blackmoon | 2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Size

3.9MB
MD5

05610aaec5183a6b37fb1b0177ef3110
SHA1

42ff8165d48ebd81e449c90bfeaf808366ca9745
SHA256

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5
SHA512

59269b02ca6eaba7ad9895a94ceb7278f51b7a90f9aba5209b67865a477c4cc09d4724dbb2054209a8078c630de64f79039994011cf6c84009a586af19cff146
SSDEEP

98304:8iJM4l7QGx7D9q6j/IrxIdowPAnY41w/9v65VinbzJNB7I:8x4icCxNY41w/9v6biLd

Score

10^/10

blackmoon banker bootkit evasion persistence trojan

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 24 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2828-38-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-39-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-40-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-41-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-42-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-43-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-44-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-45-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-46-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-47-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-48-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-49-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-50-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-51-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-52-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-53-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-54-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-55-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-56-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-57-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-58-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-59-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-60-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon
behavioral2/memory/2828-61-0x0000000000400000-0x00000000010A6000-memory.dmp	family_blackmoon

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Wine	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

Loads dropped DLL 1 IoCs

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

pid process

2828 2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description ioc process

File opened for modification \??\PhysicalDrive0 2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

pid process

2828 2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

pid	process
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

description	pid	process
Token: SeDebugPrivilege	2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Token: SeDebugPrivilege	2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Token: SeDebugPrivilege	2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Token: SeDebugPrivilege	2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

pid	process
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
2828	2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe

C:\Users\Admin\AppData\Local\Temp\2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
"C:\Users\Admin\AppData\Local\Temp\2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

Filesize
724KB

MD5
e60421fdd78fd5c62f7188055202e055

SHA1
30874f0a03f409231e8b64be2d76ba9a92c82f31

SHA256
aa8bc94c32576e87db8fc327c1103441966380e3e1da30303ce05df40687dd41

SHA512
c348fe342c5299b90da1f325a8a3a1defd6bf0da555af0d5bdfd5f1dde7ac871316932fd9fba67feebf2f31ee6978fc63547d3c3317b9c39f9777cf66608460b

Download Submit
memory/2828-3-0x00000000051E0000-0x00000000051E1000-memory.dmp

Filesize
4KB

Download
memory/2828-56-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-21-0x0000000005200000-0x0000000005201000-memory.dmp

Filesize
4KB

Download
memory/2828-20-0x0000000005290000-0x0000000005291000-memory.dmp

Filesize
4KB

Download
memory/2828-19-0x0000000005340000-0x0000000005341000-memory.dmp

Filesize
4KB

Download
memory/2828-15-0x0000000005300000-0x0000000005301000-memory.dmp

Filesize
4KB

Download
memory/2828-1-0x0000000077674000-0x0000000077676000-memory.dmp

Filesize
8KB

Download
memory/2828-18-0x00000000052B0000-0x00000000052B1000-memory.dmp

Filesize
4KB

Download
memory/2828-17-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2828-16-0x0000000005240000-0x0000000005241000-memory.dmp

Filesize
4KB

Download
memory/2828-14-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/2828-5-0x0000000005230000-0x0000000005231000-memory.dmp

Filesize
4KB

Download
memory/2828-13-0x0000000005390000-0x0000000005391000-memory.dmp

Filesize
4KB

Download
memory/2828-12-0x0000000005270000-0x0000000005271000-memory.dmp

Filesize
4KB

Download
memory/2828-2-0x00000000051A0000-0x00000000051A1000-memory.dmp

Filesize
4KB

Download
memory/2828-10-0x0000000005280000-0x0000000005281000-memory.dmp

Filesize
4KB

Download
memory/2828-9-0x00000000051D0000-0x00000000051D2000-memory.dmp

Filesize
8KB

Download
memory/2828-27-0x0000000005210000-0x0000000005211000-memory.dmp

Filesize
4KB

Download
memory/2828-8-0x0000000005220000-0x0000000005221000-memory.dmp

Filesize
4KB

Download
memory/2828-7-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/2828-6-0x00000000051B0000-0x00000000051B1000-memory.dmp

Filesize
4KB

Download
memory/2828-34-0x0000000000401000-0x0000000000666000-memory.dmp

Filesize
2.4MB

Download
memory/2828-11-0x00000000051F0000-0x00000000051F1000-memory.dmp

Filesize
4KB

Download
memory/2828-4-0x0000000005260000-0x0000000005261000-memory.dmp

Filesize
4KB

Download
memory/2828-46-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-39-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-40-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-41-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-42-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-43-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-44-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-45-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-38-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-47-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-48-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-49-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-50-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-51-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-52-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-53-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-54-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-55-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-0-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-57-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-58-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-59-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-60-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download
memory/2828-61-0x0000000000400000-0x00000000010A6000-memory.dmp

Filesize
12.6MB

Download