Overview

overview

10

Static

static

SYSTEM.Sec....0.jse

windows10-1703-x64

10

SYSTEM.Sec....0.jse

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2022 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SYSTEM.Security.Database.Upgrade.Win10.0.jse

  • Size

    185KB

  • MD5

    f6d2fc78661b55258fb704f66c9949e4

  • SHA1

    7c4608440e4afcb032890edd4deef18a0ce3c8dd

  • SHA256

    6a68217b951f9655e4a7ed13fcfc4696ac5d231450fe7d2be8b6a1d71425752c

  • SHA512

    9f66641f19e8046b19f7bffa056ec3e677aae853102dded94c22665381d0d2b65334c16c74d7b64df319b1518931d6ad281ad86c1fbc67ee6ba1984f67506dce

  • SSDEEP

    3072:dthtQYzUz8giIajyEPeR00t/+DYhRkEIKf+6yr3S1IuIDbHBX66vPYH/J25gfgbD:z73zUz8gCjyUeihSRkCy3H36HxgbD

Score
10/10
magniberpersistenceransomware

Malware Config

Signatures

  • Detect magniber ransomware 3 IoCs
  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Modifies extensions of user files 8 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 55 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Modifies registry class
    PID:2452
  • C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    1⤵
      PID:3252
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3252 -s 840
        2⤵
        • Program crash
        PID:3748
    • C:\Windows\System32\RuntimeBroker.exe
      C:\Windows\System32\RuntimeBroker.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:3412
    • C:\Windows\System32\RuntimeBroker.exe
      C:\Windows\System32\RuntimeBroker.exe -Embedding
      1⤵
      • Modifies registry class
      PID:3696
    • C:\Windows\System32\RuntimeBroker.exe
      C:\Windows\System32\RuntimeBroker.exe -Embedding
      1⤵
      • Modifies registry class
      PID:4560
      • C:\Windows\System32\cmd.exe
        /c fodhelper.exe
        2⤵
          PID:504
          • C:\Windows\System32\fodhelper.exe
            fodhelper.exe
            3⤵
              PID:1820
              • C:\Windows\system32\wscript.exe
                "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/jhujddrfvqdw.gif
                4⤵
                  PID:1876
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies registry class
            PID:3496
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3344
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
              1⤵
              • Modifies registry class
              PID:3012
            • C:\Windows\Explorer.EXE
              C:\Windows\Explorer.EXE
              1⤵
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:2720
              • C:\Windows\System32\WScript.exe
                C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\SYSTEM.Security.Database.Upgrade.Win10.0.jse"
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4984
              • C:\Windows\System32\cmd.exe
                /c fodhelper.exe
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:3380
                • C:\Windows\System32\fodhelper.exe
                  fodhelper.exe
                  3⤵
                  • Suspicious use of WriteProcessMemory
                  PID:2848
                  • C:\Windows\system32\wscript.exe
                    "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/yrlqdylc.gif
                    4⤵
                      PID:1468
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\README.html
                  2⤵
                  • Adds Run key to start application
                  • Enumerates system info in registry
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of WriteProcessMemory
                  PID:1416
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffee97846f8,0x7ffee9784708,0x7ffee9784718
                    3⤵
                      PID:3396
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
                      3⤵
                        PID:2388
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
                        3⤵
                          PID:3024
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
                          3⤵
                            PID:4364
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
                            3⤵
                              PID:2084
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                              3⤵
                                PID:3256
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 /prefetch:8
                                3⤵
                                  PID:724
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 /prefetch:8
                                  3⤵
                                    PID:1820
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                                    3⤵
                                      PID:3604
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                      3⤵
                                      • Drops file in Program Files directory
                                      PID:2244
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7e37f5460,0x7ff7e37f5470,0x7ff7e37f5480
                                        4⤵
                                          PID:4968
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1988
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
                                        3⤵
                                          PID:2248
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                          3⤵
                                            PID:1844
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2120,10580342707079626753,6098093909190192366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:8
                                            3⤵
                                              PID:2900
                                        • C:\Windows\system32\taskhostw.exe
                                          taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                          1⤵
                                          • Modifies registry class
                                          PID:2768
                                          • C:\Windows\System32\cmd.exe
                                            /c fodhelper.exe
                                            2⤵
                                              PID:3828
                                              • C:\Windows\System32\fodhelper.exe
                                                fodhelper.exe
                                                3⤵
                                                  PID:724
                                                  • C:\Windows\system32\wscript.exe
                                                    "wscript.exe" /B /E:VBScript.Encode ../../Users/Public/jhujddrfvqdw.gif
                                                    4⤵
                                                      PID:1652
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                1⤵
                                                • Modifies extensions of user files
                                                • Modifies registry class
                                                PID:2468
                                              • C:\Windows\system32\WerFault.exe
                                                C:\Windows\system32\WerFault.exe -pss -s 460 -p 3252 -ip 3252
                                                1⤵
                                                  PID:3168
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:604

                                                  Network

                                                  MITRE ATT&CK Enterprise v6

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                    Filesize

                                                    70KB

                                                    MD5

                                                    e5e3377341056643b0494b6842c0b544

                                                    SHA1

                                                    d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                    SHA256

                                                    e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                    SHA512

                                                    83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    38f81f1c97e50a88d3f4479fd1b2a056

                                                    SHA1

                                                    bc254da4b17b0b23044b2d797012fab7f163b0a4

                                                    SHA256

                                                    6f517ead2642d944325d3402b11801d4eaa304a0e2231f2b4c68eafb0be5bacb

                                                    SHA512

                                                    d29cf18048c9d6e4cc7e00a74f0320458e652a8db9577a7a84240b4af11280e5f1a41f44f43959a92db8105a1c15e9f6ecbbc519de0a3cd9014f9dd4467baf31

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    493315219793f00589ca519a0bafffa3

                                                    SHA1

                                                    a9a125a3eeb6847f62fe2ea21b0fa2a79e2861b7

                                                    SHA256

                                                    dbf1bd5d5523526cbb424c909321ad052f31cc998153724a8f6f37d28a8da54d

                                                    SHA512

                                                    52224a6cfc022014c5682d1996473c539e5d5e9f107b2234cebfc45ca935360b2787606826983207052cddc3c0cf1332a385a3fa446046c5ab23834ce5d46082

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\ccba5a5986c77e43.automaticDestinations-ms
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    0e601dc0ddda955c175584282b232260

                                                    SHA1

                                                    e91ff1dc0e0c9bff127c1d7750fc7077dacb595f

                                                    SHA256

                                                    d1f5c463651318b883cd48d1986519be7b95da02d17b35cc1aefd5da20230750

                                                    SHA512

                                                    3b5f7f27633b65104d2aa5cde588f6dd462ad056819fe93b974a2cbf8a9adaeda90926dcd8a5d5d4bf5410e4f821cd757401c284479509616f1fc235448cf6ec

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                    Filesize

                                                    7KB

                                                    MD5

                                                    6ff731a0805f157ad2d47368638d8c26

                                                    SHA1

                                                    bf5f03338ea2f0b82523fd0c79424da49d6f8c04

                                                    SHA256

                                                    03af495c84cebddce7471e7abbd13cb6a948913842605ab4355ea77cf19a63ec

                                                    SHA512

                                                    9f448ae8c599f429781c2118c8e501e190642e350476c6c294a0e3b69d5e5bcefefdc053bb2da4a91de9d9f6cff4f6c5f22741db537a924ad35708c7298ccb12

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    e8d5fe83a3778ea192e9cd9176f6ce4e

                                                    SHA1

                                                    dc1f37c0cce6e71dd0c44db401daab1f5f1c581f

                                                    SHA256

                                                    de16534b01e3ddf86ebdea2b2fde8f8359947fd3152bbf4e45dfcccb7f64d1b0

                                                    SHA512

                                                    2b171d58b40f658ef731ad22fd79330cf5c9686bc03ab21851153a22e8df59c8c963c9a04648d31a136a308d7e21ae8e9cace14c28b046c051a621ed2f975157

                                                    Download Submit

                                                  • C:\Users\Admin\Desktop\Microsoft Edge.lnk
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    3ce8f0f208b1f96bc0e42217f7da539f

                                                    SHA1

                                                    81955bdaf5e65ad09989f94fb41dfc9f0587c265

                                                    SHA256

                                                    ab59fc51c1c4bd04721da81e5db3514c7f12d0689546d7a16cdcec80f1a0b801

                                                    SHA512

                                                    eaa266eedf30bb1fcbbd081d7a950b8ab778f486623f680b9bb466a597a0e18795a9215bf2ddebc2ecabf278b94f8dc7e850f939408e4e01678b6b64b76ab4c3

                                                    Download Submit

                                                  • C:\Users\Admin\Desktop\README.html
                                                    Filesize

                                                    15KB

                                                    MD5

                                                    582e7df5dd6190103cc0b3faea24f0a6

                                                    SHA1

                                                    ec221b729e755e1fa29a4f8268d4410c04d7629b

                                                    SHA256

                                                    9a72b3c43a73a4eb971e9b728293f35d06f1a653b282f8649175f1af0311c147

                                                    SHA512

                                                    9fc68209dcf986ebe6e304303c16ed6e9489d3f7a7629ea19eb87d218cf13c0ebfe39f07e4c162f9464c4d15eca83e9aae1b3c9705831033e81d9e49edebf12c

                                                    Download Submit

                                                  • \??\pipe\LOCAL\crashpad_1416_FKRUKWREJFHHDDUO
                                                    MD5

                                                    d41d8cd98f00b204e9800998ecf8427e

                                                    SHA1

                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                    SHA256

                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                    SHA512

                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                    Download Submit

                                                  • memory/724-181-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/724-166-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1416-151-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1468-149-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1652-182-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1820-170-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1820-183-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1844-180-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1876-184-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/1988-174-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/2084-160-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/2244-171-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/2248-178-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/2388-154-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/2452-134-0x000002888A6B0000-0x000002888A6BA000-memory.dmp

                                                    Filesize

                                                    40KB

                                                    Download

                                                  • memory/2848-148-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/2900-186-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/3024-155-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/3256-162-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/3396-152-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/4364-157-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/4968-172-0x0000000000000000-mapping.dmp

                                                    Download

                                                  • memory/4984-141-0x00007FFEE8E40000-0x00007FFEE9901000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/4984-133-0x0000022329ADF000-0x0000022329AEA000-memory.dmp

                                                    Filesize

                                                    44KB

                                                    Download

                                                  • memory/4984-132-0x00007FFEE8E40000-0x00007FFEE9901000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/4984-146-0x00007FFEE8E40000-0x00007FFEE9901000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/4984-147-0x0000022329ADF000-0x0000022329AEA000-memory.dmp

                                                    Filesize

                                                    44KB

                                                    Download