parallax | 27b642f76bef353065bb7643f082547b8df2817e1403646ec231744a36f1e292

Analysis

max time kernel
118s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2023 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Inv_Scan.xll
Size

2.5MB
MD5

28223a48365919fe673c3b77e9e1c9a1
SHA1

70ecae9573833bb7fd848888d93a384e70ba86d2
SHA256

27b642f76bef353065bb7643f082547b8df2817e1403646ec231744a36f1e292
SHA512

8511b778a8c8af105af06f1929e3f92eaf8dc9fedff6aef2a21bbccaa6ca3e44133b5aaca2d7f67ef8981c602c844bd045d0bf1a4fd3f0ba42d241848b0df005
SSDEEP

49152:7hXR54rGnugTn7g+Zp5Ybl3Qgx8Abu1sG9lmx2bcrMrvHEP31U:7hXr4wTnE+Z0l7i1XpwrMDktU

Score

10^/10

parallax rat

Malware Config

Extracted

Language

xlm4.0

Source

Signatures

ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
rat parallax

ParallaxRat payload 19 IoCs

Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

resource	yara_rule
behavioral2/memory/2676-229-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-235-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-236-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-237-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-238-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-239-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-240-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-241-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-242-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-243-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-245-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-244-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-246-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-247-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-248-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-249-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-250-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-251-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat
behavioral2/memory/2676-257-0x0000000000400000-0x000000000042C000-memory.dmp	parallax_rat

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exgssi.exe	DllHost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exgssi.exe	DllHost.exe

Executes dropped EXE 1 IoCs

pid	Process
524	lum.exe

Loads dropped DLL 2 IoCs

pid	Process
2252	EXCEL.EXE
2252	EXCEL.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2252	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
1664	EXCEL.EXE
1664	EXCEL.EXE
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe
524	lum.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2252	EXCEL.EXE
2252	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
1664	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE
2252	EXCEL.EXE

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 524	2252	EXCEL.EXE	86
PID 2252 wrote to memory of 524	2252	EXCEL.EXE	86
PID 2252 wrote to memory of 524	2252	EXCEL.EXE	86
PID 2252 wrote to memory of 1664	2252	EXCEL.EXE	87
PID 2252 wrote to memory of 1664	2252	EXCEL.EXE	87
PID 2252 wrote to memory of 1664	2252	EXCEL.EXE	87
PID 524 wrote to memory of 936	524	lum.exe	90
PID 524 wrote to memory of 936	524	lum.exe	90
PID 524 wrote to memory of 936	524	lum.exe	90
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91
PID 524 wrote to memory of 2676	524	lum.exe	91

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Inv_Scan.xll"
1⤵
- Loads dropped DLL
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252
- C:\ProgramData\{238EAF4C-359C-4D56-A9A5-1B1C6BF758EC}\lum.exe
  C:\ProgramData\{238EAF4C-359C-4D56-A9A5-1B1C6BF758EC}\lum.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:524
- - C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
    C:\ProgramData\{238EAF4C-359C-4D56-A9A5-1B1C6BF758EC}\lum.exe
    3⤵
    PID:936
- - C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
    C:\ProgramData\{238EAF4C-359C-4D56-A9A5-1B1C6BF758EC}\lum.exe
    3⤵
    PID:2676
- C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Documents\Invoice.xlsx"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1664

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
1⤵
- Drops startup file
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\{238EAF4C-359C-4D56-A9A5-1B1C6BF758EC}\lum.exe

Filesize
2.4MB

MD5
f6637dd80c1bf55fdf7d31f1d857a155

SHA1
e7504efa854c5c6b8dc423d2fe5ace59b270b18b

SHA256
930ed2eef19f9a8fe45fc227cefc8d7369ef251c489b592d1f060f506d68bbba

SHA512
cc23934bc3ef8d886038e04ea7f0a7c4ceba9026183d2ab676e34a48c398309157af17b99f85c3341eb9d6f4b046c45ebf8bd44e392b99313f28b8fef996ed57

Download Submit
C:\ProgramData\{238EAF4C-359C-4D56-A9A5-1B1C6BF758EC}\lum.exe

Filesize
2.4MB

MD5
f6637dd80c1bf55fdf7d31f1d857a155

SHA1
e7504efa854c5c6b8dc423d2fe5ace59b270b18b

SHA256
930ed2eef19f9a8fe45fc227cefc8d7369ef251c489b592d1f060f506d68bbba

SHA512
cc23934bc3ef8d886038e04ea7f0a7c4ceba9026183d2ab676e34a48c398309157af17b99f85c3341eb9d6f4b046c45ebf8bd44e392b99313f28b8fef996ed57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\33AA5A6D-ED91-4AF8-9E9D-636A10B26856

Filesize
155KB

MD5
e834d9fe7d6ae46d4e36f843cb58177f

SHA1
0bb4dd9cb82b47e2b8aed2f792dceec7b15b2933

SHA256
602327a04aa1bdca3591807fd0a1075c7d0176ca49b2351584381062bd350e06

SHA512
1343977e844a968cb23485751df52e215db8d0bde4e19fe14bae029ebcc77e65f5575b327b6a6ece3b5651f707319dd106c9a760767e80348a17242d1dd58e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
52KB

MD5
3b20b432a4afc434253d6021e8c6df7e

SHA1
80459ca3034db57e86b9fb6fd3649d976e9a1e33

SHA256
8fb26038c90771b7e98287ce6bbb2b5754284f55e190e98e67ff3d355ad69346

SHA512
2015d4ee687cabf23db4856242004b2e672aa58619c641ff133c28c283c6f8488935f4ba9d065bd5373ca6d566a4d8cb5dccd885b20d26316a54e220c30b9b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
52KB

MD5
3b20b432a4afc434253d6021e8c6df7e

SHA1
80459ca3034db57e86b9fb6fd3649d976e9a1e33

SHA256
8fb26038c90771b7e98287ce6bbb2b5754284f55e190e98e67ff3d355ad69346

SHA512
2015d4ee687cabf23db4856242004b2e672aa58619c641ff133c28c283c6f8488935f4ba9d065bd5373ca6d566a4d8cb5dccd885b20d26316a54e220c30b9b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Inv_Scan.xll

Filesize
2.5MB

MD5
28223a48365919fe673c3b77e9e1c9a1

SHA1
70ecae9573833bb7fd848888d93a384e70ba86d2

SHA256
27b642f76bef353065bb7643f082547b8df2817e1403646ec231744a36f1e292

SHA512
8511b778a8c8af105af06f1929e3f92eaf8dc9fedff6aef2a21bbccaa6ca3e44133b5aaca2d7f67ef8981c602c844bd045d0bf1a4fd3f0ba42d241848b0df005

Download Submit
C:\Users\Admin\AppData\Local\Temp\Inv_Scan.xll

Filesize
2.5MB

MD5
28223a48365919fe673c3b77e9e1c9a1

SHA1
70ecae9573833bb7fd848888d93a384e70ba86d2

SHA256
27b642f76bef353065bb7643f082547b8df2817e1403646ec231744a36f1e292

SHA512
8511b778a8c8af105af06f1929e3f92eaf8dc9fedff6aef2a21bbccaa6ca3e44133b5aaca2d7f67ef8981c602c844bd045d0bf1a4fd3f0ba42d241848b0df005

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
223B

MD5
546aa196104da978b32dcfba881d1501

SHA1
b0a4820decbe7afbea3a99911fd41d4be1c60194

SHA256
34fdbeaaf2e8d5fe18205a54a4edc8e8a15d1c58c38ad62853e5129542229024

SHA512
3b94525433d57699bf50521aaa044300b5b484f6a5b21f878b6bf7206fe2fc75167d6f9f4a70286c2d7b709511ac2f74af85f399cafd71e14f7b4351e18d4a52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
661B

MD5
c2f78e8d1949664ae7333bb5d86b4838

SHA1
172c80e8dc5aa74a0190cd218de54c71dbff557c

SHA256
67098f4b8912e76733d5c9cfd2f8e9511ae336e8eb2cb8ed28cca77724774769

SHA512
ee6fc3e3f40270de2aa03a6f26a1836a87caa6f1066419fcfce3b3e51f8d116a72dc553f50765d8ae497c6ccb55cb82b73afaee225469ceba3dbc6774c1f2509

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exgssi.exe

Filesize
2.4MB

MD5
f6637dd80c1bf55fdf7d31f1d857a155

SHA1
e7504efa854c5c6b8dc423d2fe5ace59b270b18b

SHA256
930ed2eef19f9a8fe45fc227cefc8d7369ef251c489b592d1f060f506d68bbba

SHA512
cc23934bc3ef8d886038e04ea7f0a7c4ceba9026183d2ab676e34a48c398309157af17b99f85c3341eb9d6f4b046c45ebf8bd44e392b99313f28b8fef996ed57

Download Submit
C:\Users\Admin\Documents\Invoice.xlsx

Filesize
18KB

MD5
497eb5ac984d6a8d3b23e72b3d87a974

SHA1
bbc7a034a3038d1b8a560f0eabfb268d3ee8e021

SHA256
109241fd345d38c3e3f27e9aa1ee6700b203b8bdc0c15d89deaa049da91141c3

SHA512
c7c31253e2938038c771d10e67bbe1a53e8063359cec9b14b729ed433e22a7a095bcb55b1099b5003baeb4cca0f05b3d2b2688075af7a057a2e10f8812f8c2d9

Download Submit
memory/524-159-0x0000000002CF0000-0x0000000002D70000-memory.dmp

Filesize
512KB

Download
memory/524-160-0x0000000077672000-0x0000000077673000-memory.dmp

Filesize
4KB

Download
memory/524-233-0x0000000002CF0000-0x0000000002D70000-memory.dmp

Filesize
512KB

Download
memory/524-231-0x0000000002F10000-0x0000000003000000-memory.dmp

Filesize
960KB

Download
memory/1664-225-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/1664-224-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/1664-228-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-162-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-165-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-167-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-169-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-170-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-171-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-173-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-174-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-175-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-176-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-177-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-227-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/1664-180-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/1664-223-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/2252-179-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-140-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-135-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/2252-133-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/2252-205-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-143-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-139-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/2252-136-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-142-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-141-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/2252-138-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-288-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-134-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2252-144-0x00007FF9E6FD0000-0x00007FF9E6FE0000-memory.dmp

Filesize
64KB

Download
memory/2252-148-0x0000026D42630000-0x0000026D428BC000-memory.dmp

Filesize
2.5MB

Download
memory/2252-145-0x00007FF9E6FD0000-0x00007FF9E6FE0000-memory.dmp

Filesize
64KB

Download
memory/2252-137-0x00007FF9E91D0000-0x00007FF9E91E0000-memory.dmp

Filesize
64KB

Download
memory/2252-185-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

Filesize
2.0MB

Download
memory/2676-257-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-237-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-238-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-239-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-240-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-241-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-242-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-243-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-245-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-244-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-246-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-247-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-248-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-249-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-250-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-251-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-236-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-234-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2676-229-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2676-230-0x0000000077672000-0x0000000077673000-memory.dmp

Filesize
4KB

Download
memory/2676-235-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download