Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2022 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    218KB

  • MD5

    16b1904a41d5a106d93914dd3e6e71be

  • SHA1

    4f2a08f73cfe51f363760578588b19765eb36ec8

  • SHA256

    5234114873c908014335c999b048382d2f1e68ef3cf98ff14e30e04a269126f7

  • SHA512

    3a75d7d713b6382cc4720003bb8cfc7e2814ad9478ef7d6ded0f5b3bdfc59d6e5a7fda10fab7cd9a2231f57683e199fe7954e0e4ec19fc54c6ff8b42a2928e9a

  • SSDEEP

    3072:+NCxFYH1LI/4GHR7uvUZi6eVwCll7c58u7b/fOp2NHCDml:+02VLk40AUQcsc58mHkECa

Score
10/10
danabotsmokeloadersystembcbackdoorbankerdiscoverytrojan

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Blocklisted process makes network request 2 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 19 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 25 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 30 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4756
  • C:\Users\Admin\AppData\Local\Temp\F801.exe
    C:\Users\Admin\AppData\Local\Temp\F801.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Qsedeqtedeooeo.tmp",Wufaiiuuye
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:4284
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 14130
        3⤵
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 532
      2⤵
      • Program crash
      PID:4880
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2804 -ip 2804
    1⤵
      PID:4084
    • C:\Users\Admin\AppData\Local\Temp\421B.exe
      C:\Users\Admin\AppData\Local\Temp\421B.exe
      1⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:3920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 492
        2⤵
        • Program crash
        PID:4868
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3208
      • C:\ProgramData\qxqth\gamnfns.exe
        C:\ProgramData\qxqth\gamnfns.exe start
        1⤵
        • Executes dropped EXE
        PID:4508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3920 -ip 3920
        1⤵
          PID:1172
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\SysWOW64\svchost.exe -k LocalService
          1⤵
            PID:3976
            • C:\Windows\SysWOW64\rundll32.exe
              "C:\Windows\system32\rundll32.exe" "c:\program files (x86)\windowspowershell\modules\3difr.dll",eR5bZlk5VVFa
              2⤵
                PID:4200

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Privilege Escalation

            Defense Evasion

            Modify Registry

            1
            T1112

            Credential Access

            Discovery

            Query Registry

            3
            T1012

            System Information Discovery

            3
            T1082

            Peripheral Device Discovery

            1
            T1120

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\WindowsPowerShell\Modules\3difr.dll
              Filesize

              797KB

              MD5

              f974b1983e6fbdd3a284c072d5dd9eb1

              SHA1

              795f2f80d41d7aa0d07b35b4271a6042f93f66ba

              SHA256

              6f36f042885a2ce32472b83dcd41b94702e53b0efc5fbbf8c648c974731ed938

              SHA512

              a0237f7507e3f520fb8a2af70631658b5d5ce88d622009a4ee1e16221188e1d11cf349accb9815e256f949edc61dcad1cbe82146ca7dc867021074ed020a3878

              Download Submit
            • C:\Program Files (x86)\WindowsPowerShell\Modules\3difr.dll
              Filesize

              797KB

              MD5

              f974b1983e6fbdd3a284c072d5dd9eb1

              SHA1

              795f2f80d41d7aa0d07b35b4271a6042f93f66ba

              SHA256

              6f36f042885a2ce32472b83dcd41b94702e53b0efc5fbbf8c648c974731ed938

              SHA512

              a0237f7507e3f520fb8a2af70631658b5d5ce88d622009a4ee1e16221188e1d11cf349accb9815e256f949edc61dcad1cbe82146ca7dc867021074ed020a3878

              Download Submit
            • C:\ProgramData\qxqth\gamnfns.exe
              Filesize

              218KB

              MD5

              cdc67700f25eaed1417264c4bdec03d3

              SHA1

              56639e9414e6ee8394d940d62778475ddf071290

              SHA256

              fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100

              SHA512

              a2b38a1d4d0cb57532f3feb2efa1fb345c03df9114dfb2dcc93286e19b96eb5e182bd79d070a0e4fccf1980f47effc9b511dbb0074bba69bee80098317e08038

              Download Submit
            • C:\ProgramData\qxqth\gamnfns.exe
              Filesize

              218KB

              MD5

              cdc67700f25eaed1417264c4bdec03d3

              SHA1

              56639e9414e6ee8394d940d62778475ddf071290

              SHA256

              fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100

              SHA512

              a2b38a1d4d0cb57532f3feb2efa1fb345c03df9114dfb2dcc93286e19b96eb5e182bd79d070a0e4fccf1980f47effc9b511dbb0074bba69bee80098317e08038

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\DeploymentConfiguration.xml
              Filesize

              614B

              MD5

              54cec4437128f703c259efb3dc734386

              SHA1

              9b15ebe33a771a7e12cd966fd8b583da06914015

              SHA256

              d44d8ffc6e0261e32c4b5c77573a0daa0b4066d4e160c2cd5b5728199f63dfb4

              SHA512

              c1793acc8f6dc9997fd0261d501ffed200f3c039c9b77e554a031262925878b56727bd84cf5fbeeccb481c1d4511f37e940a8f8436054c8f08adb8e5f46773ea

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\Fwroes.tmp
              Filesize

              2.3MB

              MD5

              4f738cde1a0491b140bfab4af53ff5a7

              SHA1

              a14ed3d4fbc6a44cc1674bdb1c0336edf2095284

              SHA256

              9b4eb077bc1a8513882b4d7242ff2ee6b68ec537b079257e1cea85b7c12b671f

              SHA512

              dfb866c900607cabb37f70132b615ab30fc2466bc21c2e0359c81c66b22dfb13661f24898fa3dcb711d3b39b683b8f02c3d8663e03f74cefea8d16de5434a490

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\Fwroes.tmp
              Filesize

              2.1MB

              MD5

              7d93fedf6fe60db2b1286f5726e7fc73

              SHA1

              39243f074cec5d3251dbf32275feb8b2a0359f49

              SHA256

              47e7ca8b11a520a080c26d2d8d4368937711ce8203ab7cf176df5260175379ee

              SHA512

              f173e010fb97a7deda30f9150e180eb4583bc03d31ee8e8710fd406f47c6e14879ee5776c29fff55a92dcb50a26844d98b9f7e232e9680ae8151cd4475b8b86c

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe.xml
              Filesize

              26KB

              MD5

              2bc8ee174a90308d275eda81bf42d95e

              SHA1

              284647d3ee515e4794d1984d2f01989f33121d2d

              SHA256

              d8bd4c83debd08b1a21d24b3c4a445512ef1931717c01e113fbfc20f47157ea8

              SHA512

              fe5d552cbfea372817d64c69f22cbf1a02d1b7ef27ef4a0acf68247a2794f58d09b0147ef110a0267bda87c6712ba18dc261a8c9c7e3ed4c1352bb324ed42327

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe.xml
              Filesize

              5KB

              MD5

              1944801cae061223e36fcce6aed6bfba

              SHA1

              b465c53f3e6ae74fac368f36cbfc5842ce085e14

              SHA256

              b903a7f4408a27d0b7a7c6316d04952508d67058216dffeca4293c9352727959

              SHA512

              82b0e3b1105a5d802839c3ea78b4e2dd800b819ee678d016b2f47203ceb27a638d195909ec1d0efbf46edbf910409d7ab4a05146fc902ef335b36bf14339498f

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\Microsoft.MicrosoftEdgeDevToolsClient_1000.19041.1023.0_neutral_neutral_8wekyb3d8bbwe.xml
              Filesize

              1KB

              MD5

              cf0330a44354655f192bc5f1976564e5

              SHA1

              d993f0dbfdb68552bbf3381d07fb2b26b79e16aa

              SHA256

              9727e4d3cf3fcc5dcc364cd990f41a4be98d227b0ce975fa97cef0ef8eaa5b78

              SHA512

              36aeacbb9b0d6ed2a51d23376ab6e583c258c128bf3de0069523441dda98a68a65592792ebd883a7ea8f21768da91c9826a4551cf9e02c01480110941b6e401a

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe.xml
              Filesize

              855B

              MD5

              dae188e1f4d8d97d8d65164eb0dda551

              SHA1

              78b54e226446825c56d15a19a3ed4b587a8842a2

              SHA256

              5bae5febdf75a2fe0b73791d603c7c9ac5de0d00dffc909b5dbc86bcd6dd15f2

              SHA512

              941d94c42572abcb937258e99a5d1b520c9f85ce741e81e81e7a299287ae9e8fb763fdc70b661a812c780f4b6997b84c8147791ac56f1510a87966c68ab23b22

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\MicrosoftOutlook2016CAWin64.xml
              Filesize

              1KB

              MD5

              4b6a6960b925c7bd5b83d8a4196e24e4

              SHA1

              f1bb8a50ffb8cce0804db90d2e3ecdbbbe3f460b

              SHA256

              5f45e2be37f33052a97235462325f5ae32d3713bdaa6eeeea49e92f0e9fc6ed0

              SHA512

              21f420212c86df357ad83079876d969bab0d089ac506d3dcfb1cfcb134f118a741491454e79538bf5c8d4d2b2ab1fc14d07d0cc3f263874396bd9546bf3b71b1

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\SystemIndex.1.gthr
              Filesize

              9KB

              MD5

              965a2a9ee2ded00e2e95a74587e92b01

              SHA1

              3cb498c851d41846c973cad384d5a00a8a4ace9f

              SHA256

              5ce6ff5166d4f60940f300391ce63f469bc9d81f9a75299f9d5e4af019d40437

              SHA512

              185e998ae35d4ae62a500d27f4a98e9154f446842e9898a79cc7c5ac6ec7d05469dc1b8b648ddad60210ece5ec87334c8c2e239de40c2e49a6dd8db3d329430b

              Download Submit
            • C:\ProgramData\{DFE614B1-1B05-F404-C372-1D93E0034A80}\edb.jcp
              Filesize

              8KB

              MD5

              2367dfc292b40e5d0a9fe8eda3ccf108

              SHA1

              79d410f12bd34d9546fbcacb3d796d1f33286ce3

              SHA256

              c5b73b03e8764d923248910bdfb27f28e84fe16973e4d2492dedae01ee921552

              SHA512

              977ad803262d100a944e789f2dcad9fa1b038808efc39980bf1b56fbc854bfd7e59b97c36c918032057bcfc267751e056b98148c8b91c5fd0fd31ac38ba6ec3e

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\421B.exe
              Filesize

              218KB

              MD5

              cdc67700f25eaed1417264c4bdec03d3

              SHA1

              56639e9414e6ee8394d940d62778475ddf071290

              SHA256

              fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100

              SHA512

              a2b38a1d4d0cb57532f3feb2efa1fb345c03df9114dfb2dcc93286e19b96eb5e182bd79d070a0e4fccf1980f47effc9b511dbb0074bba69bee80098317e08038

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\421B.exe
              Filesize

              218KB

              MD5

              cdc67700f25eaed1417264c4bdec03d3

              SHA1

              56639e9414e6ee8394d940d62778475ddf071290

              SHA256

              fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100

              SHA512

              a2b38a1d4d0cb57532f3feb2efa1fb345c03df9114dfb2dcc93286e19b96eb5e182bd79d070a0e4fccf1980f47effc9b511dbb0074bba69bee80098317e08038

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\F801.exe
              Filesize

              1.1MB

              MD5

              3967f9e696a6bf35357fd4a240c4018e

              SHA1

              999bf859c09e824863ce2cd5222ef200f18bc95b

              SHA256

              e1d8c775765a124d8ea8b8281582fbc2b3aec1e943d7a05e8d7459889971303a

              SHA512

              0cc1f3d64120d9b00389ad45197393fa7fff01da006c3f6624f731e82c268a78dcdc26e13dd26e742984185b3c23c77c072132dc95c9de2696869538837b3103

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\F801.exe
              Filesize

              1.1MB

              MD5

              3967f9e696a6bf35357fd4a240c4018e

              SHA1

              999bf859c09e824863ce2cd5222ef200f18bc95b

              SHA256

              e1d8c775765a124d8ea8b8281582fbc2b3aec1e943d7a05e8d7459889971303a

              SHA512

              0cc1f3d64120d9b00389ad45197393fa7fff01da006c3f6624f731e82c268a78dcdc26e13dd26e742984185b3c23c77c072132dc95c9de2696869538837b3103

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\Qsedeqtedeooeo.tmp
              Filesize

              797KB

              MD5

              24925b25552a7d8f1d3292071e545920

              SHA1

              f786e1d40df30f6fed0301d60c823b655f2d6eac

              SHA256

              9931503a3ab908d2840dae6a7cb77a5abc5e77cc67af405d1329b7dfc3fe800b

              SHA512

              242dbf94b06e67fdf0aac29b2f38ce4929d156c42e2413565f203cda1fdb6458e34b26eeb0151fe4f1914432be28b16d648affa63f20c7b480c54e2d9360fb26

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\Qsedeqtedeooeo.tmp
              Filesize

              797KB

              MD5

              24925b25552a7d8f1d3292071e545920

              SHA1

              f786e1d40df30f6fed0301d60c823b655f2d6eac

              SHA256

              9931503a3ab908d2840dae6a7cb77a5abc5e77cc67af405d1329b7dfc3fe800b

              SHA512

              242dbf94b06e67fdf0aac29b2f38ce4929d156c42e2413565f203cda1fdb6458e34b26eeb0151fe4f1914432be28b16d648affa63f20c7b480c54e2d9360fb26

              Download Submit
            • \??\c:\program files (x86)\windowspowershell\modules\3difr.dll
              Filesize

              797KB

              MD5

              f974b1983e6fbdd3a284c072d5dd9eb1

              SHA1

              795f2f80d41d7aa0d07b35b4271a6042f93f66ba

              SHA256

              6f36f042885a2ce32472b83dcd41b94702e53b0efc5fbbf8c648c974731ed938

              SHA512

              a0237f7507e3f520fb8a2af70631658b5d5ce88d622009a4ee1e16221188e1d11cf349accb9815e256f949edc61dcad1cbe82146ca7dc867021074ed020a3878

              Download Submit
            • memory/996-160-0x000001D0FF990000-0x000001D0FFAD0000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/996-163-0x0000000000100000-0x0000000000319000-memory.dmp
              Filesize

              2.1MB

              Download
            • memory/996-164-0x000001D0FF560000-0x000001D0FF78A000-memory.dmp
              Filesize

              2.2MB

              Download
            • memory/996-159-0x00007FF744736890-mapping.dmp
              Download
            • memory/996-161-0x000001D0FF990000-0x000001D0FFAD0000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/2804-144-0x0000000000400000-0x000000000053E000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/2804-136-0x0000000000000000-mapping.dmp
              Download
            • memory/2804-142-0x00000000021CF000-0x00000000022BD000-memory.dmp
              Filesize

              952KB

              Download
            • memory/2804-143-0x00000000022C0000-0x00000000023F0000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/3920-154-0x0000000000400000-0x000000000045F000-memory.dmp
              Filesize

              380KB

              Download
            • memory/3920-171-0x0000000000400000-0x000000000045F000-memory.dmp
              Filesize

              380KB

              Download
            • memory/3920-153-0x00000000004E0000-0x00000000004E9000-memory.dmp
              Filesize

              36KB

              Download
            • memory/3920-152-0x0000000000539000-0x000000000054A000-memory.dmp
              Filesize

              68KB

              Download
            • memory/3920-168-0x0000000000539000-0x000000000054A000-memory.dmp
              Filesize

              68KB

              Download
            • memory/3920-149-0x0000000000000000-mapping.dmp
              Download
            • memory/3976-187-0x0000000003AB0000-0x00000000041D5000-memory.dmp
              Filesize

              7.1MB

              Download
            • memory/3976-175-0x0000000003AB0000-0x00000000041D5000-memory.dmp
              Filesize

              7.1MB

              Download
            • memory/4200-184-0x0000000000000000-mapping.dmp
              Download
            • memory/4284-162-0x0000000004F59000-0x0000000004F5B000-memory.dmp
              Filesize

              8KB

              Download
            • memory/4284-158-0x0000000004EE0000-0x0000000005020000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/4284-147-0x0000000004EE0000-0x0000000005020000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/4284-148-0x0000000004EE0000-0x0000000005020000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/4284-155-0x0000000004EE0000-0x0000000005020000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/4284-146-0x0000000005D70000-0x0000000006495000-memory.dmp
              Filesize

              7.1MB

              Download
            • memory/4284-145-0x0000000005D70000-0x0000000006495000-memory.dmp
              Filesize

              7.1MB

              Download
            • memory/4284-165-0x0000000005D70000-0x0000000006495000-memory.dmp
              Filesize

              7.1MB

              Download
            • memory/4284-156-0x0000000004EE0000-0x0000000005020000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/4284-157-0x0000000004EE0000-0x0000000005020000-memory.dmp
              Filesize

              1.2MB

              Download
            • memory/4284-139-0x0000000000000000-mapping.dmp
              Download
            • memory/4508-170-0x0000000000400000-0x000000000045F000-memory.dmp
              Filesize

              380KB

              Download
            • memory/4508-169-0x00000000004B2000-0x00000000004C3000-memory.dmp
              Filesize

              68KB

              Download
            • memory/4756-132-0x00000000004F9000-0x0000000000509000-memory.dmp
              Filesize

              64KB

              Download
            • memory/4756-135-0x0000000000400000-0x000000000045F000-memory.dmp
              Filesize

              380KB

              Download
            • memory/4756-134-0x0000000000400000-0x000000000045F000-memory.dmp
              Filesize

              380KB

              Download
            • memory/4756-133-0x0000000002190000-0x0000000002199000-memory.dmp
              Filesize

              36KB

              Download