Overview

overview

10

Static

static

fabubbjd.inf.dll

windows7_x64

10

fabubbjd.inf.dll

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    24-11-2021 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabubbjd.inf.dll

  • Size

    39KB

  • MD5

    b086c689ad65afd62dadcf6a1fb799a3

  • SHA1

    de77db799a7bc43bb7c6208cfdd58e8457cf1061

  • SHA256

    612cd74d2ed040ec2958e78ae80b39231f4eb130e2ddb74c8d90a2c1fddd1fa0

  • SHA512

    1b3ba45981151b5c8e89f93b84fdf0ce54e2d9bbbfa18bc2e0d0af2e3dccb4dc6d070640c6b3c7970c1c9d2bb2c109bfce12f99cd402975ae97982f6fa680aca

Score
10/10
magniberransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://a0eca668162cd6801actzpapmiv.3g5twxggjkc76oy6itmdvhliayffjfv23vg3rp372nn7ohfnnylfclid.onion/ctzpapmiv Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://a0eca668162cd6801actzpapmiv.vansban.space/ctzpapmiv http://a0eca668162cd6801actzpapmiv.hemore.uno/ctzpapmiv http://a0eca668162cd6801actzpapmiv.trapbe.quest/ctzpapmiv http://a0eca668162cd6801actzpapmiv.hotgame.fit/ctzpapmiv Note! These are temporary addresses! They will be available for a limited amount of time!
URLs

http://a0eca668162cd6801actzpapmiv.3g5twxggjkc76oy6itmdvhliayffjfv23vg3rp372nn7ohfnnylfclid.onion/ctzpapmiv

http://a0eca668162cd6801actzpapmiv.vansban.space/ctzpapmiv

http://a0eca668162cd6801actzpapmiv.hemore.uno/ctzpapmiv

http://a0eca668162cd6801actzpapmiv.trapbe.quest/ctzpapmiv

http://a0eca668162cd6801actzpapmiv.hotgame.fit/ctzpapmiv

Signatures

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Process spawned unexpected child process 12 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 3 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of SetThreadContext 3 IoCs
  • Interacts with shadow copies 2 TTPs 8 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\system32\wbem\wmic.exe
      C:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"
      2⤵
        PID:2452
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2464
        • C:\Windows\system32\wbem\WMIC.exe
          C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
          3⤵
            PID:2552
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1188
        • C:\Windows\system32\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\fabubbjd.inf.dll,#1
          2⤵
          • Suspicious use of SetThreadContext
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:1620
          • C:\Windows\system32\wbem\wmic.exe
            C:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"
            3⤵
              PID:2784
            • C:\Windows\system32\cmd.exe
              cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
              3⤵
                PID:2796
                • C:\Windows\system32\wbem\WMIC.exe
                  C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
                  4⤵
                    PID:2860
              • C:\Windows\system32\wbem\wmic.exe
                C:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"
                2⤵
                  PID:992
                • C:\Windows\system32\cmd.exe
                  cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:1732
                  • C:\Windows\system32\wbem\WMIC.exe
                    C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
                    3⤵
                      PID:1920
                • C:\Windows\system32\Dwm.exe
                  "C:\Windows\system32\Dwm.exe"
                  1⤵
                  • Modifies extensions of user files
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:1156
                  • C:\Windows\system32\notepad.exe
                    notepad.exe C:\Users\Public\readme.txt
                    2⤵
                    • Opens file in notepad (likely ransom note)
                    PID:428
                  • C:\Windows\system32\cmd.exe
                    cmd /c "start http://a0eca668162cd6801actzpapmiv.vansban.space/ctzpapmiv^&1^&43661138^&75^&313^&12"
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:956
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe" http://a0eca668162cd6801actzpapmiv.vansban.space/ctzpapmiv&1&43661138&75&313&12
                      3⤵
                      • Modifies Internet Explorer settings
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:1640
                      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
                        4⤵
                        • Modifies Internet Explorer settings
                        • Suspicious use of SetWindowsHookEx
                        PID:2036
                  • C:\Windows\system32\wbem\wmic.exe
                    C:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"
                    2⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1744
                  • C:\Windows\system32\cmd.exe
                    cmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:1124
                    • C:\Windows\system32\wbem\WMIC.exe
                      C:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"
                      3⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1820
                • C:\Windows\system32\cmd.exe
                  cmd /c CompMgmtLauncher.exe
                  1⤵
                  • Process spawned unexpected child process
                  • Suspicious use of WriteProcessMemory
                  PID:1944
                  • C:\Windows\system32\CompMgmtLauncher.exe
                    CompMgmtLauncher.exe
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:936
                    • C:\Windows\system32\wbem\wmic.exe
                      "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                      3⤵
                        PID:1724
                  • C:\Windows\system32\vssadmin.exe
                    vssadmin.exe Delete Shadows /all /quiet
                    1⤵
                    • Process spawned unexpected child process
                    • Interacts with shadow copies
                    PID:568
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                      PID:1380
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:952
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin.exe Delete Shadows /all /quiet
                      1⤵
                      • Process spawned unexpected child process
                      • Interacts with shadow copies
                      PID:2124
                    • C:\Windows\system32\cmd.exe
                      cmd /c CompMgmtLauncher.exe
                      1⤵
                      • Process spawned unexpected child process
                      • Suspicious use of WriteProcessMemory
                      PID:2132
                      • C:\Windows\system32\CompMgmtLauncher.exe
                        CompMgmtLauncher.exe
                        2⤵
                        • Suspicious use of WriteProcessMemory
                        PID:2188
                        • C:\Windows\system32\wbem\wmic.exe
                          "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                          3⤵
                            PID:2260
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:2320
                      • C:\Windows\system32\vssadmin.exe
                        vssadmin.exe Delete Shadows /all /quiet
                        1⤵
                        • Process spawned unexpected child process
                        • Interacts with shadow copies
                        PID:2532
                      • C:\Windows\system32\cmd.exe
                        cmd /c CompMgmtLauncher.exe
                        1⤵
                        • Process spawned unexpected child process
                        • Suspicious use of WriteProcessMemory
                        PID:2612
                        • C:\Windows\system32\CompMgmtLauncher.exe
                          CompMgmtLauncher.exe
                          2⤵
                          • Suspicious use of WriteProcessMemory
                          PID:2644
                          • C:\Windows\system32\wbem\wmic.exe
                            "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                            3⤵
                              PID:2684
                        • C:\Windows\system32\vssadmin.exe
                          vssadmin.exe Delete Shadows /all /quiet
                          1⤵
                          • Process spawned unexpected child process
                          • Interacts with shadow copies
                          PID:2736
                        • C:\Windows\system32\vssadmin.exe
                          vssadmin.exe Delete Shadows /all /quiet
                          1⤵
                          • Process spawned unexpected child process
                          • Interacts with shadow copies
                          PID:2880
                        • C:\Windows\system32\cmd.exe
                          cmd /c CompMgmtLauncher.exe
                          1⤵
                          • Process spawned unexpected child process
                          PID:2928
                          • C:\Windows\system32\CompMgmtLauncher.exe
                            CompMgmtLauncher.exe
                            2⤵
                              PID:2972
                              • C:\Windows\system32\wbem\wmic.exe
                                "C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"
                                3⤵
                                  PID:3016
                            • C:\Windows\system32\vssadmin.exe
                              vssadmin.exe Delete Shadows /all /quiet
                              1⤵
                              • Process spawned unexpected child process
                              • Interacts with shadow copies
                              PID:3068

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HKOHJOGH.txt
                              MD5

                              69bb20d3476ad0283712101b8536915f

                              SHA1

                              46ec4fb45c2361d6a64bdb93d763eb5ef584a568

                              SHA256

                              9873665386ce60590ff107940983e416d3bf2f7159ab47c4733b65ae66b93ba8

                              SHA512

                              31759dbc17f6421632101661c5ce9f1bda362b2c95890cca7a229d010d0bc99bd1ee0934b50f108df82feebef4b5f96b26deb573d50c61e91b2a3cfae5a842fd

                              Download Submit

                            • C:\Users\Admin\Desktop\BackupClear.rtf.ctzpapmiv
                              MD5

                              70822047ab9dfc14c6f3f96190748e63

                              SHA1

                              e8024be830290da1ffa3adefe9b00756b98f2f69

                              SHA256

                              83179c4bfda045f12d8000d3a2600bf082e77a0a265228485c128a6bd506db69

                              SHA512

                              b938a1f6e95047af031707b3a3f90fa3f6d0bcfecd95aac81ba285befbd8148bef411b85b13ca819dd201b7f4fbf90a14a854602d0862e924d4d45bf7f7b24a1

                              Download Submit

                            • C:\Users\Admin\Desktop\ClearDismount.dot.ctzpapmiv
                              MD5

                              a516e0dd4ccd1b81d07e064341ae1272

                              SHA1

                              dc15f5e5f819d43dc95b905761889d6887c3c0fa

                              SHA256

                              c66c67e20c4aa3039599a3201b514b1ff9230a80177eea8a9fbf400f50861a48

                              SHA512

                              f087b943cea37f7e9ec4f11b46c0f7efbe8178951a86eab891d648ec9982b24651f4dd8b19b365303b57af1c3400e53ddce267b5012b79c74f7247c94f968623

                              Download Submit

                            • C:\Users\Admin\Desktop\ConvertResolve.dib.ctzpapmiv
                              MD5

                              db26a59d07f5cb42997ef39fcc04049c

                              SHA1

                              ae25e826781930674eb7369d507ca61a5c168a5a

                              SHA256

                              c150ecf9e5b2b22471cbae899579a032de5918320f12c062fb1b7a5940995605

                              SHA512

                              0a93a8324aa7001e53745022c8be41cf2affbc866183b175e02b4a46745a5b5573950ec69eeb2adcf79bbf532043ac0c21765a55c45a080bc5dd58ff469a63ce

                              Download Submit

                            • C:\Users\Admin\Desktop\HideUse.xlt.ctzpapmiv
                              MD5

                              8955fdb037e373aeda50f7be52073a93

                              SHA1

                              e15e96fe7c5fe978adba324e513ca76c8458e985

                              SHA256

                              fac1864cd47b104f655e2f30dcfae26bc9be51c19e5c4e13a6eb374554d7b5ae

                              SHA512

                              7c88cf9a2be7b11c4f7304c31f7242b5c525bd904e162bc12cabed1fc0ab9bcbd6d9b7e2aaf702865baf61072800d9d516c9810f9654e154c0ba82da470b90ed

                              Download Submit

                            • C:\Users\Admin\Desktop\LockSelect.potx.ctzpapmiv
                              MD5

                              faf82bd93f9318d5000ef2e3b63806df

                              SHA1

                              eacc93ddf5b76b9bff3b1ed6f86266837b0bcbf3

                              SHA256

                              9bfe199318072d4784d008dc3d1a7473a0257c7d4b1d4fd85c72f8c026dfc6f5

                              SHA512

                              d59c81fad67b897312134e9ba697e0e2fe4b2e71d1d60f750f5fce80bba892540c684088ea679d70f32fcdf323219219fc94704f56b15672712cf884d722d297

                              Download Submit

                            • C:\Users\Admin\Desktop\PushSuspend.vstm.ctzpapmiv
                              MD5

                              e33fc1edd97413254a1c38c0896334f3

                              SHA1

                              c9143d190eb485714954e5310c71124d4074aa2a

                              SHA256

                              b4b13f2b0b909a908942682af5332e4f73f07718c7d522d0fa78ceda3cbfd562

                              SHA512

                              79f7c67829d17e14867334cdf2ab97921750d4222ffdd1daa73b2adae7495ec8eecfced7a60f416790dfe89111e6ab9098bca6aa8a15bb230f63e29adceb17d3

                              Download Submit

                            • C:\Users\Admin\Desktop\RemoveRename.dxf.ctzpapmiv
                              MD5

                              d881e3a6a4c24442e93bc2673bb2c3df

                              SHA1

                              6bc99876700f0360fbdb7f6658f5992d6b8b5344

                              SHA256

                              e154d72c18dd978ed3d4f7c7c16af04ace7d53b46805fc4fda8a04e375fba3ad

                              SHA512

                              c129eb6325503d875e2630c652395da09bbb7672d573122b73bb00cf2c7ef1f2eda95fcbc07ac9c15ada656d0bb40fcce3f3bf89802480499cd54b094c2b87bb

                              Download Submit

                            • C:\Users\Admin\Desktop\SubmitJoin.tiff.ctzpapmiv
                              MD5

                              9d0b754841a0722cb163885ed7562e3f

                              SHA1

                              6fd00f5c78b14689a93b650c9647f250068e73a6

                              SHA256

                              c43d1acfc49645eaba6519d568a1a6d13f48c22bce8c9272a310e0ba88704584

                              SHA512

                              f8e821c93f063ff3e229f8c9c0811ceaca586109ee925fb64f421302ec38497007a7946b095c961e76a4a83f068c1cc0441681fe533c70b4f4d18dad1f31811f

                              Download Submit

                            • C:\Users\Admin\Desktop\UnblockRedo.xlsx.ctzpapmiv
                              MD5

                              518ee678630b8a9701ff11122e3a7d31

                              SHA1

                              2b72892751c4fb6c0d59f30257fc818d39636215

                              SHA256

                              aa63ae2fe4f986f19cfc1bab52fcdff8c8fc4dfda738f766429a57eb9a22b994

                              SHA512

                              ac960b93d8a8f4fff411eb6e0780c1e6a16b8c2496ea248b6538dcbbc48c4daa67091636df867133f2b9e7b77177c979caffa766b5996ae62b82c72357a31994

                              Download Submit

                            • C:\Users\Admin\Desktop\UninstallPush.rle.ctzpapmiv
                              MD5

                              29713b41cd74bd16a43c645076f061cf

                              SHA1

                              b8c9252b0fa7808e7b18fba1fdb0a67f514687f0

                              SHA256

                              5d3892e0b220d1c92d00171649fcbb477b77ff50fa4778aa6a2ce10b5f1266b1

                              SHA512

                              478c08c8569f1ea381f936e3eed3070c41b6fc870d8087231f61c002b76fc21579f57662cbc69633b1e538bfa031515c699555ba26b0226a6d57bd977190c60c

                              Download Submit

                            • C:\Users\Admin\Desktop\UnregisterExpand.potm.ctzpapmiv
                              MD5

                              aee507454bd73fc8ef35f14b41b43236

                              SHA1

                              5ca22ef5dd2bffa6f1803394cfa43053adf56675

                              SHA256

                              2f950ee8c3067e710b3eec5884f62c610af609e8b3165762c54c1d5f3b90fc64

                              SHA512

                              1d022278379be77b24e433bd90f1cfee42aacf55f0fbddf03040d9ef500f907e1bac763ffa62ebdce16b7040ee88a1b5fb934f9c8d3ab4d60bf1934e8795473e

                              Download Submit

                            • C:\Users\Admin\Desktop\readme.txt
                              MD5

                              7c9bb773bc51df1259b160c1b5f6c410

                              SHA1

                              c494c2ed9d941ca81f0318de0d92419c63f7b281

                              SHA256

                              dfae345a93039b7f209f21b1fc3e397f26b8018890601864b6e0afeaad3ddf96

                              SHA512

                              3d33934a183074b429c747af9ea1c409ac7860a87668cfd6c0afa89c0d58d106805d077d8e27e2af93c11a620519ee1f960c633a164e44dff02af07588851fd6

                              Download Submit

                            • C:\Users\Public\readme.txt
                              MD5

                              7c9bb773bc51df1259b160c1b5f6c410

                              SHA1

                              c494c2ed9d941ca81f0318de0d92419c63f7b281

                              SHA256

                              dfae345a93039b7f209f21b1fc3e397f26b8018890601864b6e0afeaad3ddf96

                              SHA512

                              3d33934a183074b429c747af9ea1c409ac7860a87668cfd6c0afa89c0d58d106805d077d8e27e2af93c11a620519ee1f960c633a164e44dff02af07588851fd6

                              Download Submit

                            • memory/428-69-0x0000000000000000-mapping.dmp

                              Download

                            • memory/428-70-0x000007FEFBFF1000-0x000007FEFBFF3000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/936-90-0x0000000000000000-mapping.dmp

                              Download

                            • memory/956-72-0x0000000000000000-mapping.dmp

                              Download

                            • memory/992-94-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1104-68-0x0000000000190000-0x0000000000195000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/1124-74-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1620-59-0x0000000000130000-0x0000000000131000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-66-0x0000000000250000-0x0000000000251000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-62-0x0000000000160000-0x0000000000161000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-61-0x0000000000150000-0x0000000000151000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-60-0x0000000000140000-0x0000000000141000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-67-0x0000000000260000-0x0000000000261000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-63-0x0000000000170000-0x0000000000171000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-65-0x0000000000240000-0x0000000000241000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-64-0x0000000000230000-0x0000000000231000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-110-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-57-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-55-0x0000000000100000-0x0000000000105000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/1620-56-0x0000000000110000-0x0000000000111000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1620-58-0x0000000000120000-0x0000000000121000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1640-77-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1640-103-0x0000000004830000-0x0000000004831000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1724-92-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1732-95-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1744-73-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1820-75-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1920-96-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2036-93-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2188-97-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2260-99-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2452-100-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2464-101-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2552-102-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2644-104-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2684-106-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2784-107-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2796-108-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2860-109-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2972-111-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3016-113-0x0000000000000000-mapping.dmp

                              Download