danabot | 1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4

Analysis

max time kernel
79s
max time network
137s
platform
windows10_x64
resource
win10-en-20210920
submitted
21-10-2021 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exe
Size

1.1MB
MD5

44ea4215c9e6d9f71d3dd64fcfd45d1f
SHA1

51c5173979f2c481403af71ef8e7d3137f23aaae
SHA256

1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4
SHA512

2164f6185ea28a823431db68afc450283c338325aae32a9b862640983e8882d368a5bf977157c3a48c541882e807cfdb65d5ec78f5fc2a54a9d499f4f942565c

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Extracted

Family

danabot

Version

2052

Botnet

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
main

rsa_privkey.plain

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 6 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\1D2932~1.DLL	DanabotLoader2021
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL	DanabotLoader2021
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL	DanabotLoader2021
behavioral1/memory/4332-123-0x0000000004230000-0x0000000004390000-memory.dmp	DanabotLoader2021
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL	DanabotLoader2021
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

27 4332 rundll32.exe
Loads dropped DLL 3 IoCs

Processes:

rundll32.exeRUNDLL32.EXE

pid process

4332 rundll32.exe
4332 rundll32.exe
864 RUNDLL32.EXE
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Program Files directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\PROGRA~3\zohplghndapsm.tmp rundll32.exe

flow	pid	process
27	4332	rundll32.exe

pid	process
4332	rundll32.exe
4332	rundll32.exe
864	RUNDLL32.EXE

description	ioc	process
File created	C:\PROGRA~3\zohplghndapsm.tmp	rundll32.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RUNDLL32.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	RUNDLL32.EXE
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status	RUNDLL32.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	RUNDLL32.EXE
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	RUNDLL32.EXE
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	RUNDLL32.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	RUNDLL32.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision	RUNDLL32.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exerundll32.exe

description	pid	process	target process
PID 4000 wrote to memory of 4332	4000	1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exe	rundll32.exe
PID 4000 wrote to memory of 4332	4000	1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exe	rundll32.exe
PID 4000 wrote to memory of 4332	4000	1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exe	rundll32.exe
PID 4332 wrote to memory of 864	4332	rundll32.exe	RUNDLL32.EXE
PID 4332 wrote to memory of 864	4332	rundll32.exe	RUNDLL32.EXE
PID 4332 wrote to memory of 864	4332	rundll32.exe	RUNDLL32.EXE

C:\Users\Admin\AppData\Local\Temp\1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exe
"C:\Users\Admin\AppData\Local\Temp\1d2932dcf2391adcd5385700b14b4d59d7a319037fe72a9054bdac51c92cfae4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4000

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\1D2932~1.DLL,s C:\Users\Admin\AppData\Local\Temp\1D2932~1.EXE
2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4332

C:\Windows\SysWOW64\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\1D2932~1.DLL,UR8yRnlsaQ==
3⤵
- Loads dropped DLL
- Checks processor information in registry
PID:864

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Local\Temp\1D2932~1.DLL
4⤵
PID:1128

C:\Windows\SysWOW64\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\1D2932~1.DLL,ZlsKWVBpcjJK
4⤵
PID:1684

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,#61 19638
5⤵
PID:2400

C:\Windows\system32\ctfmon.exe
ctfmon.exe
6⤵
PID:3604

C:\Windows\SysWOW64\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\58cfb4a6.dll,Start
4⤵
PID:2492

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Executionpolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\tmp2717.tmp.ps1"
4⤵
PID:1072

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Executionpolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\tmp89BB.tmp.ps1"
4⤵
PID:4212

C:\Windows\SysWOW64\nslookup.exe
"C:\Windows\system32\nslookup.exe" -type=any localhost
5⤵
PID:828

C:\Windows\SysWOW64\schtasks.exe
schtasks /End /tn \Microsoft\Windows\Wininet\CacheTask
4⤵
PID:1584

C:\Windows\SysWOW64\schtasks.exe
schtasks /Run /tn \Microsoft\Windows\Wininet\CacheTask
4⤵
PID:1776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\zohplghndapsm.tmp
MD5
b1428c05c232fcef5c4e90993a5fdcfa

SHA1
bf209b7af17784445ec44e395deb2b7faac83c1a

SHA256
f1659fc70e3cc560f1a43497e3a2438683ccc6707d8501e7ff2de35bfb2f9fa2

SHA512
3c77a8e6d41d4712b54ab2770dcd9940b1f699babc0a5a0a14d885dde95a916c537e37af2088af17818640e99a971e74b113d8730841d84921a8c7f59e2f007e

Download Submit
C:\PROGRA~3\zohplghndapsm.tmp
MD5
41d2816c31b770b218830bd2f2dfa6cd

SHA1
654c4c30a23c3101a44bb5514efafa6bc2a4459f

SHA256
d9a746d7835a0fd3ba0ee64e2c309b08b65195a58ca49f0f07cfb534224fb09c

SHA512
60cc0ed414318c6dda32ddca679cc2520c46a7cd1fe5bcd4c61f85cc2334501317a7106be9d09a1bcfe38cd48fbd07ca8370db1a3815670c27533dee2d9b7356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
MD5
a71f142529408a71b4ab8ffd39061c59

SHA1
7fbd459754fe9d50c79f77657fd3ce6ad341de02

SHA256
f0a3fc2f7377da91c4e6b3dfe31dae5eb8be8541f349a16741746a717964b7b5

SHA512
9727db18faf9f033ebffe610232b39310a7e420a6c0f4a9fec317be01842fe243f6ed26dde8a5f296645e4bf7fd54729e7bfcab8fb4b733518d3947d26cb3fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
MD5
ee0ebb072745c95725038eb95b1265c3

SHA1
837e09f21b10f01b97ce9bb377c50b16cba3e4a1

SHA256
e9222ba8c18c0871b2b3fed579ed38c0d185c81210536f8c04ef6e6d5a32cdec

SHA512
c20eaea534d67ac4a521d3b132463ad92ff34b8bb6b49d72b661a17b29de6869f7b64887be07ebadfbe7636f6f53483d6d43baec4b24f4fa250424e554771477

Download Submit
C:\Users\Admin\AppData\Local\Temp\1D2932~1.DLL
MD5
09d993e2f6b7977646e534873f9de50b

SHA1
678c51b645dc7af6ef4c5d1cec660ec23f47bfd2

SHA256
02b6cac9be0edf6801439fa8c3165fadb324b7946a7c4d02514eca79843a974b

SHA512
11f66590f2aa8a1687a551bef8587ae2421525c11c806944f8522ca8b54a0d6390edd15c500552107b5a90dbb35e9456a33db8227c70ad9c55cfc1ee670423eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\58cfb4a6.dll
MD5
5951f0afa96cda14623b4cce74d58cca

SHA1
ad4a21bd28a3065037b1ea40fab4d7c4d7549fde

SHA256
8b64b8bfd9e36cc40c273deccd4301a6c2ab44df03b976530c1bc517d7220bce

SHA512
b098f302ad3446edafa5d9914f4697cbf7731b7c2ae31bc513de532115d7c672bec17e810d153eb0dbaae5b5782c1ac55351377231f7aa6502a3d9c223d55071

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2717.tmp.ps1
MD5
14ab9a37b4e9d4b83460fff6314867dc

SHA1
b419bba957dfcad0c0f5da9c6015c1ed408a9358

SHA256
491bf967fd66839373233f623ccf164b2295249301c10bf35a29438e210f529a

SHA512
5df1b6a088c608ecdca95a5d20367ad29e9231a995b8698770c0ea5226bfd35381649c4efbc880d0ee9c68edfcb5467be2d25984b8cd87fa0ce944f78b93798d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2718.tmp
MD5
c416c12d1b2b1da8c8655e393b544362

SHA1
fb1a43cd8e1c556c2d25f361f42a21293c29e447

SHA256
0600d59103840dff210778179fdfba904dcb737a4bfdb35384608698c86ea046

SHA512
cb6d3636be4330aa2fd577c3636d0b7165f92ee817e98f21180ba0c918eb76f4e38f025086593a0e508234ca981cfec2c53482b0e9cc0acfa885fefbdf89913c

Download Submit
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL
MD5
09d993e2f6b7977646e534873f9de50b

SHA1
678c51b645dc7af6ef4c5d1cec660ec23f47bfd2

SHA256
02b6cac9be0edf6801439fa8c3165fadb324b7946a7c4d02514eca79843a974b

SHA512
11f66590f2aa8a1687a551bef8587ae2421525c11c806944f8522ca8b54a0d6390edd15c500552107b5a90dbb35e9456a33db8227c70ad9c55cfc1ee670423eb

Download Submit
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL
MD5
09d993e2f6b7977646e534873f9de50b

SHA1
678c51b645dc7af6ef4c5d1cec660ec23f47bfd2

SHA256
02b6cac9be0edf6801439fa8c3165fadb324b7946a7c4d02514eca79843a974b

SHA512
11f66590f2aa8a1687a551bef8587ae2421525c11c806944f8522ca8b54a0d6390edd15c500552107b5a90dbb35e9456a33db8227c70ad9c55cfc1ee670423eb

Download Submit
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL
MD5
09d993e2f6b7977646e534873f9de50b

SHA1
678c51b645dc7af6ef4c5d1cec660ec23f47bfd2

SHA256
02b6cac9be0edf6801439fa8c3165fadb324b7946a7c4d02514eca79843a974b

SHA512
11f66590f2aa8a1687a551bef8587ae2421525c11c806944f8522ca8b54a0d6390edd15c500552107b5a90dbb35e9456a33db8227c70ad9c55cfc1ee670423eb

Download Submit
\Users\Admin\AppData\Local\Temp\1D2932~1.DLL
MD5
09d993e2f6b7977646e534873f9de50b

SHA1
678c51b645dc7af6ef4c5d1cec660ec23f47bfd2

SHA256
02b6cac9be0edf6801439fa8c3165fadb324b7946a7c4d02514eca79843a974b

SHA512
11f66590f2aa8a1687a551bef8587ae2421525c11c806944f8522ca8b54a0d6390edd15c500552107b5a90dbb35e9456a33db8227c70ad9c55cfc1ee670423eb

Download Submit
\Users\Admin\AppData\Local\Temp\58cfb4a6.dll
MD5
5951f0afa96cda14623b4cce74d58cca

SHA1
ad4a21bd28a3065037b1ea40fab4d7c4d7549fde

SHA256
8b64b8bfd9e36cc40c273deccd4301a6c2ab44df03b976530c1bc517d7220bce

SHA512
b098f302ad3446edafa5d9914f4697cbf7731b7c2ae31bc513de532115d7c672bec17e810d153eb0dbaae5b5782c1ac55351377231f7aa6502a3d9c223d55071

Download Submit
\Users\Admin\AppData\Local\Temp\58cfb4a6.dll
MD5
5951f0afa96cda14623b4cce74d58cca

SHA1
ad4a21bd28a3065037b1ea40fab4d7c4d7549fde

SHA256
8b64b8bfd9e36cc40c273deccd4301a6c2ab44df03b976530c1bc517d7220bce

SHA512
b098f302ad3446edafa5d9914f4697cbf7731b7c2ae31bc513de532115d7c672bec17e810d153eb0dbaae5b5782c1ac55351377231f7aa6502a3d9c223d55071

Download Submit
memory/864-126-0x0000000000000000-mapping.dmp

Download
memory/864-129-0x0000000005391000-0x0000000006375000-memory.dmp

Filesize
15.9MB

Download
memory/864-130-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1072-274-0x0000000000EA3000-0x0000000000EA4000-memory.dmp

Filesize
4KB

Download
memory/1072-172-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/1072-170-0x0000000000000000-mapping.dmp

Download
memory/1072-173-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/1072-175-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download
memory/1072-183-0x0000000000EA2000-0x0000000000EA3000-memory.dmp

Filesize
4KB

Download
memory/1072-207-0x0000000007CE0000-0x0000000007CE1000-memory.dmp

Filesize
4KB

Download
memory/1128-134-0x00000000046A0000-0x00000000046A1000-memory.dmp

Filesize
4KB

Download
memory/1128-194-0x000000007EC10000-0x000000007EC11000-memory.dmp

Filesize
4KB

Download
memory/1128-168-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/1128-142-0x0000000007730000-0x0000000007731000-memory.dmp

Filesize
4KB

Download
memory/1128-144-0x00000000077D0000-0x00000000077D1000-memory.dmp

Filesize
4KB

Download
memory/1128-145-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/1128-146-0x0000000007A50000-0x0000000007A51000-memory.dmp

Filesize
4KB

Download
memory/1128-211-0x0000000004653000-0x0000000004654000-memory.dmp

Filesize
4KB

Download
memory/1128-208-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/1128-205-0x00000000092B0000-0x00000000092B1000-memory.dmp

Filesize
4KB

Download
memory/1128-200-0x00000000082B0000-0x00000000082B1000-memory.dmp

Filesize
4KB

Download
memory/1128-140-0x0000000004650000-0x0000000004651000-memory.dmp

Filesize
4KB

Download
memory/1128-191-0x0000000009180000-0x00000000091B3000-memory.dmp

Filesize
204KB

Download
memory/1128-141-0x0000000004652000-0x0000000004653000-memory.dmp

Filesize
4KB

Download
memory/1128-131-0x0000000000000000-mapping.dmp

Download
memory/1128-181-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

Filesize
4KB

Download
memory/1128-133-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

Filesize
4KB

Download
memory/1128-132-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

Filesize
4KB

Download
memory/1128-171-0x0000000008210000-0x0000000008211000-memory.dmp

Filesize
4KB

Download
memory/1128-136-0x0000000007060000-0x0000000007061000-memory.dmp

Filesize
4KB

Download
memory/1128-169-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/1584-429-0x0000000000000000-mapping.dmp

Download
memory/1684-154-0x0000000006300000-0x0000000006440000-memory.dmp

Filesize
1.2MB

Download
memory/1684-149-0x0000000006300000-0x0000000006440000-memory.dmp

Filesize
1.2MB

Download
memory/1684-135-0x0000000000000000-mapping.dmp

Download
memory/1684-143-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1684-147-0x0000000006510000-0x0000000006511000-memory.dmp

Filesize
4KB

Download
memory/1684-139-0x0000000005251000-0x0000000006235000-memory.dmp

Filesize
15.9MB

Download
memory/1684-148-0x0000000006300000-0x0000000006440000-memory.dmp

Filesize
1.2MB

Download
memory/1684-151-0x0000000006300000-0x0000000006440000-memory.dmp

Filesize
1.2MB

Download
memory/1684-152-0x0000000006300000-0x0000000006440000-memory.dmp

Filesize
1.2MB

Download
memory/1684-153-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/1684-155-0x0000000006300000-0x0000000006440000-memory.dmp

Filesize
1.2MB

Download
memory/1776-430-0x0000000000000000-mapping.dmp

Download
memory/2400-161-0x000001BACF8F0000-0x000001BACFAA2000-memory.dmp

Filesize
1.7MB

Download
memory/2400-160-0x0000000000530000-0x00000000006D0000-memory.dmp

Filesize
1.6MB

Download
memory/2400-159-0x000001BACF6B0000-0x000001BACF6B2000-memory.dmp

Filesize
8KB

Download
memory/2400-156-0x00007FF7EA955FD0-mapping.dmp

Download
memory/2400-158-0x000001BACF6B0000-0x000001BACF6B2000-memory.dmp

Filesize
8KB

Download
memory/2492-167-0x0000000000950000-0x000000000097F000-memory.dmp

Filesize
188KB

Download
memory/2492-162-0x0000000000000000-mapping.dmp

Download
memory/3604-163-0x0000000000000000-mapping.dmp

Download
memory/4000-117-0x0000000005010000-0x0000000005115000-memory.dmp

Filesize
1.0MB

Download
memory/4000-116-0x0000000004F20000-0x000000000500D000-memory.dmp

Filesize
948KB

Download
memory/4000-122-0x0000000000400000-0x0000000002FE6000-memory.dmp

Filesize
43.9MB

Download
memory/4212-381-0x0000000000000000-mapping.dmp

Download
memory/4332-124-0x0000000004941000-0x0000000005925000-memory.dmp

Filesize
15.9MB

Download
memory/4332-123-0x0000000004230000-0x0000000004390000-memory.dmp

Filesize
1.4MB

Download
memory/4332-118-0x0000000000000000-mapping.dmp

Download
memory/4332-125-0x0000000005B00000-0x0000000005B01000-memory.dmp

Filesize
4KB

Download