banload | 92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Size

5.8MB
MD5

cd283f0aa38cce333ec378422d7a5ae1
SHA1

9ea20227f72e6886de00530f2b262c3ab22c7df1
SHA256

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87
SHA512

c43a4f1299074703c5aed239e0daeb982b79220ab5d4607f1656b5b917b78248f6e52bde7f4504e6da78849df09d33f5acb7c5e8e444e63e696530c67ba2bd12
SSDEEP

98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoM5:RFQWEPnPBnEmOKIbGpPMAZcy3qyKB5

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

Renames multiple (319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

Drops file in Program Files directory 64 IoCs

Processes:

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\ApproveUse.TTS.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\dicjp.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

Modifies registry class 10 IoCs

Processes:

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID\ = "DAO.DBEngine.36"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ = "DAO.DBEngine.36"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\ = "%CommonProgramFiles%\\Microsoft Shared\\DAO\\dao360.dll"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\Class = "dao.DBEngineClass"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\Assembly = "dao, Version=10.0.4504.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\RuntimeVersion = "v1.0.3705"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\ThreadingModel = "Apartment"	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

description	pid	Process
Token: 33	3408	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
Token: SeIncBasePriorityPrivilege	3408	92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe

C:\Users\Admin\AppData\Local\Temp\92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
"C:\Users\Admin\AppData\Local\Temp\92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

Filesize
5.9MB

MD5
0ce48f3f6bb212d66888f41f274f3293

SHA1
b1b8d8f02feaa1584745def9511c7bb9d612b465

SHA256
c33fdb15571aaa1722d543cf46fc32824834ffa28bf461d25b469944f070b9c0

SHA512
2805101e943375bde5e96576422e1c2d7f60f44d06b5653bff9a1b823e07206700f4f70929e331935ed90e0c338c4898dd2da1a309b4416586b7a5dbb95341db

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
6.0MB

MD5
42811ef5d4f01ba2640c69fd05baa01b

SHA1
206475dc3f095892998f472b9af00f0626c02fb7

SHA256
cf321aeff4fd68e812ec496bdc55926a23c41170569e19b0eafc9c0a42b34b55

SHA512
3963f4bf6f93255ad84d5478109af4276939fa3ad1daf33be6d77381ee8c81d7a89465ee276f2d5c6ddb2062d079cf74de4ab5522a4e2477a08a08b59c4b0085

Download Submit
memory/3408-0-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3408-2-0x00000000049B0000-0x0000000004BBC000-memory.dmp

Filesize
2.0MB

Download
memory/3408-9-0x00000000049B0000-0x0000000004BBC000-memory.dmp

Filesize
2.0MB

Download
memory/3408-12-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3408-13-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3408-14-0x00000000049B0000-0x0000000004BBC000-memory.dmp

Filesize
2.0MB

Download
memory/3408-31-0x00000000049B0000-0x0000000004BBC000-memory.dmp

Filesize
2.0MB

Download
memory/3408-30-0x00000000049B0000-0x0000000004BBC000-memory.dmp

Filesize
2.0MB

Download
memory/3408-74-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3408-84-0x00000000049B0000-0x0000000004BBC000-memory.dmp

Filesize
2.0MB

Download