4b26f7ed7cff45392738f75c4f5688bb09372232cab0ebc35c4c2bed0e3e1cb2149dbe324d063be0a02

                        Download Submit
                      • C:\Users\Admin\Desktop\SetSkip.eps.csnwyqmwa
                        MD5

                        ed2fb7cbe94dca7db34222699a166a85

                        SHA1

                        e468ce7e3e81866b9794d08d6ceea81cd52048b1

                        SHA256

                        eca2af0a0bc03fc9d56564ed8a090f81b39e9f07aca296dea27d3ca73774f0bd

                        SHA512

                        1e5ae127a66f69044f1a3c72911e3b8fa3707fbd6b3a545d508144bf9eeeb1e4f1fb8a751aed5f20882bc846b0ca0a9c53cc9247cf2a31f3ab31cd57f24b862f

                        Download Submit
                      • C:\Users\Admin\Desktop\readme.txt
                        MD5

                        17c809e6c5e431dd8ab947040f91fe3e

                        SHA1

                        03c0858f78893c9d25adfd60b400d68d2bd3904d

                        SHA256

                        2860e253990602143b17f4a3f6e9b6c8f4331f58ef93abd08282c04b49dc5e30

                        SHA512

                        3c9b32779a73ec2b8e8ebb20d5a2d1405e5fa6ca87f4da9c34be1b3b04e55bb4378081ae6f27f8bb4f02d5c58e92885170c9b840294764258b09435762485c81

                        Download Submit
                      • C:\Users\Public\readme.txt
                        MD5

                        17c809e6c5e431dd8ab947040f91fe3e

                        SHA1

                        03c0858f78893c9d25adfd60b400d68d2bd3904d

                        SHA256

                        2860e253990602143b17f4a3f6e9b6c8f4331f58ef93abd08282c04b49dc5e30

                        SHA512

                        3c9b32779a73ec2b8e8ebb20d5a2d1405e5fa6ca87f4da9c34be1b3b04e55bb4378081ae6f27f8bb4f02d5c58e92885170c9b840294764258b09435762485c81

                        Download Submit
                      • memory/532-101-0x0000000000000000-mapping.dmp
                        Download
                      • memory/620-100-0x0000000000000000-mapping.dmp
                        Download
                      • memory/860-99-0x0000000000000000-mapping.dmp
                        Download
                      • memory/972-95-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1004-93-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1064-67-0x0000000001F90000-0x0000000001F91000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-64-0x0000000000200000-0x0000000000201000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-71-0x0000000001FF0000-0x0000000001FF1000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-70-0x0000000001FE0000-0x0000000001FE1000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-103-0x0000000002350000-0x0000000002351000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-68-0x0000000001FA0000-0x0000000001FA1000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-60-0x0000000000020000-0x0000000000025000-memory.dmp
                        Filesize

                        20KB

                        Download
                      • memory/1064-72-0x0000000002000000-0x0000000002001000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-65-0x0000000000210000-0x0000000000211000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-66-0x0000000001F80000-0x0000000001F81000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-63-0x00000000001F0000-0x00000000001F1000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-69-0x0000000001FD0000-0x0000000001FD1000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1064-62-0x00000000001E0000-0x00000000001E1000-memory.dmp
                        Filesize

                        4KB

                        Download
                      • memory/1128-73-0x0000000001B00000-0x0000000001B04000-memory.dmp
                        Filesize

                        16KB

                        Download
                      • memory/1164-98-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1244-61-0x0000000002B20000-0x0000000002B30000-memory.dmp
                        Filesize

                        64KB

                        Download
                      • memory/1320-87-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1376-104-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1424-94-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1500-96-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1552-102-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1716-80-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1732-91-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1740-74-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1740-75-0x000007FEFBDC1000-0x000007FEFBDC3000-memory.dmp
                        Filesize

                        8KB

                        Download
                      • memory/2212-105-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2220-106-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2240-107-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2268-108-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2444-114-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2460-115-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2484-116-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2500-117-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2776-118-0x0000000000000000-mapping.dmp
                        Download