dridex | 7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339

Analysis

max time kernel
150s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2023 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339.dll
Size

1.4MB
MD5

76a03b741a85be73b47b1a72cea1becb
SHA1

f453704ee0177d5771766870bc871e7c048a6c61
SHA256

7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339
SHA512

86c59d8d2c2111175d541dd17ecc7b1ab89eb0e5400f2db21d70346af7871d2ac3008aca9ec762bbd7508b2c8ac9122111bfc83356c1d413bf1c693fbc74ec95
SSDEEP

12288:LZgJtlQepQn+NDo7nIYegQCLDF/B9wvj/cLvVZFuw:LZK6F7n5eRmDFJivohZFV

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

Processes:

resource	yara_rule
behavioral2/memory/3132-137-0x0000000001110000-0x0000000001111000-memory.dmp	dridex_stager_shellcode

Executes dropped EXE 4 IoCs

Processes:

FileHistory.exepsr.exewusa.exeDevicePairingWizard.exe

pid process

4360 FileHistory.exe
1700 psr.exe
1192 wusa.exe
2152 DevicePairingWizard.exe
Loads dropped DLL 4 IoCs

Processes:

FileHistory.exepsr.exewusa.exeDevicePairingWizard.exe

pid process

4360 FileHistory.exe
1700 psr.exe
1192 wusa.exe
2152 DevicePairingWizard.exe

pid	process
4360	FileHistory.exe
1700	psr.exe
1192	wusa.exe
2152	DevicePairingWizard.exe

pid	process
4360	FileHistory.exe
1700	psr.exe
1192	wusa.exe
2152	DevicePairingWizard.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dxkctdwn = "C:\\Users\\Admin\\AppData\\Roaming\\Sun\\gSs\\wusa.exe"

Checks whether UAC is enabled 1 TTPs 5 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

rundll32.exeFileHistory.exepsr.exewusa.exeDevicePairingWizard.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FileHistory.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	psr.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	wusa.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DevicePairingWizard.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

rundll32.exepsr.exe

pid	process
4644	rundll32.exe
4644	rundll32.exe
4644	rundll32.exe
4644	rundll32.exe
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
3132
1700	psr.exe
1700	psr.exe
3132
3132
3132
3132
3132
3132

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

3132

pid	process
3132

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

description	pid	target process
PID 3132 wrote to memory of 1076	3132	FileHistory.exe
PID 3132 wrote to memory of 1076	3132	FileHistory.exe
PID 3132 wrote to memory of 4360	3132	FileHistory.exe
PID 3132 wrote to memory of 4360	3132	FileHistory.exe
PID 3132 wrote to memory of 744	3132	psr.exe
PID 3132 wrote to memory of 744	3132	psr.exe
PID 3132 wrote to memory of 1700	3132	psr.exe
PID 3132 wrote to memory of 1700	3132	psr.exe
PID 3132 wrote to memory of 4668	3132	wusa.exe
PID 3132 wrote to memory of 4668	3132	wusa.exe
PID 3132 wrote to memory of 1192	3132	wusa.exe
PID 3132 wrote to memory of 1192	3132	wusa.exe
PID 3132 wrote to memory of 1436	3132	DevicePairingWizard.exe
PID 3132 wrote to memory of 1436	3132	DevicePairingWizard.exe
PID 3132 wrote to memory of 2152	3132	DevicePairingWizard.exe
PID 3132 wrote to memory of 2152	3132	DevicePairingWizard.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:4644

C:\Windows\system32\FileHistory.exe
C:\Windows\system32\FileHistory.exe
1⤵
PID:1076

C:\Users\Admin\AppData\Local\vaHnSjuSj\FileHistory.exe
C:\Users\Admin\AppData\Local\vaHnSjuSj\FileHistory.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:4360

C:\Windows\system32\psr.exe
C:\Windows\system32\psr.exe
1⤵
PID:744

C:\Users\Admin\AppData\Local\xWVB\psr.exe
C:\Users\Admin\AppData\Local\xWVB\psr.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1700

C:\Windows\system32\wusa.exe
C:\Windows\system32\wusa.exe
1⤵
PID:4668

C:\Users\Admin\AppData\Local\8yv4bVFjU\wusa.exe
C:\Users\Admin\AppData\Local\8yv4bVFjU\wusa.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:1192

C:\Windows\system32\DevicePairingWizard.exe
C:\Windows\system32\DevicePairingWizard.exe
1⤵
PID:1436

C:\Users\Admin\AppData\Local\Za8YRLJS\DevicePairingWizard.exe
C:\Users\Admin\AppData\Local\Za8YRLJS\DevicePairingWizard.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:2152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\8yv4bVFjU\WTSAPI32.dll
Filesize
1.4MB

MD5
bd612362f5ac2d7a5d2f9b1ec2e8e0d4

SHA1
de8e21f7f7d243d94c7f8a44f78b6b010560b5b5

SHA256
63caa95e3c7a2d1873a863a8dc586c64cb7d3bb8a2a0e6d9c5d79b09f28e308c

SHA512
35793879043ef503fa7f7481b52cdedf5b9fc10a615312504da5ca04b7a695cf4715292690c14b9388984e7421b84fefcb2a9851a7696d05e0a43003c7423442

Download Submit
C:\Users\Admin\AppData\Local\8yv4bVFjU\WTSAPI32.dll
Filesize
1.4MB

MD5
bd612362f5ac2d7a5d2f9b1ec2e8e0d4

SHA1
de8e21f7f7d243d94c7f8a44f78b6b010560b5b5

SHA256
63caa95e3c7a2d1873a863a8dc586c64cb7d3bb8a2a0e6d9c5d79b09f28e308c

SHA512
35793879043ef503fa7f7481b52cdedf5b9fc10a615312504da5ca04b7a695cf4715292690c14b9388984e7421b84fefcb2a9851a7696d05e0a43003c7423442

Download Submit
C:\Users\Admin\AppData\Local\8yv4bVFjU\wusa.exe
Filesize
309KB

MD5
e43499ee2b4cf328a81bace9b1644c5d

SHA1
b2b55641f2799e3fdb3bea709c9532017bbac59d

SHA256
3e30230bbf3ceee3e58162b61eed140e9616210833a6ad7df3e106bc7492d2fb

SHA512
04823764520871f9202d346b08a194bdd5f5929db6d5c2f113911f84aece7471c8d3bd2c4256119a303dbe18a0c055dbc5034d80b1f27a43744104544731f52b

Download Submit
C:\Users\Admin\AppData\Local\8yv4bVFjU\wusa.exe
Filesize
309KB

MD5
e43499ee2b4cf328a81bace9b1644c5d

SHA1
b2b55641f2799e3fdb3bea709c9532017bbac59d

SHA256
3e30230bbf3ceee3e58162b61eed140e9616210833a6ad7df3e106bc7492d2fb

SHA512
04823764520871f9202d346b08a194bdd5f5929db6d5c2f113911f84aece7471c8d3bd2c4256119a303dbe18a0c055dbc5034d80b1f27a43744104544731f52b

Download Submit
C:\Users\Admin\AppData\Local\Za8YRLJS\DevicePairingWizard.exe
Filesize
93KB

MD5
d0e40a5a0c7dad2d6e5040d7fbc37533

SHA1
b0eabbd37a97a1abcd90bd56394f5c45585699eb

SHA256
2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

SHA512
1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

Download Submit
C:\Users\Admin\AppData\Local\Za8YRLJS\DevicePairingWizard.exe
Filesize
93KB

MD5
d0e40a5a0c7dad2d6e5040d7fbc37533

SHA1
b0eabbd37a97a1abcd90bd56394f5c45585699eb

SHA256
2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

SHA512
1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

Download Submit
C:\Users\Admin\AppData\Local\Za8YRLJS\MFC42u.dll
Filesize
1.4MB

MD5
ab2077ea9f5ec8777f3f8a5b20e7bef5

SHA1
01764795417c8ffcb1f8dcfd621d67bf9b5674f9

SHA256
c938e0ffa75751c2338131e814177e08da9541b44c679b5d9e65580858bfc5a8

SHA512
a785fe7f041936270187ab19403b77f22b6523d5475ad1497a34b48b8e28a335658c76d4bf2d9183fe3609e4f2fe803f041996448a6b53c42633af104d22311a

Download Submit
C:\Users\Admin\AppData\Local\Za8YRLJS\MFC42u.dll
Filesize
1.4MB

MD5
ab2077ea9f5ec8777f3f8a5b20e7bef5

SHA1
01764795417c8ffcb1f8dcfd621d67bf9b5674f9

SHA256
c938e0ffa75751c2338131e814177e08da9541b44c679b5d9e65580858bfc5a8

SHA512
a785fe7f041936270187ab19403b77f22b6523d5475ad1497a34b48b8e28a335658c76d4bf2d9183fe3609e4f2fe803f041996448a6b53c42633af104d22311a

Download Submit
C:\Users\Admin\AppData\Local\vaHnSjuSj\FileHistory.exe
Filesize
244KB

MD5
eeba3dd643ced2781ec1b7e3cd6fa246

SHA1
2d394173e603625e231633fc270072e854bac17b

SHA256
bee0799a52fe65b8dc291de32f0c8b03b5a067915b1868bc8ba2a1b139c90b87

SHA512
222d4fbc7ee57d75889698a0660996293a0143518fdecc1b222618796d76d40f2d3b00b071f92ab917ac8847f195d7de02df55b5e89dad8a80d110e464cd3271

Download Submit
C:\Users\Admin\AppData\Local\vaHnSjuSj\FileHistory.exe
Filesize
244KB

MD5
eeba3dd643ced2781ec1b7e3cd6fa246

SHA1
2d394173e603625e231633fc270072e854bac17b

SHA256
bee0799a52fe65b8dc291de32f0c8b03b5a067915b1868bc8ba2a1b139c90b87

SHA512
222d4fbc7ee57d75889698a0660996293a0143518fdecc1b222618796d76d40f2d3b00b071f92ab917ac8847f195d7de02df55b5e89dad8a80d110e464cd3271

Download Submit
C:\Users\Admin\AppData\Local\vaHnSjuSj\UxTheme.dll
Filesize
1.4MB

MD5
cec2f70381caebf9f7c04ffc4e944e9d

SHA1
9e5fb997bc1f909c5031d7d3f0729a5d3a2fdc9c

SHA256
1c172f422a11275aa4ebcd3364e6095e1b92ba52b0d92ba3b7fa4e8d9ffe6956

SHA512
680ce14552b0803a663f871f6c714d4df04021d4efc9e5e657d98c60953c167d6ae39f41ffa8693fc0bb3a6194fdcfa0e7fff8c9c9f0a55d4341e0b0ad39f9c1

Download Submit
C:\Users\Admin\AppData\Local\vaHnSjuSj\UxTheme.dll
Filesize
1.4MB

MD5
cec2f70381caebf9f7c04ffc4e944e9d

SHA1
9e5fb997bc1f909c5031d7d3f0729a5d3a2fdc9c

SHA256
1c172f422a11275aa4ebcd3364e6095e1b92ba52b0d92ba3b7fa4e8d9ffe6956

SHA512
680ce14552b0803a663f871f6c714d4df04021d4efc9e5e657d98c60953c167d6ae39f41ffa8693fc0bb3a6194fdcfa0e7fff8c9c9f0a55d4341e0b0ad39f9c1

Download Submit
C:\Users\Admin\AppData\Local\xWVB\VERSION.dll
Filesize
1.4MB

MD5
561dbe16d28a7d0fda77d736ab790188

SHA1
9af428b346bf79a70a9ea5c1025d2b6aac889c4c

SHA256
dbfb8b0c83d1c300d09187cb52017c71fbfd762c162d755f02a2edeaf70f96bf

SHA512
8a2eaa6e684aee60b6898b3aa8443a7126fe5d02ffe81167652fed499d53fe3074f9fda7b8082d0fbaa1e99396cfc340f96206bb2303bcfec0786e7a7c5d0301

Download Submit
C:\Users\Admin\AppData\Local\xWVB\VERSION.dll
Filesize
1.4MB

MD5
561dbe16d28a7d0fda77d736ab790188

SHA1
9af428b346bf79a70a9ea5c1025d2b6aac889c4c

SHA256
dbfb8b0c83d1c300d09187cb52017c71fbfd762c162d755f02a2edeaf70f96bf

SHA512
8a2eaa6e684aee60b6898b3aa8443a7126fe5d02ffe81167652fed499d53fe3074f9fda7b8082d0fbaa1e99396cfc340f96206bb2303bcfec0786e7a7c5d0301

Download Submit
C:\Users\Admin\AppData\Local\xWVB\psr.exe
Filesize
232KB

MD5
ad53ead5379985081b7c3f1f357e545a

SHA1
6f5aa32c1d15fbf073558fadafd046d97b60184e

SHA256
4f0144f0e3e721b44babbf41b513942e4117f730546105480571f9c8fce56a1f

SHA512
433098bd74c34fbadfa447ef45cfa9dc076aef4cf7f2a0a6fe79d5e67f2504eebe8aa31fc1b7a4c5eeb20ede2c5485f75ad0fd77b4ecba3d68ca63313e6f6ea0

Download Submit
C:\Users\Admin\AppData\Local\xWVB\psr.exe
Filesize
232KB

MD5
ad53ead5379985081b7c3f1f357e545a

SHA1
6f5aa32c1d15fbf073558fadafd046d97b60184e

SHA256
4f0144f0e3e721b44babbf41b513942e4117f730546105480571f9c8fce56a1f

SHA512
433098bd74c34fbadfa447ef45cfa9dc076aef4cf7f2a0a6fe79d5e67f2504eebe8aa31fc1b7a4c5eeb20ede2c5485f75ad0fd77b4ecba3d68ca63313e6f6ea0

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lzfwtv.lnk
Filesize
1KB

MD5
95c8545690ce8eeecd3b60563e18a218

SHA1
6bcffec732a90ca43e3b57db118185769974ca1d

SHA256
647e5017d286cd9777a5ed30e1f4ae5f9a6f22997031b78f1d3ccac8ef7c540d

SHA512
a17ba796883810b094a53ba4d73b06b5372bdc3d71d808991251e556bebf5bfec4c8e3a2710dade6caf252756ca3bd61c894caebfa45ef8ccbba39d73f945db4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\zR7D020wMaW\MFC42u.dll
Filesize
1.4MB

MD5
ab2077ea9f5ec8777f3f8a5b20e7bef5

SHA1
01764795417c8ffcb1f8dcfd621d67bf9b5674f9

SHA256
c938e0ffa75751c2338131e814177e08da9541b44c679b5d9e65580858bfc5a8

SHA512
a785fe7f041936270187ab19403b77f22b6523d5475ad1497a34b48b8e28a335658c76d4bf2d9183fe3609e4f2fe803f041996448a6b53c42633af104d22311a

Download Submit
C:\Users\Admin\AppData\Roaming\Sun\Java\Deployment\QMzPnV5jE\VERSION.dll
Filesize
1.4MB

MD5
561dbe16d28a7d0fda77d736ab790188

SHA1
9af428b346bf79a70a9ea5c1025d2b6aac889c4c

SHA256
dbfb8b0c83d1c300d09187cb52017c71fbfd762c162d755f02a2edeaf70f96bf

SHA512
8a2eaa6e684aee60b6898b3aa8443a7126fe5d02ffe81167652fed499d53fe3074f9fda7b8082d0fbaa1e99396cfc340f96206bb2303bcfec0786e7a7c5d0301

Download Submit
C:\Users\Admin\AppData\Roaming\Sun\gSs\WTSAPI32.dll
Filesize
1.4MB

MD5
bd612362f5ac2d7a5d2f9b1ec2e8e0d4

SHA1
de8e21f7f7d243d94c7f8a44f78b6b010560b5b5

SHA256
63caa95e3c7a2d1873a863a8dc586c64cb7d3bb8a2a0e6d9c5d79b09f28e308c

SHA512
35793879043ef503fa7f7481b52cdedf5b9fc10a615312504da5ca04b7a695cf4715292690c14b9388984e7421b84fefcb2a9851a7696d05e0a43003c7423442

Download Submit
memory/1192-272-0x00000284E8950000-0x00000284E8957000-memory.dmp

Filesize
28KB

Download
memory/1700-255-0x0000024AD95E0000-0x0000024AD95E7000-memory.dmp

Filesize
28KB

Download
memory/2152-289-0x000002B19FF60000-0x000002B19FF67000-memory.dmp

Filesize
28KB

Download
memory/3132-155-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-190-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-161-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-162-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-163-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-165-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-166-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-167-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-164-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-168-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-169-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-170-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-171-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-172-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-173-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-174-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-175-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-176-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-177-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-178-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-179-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-180-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-181-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-182-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-183-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-184-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-185-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-186-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-187-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-188-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-189-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-191-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-192-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-160-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-193-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-194-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-195-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-196-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-197-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-220-0x00000000031F0000-0x00000000031F7000-memory.dmp

Filesize
28KB

Download
memory/3132-221-0x00007FFDA8E00000-0x00007FFDA8E10000-memory.dmp

Filesize
64KB

Download
memory/3132-159-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-137-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3132-158-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-139-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-157-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-141-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-156-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-154-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-153-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-152-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-151-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-150-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-149-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-148-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-147-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-145-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-146-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-142-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-144-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/3132-143-0x0000000140000000-0x000000014015B000-memory.dmp

Filesize
1.4MB

Download
memory/4360-243-0x00007FF76DFD0000-0x00007FF76E013000-memory.dmp

Filesize
268KB

Download
memory/4360-240-0x000001E20B7E0000-0x000001E20B7E7000-memory.dmp

Filesize
28KB

Download
memory/4644-140-0x00007FFD8B250000-0x00007FFD8B3AB000-memory.dmp

Filesize
1.4MB

Download
memory/4644-133-0x00007FFD8B250000-0x00007FFD8B3AB000-memory.dmp

Filesize
1.4MB

Download
memory/4644-136-0x000001DD33F10000-0x000001DD33F17000-memory.dmp

Filesize
28KB

Download