danabot | 96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2

Analysis

max time kernel
150s
max time network
125s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
25-10-2022 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe
Size

255KB
MD5

19bf0516805ad138f21ffb64f9c52001
SHA1

14a29110811005b15df4323188c5870c08be7fca
SHA256

96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2
SHA512

2441572e5d326264ca7cee13636f377aa4bf4ce29e212b204d6f05f090e1b81886289ad5a6203af028344adcbc3d43ce4e4a3d8f79d7cf288db24ee42d48fc95
SSDEEP

6144:qgseLtpD9YFlokBg48eijzqfERHNTMxT:q7eppD9YF848e2Ofq2xT

Score

10^/10

danabot smokeloader vidar 937 backdoor banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Extracted

Family

vidar

Version

55.2

Botnet

937

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Detects Smokeloader packer 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2712-140-0x0000000002E60000-0x0000000002E69000-memory.dmp	family_smokeloader

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

D556.exe1156.exe

pid process

4844 D556.exe
2008 1156.exe
Deletes itself 1 IoCs

Processes:

pid process

3068
Loads dropped DLL 3 IoCs

Processes:

1156.exe

pid process

2008 1156.exe
2008 1156.exe
2008 1156.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

4648 2008 WerFault.exe 1156.exe
4704 4844 WerFault.exe D556.exe
4672 4844 WerFault.exe D556.exe

pid	process
4844	D556.exe
2008	1156.exe

pid	process
3068

pid	process
2008	1156.exe
2008	1156.exe
2008	1156.exe

pid	pid_target	process	target process
4648	2008	WerFault.exe	1156.exe
4704	4844	WerFault.exe	D556.exe
4672	4844	WerFault.exe	D556.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe

description	ioc	process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

1156.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	1156.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	1156.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe

pid	process
2712	96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe
2712	96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068
3068

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

3068
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe

pid process

2712 96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe

pid	process
3068

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

description	pid	process
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068
Token: SeShutdownPrivilege	3068
Token: SeCreatePagefilePrivilege	3068

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

D556.exe

description	pid	process	target process
PID 3068 wrote to memory of 4844	3068		D556.exe
PID 3068 wrote to memory of 4844	3068		D556.exe
PID 3068 wrote to memory of 4844	3068		D556.exe
PID 4844 wrote to memory of 368	4844	D556.exe	appidtel.exe
PID 4844 wrote to memory of 368	4844	D556.exe	appidtel.exe
PID 4844 wrote to memory of 368	4844	D556.exe	appidtel.exe
PID 3068 wrote to memory of 2008	3068		1156.exe
PID 3068 wrote to memory of 2008	3068		1156.exe
PID 3068 wrote to memory of 2008	3068		1156.exe
PID 4844 wrote to memory of 2768	4844	D556.exe	rundll32.exe
PID 4844 wrote to memory of 2768	4844	D556.exe	rundll32.exe
PID 4844 wrote to memory of 2768	4844	D556.exe	rundll32.exe
PID 4844 wrote to memory of 2768	4844	D556.exe	rundll32.exe
PID 4844 wrote to memory of 2768	4844	D556.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe
"C:\Users\Admin\AppData\Local\Temp\96c4d0ffad8aad309e2a4993fc9432bf9ce62cf269882ad5e5be4e3e996e37f2.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2712

C:\Users\Admin\AppData\Local\Temp\D556.exe
C:\Users\Admin\AppData\Local\Temp\D556.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4844

C:\Windows\SysWOW64\appidtel.exe
C:\Windows\system32\appidtel.exe
2⤵
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 604
2⤵
- Program crash
PID:4704

C:\Windows\syswow64\rundll32.exe
"C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
2⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 608
2⤵
- Program crash
PID:4672

C:\Users\Admin\AppData\Local\Temp\1156.exe
C:\Users\Admin\AppData\Local\Temp\1156.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 1776
2⤵
- Program crash
PID:4648

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1156.exe
Filesize
343KB

MD5
ba97a8ba982684ffd26140b002fcf5f6

SHA1
8d0b982e8e9aaf3a84e3b17ebc910d26d341b1f7

SHA256
a3282df5188935d442674443e22d2f8bc5d5390a778b386a675d2a66a619d47b

SHA512
27823fba4a49841df28e5cd99dc68d9a258213cafade5aacaabac60461bdc273751aba808c7008374b3c7861664c7b1b301556c9b2e5ada8bf6c435e05a5ea8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1156.exe
Filesize
343KB

MD5
ba97a8ba982684ffd26140b002fcf5f6

SHA1
8d0b982e8e9aaf3a84e3b17ebc910d26d341b1f7

SHA256
a3282df5188935d442674443e22d2f8bc5d5390a778b386a675d2a66a619d47b

SHA512
27823fba4a49841df28e5cd99dc68d9a258213cafade5aacaabac60461bdc273751aba808c7008374b3c7861664c7b1b301556c9b2e5ada8bf6c435e05a5ea8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\D556.exe
Filesize
1.3MB

MD5
665a1ed2f9a43643d324ffacd903dd94

SHA1
6d04fbf851f043f037703a6734fa637096f1cca2

SHA256
82f6c44c56c4d7ae41e2c472b3bfd34375f956c427bfb85a82a8a25019e04429

SHA512
ca1635458c59434dcdaafeba43669708facd075814c4f4f9b5268bf3837eadda2ed0b9cf6c09d5eaaf68a45e9a23448d2d351442f4b3c6a424207119f5021bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\D556.exe
Filesize
1.3MB

MD5
665a1ed2f9a43643d324ffacd903dd94

SHA1
6d04fbf851f043f037703a6734fa637096f1cca2

SHA256
82f6c44c56c4d7ae41e2c472b3bfd34375f956c427bfb85a82a8a25019e04429

SHA512
ca1635458c59434dcdaafeba43669708facd075814c4f4f9b5268bf3837eadda2ed0b9cf6c09d5eaaf68a45e9a23448d2d351442f4b3c6a424207119f5021bf7

Download Submit
\ProgramData\mozglue.dll
Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
\ProgramData\nss3.dll
Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
\ProgramData\sqlite3.dll
Filesize
1.1MB

MD5
1f44d4d3087c2b202cf9c90ee9d04b0f

SHA1
106a3ebc9e39ab6ddb3ff987efb6527c956f192d

SHA256
4841020c8bd06b08fde6e44cbe2e2ab33439e1c8368e936ec5b00dc0584f7260

SHA512
b614c72a3c1ce681ebffa628e29aa50275cc80ca9267380960c5198ea4d0a3f2df6cfb7275491d220bad72f14fc94e6656501e9a061d102fb11e00cfda2beb45

Download Submit
memory/368-190-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/368-188-0x0000000000000000-mapping.dmp

Download
memory/368-189-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2008-260-0x0000000002D90000-0x0000000002EDA000-memory.dmp

Filesize
1.3MB

Download
memory/2008-268-0x0000000000400000-0x0000000002C44000-memory.dmp

Filesize
40.3MB

Download
memory/2008-259-0x0000000002D90000-0x0000000002EDA000-memory.dmp

Filesize
1.3MB

Download
memory/2008-201-0x0000000000000000-mapping.dmp

Download
memory/2008-297-0x0000000002D90000-0x0000000002EDA000-memory.dmp

Filesize
1.3MB

Download
memory/2008-298-0x0000000002D90000-0x0000000002EDA000-memory.dmp

Filesize
1.3MB

Download
memory/2008-299-0x0000000000400000-0x0000000002C44000-memory.dmp

Filesize
40.3MB

Download
memory/2712-137-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-147-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-130-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-131-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-132-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-133-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-134-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-135-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-136-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-129-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-139-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-141-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-140-0x0000000002E60000-0x0000000002E69000-memory.dmp

Filesize
36KB

Download
memory/2712-138-0x0000000002D10000-0x0000000002E5A000-memory.dmp

Filesize
1.3MB

Download
memory/2712-142-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-144-0x0000000000400000-0x0000000002C2E000-memory.dmp

Filesize
40.2MB

Download
memory/2712-143-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-145-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-146-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-128-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-148-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-149-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-150-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-151-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-152-0x0000000000400000-0x0000000002C2E000-memory.dmp

Filesize
40.2MB

Download
memory/2712-127-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-126-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-125-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-124-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-123-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-121-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-120-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-119-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-118-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-117-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-116-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2712-115-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-156-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-169-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-170-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-171-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-172-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-173-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-174-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-175-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-176-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-177-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-178-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-179-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-180-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-181-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-183-0x00000000030C0000-0x00000000031E6000-memory.dmp

Filesize
1.1MB

Download
memory/4844-182-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-185-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-184-0x0000000004B90000-0x0000000004E5C000-memory.dmp

Filesize
2.8MB

Download
memory/4844-186-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-187-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-200-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download
memory/4844-168-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-167-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-166-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-164-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-165-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-161-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-277-0x00000000030C0000-0x00000000031E6000-memory.dmp

Filesize
1.1MB

Download
memory/4844-278-0x0000000004B90000-0x0000000004E5C000-memory.dmp

Filesize
2.8MB

Download
memory/4844-160-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-159-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-158-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-157-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-155-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4844-153-0x0000000000000000-mapping.dmp

Download
memory/4844-313-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download
memory/4844-316-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download