Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-01-2024 20:24

General

  • Target

    6b6301393edd106e77d45cc57b552b52.dll

  • Size

    3.5MB

  • MD5

    6b6301393edd106e77d45cc57b552b52

  • SHA1

    a993d5a789eb5e9e94bb02b74b1211a0192384af

  • SHA256

    c4ad1b4e81e031ce20042ad7d4ef8f0d5febbcd3e3816a628dd03269fc5140bd

  • SHA512

    37e9f45c16dd6c2978bc455f67b1212b5698ada38999a06094aef672c15c35d3c2a2a65249b60d402ca13eedd9d2c662a354aa6c4ca1fe64b305fb59ddfecb7d

  • SSDEEP

    12288:aVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1u:HfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6b6301393edd106e77d45cc57b552b52.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2024
  • C:\Windows\system32\wusa.exe
    C:\Windows\system32\wusa.exe
    1⤵
      PID:2932
    • C:\Users\Admin\AppData\Local\MT6\wusa.exe
      C:\Users\Admin\AppData\Local\MT6\wusa.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:320
    • C:\Windows\system32\SnippingTool.exe
      C:\Windows\system32\SnippingTool.exe
      1⤵
        PID:2324
      • C:\Users\Admin\AppData\Local\sK9\SnippingTool.exe
        C:\Users\Admin\AppData\Local\sK9\SnippingTool.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1952
      • C:\Windows\system32\MpSigStub.exe
        C:\Windows\system32\MpSigStub.exe
        1⤵
          PID:956
        • C:\Users\Admin\AppData\Local\Aozp\MpSigStub.exe
          C:\Users\Admin\AppData\Local\Aozp\MpSigStub.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2532
        • C:\Windows\system32\UI0Detect.exe
          C:\Windows\system32\UI0Detect.exe
          1⤵
            PID:1456
          • C:\Users\Admin\AppData\Local\vF90so\UI0Detect.exe
            C:\Users\Admin\AppData\Local\vF90so\UI0Detect.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:1224

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Aozp\MpSigStub.exe

            Filesize

            136KB

            MD5

            a754006b08779a8345f218a3f5d0f3cb

            SHA1

            58b8341bd7ae62e296cb9a44277d31b1e94df09c

            SHA256

            c18200a4cbb25714b76f92ce98504cb24eff6ad40529ead509b2a5846ae4f340

            SHA512

            1be4621f57d196e1b0a746aa430f3818f44ec85c73d15350aae7a5ec8d65c957d74523da8aa6d5cf5564a298c9280787333e60dab017d5446e67cea70f753715

          • C:\Users\Admin\AppData\Local\Aozp\MpSigStub.exe

            Filesize

            131KB

            MD5

            1b7a87e3cbaf069ae472b7a36adbcb75

            SHA1

            63f15d030800c4e037409a9519043d5c37cf3a5a

            SHA256

            bfd991e8a6d59eb7f76fd965a4c5ab0c00de66371685e000b7417e7e9ceeee9b

            SHA512

            572e716c0dcf1c522c8dd041b78d71bd691f1bfee100c30025a441c68edc83fcaa4f8290eb78dbf43079ed70365645fdf04f048a665228fbaf9c7adfb0c80a98

          • C:\Users\Admin\AppData\Local\Aozp\VERSION.dll

            Filesize

            136KB

            MD5

            a71af61761cafef90065fbb4e751e052

            SHA1

            8ce540f0308944fcc9ccce2312f44d0b8770cfae

            SHA256

            8e991322f5f82bb3b0c642a2262d4b85241b45407a52162898f273c693464905

            SHA512

            eb109c67fd042a0f60df71920169820558c7badabe0e612338c87915419394938cf8990332e97a2b18c4871a6aa5cd476313d0cca9f4fa888c5b10a04e720cc5

          • C:\Users\Admin\AppData\Local\MT6\dpx.dll

            Filesize

            84KB

            MD5

            d7ad90d64c0ed9534879babb139f2515

            SHA1

            b92d422971f8e5a5cffa15860c7f9954461af1f0

            SHA256

            714171270f656ffebaad3f14c71c72459bb3dbccee45e577c14d76c79af53c4f

            SHA512

            583abac0d3b7537faa79760d913c37c0e80aaa1df78029a98214a99a535c3e205f1a936d4fc504ba1165b8fd486293006c926b1b9d0548ddb4bb1d4e02246285

          • C:\Users\Admin\AppData\Local\MT6\wusa.exe

            Filesize

            23KB

            MD5

            339423bed1aaae3aa9a9be6068902550

            SHA1

            a5f9ccf6920d873db211194d6125c117862e4f26

            SHA256

            e092f931b525452492eee08c95c04a521a7903cc4c48e346d582466e6d78411f

            SHA512

            2261bfafb198a323b51d8ae478bfaaf974910885bfd70824e785b0b96dabe21a945e38038f0586a8660120e2b2048f3284a56ddaa4705eef6746947b4a39a1da

          • C:\Users\Admin\AppData\Local\sK9\SnippingTool.exe

            Filesize

            45KB

            MD5

            e3726ef38987827934cb65f14be55702

            SHA1

            a40874429e3f5f9e9568210f83bce35a671c0142

            SHA256

            ce4f24884f0ae79abb8c40e7f104bf24d4fa0e1cd0c0dccdc35ebea262bfa145

            SHA512

            63a675612073b44e39742b41d241b311c3cc1f3e9f777c39d384fc9c85a4e0ba9f159ea5fc1382c9a1e2dfab31e1b0765f81930b837fc2b0fbc9441cd7301502

          • C:\Users\Admin\AppData\Local\sK9\SnippingTool.exe

            Filesize

            16KB

            MD5

            34404824d545bf2d79b151d330d1a592

            SHA1

            034bad4cae23b29381d566aae43805b7aafa3933

            SHA256

            97d481273d7dd3858b3599c7f626c0ae162471d0795d18b91e4deac00f19840b

            SHA512

            255af96347c968288c3bb662847a4f9b07bcb89df588866b8fd6289c999810d77c1b77253913acf9bfa278bf91486705681191ec38d015d3135eb999eeb2bd01

          • C:\Users\Admin\AppData\Local\sK9\slc.dll

            Filesize

            68KB

            MD5

            069023d5e3cca5f3442585fef49e4529

            SHA1

            d8b66d40c986b5a9daa3948974a0a461c971a356

            SHA256

            c3daf7eb69dcd128d65d5d5912663e7b1a5a93f8fb0d88091dbe864abae982c4

            SHA512

            86eddde3d96a0308af7a945baaf3c0c20fbc94b53a45c965b4a7f0737e8f8d703599e4dfac0ec4c9e9745adb617cc057f5f52d0185e99d3ce1ff6c4e521f9762

          • C:\Users\Admin\AppData\Local\vF90so\UI0Detect.exe

            Filesize

            40KB

            MD5

            3cbdec8d06b9968aba702eba076364a1

            SHA1

            6e0fcaccadbdb5e3293aa3523ec1006d92191c58

            SHA256

            b8dab8aa804fc23021bfebd7ae4d40fbe648d6c6ba21cc008e26d1c084972f9b

            SHA512

            a8e434c925ef849ecef0efcb4873dbb95eea2821c967b05afbbe5733071cc2293fc94e7fdf1fdaee51cbcf9885b3b72bfd4d690f23af34558b056920263e465d

          • C:\Users\Admin\AppData\Local\vF90so\WTSAPI32.dll

            Filesize

            79KB

            MD5

            78009f13a6e26e8d29114b609782ae40

            SHA1

            94dff1701765d361540fb86ef6b4fbc7bc5fc0b3

            SHA256

            f95901e25e94c3de7a741abde64d886eff773c831dd490bbd2d31e0dc7b23be6

            SHA512

            5dd7684bfa49b94e223b526dc91d8f39332a4735ea241729b0a1b87cc2be04056e7d42827ee42e1940d758f7d7bf131aa4504ecceaa1fe21b78c25ac0508610d

          • C:\Users\Admin\AppData\Roaming\Identities\{85F2D219-4DA8-41B0-8F71-51D9FDB705AC}\sTEH\VERSION.dll

            Filesize

            65KB

            MD5

            1e2e883cf8883415d99a13ffb5169e4e

            SHA1

            a2b5ad8151a90df9338f526dacb53881cbbaedbc

            SHA256

            5a289b11e0ad477a48c594c3442f8648fd90db4a393a6e7853099ae8a711e130

            SHA512

            0b0591b3adee90c039b137dc8927eb0ab23b6667cde1828493521023fa3cef36627c7e617c5eb6f1987fa0fd87f1754967cb71df8d596b5330f8367d36a577d8

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dbyxyty.lnk

            Filesize

            1KB

            MD5

            94346b2896811291fc9ca79de350e886

            SHA1

            8a3bfb41ad10d8b5caaee915faec66974efba535

            SHA256

            bd65bbab80166cb56c269707fe29f259e8e36d7865e0efb3acd011054f26ad01

            SHA512

            48d9c2d202c5ae17736ff8239abbe29a3f83d6d93a3ba23d3007fb0551e0865e9bd0c316a1f69684561d83d7837d00e59faead9b7d7bb350a88d8a59c0124c40

          • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\csvJH\WTSAPI32.dll

            Filesize

            178KB

            MD5

            65d1902756e9b692ba1ab2be17d44dc8

            SHA1

            bd3cd6161b57fa88b163aadbf9d5925a3596a49b

            SHA256

            38238e68aebc81aea339d2c9ae9adac839bcdd363fc1f2e663d28017fb4d9f4c

            SHA512

            564038dd57cf49ec319544958733da68aec68a1ca6cf2e1af3aed572138674fb26618556a29496907ce3294771946459812b397242a8425df4096df2d9f5ec40

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\6bs\dpx.dll

            Filesize

            117KB

            MD5

            7a7cfd7a07909127edd5686c8490adcf

            SHA1

            ab10ba8ee73538886dda5b848e9c130b93678091

            SHA256

            dd330a8574efd98a18b49cd426faac2c1c8a5368c55d2d21ec39c416739da25c

            SHA512

            c5561b988cf53397d41b7be4fe6763d1a0760accc7ae56e8f2757641363bf65e2d546d17d16c8a92522b6d0aa82a99b952a7e7f9e74e0fa5ea5447c757d27f32

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\6bs\wusa.exe

            Filesize

            139KB

            MD5

            d098d5640e7ff8ad7e15f715c7ed59ed

            SHA1

            e9f2af1288bc628a4aca3391a7895d233b6aee3a

            SHA256

            0a73d1b103aa58896afbbc771f6585a3bc33d1694077654952a3197fd245a789

            SHA512

            a65b8886c7402b3de60c3be8d7ad6db7ad7a18c0a928f22f0c85e46459ce34aedcf819e576df158514f7594e37c147dc97b7cb402c33a840fff140003762a5f4

          • \Users\Admin\AppData\Local\Aozp\MpSigStub.exe

            Filesize

            151KB

            MD5

            844c05c85667101c9c28075337287cf8

            SHA1

            d47c5dc2ba4c58cd8a7e9353c1b854eb6143c90c

            SHA256

            86b539a380e752c24bc554a94692782b355aebcd74a92c99a6a51f164779d2c2

            SHA512

            92c5aeeeefb8578f0a2284c159ef62afbcebdd85147fd663a6339786988e2216f071a94e13ecbd902cbcad931532fa4b35ce6cced6dea40b0a7ae27bbcd0791b

          • \Users\Admin\AppData\Local\Aozp\VERSION.dll

            Filesize

            140KB

            MD5

            bb4b4219756841cd6a1afc5b92161a75

            SHA1

            36744f282242257ac6d1730614347c8784922555

            SHA256

            a0374af98ea926253d3fd97accbf0ca1f37cba76bd6a0cd42c06195801523515

            SHA512

            c234d39706ed8b6e61cdb524b5f1bb575ee3d8d84e38742f61e2ea3c992456d4eb0284d473f1c5c13e1942b69627d076451e0abce4093f91386026e777f410c3

          • \Users\Admin\AppData\Local\MT6\dpx.dll

            Filesize

            22KB

            MD5

            89bfbca83c5421d68c00ab77f07cb001

            SHA1

            8cc88a4c73314ec9d026195de5ebcbf7a95dff65

            SHA256

            b259983c73b41b659fa3dc92e8c14eaa087ffd15f87efdf27f12f7723f353b95

            SHA512

            127fa9a9b16151d07b0e1b1d1868351b79b0745c39ff6a3a5d8b8e093d65fa6b5aace2648eadad22434c4561a35fd02ae35524ef4604330a0b06e136d2b29b05

          • \Users\Admin\AppData\Local\MT6\wusa.exe

            Filesize

            31KB

            MD5

            0d0dc88f3afd709d108a7c3718d279e6

            SHA1

            694a7c0adac0c51b49f0db9aaa903d1a05834819

            SHA256

            2d5848dc96a95d04fdda11b77b5614eb25a60552148cdd69064f40c81199fc3d

            SHA512

            eba4dcbeba46a64b8cea6a9ad850ea72ccb224140b8aac59adbc1ab60bf354002275868830132f37c2177f69868afb410fb61a54625ab4c41f6ad862b1d46889

          • \Users\Admin\AppData\Local\sK9\SnippingTool.exe

            Filesize

            155KB

            MD5

            49d84b7d15e1b7c28e3dd3dab069bab6

            SHA1

            0978913241effcd15f4028d4844091badb5db77a

            SHA256

            b3c81fdfe2feef27cf85726b6d03e9d301b8abe061b358859f34faf45024d5cb

            SHA512

            28ff61f9fb977e6c5e8fd5056e3e1267959104673d6d7b8e3f7692123b45fb253dd03756fac19cf5f57ee41b0408b9bca7835ca777c2893e93eddcc33b2a7d43

          • \Users\Admin\AppData\Local\sK9\slc.dll

            Filesize

            83KB

            MD5

            cd77cc8e2f60150a5afef7e815e0778c

            SHA1

            484da717f57ddda9dba79a27231a79d8a17f9c06

            SHA256

            2eb2b06ae6cfdeadbb00344c76d903f0dcb11bf2535ed3b58493cfe0b5d7b516

            SHA512

            ec7a6574e2348d9d2d0c2591326c04d7f7786f2baac079bebd8fa96c0810a3715a94f74139595a83de4e389ace50fa904d0a1f164d96755e9ba2ae11609359b8

          • \Users\Admin\AppData\Local\vF90so\WTSAPI32.dll

            Filesize

            99KB

            MD5

            2be1320ab4ddc7e8c8ae591cd7ada641

            SHA1

            ee997d0c55363146eb281b087663380bbf579362

            SHA256

            b5eff006c15e0bc6f6043a051fa61a0e3667f4c8c69bc962f7d0031aa4c71a54

            SHA512

            cfca56072fada363e8cb2eb7deb02e0cca1b6eab5f874dfced70f6dc3c96dd3d72bd20f405a0303634dec2e546f39507cdbc54885723c86478ffc6cc99c141ff

          • memory/320-104-0x0000000000100000-0x0000000000107000-memory.dmp

            Filesize

            28KB

          • memory/1224-158-0x0000000000180000-0x0000000000187000-memory.dmp

            Filesize

            28KB

          • memory/1368-68-0x00000000029C0000-0x00000000029C7000-memory.dmp

            Filesize

            28KB

          • memory/1368-24-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-59-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-77-0x0000000076EC0000-0x0000000076EC2000-memory.dmp

            Filesize

            8KB

          • memory/1368-76-0x0000000076D61000-0x0000000076D62000-memory.dmp

            Filesize

            4KB

          • memory/1368-58-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-56-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-55-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-53-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-52-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-51-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-49-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-47-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-46-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-45-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-43-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-42-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-62-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-64-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-4-0x0000000076B56000-0x0000000076B57000-memory.dmp

            Filesize

            4KB

          • memory/1368-65-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-63-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-40-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-39-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-38-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-36-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-35-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-33-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-31-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-30-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-28-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-27-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-26-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-60-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-23-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-22-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-20-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-19-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-18-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-16-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-15-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-14-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-12-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-11-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-9-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-10-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-7-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-61-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-57-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-54-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-50-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-48-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-44-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-41-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-37-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-34-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-32-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-29-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-25-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-21-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-17-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-13-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/1368-180-0x0000000076B56000-0x0000000076B57000-memory.dmp

            Filesize

            4KB

          • memory/1368-5-0x00000000029E0000-0x00000000029E1000-memory.dmp

            Filesize

            4KB

          • memory/2024-8-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB

          • memory/2024-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

            Filesize

            28KB

          • memory/2024-1-0x0000000140000000-0x0000000140384000-memory.dmp

            Filesize

            3.5MB