blackmoon | a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2023, 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
Size

7.3MB
MD5

f80dadc61dd4a914ce96139252df0aba
SHA1

ad8785e358f14f80083ca386b9505fbfa066c4b4
SHA256

a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4
SHA512

084a10db94dedf772f6ac6b964f13c0279b7fddcaadd69187ca50d994a7a83b143d02d3b5d0cd9c9102b34b5ef7f48a5db355cd97eddfb6e28ae22e3433f963e
SSDEEP

196608:H+23b3ntL9L2M8VKXGqIeP3ljBBFNzi3RPKLxhnZKW:H1Xd9L2M8VcIe1jARPKLxhnQW

Score

10^/10

blackmoon banker themida trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 6 IoCs

resource	yara_rule
behavioral2/memory/4900-136-0x0000000000400000-0x00000000010C6000-memory.dmp	family_blackmoon
behavioral2/memory/4900-137-0x0000000000400000-0x00000000010C6000-memory.dmp	family_blackmoon
behavioral2/memory/4900-147-0x0000000000400000-0x00000000010C6000-memory.dmp	family_blackmoon
behavioral2/memory/1752-150-0x0000000000400000-0x00000000010C6000-memory.dmp	family_blackmoon
behavioral2/memory/1752-151-0x0000000000400000-0x00000000010C6000-memory.dmp	family_blackmoon
behavioral2/memory/1752-176-0x0000000000400000-0x00000000010C6000-memory.dmp	family_blackmoon

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00060000000231fa-170.dat	acprotect

Executes dropped EXE 4 IoCs

pid	Process
4752	7z.exe
3008	7z.exe
1464	7z.exe
3908	7z.exe

Loads dropped DLL 1 IoCs

pid	Process
1752	xthnetvm.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/4900-133-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/4900-135-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/4900-136-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/4900-137-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/1752-146-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/4900-147-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/1752-149-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/1752-150-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/1752-151-0x0000000000400000-0x00000000010C6000-memory.dmp	themida
behavioral2/memory/1752-176-0x0000000000400000-0x00000000010C6000-memory.dmp	themida

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4900-138-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/4900-142-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/4900-143-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/4900-141-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/4900-144-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/4900-148-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/1752-157-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/files/0x00060000000231fa-170.dat	upx
behavioral2/memory/1752-173-0x0000000073BF0000-0x000000007404F000-memory.dmp	upx
behavioral2/memory/1752-178-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/1752-184-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/1752-186-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/1752-194-0x0000000073BF0000-0x000000007404F000-memory.dmp	upx
behavioral2/memory/1752-633-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/1752-878-0x0000000010000000-0x000000001011B000-memory.dmp	upx
behavioral2/memory/1752-879-0x0000000010000000-0x000000001011B000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
1752	xthnetvm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe

Suspicious behavior: RenamesItself 2 IoCs

pid	Process
4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
1752	xthnetvm.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: 33	3148	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3148	AUDIODG.EXE
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeRestorePrivilege	4752	7z.exe
Token: 35	4752	7z.exe
Token: SeSecurityPrivilege	4752	7z.exe
Token: SeSecurityPrivilege	4752	7z.exe
Token: SeRestorePrivilege	3008	7z.exe
Token: 35	3008	7z.exe
Token: SeSecurityPrivilege	3008	7z.exe
Token: SeSecurityPrivilege	3008	7z.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeRestorePrivilege	1464	7z.exe
Token: 35	1464	7z.exe
Token: SeSecurityPrivilege	1464	7z.exe
Token: SeSecurityPrivilege	1464	7z.exe
Token: SeRestorePrivilege	3908	7z.exe
Token: 35	3908	7z.exe
Token: SeSecurityPrivilege	3908	7z.exe
Token: SeSecurityPrivilege	3908	7z.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe
Token: SeDebugPrivilege	1752	xthnetvm.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
1752	xthnetvm.exe
1752	xthnetvm.exe
1752	xthnetvm.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 1752	4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe	82
PID 4900 wrote to memory of 1752	4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe	82
PID 4900 wrote to memory of 1752	4900	a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe	82
PID 1752 wrote to memory of 4752	1752	xthnetvm.exe	89
PID 1752 wrote to memory of 4752	1752	xthnetvm.exe	89
PID 1752 wrote to memory of 4752	1752	xthnetvm.exe	89
PID 1752 wrote to memory of 3008	1752	xthnetvm.exe	92
PID 1752 wrote to memory of 3008	1752	xthnetvm.exe	92
PID 1752 wrote to memory of 3008	1752	xthnetvm.exe	92
PID 1752 wrote to memory of 1464	1752	xthnetvm.exe	94
PID 1752 wrote to memory of 1464	1752	xthnetvm.exe	94
PID 1752 wrote to memory of 1464	1752	xthnetvm.exe	94
PID 1752 wrote to memory of 3908	1752	xthnetvm.exe	96
PID 1752 wrote to memory of 3908	1752	xthnetvm.exe	96
PID 1752 wrote to memory of 3908	1752	xthnetvm.exe	96

C:\Users\Admin\AppData\Local\Temp\a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
"C:\Users\Admin\AppData\Local\Temp\a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\Documents\BinGo\xthnetvm.exe
  "C:\Users\Admin\Documents\BinGo\xthnetvm.exe" rest
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Users\Admin\Documents\BinGo\runes\7z.exe
    C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tgz" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4752
- - C:\Users\Admin\Documents\BinGo\runes\7z.exe
    C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tar" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3008
- - C:\Users\Admin\Documents\BinGo\runes\7z.exe
    C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tgz" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1464
- - C:\Users\Admin\Documents\BinGo\runes\7z.exe
    C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tar" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x24c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BinGoÍâ·þ°æ13.16.2.lnk

Filesize
1KB

MD5
1a8c56bb96a15e18ad406a35edcc920e

SHA1
96532915a2c7ac86a99f845b785d0364e82d5f53

SHA256
083fd1202169a70188813d7b51644a73367f2034e2e776e879a24bab043cd266

SHA512
ae2a6efeab1a8cd3665affeb7281d27bed8329a9de571f56abf9a1d0ac2c691288c12029b33ef504aeaded900755f6d240188b039ce622cf428873ecb03a516b

Download Submit
C:\Users\Admin\Documents\BinGo\libcurl.dll

Filesize
1.8MB

MD5
6fa08b52d88e7a4967764e099d33663b

SHA1
06d10ed3766bbaf56c7b6cb23821706dbadc025c

SHA256
e295b243ae3e45289b8bfaff537d99ca7039d08a48c4359294dacd753936a0c0

SHA512
14f21a29b1c69d82a4f00b9709549c996ab21a9f00e3bd553482110b93418a3c47fccee4cb2ad99f7213906c746a578c051e88b08f6cc3c2ac5ee8fe0a1b1bb0

Download Submit
C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tar

Filesize
673KB

MD5
c56b9e4c865fe1d28adec521600a0003

SHA1
21f71a5f95827a406223dce2a0226b03b7768d76

SHA256
23774bd5dcd902b57572da10fd1eef676ee578dbcc543e063def3daae415b592

SHA512
ce2fde4012f04d6146110957e6df761027728e3f066c0ee99f1a333ebe1960764116f48b89e3f8fcc9ed01117cb9947f23d69c73d4ff6e5b496ffc2cbfddfe85

Download Submit
C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tar

Filesize
550KB

MD5
46d8b7d28fe3316385c6e16b2cbb5327

SHA1
0602d8a5abf32a12c3085570fb6ecab9cf4062bc

SHA256
5d8f9e336740488ad27b06c9eff4051cc2a5f62458b75b423a4383b7995d9412

SHA512
5f5f842470737a331231ec705cb0dbf1360448f36e6572d0e8177fa2cc9e894e3e2020c4399a57498ae82208f31a2ba4b58d2e394deffbf35f1e17ebe8d2a4ea

Download Submit
C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tgz

Filesize
54KB

MD5
411423301601a7f63641a0879c25137d

SHA1
293cf0dc82bc67bc9d963773ba634737fbc64da8

SHA256
c3624b81d0889821978fe0e01544a2f56cae892187facda4b181735948cb383a

SHA512
d75477976b16d59737f66629bfcefc26e4fdf4a041be50bd6d8501ee89fb2255c84a47b559a8cfc78cd0b775ecc355a128a9a3fae792eb99ed233af75955bc36

Download Submit
C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tgz

Filesize
41KB

MD5
49a1818298089983ddd60429a9973244

SHA1
fb607cb81f1c68dfd00629a5ec593ae1f8c690cc

SHA256
25cdd76451c2d0b1964a121fef788a32f9f375aea9c812bdf16a859ada616e47

SHA512
604614210e57755be1845537e95d36f1cc1fbbdc3041d52bd86e8c85422888221f2c63d4e8b0d82207cd2c297fafc03b8f2804ba201b166554a43733eeda14b0

Download Submit
C:\Users\Admin\Documents\BinGo\runes\7z.exe

Filesize
354KB

MD5
1f0f641a53fe1535da96c6830ce20688

SHA1
247fd5f4ea18f3dbada32784d89c58f9ecb287db

SHA256
2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

SHA512
3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

Download Submit
C:\Users\Admin\Documents\BinGo\runes\7z.exe

Filesize
354KB

MD5
1f0f641a53fe1535da96c6830ce20688

SHA1
247fd5f4ea18f3dbada32784d89c58f9ecb287db

SHA256
2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

SHA512
3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

Download Submit
C:\Users\Admin\Documents\BinGo\runes\7z.exe

Filesize
354KB

MD5
1f0f641a53fe1535da96c6830ce20688

SHA1
247fd5f4ea18f3dbada32784d89c58f9ecb287db

SHA256
2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

SHA512
3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

Download Submit
C:\Users\Admin\Documents\BinGo\runes\7z.exe

Filesize
354KB

MD5
1f0f641a53fe1535da96c6830ce20688

SHA1
247fd5f4ea18f3dbada32784d89c58f9ecb287db

SHA256
2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

SHA512
3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

Download Submit
C:\Users\Admin\Documents\BinGo\runes\7z.exe

Filesize
354KB

MD5
1f0f641a53fe1535da96c6830ce20688

SHA1
247fd5f4ea18f3dbada32784d89c58f9ecb287db

SHA256
2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

SHA512
3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

Download Submit
memory/1464-535-0x0000000002F40000-0x0000000002F43000-memory.dmp

Filesize
12KB

Download
memory/1752-177-0x000000000ADA0000-0x000000000ADA1000-memory.dmp

Filesize
4KB

Download
memory/1752-146-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/1752-150-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/1752-151-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/1752-157-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-879-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-164-0x00000000089C0000-0x00000000089C1000-memory.dmp

Filesize
4KB

Download
memory/1752-169-0x0000000009010000-0x0000000009011000-memory.dmp

Filesize
4KB

Download
memory/1752-878-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-173-0x0000000073BF0000-0x000000007404F000-memory.dmp

Filesize
4.4MB

Download
memory/1752-174-0x000000000AA50000-0x000000000AA51000-memory.dmp

Filesize
4KB

Download
memory/1752-175-0x000000000AA40000-0x000000000AA41000-memory.dmp

Filesize
4KB

Download
memory/1752-176-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/1752-195-0x000000000AA40000-0x000000000AA41000-memory.dmp

Filesize
4KB

Download
memory/1752-178-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-534-0x000000000ABC0000-0x000000000ABC1000-memory.dmp

Filesize
4KB

Download
memory/1752-184-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-194-0x0000000073BF0000-0x000000007404F000-memory.dmp

Filesize
4.4MB

Download
memory/1752-186-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-633-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/1752-149-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/3008-196-0x0000000002860000-0x0000000002863000-memory.dmp

Filesize
12KB

Download
memory/3008-529-0x0000000002860000-0x0000000002863000-memory.dmp

Filesize
12KB

Download
memory/3908-876-0x0000000001010000-0x0000000001013000-memory.dmp

Filesize
12KB

Download
memory/3908-541-0x0000000001010000-0x0000000001013000-memory.dmp

Filesize
12KB

Download
memory/4752-190-0x0000000000160000-0x0000000000237000-memory.dmp

Filesize
860KB

Download
memory/4752-191-0x0000000001060000-0x0000000001063000-memory.dmp

Filesize
12KB

Download
memory/4752-187-0x0000000001060000-0x0000000001063000-memory.dmp

Filesize
12KB

Download
memory/4752-185-0x0000000000160000-0x0000000000237000-memory.dmp

Filesize
860KB

Download
memory/4900-144-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/4900-142-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/4900-138-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/4900-137-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/4900-136-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/4900-135-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/4900-143-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/4900-134-0x0000000077684000-0x0000000077686000-memory.dmp

Filesize
8KB

Download
memory/4900-141-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download
memory/4900-133-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/4900-147-0x0000000000400000-0x00000000010C6000-memory.dmp

Filesize
12.8MB

Download
memory/4900-148-0x0000000010000000-0x000000001011B000-memory.dmp

Filesize
1.1MB

Download