Overview

overview

10

Static

static

10

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    97s
  • max time network
    104s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2022 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.exe

  • Size

    214KB

  • MD5

    1175cee6112669df046466d218109fb5

  • SHA1

    25569cd2d388f1e08ee14afd982b236d45d24b76

  • SHA256

    89553444e2b621c1894b6b14023db472f28120ee311adbca8618eaa0106837eb

  • SHA512

    c23c8c9025f1267e55b20c0f42103b556e9323d3e42a1a7f3ad1810565da43f55ca7a96c1cad0740462436c62f1b8392eee1ae90aa9657f3d88aafb27ac75175

  • SSDEEP

    6144:myJE1yd7WHJmcyfjtPWna4DQFu/U3buRKlemZ9DnGAevIhdiFy+:mU/d7WsvBPWa4DQFu/U3buRKlemZ9Dn4

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [email protected] 1. Visit https://tox.chat/download.html 2. Download and install qTOX on your PC. 3. Open it, click "New Profile" and create profile. 4. Click "Add friends" button and search our contact - 126E30C4CC9DE90F79D1FA90830FDC2069A2E981ED26B6DC148DA8827FB3D63A1B46CFDEC191 Your personal ID: 80A-1E4-6BC Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
URLs

https://tox.chat/download.html

Signatures

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Deletes itself 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    "C:\Users\Admin\AppData\Local\Temp\1.exe"
    1⤵
    • Enumerates connected drives
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic shadowcopy delete
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1832
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
      2⤵
        PID:1344
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
        2⤵
          PID:1516
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
          2⤵
            PID:1288
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:1648
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin delete shadows /all /quiet
              3⤵
              • Interacts with shadow copies
              PID:1216
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:1932
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell.exe -ExecutionPolicy ByPass -Command "Get-WmiObject Win32_Shadowcopy | ForEach-Object {$_.Delete();}"
              3⤵
              • Drops file in System32 directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:584
            • C:\Windows\SysWOW64\Wbem\WMIC.exe
              WMIC.exe shadowcopy delete /nointeractive
              3⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:1616
          • C:\Users\Admin\AppData\Local\Temp\1.exe
            "C:\Users\Admin\AppData\Local\Temp\1.exe" -agent 0
            2⤵
            • Modifies extensions of user files
            • Drops file in Program Files directory
            • Drops file in Windows directory
            PID:1948
          • C:\Windows\SysWOW64\notepad.exe
            notepad.exe
            2⤵
            • Deletes itself
            PID:1164
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1500

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\~temp001.bat
          Filesize

          262B

          MD5

          e6545ccb3660f88529716ed4e647c713

          SHA1

          ecd628f29985599a24c5c1d23083c689917dd74e

          SHA256

          e802bf0c4481bef693d4d1f307aba48301e330d3728dd46a4ec97c4a96b4d4a7

          SHA512

          f745e7d5dd006083234e783dd5dc7fb83043a7d0479ea2a91a2ddbc8c20ca47343516efbd155271768c675a22b32e88febdfe51551ec42dfdb64805c62c3188d

          Download Submit

        • C:\Users\Admin\Desktop\CompressRepair.wm.loplup.80A-1E4-6BC
          Filesize

          823KB

          MD5

          2b078657a06338467421fc6fe6695d24

          SHA1

          0477f4e6d9fd51e4bbd33dee40c317ad254bcce3

          SHA256

          fb6cfdbbe4294bce71b122cadc7dd66a2cd49d66e04d921d7ff0c0b847195d55

          SHA512

          72f3540a7f321f77a1cbc315eea23105286246d719d21654e73dc79052ee288d1b8069365ad492408a5659c02bcd0e7be6bd44051c59c174a07c03376fd238d2

          Download Submit

        • C:\Users\Admin\Desktop\EnterAssert.ps1xml.loplup.80A-1E4-6BC
          Filesize

          595KB

          MD5

          d80749e207707282621ce02ba3b43122

          SHA1

          c4107bd6c17012d831548ebbcd967a60c0ad0360

          SHA256

          e89ed1d8113dda45370d9f7a9ea0f38caa6c64fb4a0fbe154906a84bd9c95ebc

          SHA512

          64f742b128a9ece8be0900b5db647179fd8115aea5be64663adafacc5e4d087c2f4c84fe700d68c8491e0755b2a50d02dccb78b32e507aba44e8dfb714d55101

          Download Submit

        • C:\Users\Admin\Desktop\GetSwitch.reg.loplup.80A-1E4-6BC
          Filesize

          848KB

          MD5

          94d1c7949325c2f8809516d01c08b91f

          SHA1

          18f8b337250da1e47cc0587e8568fe9e01092ade

          SHA256

          92f96931eef8f482cf97aec4912a62b346b8560fb2a2345776e3b5858cd7e790

          SHA512

          7c6272b76d47bf9903df013aebd2fa70227ae1a84982452276fd18416aeaca0c2911f88d49b68eeae8f566f7bbaca1c3711e0d69831dedbd2dd4c96829f5686f

          Download Submit

        • C:\Users\Admin\Desktop\GrantTrace.cr2.loplup.80A-1E4-6BC
          Filesize

          621KB

          MD5

          d1296877d2e7e32209646fc5eb35b5fe

          SHA1

          47d8748de794cac331879e01d8f86556489f6abb

          SHA256

          4b183b111faf8c6487802337c89c5a641cc6c63ec9bfa2ae6a5434ae90d6e19f

          SHA512

          609cc9bc640403fa86b20ba29dfce851a07370343b7c597a110b296d407ab506df1c7704b5abb54fd08c148b650c200f492c9fa9730712bba7dedb92ad9f1dc7

          Download Submit

        • C:\Users\Admin\Desktop\MountGrant.dib.loplup.80A-1E4-6BC
          Filesize

          418KB

          MD5

          2a33b9da3dc61ecb1e92ecbceebd4cc5

          SHA1

          1da872f5a7c2e511be6d17239c5cc6bbdf73e3c1

          SHA256

          bbdf0915d4c7458c49b3067e633e8b730e54abed33cfff55544e356d7f54f400

          SHA512

          5413d5dd552289e997de74f18ebdb062ddeb41fb11f68b1b0f8a3344b9ea4c170b3f61a208adb8a77a917c6eb2d663edb61cb0ba2416d33c7d8fe036900ad51a

          Download Submit

        • C:\Users\Admin\Desktop\OutBackup.wma.loplup.80A-1E4-6BC
          Filesize

          899KB

          MD5

          45011ac8796884dfccfdaff05cbc6327

          SHA1

          78f69fbdbc2dfe81cc29db0e9c20ff8378a7b437

          SHA256

          8fcef30d2f37cb15dea8bf4c159068d5655b7705b8ae651f6c16589d0b7087cc

          SHA512

          8d9fe078ae5a1f56f737a168ced161e6ccceb4af06e3b1159d484e269bdb9e5a0f4bbc5549681a993069111887ce1cb3bbbfbb763ce111949ffcb80b63651128

          Download Submit

        • C:\Users\Admin\Desktop\OutInvoke.wps.loplup.80A-1E4-6BC
          Filesize

          949KB

          MD5

          f37ff0f27c79bd3a12e29e08909b7385

          SHA1

          42a775e1b300f5bada64afac80e1ada80968cb28

          SHA256

          2f084e2025ac490d4b6307caf03099be89789afcb59473baf72903e1aa336fd3

          SHA512

          dd4c8c5e6c90c9cde51950f393b6cdae6c1b8bded97b7981ceef249d5ef26eef607c2a58211cbe993d04a9b079defcfa971e757ca340b920a92d5d038bc4ece5

          Download Submit

        • C:\Users\Admin\Desktop\OutShow.M2T.loplup.80A-1E4-6BC
          Filesize

          924KB

          MD5

          5fbb43518e65982a7d95dd4f2f7a67b4

          SHA1

          01ea1ef73356230e46cf16079a5a09a5fb0c8a8b

          SHA256

          977fb105b416cc32a0f499e202c86cd45b62acc364e0d3fb00a0529a42eaeb5a

          SHA512

          9b067870a3d6d33f6b7a0a1b1f26b8058e613752c905e6ee68fd801ead81b8712a817e14177f7ddd9bbbc27f780e112daf295c13753a821ed289745c75ba3750

          Download Submit

        • C:\Users\Admin\Desktop\ProtectAdd.avi.loplup.80A-1E4-6BC
          Filesize

          494KB

          MD5

          e5f6f2817177f748493f6fce74514685

          SHA1

          a17201edb194e482f191b41e25c3808a18a58ea7

          SHA256

          ef1c9c0acf46e8f5530e37f0387cce32cfc0d6218e68f425085bb4f3d39b1a57

          SHA512

          0457e4fada332f44182e55c9858db5de448a66f683ea9a0e88b450027d87ee78cd4cf437e61bb60a3fe9505ee658796b8514d6da6e8cc60b6d7013ce4a257e1e

          Download Submit

        • C:\Users\Admin\Desktop\PushResolve.vbe.loplup.80A-1E4-6BC
          Filesize

          975KB

          MD5

          b5cc517fb92dabf4ca4bcc18e8748276

          SHA1

          baa6980ad6d7478037547daae7cdadfd32af4d35

          SHA256

          e7580c06bf7f2db7a2e7e64c9592185d44861933a00dbddf89cc31f41937d556

          SHA512

          36f92eb74289bb9a0053f78c1736a1576d9f17c011b135f3abc5948147143bf8f478ad763f467620c14fc7dc3ae69c76c9d5fa2dff922617b5a870fd77d3e183

          Download Submit

        • C:\Users\Admin\Desktop\RenameHide.htm.loplup.80A-1E4-6BC
          Filesize

          469KB

          MD5

          eb408be81d7d2d8b70e5ade280ba20ca

          SHA1

          8975c188926073fac6d501671847a1ac055c8ba4

          SHA256

          b0ffd2c6bda6eef4e0f5c2af8720a83b8075dc03337bce943f7f75d452b64ea5

          SHA512

          2d8a21b27b921439dfa28d6fd9115350c1f4be4e16f7aecca175cdb4d0331c9f5ac6698a69690741799c6457607609cf7e4ccedafaa66e34ab0d4409f71ab5e7

          Download Submit

        • C:\Users\Admin\Desktop\RequestConnect.mht.loplup.80A-1E4-6BC
          Filesize

          798KB

          MD5

          45f98297bc77b547b309d62e8225842a

          SHA1

          29a0bcc67c8416db82f180addc927f1c04df4d4b

          SHA256

          60173a7836121c7cd688920afe87e24633057714488380ba27e9c24cbb19ae1b

          SHA512

          e3619d262cd9bd1702fb3fcd3f623694a766118bef80197db1dd63b25cfad630df7db552d79ce085ea23a724c5835386a8778ecacdd8012bf47485f98884b575

          Download Submit

        • C:\Users\Admin\Desktop\RequestSplit.mov.loplup.80A-1E4-6BC
          Filesize

          646KB

          MD5

          4d39dc65ae3e51027c777e80861d1e72

          SHA1

          351a5148c758f216ed6419259df1b807e381cbc2

          SHA256

          414b5272643ce1d58c232d41ef6d4a693182ca218082c56205f166f3a32193d1

          SHA512

          6f2c94a94b5a521ef760f6d7b53c08b61dad80b0b6a517cfc0b0352e048e8e2c3d9eaaab82aac61aa667405a6475a95e021b2d054fce31a9498907e549c61ed3

          Download Submit

        • C:\Users\Admin\Desktop\ResolveConvert.tiff.loplup.80A-1E4-6BC
          Filesize

          393KB

          MD5

          1870578bbaa253f87f9b9f6785d8626a

          SHA1

          2b3796f4ef3420bb49619daee9abf5b1719b0def

          SHA256

          a646bf23bc7f3f5bef830d10eec4a77e330a09501e4a81a9ef5f8b475067da9f

          SHA512

          4412d4daff0e45d84ca36555b0b0914414363322e53d21d491404380ee23c70615caf9340dd682b401d080e4c106ded7427b11fdd4baed3dcddd7f54ec54c7b8

          Download Submit

        • C:\Users\Admin\Desktop\ResolveSelect.cab.loplup.80A-1E4-6BC
          Filesize

          570KB

          MD5

          5ef65d1f74ba0d5070ba884052ebbd8a

          SHA1

          c9bac3a088794f349f63b1efaf571bcbfef33de1

          SHA256

          f20b4741348ff795c666aebfcc28698b93eb0eb5b5ead6f1f818372223e9656d

          SHA512

          6fdd44efc84d69ab2f70c689b1c22507ac6cdbe681580550982ffe337ceff1ef9cfa5aaf76acd26c083a1bd4f6d5c48463c9dea0fbeb4f051a50946ed2150a04

          Download Submit

        • C:\Users\Admin\Desktop\RevokePop.TTS.loplup.80A-1E4-6BC
          Filesize

          696KB

          MD5

          f746fd4415518346799d1e86ec490ffd

          SHA1

          959a7e837fdc92748913c18b78031c785f9021b1

          SHA256

          3299798c807dd16e106a6a4c6a9fca1d0082b4973d360c9cc0869f8021c29ab6

          SHA512

          55efb407054f6678f79226a72b32b11d77784761ea90b5b353146e1c2333210cd6d0263e05fb5e89239faad5d8774fdfd512fbf6fb3207f6b4f93a802d526df0

          Download Submit

        • C:\Users\Admin\Desktop\ShowStart.xht.loplup.80A-1E4-6BC
          Filesize

          368KB

          MD5

          7de23949fe53917cb93e24e8af0160dd

          SHA1

          c32c449d45e37dc8bf9ef3c78a2cff3def5c302d

          SHA256

          1d66f1412c3c78fcbf20c3294af635fa6c7cbdacdc11fe2c7dfb80c3ceb51c32

          SHA512

          63b0f5dfd8629e764eb789b99f5f7cd00fba749e588ca50710e31231f182579ba1f1235f4ac887a504539a6fe55a71eade627d1210e5c11c49bf79502eef53fa

          Download Submit

        • C:\Users\Admin\Desktop\StartCheckpoint.odt.loplup.80A-1E4-6BC
          Filesize

          873KB

          MD5

          1068e0db9e7f1e11dbd7a2cf216e9c80

          SHA1

          23ee40ade4be8b348bffec6140f3d1d2e3e91b7f

          SHA256

          69483661d7af9d574c51515009df154d67e1f3ca132a0f54d59d596a20226244

          SHA512

          f2562d411e9df7803846d788a891923975c9f5d23d5edec0404e779b4d3ed14e2370e88f3f97f224070eba51d294e78f84b4b306f0510785d4f0225157f6a2cf

          Download Submit

        • C:\Users\Admin\Desktop\StopBlock.wpl.loplup.80A-1E4-6BC
          Filesize

          772KB

          MD5

          e5e1355e04003ccec01e059cf0e38166

          SHA1

          3fab14c91b4667143b3951e984e1d24a01b9d3cc

          SHA256

          e0b73128c9017ee3ce74f2adc8cea927fc9fc764127ab19e3aff6c1ca2582c14

          SHA512

          38fc0fa4e3ec0a01179a7d9e07562e9629675ff6024f28f7081473fc45cdc4f5265eb6b26b998d88ff70252b562c012215de4bec7d86c8a67feb670bf1f5f3f6

          Download Submit

        • C:\Users\Admin\Desktop\SubmitStop.mpa.loplup.80A-1E4-6BC
          Filesize

          343KB

          MD5

          735f06c5f161666b4ed5209de09d63f0

          SHA1

          3c4207bc80c3350409b1410b4d62d97a98bbdd27

          SHA256

          7a3116e3ac17c92f5d54e5c8bdf9183a3df0c9505babd44cc46d89ef1c8ef671

          SHA512

          fb9dbf3ef00c0c29f063d1cc57e82825a2aa0c2d620d79428c515b259c1aa8f757bfc03b5fdb6b41845a92802c3be4f79344938bad7f5ed5ba949eeeb492efe3

          Download Submit

        • C:\Users\Admin\Desktop\TestCompress.vdx.loplup.80A-1E4-6BC
          Filesize

          722KB

          MD5

          2f9011136f390d39f872cf01cc789c2a

          SHA1

          10c4d8c012b9643eabff1db7c8e8a85fb166dd6d

          SHA256

          2071b5206a1730acdeadc7460e74430fc33a1a0c69978feac51dbb68a0a3c673

          SHA512

          64cf86c68b994136a33a5c49a86d0ac8cf6195aba39f5a3199c8e69084e13262fde1aa5848c1f1d0135a1d0f269299f4acf841c206e0ed74d5bd467e8a959a3d

          Download Submit

        • C:\Users\Admin\Desktop\TestShow.bmp.loplup.80A-1E4-6BC
          Filesize

          747KB

          MD5

          61884b524dcd46e145ce0e546be0830b

          SHA1

          1ac35ba2f24c150959a6991b790367d0eb5ca4d2

          SHA256

          c17d0d887622dd6a0a262f5fb142a3b59484c26b4bb476015e8c96f43127783f

          SHA512

          3dd66e212027454e2455e5ae1bd6d0ae68c5adbc0e3694ca54d9649d096d9cdf4d7cd964aa07a95d3e6bf3a82824bba516a238244528b1955479426d9217d8f0

          Download Submit

        • C:\Users\Admin\Desktop\UnblockOut.xls.loplup.80A-1E4-6BC
          Filesize

          671KB

          MD5

          77a14ca5a7b3644a1359c10fa802ae11

          SHA1

          5970c198891b021228788dba6ccbc6bf0cd7fe0b

          SHA256

          f9ed5d954e1d390a25fa441db12e70820fefeb8d2aba8cfda76335a18939b0d0

          SHA512

          b913abb9cee536b7094dffbd8b652ff486dada324ac3d0c55e66cdec79e006f90872f0ded7c4267242e200ad28cd45676bf4a913053d6cd560fa241acdf2609d

          Download Submit

        • C:\Users\Admin\Desktop\UnprotectConvert.wmf.loplup.80A-1E4-6BC
          Filesize

          519KB

          MD5

          7b4487e02699c5db32b57148f97bd83a

          SHA1

          9663bab74cac16c0d99d66ddf439154b8a5f3069

          SHA256

          55b38af44d397f18a854bf0a58d07acb2188c1fe964d3316e5ecda3e677f38df

          SHA512

          3fbabce3f6347e35058fde43248be6cc9b8b393b37b05f88bcecfb10aafa6def304c7afb8f1b01304d15319bb16ad93c957948639b11c521220c5a77e5883b2b

          Download Submit

        • C:\Users\Admin\Desktop\WaitDebug.ppt.loplup.80A-1E4-6BC
          Filesize

          1.3MB

          MD5

          85963e270bf46647c108379a3f34e058

          SHA1

          1d6c29fa01a68450d3c45d82032e92c709c447d9

          SHA256

          ce65b52ac176091798a1eb843abe5e9b7934a26d531702cd8b6d4bc3a94ec67d

          SHA512

          7fe67af3520069fb285a2a75d6c12888de8e43be58b1c1d8fd0b47e6eac697fc2004036fd0f3f4c77332f92d3d165f53e95406b00bb0a2c8eb59c9ea11e6978d

          Download Submit

        • C:\Users\Admin\Desktop\WatchRegister.M2T.loplup.80A-1E4-6BC
          Filesize

          545KB

          MD5

          77ab3acba360e465be09e6904d36be67

          SHA1

          6ac064d2d6ae6cba4d6f06892f3e692ba5148400

          SHA256

          fa94c34c4fc70e92a71a02e98a67a329791580cad39edd46a239b07e336abc5e

          SHA512

          ceb87d9f4de26a36218493a644b9d7a0fab9db6e8369a015b1c3865d9d1844001e53b15c7e2c38b99eda8ca6c4ce0aaec55860c82047a8a0dce8d53889156cad

          Download Submit

        • memory/584-65-0x0000000000000000-mapping.dmp

          Download

        • memory/584-69-0x0000000073A50000-0x0000000073FFB000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/584-68-0x0000000073A50000-0x0000000073FFB000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1096-54-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1164-97-0x0000000000000000-mapping.dmp

          Download

        • memory/1216-66-0x0000000000000000-mapping.dmp

          Download

        • memory/1288-58-0x0000000000000000-mapping.dmp

          Download

        • memory/1344-56-0x0000000000000000-mapping.dmp

          Download

        • memory/1516-57-0x0000000000000000-mapping.dmp

          Download

        • memory/1616-70-0x0000000000000000-mapping.dmp

          Download

        • memory/1648-59-0x0000000000000000-mapping.dmp

          Download

        • memory/1756-55-0x0000000000000000-mapping.dmp

          Download

        • memory/1832-60-0x0000000000000000-mapping.dmp

          Download

        • memory/1932-61-0x0000000000000000-mapping.dmp

          Download

        • memory/1948-62-0x0000000000000000-mapping.dmp

          Download