112b835045850e5a2e07cb958e557e31fedbd2d9b6beb295e0dc0a1122b659d7

Analysis

max time kernel
124s
max time network
123s
platform
windows7_x64
resource
win7v20201028
submitted
15-03-2021 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CompensationClaim_1132717900_03152021.xls
Size

233KB
MD5

841c71ffa67996d4499ba392dac351fa
SHA1

0f05f4eda41b530edca06efa60cd182dea88f54e
SHA256

4ed148904f40a652b9918ca1446af1f308287bc325a6dc363fe7693b22b3a073
SHA512

cd0624a348476de14ba88081f3f9310e5f81f1b9028fc32e206e4d8496d80139a7d840f5f52981c3955cbd297ee508016383386603258e00d0a73df1b76f3f45

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://188.127.254.114/44270.7733881944.dat

xlm40.dropper

http://185.82.219.160/44270.7733881944.dat

xlm40.dropper

http://45.140.146.34/44270.7733881944.dat

Signatures

Process spawned unexpected child process 3 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

Rundll32.exeRundll32.exeRundll32.exe

description	pid	pid_target	process	target process
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	1472	2044	Rundll32.exe	EXCEL.EXE
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	1944	2044	Rundll32.exe	EXCEL.EXE
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	1924	2044	Rundll32.exe	EXCEL.EXE

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

EXCEL.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

2044 EXCEL.EXE
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

chrome.exechrome.exe

pid process

272 chrome.exe
272 chrome.exe
1480 chrome.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

chrome.exe

pid process

272 chrome.exe
272 chrome.exe
272 chrome.exe
272 chrome.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

EXCEL.EXE

pid process

2044 EXCEL.EXE
2044 EXCEL.EXE
2044 EXCEL.EXE
2044 EXCEL.EXE
2044 EXCEL.EXE

pid	process
2044	EXCEL.EXE

pid	process
272	chrome.exe
272	chrome.exe
1480	chrome.exe

pid	process
272	chrome.exe
272	chrome.exe
272	chrome.exe
272	chrome.exe

pid	process
2044	EXCEL.EXE
2044	EXCEL.EXE
2044	EXCEL.EXE
2044	EXCEL.EXE
2044	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EXCEL.EXEchrome.exe

description	pid	process	target process
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1472	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1944	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 2044 wrote to memory of 1924	2044	EXCEL.EXE	Rundll32.exe
PID 272 wrote to memory of 1192	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 1192	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 1192	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe
PID 272 wrote to memory of 368	272	chrome.exe	chrome.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\CompensationClaim_1132717900_03152021.xls
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\Rundll32.exe
Rundll32 ..\SOT.GOT,DllRegisterServer
2⤵
- Process spawned unexpected child process
PID:1472

C:\Windows\SysWOW64\Rundll32.exe
Rundll32 ..\SOT.GOT1,DllRegisterServer
2⤵
- Process spawned unexpected child process
PID:1944

C:\Windows\SysWOW64\Rundll32.exe
Rundll32 ..\SOT.GOT2,DllRegisterServer
2⤵
- Process spawned unexpected child process
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6326e00,0x7fef6326e10,0x7fef6326e20
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1100 /prefetch:2
2⤵
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1244 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
2⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3096 /prefetch:8
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2772 /prefetch:2
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,4629005852260688290,9762806336740969405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3360 /prefetch:8
2⤵
PID:1612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
8a1c77f0130f3fff49de79f0e9490189

SHA1
b6d617fb1890003f6d58abfec69c219e839e0f5f

SHA256
599c2ed1648d80701103d6134fa206d313a76da44a0ca7b815627a422480c92f

SHA512
68371dafd21075f518613a1d63ca2222df4527e385439b32744a91209bf4a0ee6aca28e46c533f99f555760b0f07c5de5a5e8a265c67341deb22e176c2963b6a

Download Submit
\??\pipe\crashpad_272_PEMTWIBNGTATUFWR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/272-35-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/344-159-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-202-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-143-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-144-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-136-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-145-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-139-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-77-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-185-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-146-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-140-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-147-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-23-0x0000000000000000-mapping.dmp

Download
memory/344-150-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-130-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-151-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-155-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-142-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-156-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-157-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-158-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-76-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-78-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-138-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-188-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-187-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-122-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-186-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-189-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-190-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-191-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-192-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-193-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-194-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-195-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-196-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-197-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-198-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-199-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-200-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-201-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-141-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-203-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-204-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/344-205-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/368-17-0x00000000774F0000-0x00000000774F1000-memory.dmp

Filesize
4KB

Download
memory/368-15-0x0000000000000000-mapping.dmp

Download
memory/800-269-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-259-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-242-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-241-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-244-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-245-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-240-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-239-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-246-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-238-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-237-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-236-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-235-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-234-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-233-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-247-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-248-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-249-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-250-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-251-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-252-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-254-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-253-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-255-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-256-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-257-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-258-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-243-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-260-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-261-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-262-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-263-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-264-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-265-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-266-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-267-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-270-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-268-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-271-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-272-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-273-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-274-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-20-0x0000000000000000-mapping.dmp

Download
memory/800-276-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/800-275-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1192-12-0x0000000000000000-mapping.dmp

Download
memory/1472-7-0x0000000075251000-0x0000000075253000-memory.dmp

Filesize
8KB

Download
memory/1472-6-0x0000000000000000-mapping.dmp

Download
memory/1480-16-0x0000000000000000-mapping.dmp

Download
memory/1612-279-0x0000000000000000-mapping.dmp

Download
memory/1740-5-0x000007FEF77C0000-0x000007FEF7A3A000-memory.dmp

Filesize
2.5MB

Download
memory/1924-10-0x0000000000000000-mapping.dmp

Download
memory/1944-8-0x0000000000000000-mapping.dmp

Download
memory/2044-2-0x000000002FD31000-0x000000002FD34000-memory.dmp

Filesize
12KB

Download
memory/2044-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2044-3-0x0000000071671000-0x0000000071673000-memory.dmp

Filesize
8KB

Download
memory/2064-152-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-125-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-135-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-131-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-132-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-133-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-149-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-148-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-134-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-25-0x0000000000000000-mapping.dmp

Download
memory/2064-38-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-153-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-154-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-114-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-115-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-40-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-117-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-118-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-81-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-82-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-226-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-225-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-224-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-223-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-222-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-221-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-220-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-219-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-218-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-217-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-216-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-215-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-214-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-137-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-213-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-212-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-211-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-210-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-209-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-208-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-207-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-129-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-128-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-127-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-126-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-123-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2064-124-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-175-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-174-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-120-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-119-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-183-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-111-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-109-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-105-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-104-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-112-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-101-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-99-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-98-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-96-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-93-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-92-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-181-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-182-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-180-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-179-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-178-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-177-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-176-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-59-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-173-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-172-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-171-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-170-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-169-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-168-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-167-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-166-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-165-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-164-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-163-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-162-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-29-0x0000000000000000-mapping.dmp

Download
memory/2096-90-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-87-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-86-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-113-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-116-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-161-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-79-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-160-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2096-121-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2160-65-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-67-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-49-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-50-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-51-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-53-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-54-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-55-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-57-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-47-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-60-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-61-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-62-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-63-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-64-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-46-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-66-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-48-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-68-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-70-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-71-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-72-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-73-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-75-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-74-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-69-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-58-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-52-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2160-32-0x0000000000000000-mapping.dmp

Download
memory/2160-42-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2224-83-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2224-84-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2224-36-0x0000000000000000-mapping.dmp

Download
memory/2224-102-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2476-44-0x0000000000000000-mapping.dmp

Download
memory/2880-231-0x0000000000000000-mapping.dmp

Download