dridex | 8cdb94adc9b5bafd4c4098348f8b287ccbf9259ad9d5c1d72d4313d00aeeeb00

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa3f916282e7191e443b2c11431b159a.dll
Size

2.1MB
MD5

aa3f916282e7191e443b2c11431b159a
SHA1

96abbb8c4808d8176b3f9cd15bf97a2f030f3380
SHA256

8cdb94adc9b5bafd4c4098348f8b287ccbf9259ad9d5c1d72d4313d00aeeeb00
SHA512

18141cc27bc29b6f4c5795ab8e5e0475dedbba5307d1e25cde1ff2e7146040787ff9140a18467b874ff1005695d7ca33d7b0f3869395a3bac1b70ef49443b32a
SSDEEP

12288:fVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1dx94:WfP7fWsK5z9A+WGAW+V5SB6Ct4bnbdn

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral1/memory/1192-5-0x0000000002AD0000-0x0000000002AD1000-memory.dmp	dridex_stager_shellcode

Executes dropped EXE 3 IoCs

pid	Process
1036	mmc.exe
1916	WFS.exe
2324	consent.exe

Loads dropped DLL 7 IoCs

pid	Process
1192	Process not Found
1036	mmc.exe
1192	Process not Found
1916	WFS.exe
1192	Process not Found
2324	consent.exe
1192	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Uxhwu = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\0yabESnx1u\\WFS.exe"	Process not Found

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	consent.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mmc.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WFS.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2240	regsvr32.exe
2240	regsvr32.exe
2240	regsvr32.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1744	1192	Process not Found	28
PID 1192 wrote to memory of 1744	1192	Process not Found	28
PID 1192 wrote to memory of 1744	1192	Process not Found	28
PID 1192 wrote to memory of 1036	1192	Process not Found	29
PID 1192 wrote to memory of 1036	1192	Process not Found	29
PID 1192 wrote to memory of 1036	1192	Process not Found	29
PID 1192 wrote to memory of 1800	1192	Process not Found	30
PID 1192 wrote to memory of 1800	1192	Process not Found	30
PID 1192 wrote to memory of 1800	1192	Process not Found	30
PID 1192 wrote to memory of 1916	1192	Process not Found	31
PID 1192 wrote to memory of 1916	1192	Process not Found	31
PID 1192 wrote to memory of 1916	1192	Process not Found	31
PID 1192 wrote to memory of 1984	1192	Process not Found	32
PID 1192 wrote to memory of 1984	1192	Process not Found	32
PID 1192 wrote to memory of 1984	1192	Process not Found	32
PID 1192 wrote to memory of 2324	1192	Process not Found	33
PID 1192 wrote to memory of 2324	1192	Process not Found	33
PID 1192 wrote to memory of 2324	1192	Process not Found	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\aa3f916282e7191e443b2c11431b159a.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240

C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
1⤵
PID:1744

C:\Users\Admin\AppData\Local\LrJVvcMg\mmc.exe
C:\Users\Admin\AppData\Local\LrJVvcMg\mmc.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:1036

C:\Windows\system32\WFS.exe
C:\Windows\system32\WFS.exe
1⤵
PID:1800

C:\Users\Admin\AppData\Local\OADmhG\WFS.exe
C:\Users\Admin\AppData\Local\OADmhG\WFS.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:1916

C:\Windows\system32\consent.exe
C:\Windows\system32\consent.exe
1⤵
PID:1984

C:\Users\Admin\AppData\Local\TUkT07QV\consent.exe
C:\Users\Admin\AppData\Local\TUkT07QV\consent.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\LrJVvcMg\UxTheme.dll

Filesize
119KB

MD5
4b54b3a3593b36af596f576d48b675df

SHA1
cb224fb6575b6bd9d91d49728603b6604865cc83

SHA256
c59f8c0bc97f47691b1aa3f9404c037c03f86c373d7127734cfc51bdfa6cf364

SHA512
578dd072492ae636e077548cd9e4c3e5dfb0498f6ef734447d528ecdbeb24a1f3e06d44c63024629db38df0dfa7ec84325f307ce01fc59774af7159ea260d72b

Download Submit
C:\Users\Admin\AppData\Local\LrJVvcMg\mmc.exe

Filesize
93KB

MD5
4f1ebeac162a3aa9ec39e5e44994008b

SHA1
a8601a05d68fe0a97eb13d1108e2d2bf916cc9ec

SHA256
59a5712e194f691eabc7e58732a94da84475f04ad691b5bb7444b58a528e52dc

SHA512
3036e2799bc5779894a3a8c08b8275a9af1b7bccd4b848d5c575c74ad83a45095e8f78b1fce70ca54804bd06b4b5ccec82d1834870ec54196e0ca8ba88f6045c

Download Submit
C:\Users\Admin\AppData\Local\LrJVvcMg\mmc.exe

Filesize
456KB

MD5
7553f6b61dfc93eedf9848e753979c76

SHA1
458ec09519f5073be5179e7df2b1fe458ab4d632

SHA256
342af9108025b8495811930e92478b90550a54a94bb7533e41d70c08d61a8ae7

SHA512
cb16dc4fe8360cfcd207ccf5fddf3ed261d4c650071ff27c96aaac62e30cdb6f527fb1647a08b540f27d6639330e0b939fa90898f41b9669b4e83abc848efcc2

Download Submit
C:\Users\Admin\AppData\Local\OADmhG\UxTheme.dll

Filesize
112KB

MD5
b20593b4ffac10a8cf4462cefa707699

SHA1
a2b9f0fcc3a6b5c62e7584753ccb7cfff7577ff7

SHA256
af38d1f7966ce138072568631238c56cfc25d17fd0b23f74bb80054c4d8fb6ad

SHA512
788052ae2f59ccd4b61681c779c74b1437fe28811ddab03506934cce770ca72cd6c307c0eea8fe4c0d7c40eb9a892e66a3618ac9eef2db4fb25b1d66cb5d3325

Download Submit
C:\Users\Admin\AppData\Local\OADmhG\WFS.exe

Filesize
227KB

MD5
a505e793b231be1c88d8038c255a6ace

SHA1
e500933b21699b7cd55dad898f911363307d12e0

SHA256
637a64689e0f29b9a34138c66c4d20e19d8d39bb3caacd19e109c156db6ed979

SHA512
77e033193ac0c69b79a3912792d28f7cb7f96dfde4b35d31da85c5a277d7b639f95ae8fb777d1b49c55a06aa6d4a4d89db3b481907e2e51c48db6d2cd46bbdfd

Download Submit
C:\Users\Admin\AppData\Local\OADmhG\WFS.exe

Filesize
572KB

MD5
711219685b1609f7c07187c95829124e

SHA1
bc9a6459cb894d524ba7d8181faf5c9be4feab96

SHA256
929e137c72d702eb894c664521eb8c66ee10a32bfe59897bb7068c5cdcf0690d

SHA512
44e7d929a0dcbac4fac0d8f72e9793e059c7c841593ed6947c2957b37674eb1b62b9d2959b7af4a18778b743a8cd8db57f990957fd25268154e9802b29c6d430

Download Submit
C:\Users\Admin\AppData\Local\TUkT07QV\WMsgAPI.dll

Filesize
263KB

MD5
3f72fd077f4ecff07f254987d7bb234c

SHA1
69814fd8a7b803bc7b270718bacffd09137f8769

SHA256
26d6c7721e9a923960d76bdc0a2b1c2fc97c7a3dfc32d5dcdb70a6e533f0f022

SHA512
608dabd723456f1fa808457b9be75697171ce13e20e77a095a9aa41892b4ca74738e14a0dd29ada590940c7560654d16bd62a893c72f214af0f3b324599d2f6c

Download Submit
C:\Users\Admin\AppData\Local\TUkT07QV\consent.exe

Filesize
109KB

MD5
0b5511674394666e9d221f8681b2c2e6

SHA1
6e4e720dfc424a12383f0b8194e4477e3bc346dc

SHA256
ccad775decb5aec98118b381eeccc6d540928035cfb955abcb4ad3ded390b79b

SHA512
00d28a00fd3ceaeae42ba6882ffb42aa4cc8b92b07a10f28df8e1931df4b806aebdcfab1976bf8d5ce0b98c64da19d4ee06a6315734fa5f885ecd1f6e1ff16a7

Download Submit
C:\Users\Admin\AppData\Local\TUkT07QV\consent.exe

Filesize
90KB

MD5
0381d331094aa636dd36f16d85eaf4d4

SHA1
0ebe787b1caeb03a2296c5c07e3029729bddd89a

SHA256
e072db5814034cd649f52381979a9c2757ec5654a5f411c4dc3758cbf6f1a7a5

SHA512
6bd0e8a354f067270a60b0940c9079a28b70e373badf0bd0d709e4c99749942f7b4956ebf7b109acf00ef21ff00a3a0f7aecdc400a9e9b62abeebd490dc52c57

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dgsmy.lnk

Filesize
1KB

MD5
97e7bdaa03ac3f2eb9d92860f8725823

SHA1
02b75587215a792df8dd7daa92a06a8f1acc391a

SHA256
f6db0edab7be9ece9cb66903589c6892a86afb7c9ebe91b777ab7f9d883e084e

SHA512
e7ef7322abacbd087783ee6ba521e1f3d3dd3ecd600075a89784da4c61dca1bd0d80b8caead04acd715da5c7f90f9829c6ff96f78239fdaa2cce27c630e1956d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\flnmHaVckl4\UxTheme.dll

Filesize
1.3MB

MD5
0cf10a28ba191d4847cdd3d6498c3dac

SHA1
43ce8848cb747a274e577c68823eaca41a71ea4b

SHA256
b8242c24cf7577e3f3f101539c776ea4d9f4df06112a4a704e445390ea61e06f

SHA512
66b691d096a296af911bbafef5f310b20d976861b908aab257b71fd393d893ff328c69f24d5844ea4e823fa36b3b290a69dbad574c2cc7fde6945a124ddc95a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\C8av\WMsgAPI.dll

Filesize
2.1MB

MD5
76362bff41bf40014fbeeb7f7d2a78b8

SHA1
b4bd3573d33411a57691be58d4a58cdfe9be945c

SHA256
5e5d86f4477b6851c852cf7b29dba6416f04725ac0f8f1a4f75ce100209cff9b

SHA512
533a49c26587aae3293bae2a24ec2af0d3e4a785152f0ab70c467d8c99feb17ebe79554c92da1f92c2c7261f499ee3859fcc3a6682b0365336be4cf5342c3970

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\0yabESnx1u\UxTheme.dll

Filesize
2.1MB

MD5
72a3dfcaa40d8ff198c0812f4e04fb08

SHA1
fd289e490f93138dd7fe12172c9eb815245cc97a

SHA256
f49fa7afe49d9b08dfa2bd494b8041fdc9324f9665282cdad3f0597047483252

SHA512
6535b1f053f5cec14e65cd5a8b7c8dcdca4c28dc795b929692f5a84679360ee55e77a858536f12d3c3a587c0ecb408cac925eff7357b3461bf3dc66f12d65a9e

Download Submit
\Users\Admin\AppData\Local\LrJVvcMg\UxTheme.dll

Filesize
109KB

MD5
1b8eafb46cb66a05da0e525191bb9f2b

SHA1
e89a3b9b0a6457d7ed59e2eb26e54ce597d96baa

SHA256
f726987f0f317e0c6c6ec0addfef887118036761ee72b2075856fd60dbe24293

SHA512
cef075e8fc058b5cdff87cdcdd257380e15d96882d53c4badebcd01370dbd5f0d4a98dff8d9698fa51afad86c71d2e2c1b3f3af2647c9c14acf3e7f63d0cc301

Download Submit
\Users\Admin\AppData\Local\LrJVvcMg\mmc.exe

Filesize
101KB

MD5
aa864b0184c00405e2ec6cee0d6f02dd

SHA1
8c4beab04eea7c86e33736f856ae38a93b0ba39b

SHA256
35404de2a649b415554995fb81299562384bda718aa39cd7a8a4f6f205fbaa07

SHA512
644c62ccc1b388318ba9f34615c1ef27f3bc16ab6c8c07d5f25ba01d6a9258a5ffc2919d9e17271a7c526261d2b24efa16e157c2741321352804d13cf4425174

Download Submit
\Users\Admin\AppData\Local\OADmhG\UxTheme.dll

Filesize
92KB

MD5
ff523af57db4e942295c1dd686ffb0cd

SHA1
02ec775db770f1593520af0479df8575407bce69

SHA256
59ba8eeb353f22af97546ba3884dc09be645355c066f9b9d45a5abb7c24ff454

SHA512
b7d00b10f32c5d81b1fa8e962621941692deb18286d0880119a1f16cc00124e8ef7428f9756cba6b1732b6bb4112a59c25bdf6fc049d83a5d2792b153613b678

Download Submit
\Users\Admin\AppData\Local\OADmhG\WFS.exe

Filesize
113KB

MD5
94852f7b862e93c6c691290c24aa898c

SHA1
c9cfa8f50495f22ca44ef635fc5c004c2ac4d14a

SHA256
cad4e47019af6adc3d9e25fea13c29fec090696032d422a78bd3af928ba54ef4

SHA512
41fc3b0ac9bcac82ddb33f7b8996b040b0bc3370cb52ff533e2c868b92c95c4a96a019bf737f35aeba095f90e1b32c5a00bce1f0697847c0f790a1a0817d78f1

Download Submit
\Users\Admin\AppData\Local\TUkT07QV\WMsgAPI.dll

Filesize
277KB

MD5
0ab8c5ace73bcc75f9c14f17c78c2870

SHA1
d0e8971bfd575a5c181cc80fa8dd9af969e6040a

SHA256
0af29a130139ae11d6c1f6db4d03128ae109c94792b27d6e6bc1ee826f7723c2

SHA512
d5d481fe3d43f1808876b9eb7a97cfb48ce30cd08b1ee3c0535e485624208605686ae4d1de97ee1984d62e150cf3ea7d0d2b65ac973059b34713413dd6781672

Download Submit
memory/1036-91-0x0000000000600000-0x0000000000607000-memory.dmp

Filesize
28KB

Download
memory/1192-19-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-53-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-25-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-23-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-26-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-27-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-34-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-33-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-32-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-31-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-30-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-29-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-28-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-39-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-40-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-38-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-37-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-36-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-35-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-43-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-42-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-41-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-45-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-48-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-47-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-49-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-46-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-44-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-50-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-24-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-52-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-51-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-55-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-54-0x0000000002250000-0x0000000002257000-memory.dmp

Filesize
28KB

Download
memory/1192-64-0x00000000773F0000-0x00000000773F2000-memory.dmp

Filesize
8KB

Download
memory/1192-63-0x0000000077291000-0x0000000077292000-memory.dmp

Filesize
4KB

Download
memory/1192-62-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-73-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-4-0x0000000077086000-0x0000000077087000-memory.dmp

Filesize
4KB

Download
memory/1192-20-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-21-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-22-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-15-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-16-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-18-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-17-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-14-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-13-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-5-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/1192-7-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-9-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-10-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-11-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1192-153-0x0000000077086000-0x0000000077087000-memory.dmp

Filesize
4KB

Download
memory/1192-12-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/1916-115-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download
memory/2240-8-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/2240-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

Filesize
28KB

Download
memory/2240-1-0x0000000140000000-0x000000014021B000-memory.dmp

Filesize
2.1MB

Download
memory/2324-133-0x0000000000270000-0x0000000000277000-memory.dmp

Filesize
28KB

Download