e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe
Size

143KB
MD5

7b6159c7656f44b31b99331d0d6de50e
SHA1

8120da89e2453845c27bca94ed1706556f0e3c27
SHA256

e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0
SHA512

d2605a00936816cb4dbcfc60ef4014cd7b8c061a2e8ac369f5e986c075af13416764b0519a3e3038e20954bf736e3e2c6c34a9ade2ba2a28da50d0a2aa2d304c
SSDEEP

3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DxqU/:pe9IB83ID5F3/

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221128130634.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1b41a214-dd9b-4f7e-a9ad-212aa297b011.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
4244	msedge.exe
4244	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4532	e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4532	e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 3960	4532	e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe	82
PID 4532 wrote to memory of 3960	4532	e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe	82
PID 4532 wrote to memory of 3960	4532	e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe	82
PID 3960 wrote to memory of 4244	3960	cmd.exe	84
PID 3960 wrote to memory of 4244	3960	cmd.exe	84
PID 4244 wrote to memory of 644	4244	msedge.exe	86
PID 4244 wrote to memory of 644	4244	msedge.exe	86
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5088	4244	msedge.exe	89
PID 4244 wrote to memory of 5064	4244	msedge.exe	90
PID 4244 wrote to memory of 5064	4244	msedge.exe	90
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91
PID 4244 wrote to memory of 3964	4244	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe
"C:\Users\Admin\AppData\Local\Temp\e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.2.9200x64sp0.0ws^|tt32^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.2.9200x64sp0.0ws|tt32|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
    3⤵
    - Adds Run key to start application
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff895cd46f8,0x7ff895cd4708,0x7ff895cd4718
      4⤵
      PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
      4⤵
      PID:3964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
      4⤵
      PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 /prefetch:8
      4⤵
      PID:1120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 /prefetch:8
      4⤵
      PID:4640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
      4⤵
      PID:1188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
      4⤵
      PID:1732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:3004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff7a7a95460,0x7ff7a7a95470,0x7ff7a7a95480
        5⤵
        
        PID:4144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11167175460388475216,3739506142060236422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
472B

MD5
03ad9fc0b00b5df3165dc2fb1e3b0a3e

SHA1
f8243335a8bc24d989bddd346048a055e1d0bdeb

SHA256
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

SHA512
a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9

Filesize
1KB

MD5
1519171ba0e9b6aabdd22495c93b43f8

SHA1
da916b57522c4c4cbac2aedc3354bc6c69a56270

SHA256
dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

SHA512
7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
402B

MD5
ddfea71b368bee77e90360ac804efbce

SHA1
a1970c0f78a4e6957cee31850981edd095e4d06e

SHA256
b9118d75f6772559bfa7959524208995905dd4985ad9976da25fbda84eec4cb1

SHA512
e9e8d0fa2cc85c51d5efaa98012722d5222aa5e36e637224de96974b242e28c1b93df0859f828f9389ba776d2fce766b38355f14cc353d481124735c305e7478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9

Filesize
184B

MD5
c71b58205c7319f676ee5c0aeb7af502

SHA1
e9853df8ba7605adc0490f120643f41bd86638c3

SHA256
0692aef22ad629f98d425aa479abada6fdbd6a5887a33573a62555d3230dd600

SHA512
8f7807310b582a3061782d8819e4fac994e4752774d20530fc34c72d7b67b955e767c9202abe997731798a63d5fc79a7e7763c4b6fa67a0b215fc08930c58279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
5c46bb326047b2867b42d59f90ff1783

SHA1
ed222faad278823c18fb294a20fd8510d5df9a31

SHA256
34c4cc93367df4960a0b0c30b61e502b5c15903b0ccbd20f8071afe887b0b390

SHA512
339f02dd5b979fd4369b8bbd20e2364906338312d0da7b3da3d36682b4f67466a428a2dff6c124894c3464519d2f4c8b67c6db6b001fb67ad633c14487abbd1f

Download Submit
memory/644-134-0x0000000000000000-mapping.dmp

Download
memory/1120-146-0x0000000000000000-mapping.dmp

Download
memory/1188-150-0x0000000000000000-mapping.dmp

Download
memory/2844-163-0x0000000000000000-mapping.dmp

Download
memory/3004-161-0x0000000000000000-mapping.dmp

Download
memory/3748-154-0x0000000000000000-mapping.dmp

Download
memory/3960-132-0x0000000000000000-mapping.dmp

Download
memory/3964-139-0x0000000000000000-mapping.dmp

Download
memory/4144-162-0x0000000000000000-mapping.dmp

Download
memory/4244-133-0x0000000000000000-mapping.dmp

Download
memory/4440-142-0x0000000000000000-mapping.dmp

Download
memory/4640-148-0x0000000000000000-mapping.dmp

Download
memory/5048-152-0x0000000000000000-mapping.dmp

Download
memory/5064-137-0x0000000000000000-mapping.dmp

Download
memory/5068-144-0x0000000000000000-mapping.dmp

Download
memory/5088-136-0x0000000000000000-mapping.dmp

Download