Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-10-2022 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6402a49e803c4df419eaea1e21383346fcd0c014ff38d77a8adfabdc783dc317.exe

  • Size

    242KB

  • MD5

    95bc641ceb8eb272162570f58c0c0c96

  • SHA1

    9aaf354703dce5fa857cbd655c8801fc8447d46a

  • SHA256

    6402a49e803c4df419eaea1e21383346fcd0c014ff38d77a8adfabdc783dc317

  • SHA512

    5be2d1338a21dae531482df0adbdf1dac487e112e551fc9b382dade67dec1c0b5c2d28ff3637f8a09aad89b2da75bf38833dd42061da443a50a546780e17a235

  • SSDEEP

    3072:jXPnbjelLJgJgDccdX5OtcRYx3MQoLXD82vmPofvlFy8oTDU3dMLifovZnyf:bHelLXccecQ0D82+Ajy8os3dkifoBn0

Score
10/10
danabotsmokeloadervidar937backdoorbankerdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535
Attributes
  • embedded_hash

    569235DCA8F16ED8310BBACCB674F896

  • type

    loader

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420
Attributes
  • profile_id

    937

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses 2FA software files, possible credential harvesting 2 TTPs
    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 48 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 22 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6402a49e803c4df419eaea1e21383346fcd0c014ff38d77a8adfabdc783dc317.exe
    "C:\Users\Admin\AppData\Local\Temp\6402a49e803c4df419eaea1e21383346fcd0c014ff38d77a8adfabdc783dc317.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3500
  • C:\Users\Admin\AppData\Local\Temp\FA05.exe
    C:\Users\Admin\AppData\Local\Temp\FA05.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:4680
      • C:\Windows\syswow64\rundll32.exe
        "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
        2⤵
        • Blocklisted process makes network request
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:360
    • C:\Users\Admin\AppData\Local\Temp\36EF.exe
      C:\Users\Admin\AppData\Local\Temp\36EF.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      PID:3764
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 1780
        2⤵
        • Program crash
        PID:4064
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4312

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Credentials in Files

    3
    T1081

    Discovery

    Query Registry

    3
    T1012

    System Information Discovery

    3
    T1082

    Peripheral Device Discovery

    1
    T1120

    Lateral Movement

    Collection

    Data from Local System

    3
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\36EF.exe
      Filesize

      318KB

      MD5

      e58c70e8e2cde5c7aee3975db0a2e559

      SHA1

      4c88ba2a9c7cd614c74fdb34d17ee5d82fc6a4fe

      SHA256

      2a929266c1c731452ab4171a4c6cb980d6c84a6cc81e2bec5b1dacec075113bf

      SHA512

      b4a49e871630b96e94833ca794c2982e96ceb03052fcfbe58e7b3c7e2868a5d2f837f0ed8173bef0b22ba38be28ec22584fabd0d199b0706ae71b9481880adf8

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\36EF.exe
      Filesize

      318KB

      MD5

      e58c70e8e2cde5c7aee3975db0a2e559

      SHA1

      4c88ba2a9c7cd614c74fdb34d17ee5d82fc6a4fe

      SHA256

      2a929266c1c731452ab4171a4c6cb980d6c84a6cc81e2bec5b1dacec075113bf

      SHA512

      b4a49e871630b96e94833ca794c2982e96ceb03052fcfbe58e7b3c7e2868a5d2f837f0ed8173bef0b22ba38be28ec22584fabd0d199b0706ae71b9481880adf8

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\5bcfbbd5-3bcc-4247-8a89-bc35b397a17c\3950266016.pri
      Filesize

      3KB

      MD5

      2bf467eb5b9849766bbeaf369f660932

      SHA1

      379ecc09f68d991e26b042e05733249f24abf6f1

      SHA256

      d94477eb5e0e2211a80cceeaaa6e4ca2d3a2fa601399a3c3d305b91c79f729fb

      SHA512

      a61ee3201065c8e6a486d7e51273ff753364af636247cb7181fa92d0c21a60e76b5c7b46a21cd6e0c6b8de7b32f92738129983e7ccb7ac992cd1061b4aa33f98

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\951c6aaa-56a6-4df5-a3d8-f7c347cececb\3020113183.pri
      Filesize

      3KB

      MD5

      74569c19169a2e038295d05562d5da96

      SHA1

      fceaadfa602836b9f411753a8c397c45d75dc764

      SHA256

      4abc493ec8a55236df2e2ce505f53ecc9934c94a379189e7c901aa68ae005593

      SHA512

      1e4c79d9f1bb357c3b093b49e2f2b6629c99c38a835b43cd2ebeb4f97715989e68722c9b7ef2d0d4447eefccce67a1b9744357015de30e96464406ab1a306575

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\FA05.exe
      Filesize

      8.4MB

      MD5

      182b2fd847f91f5a381ce332366b9c8f

      SHA1

      0df2d790667dd74ce9964839f5b10b4c5a7c1442

      SHA256

      118452cc645ee44bc6fba61d70dff92f7297a28bee2849cd10b133e685ed8704

      SHA512

      7139a94b89e147e5b2051f823842d5e09f1134993430a96b491a197c31a073a34f8d72e94fe7160c464bf01775e7d157378bd381ca0bf0950488438409ee53da

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\FA05.exe
      Filesize

      8.4MB

      MD5

      182b2fd847f91f5a381ce332366b9c8f

      SHA1

      0df2d790667dd74ce9964839f5b10b4c5a7c1442

      SHA256

      118452cc645ee44bc6fba61d70dff92f7297a28bee2849cd10b133e685ed8704

      SHA512

      7139a94b89e147e5b2051f823842d5e09f1134993430a96b491a197c31a073a34f8d72e94fe7160c464bf01775e7d157378bd381ca0bf0950488438409ee53da

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log
      Filesize

      25KB

      MD5

      5b23c3c0737a95edb85275ec17c2923b

      SHA1

      c0ce1821e48a1cc74c7470a74e3cd37f19a4b65f

      SHA256

      c25b7fbfc7f07cf3e1effa0e3d6471690900cf5125e78221f4a3c83c8455151e

      SHA512

      dd2b15441a4e3de3c86957b1f7c3061778985681e1f9ab80c6f04d0f1456d337fda7c30e6fca8b82fc26f8bfc9014cee17ccf0e1c60b319dab5eb24a61c832f0

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Syhidsduo.tmp
      Filesize

      3.3MB

      MD5

      13d0ff809f24a408728fd6fe00241020

      SHA1

      fde8484da982eceb86cf6959460ffc4ce33271a9

      SHA256

      db9190e9eb5298547a3d266f298ec1e7ede0426841da9512f2827f1e7c027520

      SHA512

      38dd1c523eb9f5aa1c3da0e95f4064f22fc191ce8cea20803c5f60fcbc40d83f5c3545529863ca18f4e65b3ea7a8eddc247ae0db11c6ffa70af560998611e768

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\sa.9NBLGGH5Q1ZL_0_0010_.Public.InstallAgent.dat
      Filesize

      59KB

      MD5

      2a2397d66a4f17eaed59a7904ee8d1c2

      SHA1

      a0b08f8ea5c9abf6a67c50ed480a6e2f4c9b2ae7

      SHA256

      01391b3f059bf8de4f4cf1bcd556b896f24689bb2461a426cbc2b9522b1f6b0d

      SHA512

      4f4a9f901bf4ebd6f33f1b78691e32a1dc124f8486bf8e50a41e57512365dcabead47cbb0387a429c503b3ceec09ab58f02111527d45f8e2c9b738f1251af2e5

      Download Submit
    • \ProgramData\mozglue.dll
      Filesize

      593KB

      MD5

      c8fd9be83bc728cc04beffafc2907fe9

      SHA1

      95ab9f701e0024cedfbd312bcfe4e726744c4f2e

      SHA256

      ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

      SHA512

      fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

      Download Submit
    • \ProgramData\nss3.dll
      Filesize

      2.0MB

      MD5

      1cc453cdf74f31e4d913ff9c10acdde2

      SHA1

      6e85eae544d6e965f15fa5c39700fa7202f3aafe

      SHA256

      ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

      SHA512

      dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

      Download Submit
    • \ProgramData\sqlite3.dll
      Filesize

      1.1MB

      MD5

      1f44d4d3087c2b202cf9c90ee9d04b0f

      SHA1

      106a3ebc9e39ab6ddb3ff987efb6527c956f192d

      SHA256

      4841020c8bd06b08fde6e44cbe2e2ab33439e1c8368e936ec5b00dc0584f7260

      SHA512

      b614c72a3c1ce681ebffa628e29aa50275cc80ca9267380960c5198ea4d0a3f2df6cfb7275491d220bad72f14fc94e6656501e9a061d102fb11e00cfda2beb45

      Download Submit
    • memory/360-356-0x0000000000DC5FB0-mapping.dmp
      Download
    • memory/360-418-0x0000000003200000-0x0000000003B92000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/360-427-0x0000000005620000-0x00000000060D2000-memory.dmp
      Filesize

      10.7MB

      Download
    • memory/360-463-0x0000000003200000-0x0000000003B92000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/360-464-0x0000000005620000-0x00000000060D2000-memory.dmp
      Filesize

      10.7MB

      Download
    • memory/1992-201-0x0000000005A40000-0x0000000006416000-memory.dmp
      Filesize

      9.8MB

      Download
    • memory/1992-179-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-424-0x0000000007380000-0x0000000007E32000-memory.dmp
      Filesize

      10.7MB

      Download
    • memory/1992-413-0x0000000000400000-0x0000000003451000-memory.dmp
      Filesize

      48.3MB

      Download
    • memory/1992-348-0x0000000007380000-0x0000000007E32000-memory.dmp
      Filesize

      10.7MB

      Download
    • memory/1992-311-0x0000000000400000-0x0000000003451000-memory.dmp
      Filesize

      48.3MB

      Download
    • memory/1992-212-0x0000000003A50000-0x0000000004294000-memory.dmp
      Filesize

      8.3MB

      Download
    • memory/1992-200-0x0000000000400000-0x0000000003451000-memory.dmp
      Filesize

      48.3MB

      Download
    • memory/1992-189-0x0000000005A40000-0x0000000006416000-memory.dmp
      Filesize

      9.8MB

      Download
    • memory/1992-185-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-186-0x0000000003A50000-0x0000000004294000-memory.dmp
      Filesize

      8.3MB

      Download
    • memory/1992-184-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-183-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-176-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-177-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-182-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-180-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-181-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-178-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-175-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-174-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-153-0x0000000000000000-mapping.dmp
      Download
    • memory/1992-155-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-156-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-157-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-158-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-159-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-160-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-161-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-173-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-165-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-164-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-166-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-167-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-168-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-169-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-170-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-171-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1992-172-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-130-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-121-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-152-0x0000000000400000-0x0000000002C2A000-memory.dmp
      Filesize

      40.2MB

      Download
    • memory/3500-151-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-134-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-150-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-149-0x0000000000400000-0x0000000002C2A000-memory.dmp
      Filesize

      40.2MB

      Download
    • memory/3500-148-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-147-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-146-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-145-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-144-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-143-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-142-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-116-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-139-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-132-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-118-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-141-0x0000000002D10000-0x0000000002D19000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3500-115-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-119-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-131-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-117-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-133-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-129-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-120-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-140-0x0000000002D30000-0x0000000002E7A000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/3500-123-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-128-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-127-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-124-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-135-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-125-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-138-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-137-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-126-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3500-136-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3764-298-0x0000000000400000-0x0000000002C3D000-memory.dmp
      Filesize

      40.2MB

      Download
    • memory/3764-297-0x0000000002C40000-0x0000000002CEE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/3764-296-0x0000000002E91000-0x0000000002EBD000-memory.dmp
      Filesize

      176KB

      Download
    • memory/3764-260-0x0000000002E91000-0x0000000002EBD000-memory.dmp
      Filesize

      176KB

      Download
    • memory/3764-271-0x0000000000400000-0x0000000002C3D000-memory.dmp
      Filesize

      40.2MB

      Download
    • memory/3764-261-0x0000000002C40000-0x0000000002CEE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/3764-202-0x0000000000000000-mapping.dmp
      Download
    • memory/4680-188-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4680-190-0x00000000776C0000-0x000000007784E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4680-187-0x0000000000000000-mapping.dmp
      Download