f98738570d8c66e4c87bdec0d6d9ccb5f7de0421cc734e1af55664e6bf446f46

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Size

628KB
MD5

97a26d9e3598fea2e1715c6c77b645c2
SHA1

c4bf3a00c9223201aa11178d0f0b53c761a551c4
SHA256

e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f
SHA512

acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c
SSDEEP

12288:2oXYZawPO7urFw4HLLDOeLSwg4ULeHOuCqA8:2oXYFIuh5HjhSwiJ8

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lokltpkpzdgjuzo = "\"C:\\Users\\Admin\\AppData\\Roaming\\FDp513m\\psr.exe\""

Drops file in System32 directory 2 IoCs

Processes:

cmd.exe

description	ioc	process
File created	C:\Windows\system32\PJrGnpu\tcmsetup.exe	cmd.exe
File opened for modification	C:\Windows\system32\PJrGnpu\tcmsetup.exe	cmd.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

4040 schtasks.exe

pid	process
4040	schtasks.exe

Modifies registry class 10 IoCs

Processes:

description	ioc	process
Key deleted	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell\open\command
Key deleted	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell\open
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell\open\command
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell\open\command\DelegateExecute
Key deleted	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell
Key deleted	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell\open
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\ms-settings\shell\open\command\ = "C:\\Windows\\system32\\cmd.exe /c C:\\Users\\Admin\\AppData\\Local\\Temp\\IKz.cmd"

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

rundll32.exe

pid	process
1256	rundll32.exe
1256	rundll32.exe
1256	rundll32.exe
1256	rundll32.exe
1256	rundll32.exe
1256	rundll32.exe
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120
3120

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

3120

pid	process
3120

Suspicious use of AdjustPrivilegeToken 40 IoCs

Processes:

description	pid	process
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120
Token: SeShutdownPrivilege	3120
Token: SeCreatePagefilePrivilege	3120

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

pid process

3120
3120
Suspicious use of UnmapMainImage 1 IoCs

Processes:

pid process

3120

pid	process
3120
3120

pid	process
3120

Suspicious use of WriteProcessMemory 34 IoCs

Processes:

fodhelper.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 3120 wrote to memory of 3916	3120		psr.exe
PID 3120 wrote to memory of 3916	3120		psr.exe
PID 3120 wrote to memory of 4068	3120		cmd.exe
PID 3120 wrote to memory of 4068	3120		cmd.exe
PID 3120 wrote to memory of 2104	3120		tcmsetup.exe
PID 3120 wrote to memory of 2104	3120		tcmsetup.exe
PID 3120 wrote to memory of 4284	3120		cmd.exe
PID 3120 wrote to memory of 4284	3120		cmd.exe
PID 3120 wrote to memory of 2188	3120		fodhelper.exe
PID 3120 wrote to memory of 2188	3120		fodhelper.exe
PID 2188 wrote to memory of 4624	2188	fodhelper.exe	cmd.exe
PID 2188 wrote to memory of 4624	2188	fodhelper.exe	cmd.exe
PID 4624 wrote to memory of 4040	4624	cmd.exe	schtasks.exe
PID 4624 wrote to memory of 4040	4624	cmd.exe	schtasks.exe
PID 3120 wrote to memory of 3556	3120		cmd.exe
PID 3120 wrote to memory of 3556	3120		cmd.exe
PID 3556 wrote to memory of 2056	3556	cmd.exe	schtasks.exe
PID 3556 wrote to memory of 2056	3556	cmd.exe	schtasks.exe
PID 3120 wrote to memory of 4256	3120		cmd.exe
PID 3120 wrote to memory of 4256	3120		cmd.exe
PID 4256 wrote to memory of 468	4256	cmd.exe	schtasks.exe
PID 4256 wrote to memory of 468	4256	cmd.exe	schtasks.exe
PID 3120 wrote to memory of 1464	3120		cmd.exe
PID 3120 wrote to memory of 1464	3120		cmd.exe
PID 1464 wrote to memory of 1320	1464	cmd.exe	schtasks.exe
PID 1464 wrote to memory of 1320	1464	cmd.exe	schtasks.exe
PID 3120 wrote to memory of 3288	3120		cmd.exe
PID 3120 wrote to memory of 3288	3120		cmd.exe
PID 3288 wrote to memory of 1428	3288	cmd.exe	schtasks.exe
PID 3288 wrote to memory of 1428	3288	cmd.exe	schtasks.exe
PID 3120 wrote to memory of 3236	3120		cmd.exe
PID 3120 wrote to memory of 3236	3120		cmd.exe
PID 3236 wrote to memory of 64	3236	cmd.exe	schtasks.exe
PID 3236 wrote to memory of 64	3236	cmd.exe	schtasks.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256

C:\Windows\system32\psr.exe
C:\Windows\system32\psr.exe
1⤵
PID:3916

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\VDuUYwJ.cmd
1⤵
PID:4068

C:\Windows\system32\tcmsetup.exe
C:\Windows\system32\tcmsetup.exe
1⤵
PID:2104

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\tfs.cmd
1⤵
- Drops file in System32 directory
PID:4284

C:\Windows\System32\fodhelper.exe
"C:\Windows\System32\fodhelper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\IKz.cmd
2⤵
- Suspicious use of WriteProcessMemory
PID:4624

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /F /TN "Nbydosbeeflsb" /TR C:\Windows\system32\PJrGnpu\tcmsetup.exe /SC minute /MO 60 /RL highest
3⤵
- Creates scheduled task(s)
PID:4040

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks.exe /Query /TN "Nbydosbeeflsb"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556

C:\Windows\system32\schtasks.exe
schtasks.exe /Query /TN "Nbydosbeeflsb"
2⤵
PID:2056

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks.exe /Query /TN "Nbydosbeeflsb"
1⤵
- Suspicious use of WriteProcessMemory
PID:4256

C:\Windows\system32\schtasks.exe
schtasks.exe /Query /TN "Nbydosbeeflsb"
2⤵
PID:468

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks.exe /Query /TN "Nbydosbeeflsb"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464

C:\Windows\system32\schtasks.exe
schtasks.exe /Query /TN "Nbydosbeeflsb"
2⤵
PID:1320

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks.exe /Query /TN "Nbydosbeeflsb"
1⤵
- Suspicious use of WriteProcessMemory
PID:3288

C:\Windows\system32\schtasks.exe
schtasks.exe /Query /TN "Nbydosbeeflsb"
2⤵
PID:1428

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks.exe /Query /TN "Nbydosbeeflsb"
1⤵
- Suspicious use of WriteProcessMemory
PID:3236

C:\Windows\system32\schtasks.exe
schtasks.exe /Query /TN "Nbydosbeeflsb"
2⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\128EF.tmp

Filesize
628KB

MD5
8ef0b56e74f2aace2ae3c275a196845c

SHA1
12dcb6ccad7bb10577f2a82f1dae24e0c01dc25e

SHA256
c67f2d85023f0683e904f3d3d61276b49b0441f3c1dc014331dce82be86c4854

SHA512
4ee23b1c6523d30d21ea1ea985c9e2c8d1e83f734a774122316c04d26314bca1ef8597fce7cf5f97a054bc111b264b6eb4c6f66a307b71e09573ddda5e9e9af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IKz.cmd

Filesize
133B

MD5
d8250ee929df188de216e4e403333e2e

SHA1
642febf32aa0ef293404c5db8179a9deb93c06f7

SHA256
919e4cacdc156f1af3bd816f51ee2411eaab00b32b1b75d9e53a7626d95f4e08

SHA512
eacb110a56d708fa4fc0cdf7571258b801a6216545e7cbf30500586e47b82ac2db86dfa0ccc4e9e6024d711df1751ac6e18e22d494bcc6fddc630a49fa4a34e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\VDuUYwJ.cmd

Filesize
230B

MD5
12ac855de9729c720b93a4aafadf00c8

SHA1
b2fc189d50cb3e89354268039eba4b7d57852ab7

SHA256
2e0456c2fd9efcc3f41d038b93ffbac0f86cc49fb2271349f6452b3a1a45ff44

SHA512
515251bfb587de2704bf3472b2e06f306ed7bb158a4f2b6b0559b3d60acddc31340d71cd7ec49992641e8a733bd6c50d3c7114e6a105b77795dcb52b55b35b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\pu5EC6.tmp

Filesize
636KB

MD5
35e17d3c43167823cc3e4bfee8a103b8

SHA1
e17af1c29f02d9eb45cd2d02618467e131847357

SHA256
ebdc5dd5a7e62f1155f629d72658d02a0c2eda31e5be4aeb5b7846231e7c5d11

SHA512
dde2006b7d99ff9d13789bba54cba9fe5729bc867d0aae57fe53bfe6f85d3d36ee18ca4808fa07e2059ef48a67203f41b2080e5d93ba4ec687bd5dd99578db64

Download Submit
C:\Users\Admin\AppData\Local\Temp\tfs.cmd

Filesize
202B

MD5
f792697d63b687e8679dab0f622ed5ef

SHA1
e548568e40f5a23bad3a369e3304c19baa81a3dd

SHA256
c5017576d43461022aaba18e41775d03e470bbdd08990206f5d29612f4023edb

SHA512
a3ec9178821073ef18a359eee5338277a107e737423e41dd3b5f9444fecd4c04b11143ff9bb31c056f99e9f0ba7f2b70dba4d9660338729771ffe7446f3fc5a1

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lokltpkpzdgjuzo.lnk

Filesize
892B

MD5
e0e0f36b3e0a7f9180eb6d44de472dcb

SHA1
78d5a4f5582e9701eecdf129cbf8cbca1fad4749

SHA256
8ed7c9724dd3298486bd7d86dc205acff536cf306c83c74e9f9043cf76c5cfea

SHA512
e2e85f91c4c294ded9bf08c6071b924f11b6d0c98b930881e63b9325a32cdd7f1972c3db7124b6946542622048710c2019b20737f4a354389783538de49ea55b

Download Submit
memory/1256-1-0x0000013BC7C30000-0x0000013BC7C37000-memory.dmp

Filesize
28KB

Download
memory/1256-6-0x00007FFE9CA60000-0x00007FFE9CAFD000-memory.dmp

Filesize
628KB

Download
memory/1256-0-0x00007FFE9CA60000-0x00007FFE9CAFD000-memory.dmp

Filesize
628KB

Download
memory/3120-49-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-43-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-13-0x00000000077B0000-0x00000000077B7000-memory.dmp

Filesize
28KB

Download
memory/3120-14-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-91-0x00000000032F0000-0x0000000003300000-memory.dmp

Filesize
64KB

Download
memory/3120-21-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-25-0x00007FFEAB760000-0x00007FFEAB770000-memory.dmp

Filesize
64KB

Download
memory/3120-31-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-33-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-7-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-11-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-94-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-44-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-45-0x0000000007800000-0x0000000007810000-memory.dmp

Filesize
64KB

Download
memory/3120-46-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-47-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-48-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-50-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-10-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-52-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-51-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-55-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-54-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-56-0x00000000082F0000-0x0000000008300000-memory.dmp

Filesize
64KB

Download
memory/3120-57-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-58-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-60-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-59-0x00000000082F0000-0x0000000008300000-memory.dmp

Filesize
64KB

Download
memory/3120-62-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-63-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-64-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-65-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-66-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-67-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-71-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-69-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-68-0x0000000007800000-0x0000000007810000-memory.dmp

Filesize
64KB

Download
memory/3120-70-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-95-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-73-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-75-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-76-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-77-0x00000000082F0000-0x0000000008300000-memory.dmp

Filesize
64KB

Download
memory/3120-9-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-8-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-5-0x00007FFEA9B8A000-0x00007FFEA9B8B000-memory.dmp

Filesize
4KB

Download
memory/3120-89-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-90-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-92-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-93-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-15-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-12-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3120-72-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-96-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-98-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-97-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-99-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-100-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-102-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-103-0x00000000032F0000-0x0000000003300000-memory.dmp

Filesize
64KB

Download
memory/3120-101-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-107-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-109-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-106-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-111-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-105-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-104-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-114-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-113-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-115-0x0000000003210000-0x0000000003220000-memory.dmp

Filesize
64KB

Download
memory/3120-116-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-118-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-117-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-119-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-120-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-121-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-122-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-3-0x00000000077D0000-0x00000000077D1000-memory.dmp

Filesize
4KB

Download
memory/3120-126-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-127-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-130-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-129-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-128-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/3120-131-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-132-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-133-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-134-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-136-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-137-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-138-0x0000000003240000-0x0000000003250000-memory.dmp

Filesize
64KB

Download
memory/3120-139-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-140-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-142-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-141-0x0000000003240000-0x0000000003250000-memory.dmp

Filesize
64KB

Download
memory/3120-147-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-145-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-149-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/3120-150-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-151-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-155-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-153-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download
memory/3120-158-0x00000000077F0000-0x0000000007800000-memory.dmp

Filesize
64KB

Download