anchordns | 0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

Analysis

max time kernel
59s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe
Size

666KB
MD5

754b79913fde2de487e9fc2826b65d57
SHA1

c8299aadf886da55cb47e5cbafe8c5a482b47fc8
SHA256

0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a
SHA512

4a2420e2e89757cab2376932ce548f9b31b845f8c99dfd1cdd9a3b53dabed9e3cb11ecf514edeaccd932f277f65397c126ecaf42831f016554d2001034a25a1d
SSDEEP

12288:b9x+Tm3J3SrhP6pRKBdxZXi0gjFBFq4wTdbU0Cp4RWeAK+1coRm:b9nJ3SrhC+BdxZXi0gjFLq4wTZU0Cp4N

Score

10^/10

anchordns backdoor

Malware Config

Signatures

AnchorDNS Backdoor
A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.
backdoor anchordns

Detected AnchorDNS Backdoor 1 IoCs

Sample triggered yara rules associated with the AnchorDNS malware family.

backdoor

resource	yara_rule
behavioral2/files/0x0007000000023409-159.dat	family_anchor_dns

Executes dropped EXE 1 IoCs

pid	Process
4752	0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe:$TASK	0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe:$FILE	0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe: data	0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3148	WINWORD.EXE
3148	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3148	WINWORD.EXE
3148	WINWORD.EXE
3148	WINWORD.EXE
3148	WINWORD.EXE
3148	WINWORD.EXE
3148	WINWORD.EXE
3148	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2136	2016	chrome.exe	89
PID 2016 wrote to memory of 2136	2016	chrome.exe	89
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 968	2016	chrome.exe	90
PID 2016 wrote to memory of 4844	2016	chrome.exe	91
PID 2016 wrote to memory of 4844	2016	chrome.exe	91
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92
PID 2016 wrote to memory of 900	2016	chrome.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe
"C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe"
1⤵
- NTFS ADS
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8261ab58,0x7ffb8261ab68,0x7ffb8261ab78
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=2004,i,9863754106569307951,930483945389351609,131072 /prefetch:2
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2004,i,9863754106569307951,930483945389351609,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=2004,i,9863754106569307951,930483945389351609,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=2004,i,9863754106569307951,930483945389351609,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=2004,i,9863754106569307951,930483945389351609,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3664 --field-trial-handle=2004,i,9863754106569307951,930483945389351609,131072 /prefetch:1
  2⤵
  PID:4444

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4832

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe
C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe -u
1⤵
- Executes dropped EXE
- NTFS ADS
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
1dab71a7711e6ba68047eb929730481b

SHA1
a9ebebeb20a8068e080edf29026d67446108fe2a

SHA256
3ac877f707c3cda7bb8b0cdee5be1b7d4300851bc06a09bf8e9e9c03ae85d114

SHA512
849052c0f04f5235a153ed59fd7bb1ae324764e394e0b5b90998dd512f2dffc444a2f3be5cbe0d6874255d2565d2e5f02f86dba7f101cae6f517fe956ea2bb4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75eb21b8621a8b25ea2485b119d540ac

SHA1
8fa7e353ea6b57e214e94d3708531b52e86c5a3f

SHA256
075324a77664959ca1c1a8997c26299291486a0c188e5d0142d014679bd156ae

SHA512
6d6e69e8bae8e0c17974a3798cea193d80e732cf1fa33d92a4c38ce2fd770dccfeadca9fecd27e5751e69553731c642fb15ccf159a8cb8e7354a24c0a2ae32cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
3fa692dad59f141309e4a86155f200a4

SHA1
ddcf8ea01c296cb5e43726a4e48b8055eb1eac29

SHA256
df332f33bf0e88367a6458f34ce16e112029f4ad17b91dfc69a4cace53f72365

SHA512
a20a0bf4784c52c216d95e0c7f9b9ec68abebb711f344c23cc2222ddfee8d66679e115ffba579fe1fadfe1f4cb391ebc98be28200056f6186e8c8e9d33227c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
195965feb5853289f6f07f005ae080f0

SHA1
042aa2a574ebbdd47a231a29b865977561e627d4

SHA256
2a31504cef46264a75fdc4012d1f254c4710087267cefd701b1045ba32fedcea

SHA512
1ef29d0e31094ba12782882551dcc4d4208ce10215c43fd639710419b1e00341b095fb37612c2d4b2d00ad146553c6d537349da64707c2c192508fff05786b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a.exe

Filesize
666KB

MD5
754b79913fde2de487e9fc2826b65d57

SHA1
c8299aadf886da55cb47e5cbafe8c5a482b47fc8

SHA256
0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

SHA512
4a2420e2e89757cab2376932ce548f9b31b845f8c99dfd1cdd9a3b53dabed9e3cb11ecf514edeaccd932f277f65397c126ecaf42831f016554d2001034a25a1d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
202B

MD5
4566d1d70073cd75fe35acb78ff9d082

SHA1
f602ecc057a3c19aa07671b34b4fdd662aa033cc

SHA256
fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

SHA512
b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

Download Submit
memory/3148-113-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-116-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-109-0x00007FFBA07ED000-0x00007FFBA07EE000-memory.dmp

Filesize
4KB

Download
memory/3148-107-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-112-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-110-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-114-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-118-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-117-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-111-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-119-0x00007FFB5E600000-0x00007FFB5E610000-memory.dmp

Filesize
64KB

Download
memory/3148-115-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-120-0x00007FFB5E600000-0x00007FFB5E610000-memory.dmp

Filesize
64KB

Download
memory/3148-108-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-154-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-155-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-157-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-156-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download
memory/3148-158-0x00007FFBA0750000-0x00007FFBA0945000-memory.dmp

Filesize
2.0MB

Download
memory/3148-106-0x00007FFB607D0000-0x00007FFB607E0000-memory.dmp

Filesize
64KB

Download