dridex | a6a2651b94c935293541f8f92998be8d30f6e0ace01ff02fc931dc834bee9882

Analysis

max time kernel
69s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7e4cd098d36760819259c353ee7c0d9.dll
Size

3.8MB
MD5

f7e4cd098d36760819259c353ee7c0d9
SHA1

22f6c0c60280a9153990d61d21919e2f1ecadbb1
SHA256

a6a2651b94c935293541f8f92998be8d30f6e0ace01ff02fc931dc834bee9882
SHA512

375e2848b9b1ad6bd6ac38d204bc45dad430e2e61a2c943d23b0257e240bd802f730af4c5fc208eec6cb90a4ccfb027b4c5114c5c2992ee20b1c082571ae23b4
SSDEEP

12288:aVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:HfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral2/memory/3360-4-0x0000000003300000-0x0000000003301000-memory.dmp	dridex_stager_shellcode

Executes dropped EXE 3 IoCs

pid	Process
4132	usocoreworker.exe
1712	quickassist.exe
2576	CustomShellHost.exe

Loads dropped DLL 3 IoCs

pid	Process
4132	usocoreworker.exe
1712	quickassist.exe
2576	CustomShellHost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hcbfaqn = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\W0jbz\\quickassist.exe"	Process not Found

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	usocoreworker.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	quickassist.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	CustomShellHost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3188	rundll32.exe
3188	rundll32.exe
3188	rundll32.exe
3188	rundll32.exe
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found
3360	Process not Found

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 4760	3360	Process not Found	96
PID 3360 wrote to memory of 4760	3360	Process not Found	96
PID 3360 wrote to memory of 4132	3360	Process not Found	98
PID 3360 wrote to memory of 4132	3360	Process not Found	98
PID 3360 wrote to memory of 1084	3360	Process not Found	100
PID 3360 wrote to memory of 1084	3360	Process not Found	100
PID 3360 wrote to memory of 1712	3360	Process not Found	101
PID 3360 wrote to memory of 1712	3360	Process not Found	101
PID 3360 wrote to memory of 4784	3360	Process not Found	102
PID 3360 wrote to memory of 4784	3360	Process not Found	102
PID 3360 wrote to memory of 2576	3360	Process not Found	103
PID 3360 wrote to memory of 2576	3360	Process not Found	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7e4cd098d36760819259c353ee7c0d9.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:3188

C:\Windows\system32\usocoreworker.exe
C:\Windows\system32\usocoreworker.exe
1⤵
PID:4760

C:\Users\Admin\AppData\Local\NErePEmF\usocoreworker.exe
C:\Users\Admin\AppData\Local\NErePEmF\usocoreworker.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:4132

C:\Windows\system32\quickassist.exe
C:\Windows\system32\quickassist.exe
1⤵
PID:1084

C:\Users\Admin\AppData\Local\foK\quickassist.exe
C:\Users\Admin\AppData\Local\foK\quickassist.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:1712

C:\Windows\system32\CustomShellHost.exe
C:\Windows\system32\CustomShellHost.exe
1⤵
PID:4784

C:\Users\Admin\AppData\Local\XpojnN2Y\CustomShellHost.exe
C:\Users\Admin\AppData\Local\XpojnN2Y\CustomShellHost.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\NErePEmF\XmlLite.dll

Filesize
25KB

MD5
87c2a724067bfae44f4d9f545894c2a6

SHA1
91eef2acbb6cc8e6923b0c9c0ab2a8036522c43c

SHA256
cff14ff5c5106e60097e13a593b4379bd53b4c8be068c4897a83b43ccc151511

SHA512
d097dacb3f294cb2afc9492e6bca9cd358150eecdde254d7d53d09d1077832f8dde116dc1133f0261c868fa8d2cb9eed6233a9f8e937d21a9f5cd1344b994b01

Download Submit
C:\Users\Admin\AppData\Local\NErePEmF\XmlLite.dll

Filesize
8KB

MD5
3830e671c8c7b5c1145965a86b70b2b1

SHA1
c8c7d38d5c8b19fa856776cfcb38b243e479ccd9

SHA256
be488a54523b3b0fc799f49f73e0311e3b91562ad371b8ecdfb2ad3205159474

SHA512
126c0862456e2a40d6bdcc3c5e70c5182b47fee12388d02d5580063a26973edf42b99c21df2406b5492e56ca9539bceb14e55fff0e972bea6c4a4b3d0b2bdc64

Download Submit
C:\Users\Admin\AppData\Local\NErePEmF\usocoreworker.exe

Filesize
97KB

MD5
8a05fa056f67c7ea97b6ec2703492ef4

SHA1
901a76bfdb04d4ef70e460f67316d058fcc332c8

SHA256
124576769868d3a3081a136b95811a7b63d91c09b34764c2535682dc83dda7a0

SHA512
111055b6ebd6863b35f239f55864ef07340112179724f22711324e444652409d399e815d21ad72aa73050f317ff580cff9c1d1fb04dc807f8edd3b362369e985

Download Submit
C:\Users\Admin\AppData\Local\NErePEmF\usocoreworker.exe

Filesize
57KB

MD5
04c3ca0a78be903a775e4aea96b4dbae

SHA1
1280c4244e33cf99c4f49740ba51b4a8ffcc53f0

SHA256
5a1d4985eaa9ce597853189e80858b212538bc186d5305b714607393fc3d17ce

SHA512
4e1fddd273cb6bb69eeda58c88d0c4a95a70811c069b982fc34d95f91733e3ced974c0da5851a3e73d6d1e43c01f218eb1e560b25020995bbc37b2a5eba14f75

Download Submit
C:\Users\Admin\AppData\Local\XpojnN2Y\CustomShellHost.exe

Filesize
64KB

MD5
51509f569e927d9d7e879596327f0ab5

SHA1
b3be76acc6fdbec4a304b13a2a40e9b2b19f9bde

SHA256
f42b1b5a9ba672fb65fae8f3a559045e84dc07d832b2929bbe843e05442b6878

SHA512
65ebdc84f2915462e05afbe3342a75221ef3db7fffc2e0f5792f0ce409c52f45f867085cfab1e12cf971b48751e50023a066d35ee70715e62e027762cbe6065d

Download Submit
C:\Users\Admin\AppData\Local\XpojnN2Y\CustomShellHost.exe

Filesize
54KB

MD5
40a5d03852374bb51a521a127430afad

SHA1
364cbeb430301f4ba0de27ae26eccf5b8ab8c4a6

SHA256
f6d2e2f6ea9069fa9a1a6f902bafeccc91b57e0eea275a92f9903406b3f5b2d7

SHA512
3224242d7645d6f2de054f0358266d36866d5992b834b43cb4e23acbeeb3d4c9601f46107fc826e7b5ae0f693bfc9a64f5475e93df362f6ae851ad3df51f0e41

Download Submit
C:\Users\Admin\AppData\Local\XpojnN2Y\WTSAPI32.dll

Filesize
22KB

MD5
cf125b3244dc90f364217b3132741418

SHA1
76c6c684761edecc8984642d8e398d7b37a769c2

SHA256
7fe113d1315e3c04b0807e2c82c8f63df82463cabfdc5c2edfe2f1c20c173276

SHA512
e04d9b6e680a0a0dea013b08b51298ec3df87cc20b9521ab8fdb778508bc4ba0401361e018cc8aff04a92e7d77c1dd5e430d7f2124708c00bc74137b13409e8e

Download Submit
C:\Users\Admin\AppData\Local\XpojnN2Y\WTSAPI32.dll

Filesize
29KB

MD5
e822836374b41ca557575b0b4560283c

SHA1
6357b3e243df1e8d8b92f414a1a2586f1256dd68

SHA256
7284a26ee7ff119dec3f1a362e0bb72330b51fd1e7efcc4c32f7086861d0de7a

SHA512
f8d46dec649260fc51464e03872935fd543c66f02913ea14dd1c32d159061ba1604c904da293c53f0896543502618cec89af2d725d1a5be43a5dc9bfcae2c6fc

Download Submit
C:\Users\Admin\AppData\Local\foK\UxTheme.dll

Filesize
67KB

MD5
c79e826d6c152c44165d77d4e8f22a5c

SHA1
00a39536f719a02cba30f7f12d893ee623f8b58b

SHA256
340bb47ed27d413a26e3ec5da87bef9c7c1565faab19f0826d4ff8325a8b77ce

SHA512
64175ecef47c5561a9b638483c2bd7686d96ab8d16c5df01407417a2d50d65538c2a232b0ee4a470d3f8d67d4971d4f20329a70f832d5c1fa6da69e86b5d58db

Download Submit
C:\Users\Admin\AppData\Local\foK\UxTheme.dll

Filesize
68KB

MD5
cb490115408aaae226df2ef4df4be458

SHA1
40bc773e9684b4461065ca9c9cbaccf190ed68a1

SHA256
12c410c887daa27a43360dd63a651fec38e6dc8b9c2136baf94abf890a4f1cf6

SHA512
968ecc547c6fc13bea4292354a4877692c8d53bf239ad6b4a3a1be9a7c738a401ae057a2d31a15c0e71ee3631590452856386bc92b220a584b5c3be8fcc25620

Download Submit
C:\Users\Admin\AppData\Local\foK\quickassist.exe

Filesize
51KB

MD5
566dfec39d892ea1c0142d582ff36d48

SHA1
30d2107dbbaadb925194a6b49ecddd90a3199403

SHA256
35ec7fe08d2b2b4fd17b479e0e6b01b79a90aaa03dee1277d59f80fe60e88318

SHA512
91ad135d82daa5cc9980ac816833d2e05636c05ecadd07cdfcfd5bb0cfb338341f4e5c61b2373ff29145aeed2a3a083ad31a4d31e4cc0e7fc47165452e64e8ce

Download Submit
C:\Users\Admin\AppData\Local\foK\quickassist.exe

Filesize
177KB

MD5
7e90d26977c85adeda62c9b9e977fb9c

SHA1
ed878b5c9b691c76aacc2ae785e1507b9ce29436

SHA256
17fe876b879ecb3ce95fbc8d3ae26290aa43cfead8704524f165de4eb8762bc4

SHA512
fd0a56d743464aa1b590abed66e998e57dbef0225a989df28bc9c7d28afcfd04ccff7b1b3a338b3bf37f792b084124c1e0c858dd3ed5297b40e4bccc1866c148

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gvhynkxuzozqjys.lnk

Filesize
1KB

MD5
5af8b40db59c78b5c63e7babbec70c22

SHA1
9c02be165d935aaf46846372efaf1b5dbf31933b

SHA256
f77a18148279552904961913439b558f55137c4a00e28c5f486aa8ae62eeb6bc

SHA512
da4c2dc25a8f0c88d3fbf00305cca234931ae2cd1ee8457b47779cd4289daeca1f76391773a641000a7246a9a91f2515ecf733b7b7cca804e24dd420873884bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PVsuq\XmlLite.dll

Filesize
158KB

MD5
86757ff0f891794fdc6dcf299ff4328a

SHA1
54b3a829bd928bf13e48d49e66ec1a0658c23870

SHA256
dcdd678517cb46d264f4d17f760cde260d3837164e1bc4baee5503c8d54a8842

SHA512
073c5bcb3a89f2d9fba76df91d5fa68b8407c8b9ed632918d14ea6ee936090c8200b9aaa33553d7f01a3c260f66fd03d3ebb1510f28d6de384de88473cc99665

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\W0jbz\UxTheme.dll

Filesize
99KB

MD5
af55724eb7a4272d97959ced0714b30f

SHA1
53986de2818239d57894a2ac1344ea6adce36a17

SHA256
d936674c11e9dd9aa5270c13e6657f2cda31dbf24c9250dc960bd5c317fdcf9c

SHA512
05ee3fca9acec9dccb249cf137091ffd28d9ea4be6d454dcb519efdb873facd1ebb03b1afbbff3c130ff0d9b2a3cb2a748f1469f0aad283cfee14e063ef4e9eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\0vXp\WTSAPI32.dll

Filesize
213KB

MD5
6afb7f084762f7cd5682a320b299390b

SHA1
f72ecca44cb053565b12e13ba7f642b77175967e

SHA256
6efc9a362f460e9ce6fd9919ce4570c13fe450271afd792729e3f7d10d423568

SHA512
edb8c5c1159a15f9daf62d12d461f35495ee8bfe3e79d1fc783ef0231100d6e6abccf4096c9c0251554f918a782b0ee19ad4ad5e476ddef772a3507c9d23494e

Download Submit
memory/1712-114-0x0000021ED1550000-0x0000021ED1557000-memory.dmp

Filesize
28KB

Download
memory/2576-131-0x0000017997C30000-0x0000017997C37000-memory.dmp

Filesize
28KB

Download
memory/3188-8-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3188-1-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3188-0-0x0000025219EE0000-0x0000025219EE7000-memory.dmp

Filesize
28KB

Download
memory/3360-42-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-52-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-22-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-23-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-26-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-27-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-29-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-32-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-31-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-30-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-28-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-25-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-24-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-34-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-35-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-33-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-36-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-38-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-39-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-41-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-40-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-20-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-44-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-46-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-47-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-45-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-43-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-37-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-49-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-51-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-50-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-21-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-53-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-55-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-57-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-56-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-58-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-54-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-48-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-59-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-60-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-61-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-64-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-65-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-63-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-62-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-69-0x0000000003390000-0x0000000003397000-memory.dmp

Filesize
28KB

Download
memory/3360-19-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-17-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-18-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-16-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-15-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-14-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-7-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-13-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-12-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-11-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-10-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-9-0x0000000140000000-0x00000001403C4000-memory.dmp

Filesize
3.8MB

Download
memory/3360-4-0x0000000003300000-0x0000000003301000-memory.dmp

Filesize
4KB

Download
memory/3360-5-0x00007FF89459A000-0x00007FF89459B000-memory.dmp

Filesize
4KB

Download
memory/3360-77-0x00007FF895B60000-0x00007FF895B70000-memory.dmp

Filesize
64KB

Download
memory/4132-97-0x000002D57C110000-0x000002D57C117000-memory.dmp

Filesize
28KB

Download