Overview

overview

6

Static

static

1

GrammarlyA...up.exe

windows7-x64

6

GrammarlyA...up.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GrammarlyAddInSetup.exe

  • Size

    14.1MB

  • MD5

    6e7521d5ed304ee64a9eea0233b1331a

  • SHA1

    4d6f4f35defc0385c2b375e7e63c8fc347bc5faa

  • SHA256

    df9a7d7a30cb6d60d0c5efc1ac052d664983f04c137a1be43a477cd08660686c

  • SHA512

    91f8dbc82c07573bc77e6752dd54a5da93e44b416e4eaac5be841e0f1c2eb11f4d2de76d5209ed308a8d5d136e26070eb63a9da3f0c3837dfc1f92d8c09f81d8

  • SSDEEP

    393216:znc60u4ShklUsF0aNhRp138y4CZy0TZgQ9b/6NzrFKSlioSnpwZVkDw:zc696Z77b4MySjd6hNipqzZ

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 47 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GrammarlyAddInSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\GrammarlyAddInSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4288
    • C:\Windows\Temp\{60647770-25B7-4B90-9086-3390853C6B90}\.cr\GrammarlyAddInSetup.exe
      "C:\Windows\Temp\{60647770-25B7-4B90-9086-3390853C6B90}\.cr\GrammarlyAddInSetup.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\GrammarlyAddInSetup.exe" -burn.filehandle.attached=544 -burn.filehandle.self=552
      2⤵
      • Checks whether UAC is enabled
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:4248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DELD072.tmp
    Filesize

    2.3MB

    MD5

    131fdb68cf6c0997573bf58bc64f49ee

    SHA1

    fac72e2ba8b0f1fcb3f1908abeb37a6b64daa933

    SHA256

    5450d25aa4773fd43dca5c2df860daf480c44f65da032246cb21791721a9b67b

    SHA512

    2f08d4f0327b8d3e06f2364f569b741731dfd993033f11b216130ae78f7a49c17c145e908a2fee45b8353ddb045af6f6fe6be11d80ebef4cbb3998f28e8221b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DELD079.tmp
    Filesize

    1.8MB

    MD5

    a283689cbbdcdeb1bbaa3b4ec9a9d86a

    SHA1

    766fd38e78351528ccdc0628f0ecba9fe9ac0b07

    SHA256

    76b4698b2ccad0a34de5f84ea37e85df3c5cf6d924fbad987605932b1b74fb36

    SHA512

    a16769969b73de71419cb3a1491ba4bc93cc90a9e3fbea142a8281f781d66eae6bfb231161b139be77ea6e4470cf0f481a7685d5ca8284139503dd358962ffe9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DELD35D.tmp
    Filesize

    256KB

    MD5

    35c0f1429264d00c2a580ad9a54345c3

    SHA1

    584ff34bd656a770992366ed80d5b742ccef169c

    SHA256

    5dcf6e1043ec22c1cf95650027eb3d860dde1da349696a2a45afcea182a991e4

    SHA512

    3f4cf387e7b69ba6d552d9412cc5a840d9a87dc107ca0b4c4861b1d34941ecbb46e0ec4ac6f26079d0eca03ef396fa81ff999254916ba38f90d6180ad3ff9a35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DELD37E.tmp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\BootstrapperCore.config
    Filesize

    3KB

    MD5

    a2fd50b2a9eaef9a3d404e96fea6fa26

    SHA1

    fa0d612f3af69e74669fe3d149b28dd722eaa292

    SHA256

    ea33dc00e6fda038cdd2f73c3684beb05c3dd1e9b2f2ad7f7f6d7ef6305d2661

    SHA512

    4d2b5a6e2365131a8580e5c3d49450532688ef63c5fc95d61b9341c665b2066d783f6c0d2d264b8d8d696a4c44b7f2896d9e7c1ac7ea29f495d42fdeea6985ff

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\BootstrapperCore.dll
    Filesize

    80KB

    MD5

    c4f7146ddc56763ccdb1cb3c09478708

    SHA1

    bca088ab33cfb69adeae11a272e9c8a83f39a8c9

    SHA256

    886cb2a994461f091752fc7b21e3143c212efd8841c757909e74ac32761880da

    SHA512

    df2ca029e95f80fc5870e541db8b1d5a03266307bb5f7680ad630868a9a3c584b3a702fbec09c26fef7287c99f5d9d1f59cd59b74dcf740c9a8e7508e07d18b5

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\FSharp.Core.dll
    Filesize

    2.9MB

    MD5

    ea2e28f4946912f2352dcbcdf2f67d77

    SHA1

    7392ecd9e3f54590c76860946adc541806d3ced2

    SHA256

    c6780923994cc96dc2bc8fc4f44b6f6c5d56290790723cf98b7114cd18c1143d

    SHA512

    f9fcaddb6fbb68c151d97f2fb4a98f2a730e6761e71e349f2615d96a6a345dade9eb1eeb80d29bf9b96c988f14e31cc4e06a821ca925a6a3d959c14c64a60ef2

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.AddIn.Interfaces.dll
    Filesize

    88KB

    MD5

    32034d5a06ca33c0368e2b61fc444ffc

    SHA1

    e4b0cc795c5a4cdcbc29590e88419acfb008a4bd

    SHA256

    17431929891c871eb7ceeb21746061c459f8904ce95c7b665e4c308a6266a877

    SHA512

    c769a1d77674ef01aeb22755daa782b13080eff088b5d72a7e1d84aeaec61cf0515e7187beee356b9c36a355f42926c359709d6ce11900e8c0678b6de2966f33

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.AddIn.Settings.dll
    Filesize

    27KB

    MD5

    4cf98c5fab3294e6108867308cc3c708

    SHA1

    476c74f7a3829f19e51a241dbc968cf310896205

    SHA256

    bd20305fd4082275dd483133f6cb239fdaf6dc3154cbb98d0707fbf74bd82a74

    SHA512

    65c531116be6384326453e05a8e410f9dc67865a8ca50c945746c3c8c528b0a1d8b5049e7d6de42d4a8fb54a85eb600092cc1ed63fa1b8c9d38665ea74a8712d

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.AddIn.Utils.dll
    Filesize

    112KB

    MD5

    d904ab16b1b93f2bccd8af0b81f40344

    SHA1

    2f5c6cc15e9dc4217314acb547ca50a648948c31

    SHA256

    2f8bfcd8d7051ef4b84f0bbab45ac01fbef41f21287444ccf4490a00a5bcdb06

    SHA512

    ad4bb84ef114c7ee4216fc8ec26361faf965e3213961a0a2b0d2eb432fcb3b1af6d3f4ac2a89c94575f713c2373564d14ad2ac786d8d834a9048148dd42612fe

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Api.dll
    Filesize

    670KB

    MD5

    037ffae2a024a32ffb792d3193f11ef2

    SHA1

    0119a6ee960710a1e113825ab1ca951d0a3922c1

    SHA256

    dda24b9e89ec500d205d975f970c16f2fe13bc147094afacf97a578619b49319

    SHA512

    14e848f914cd3c978f7cccf5b5b3330408c465a2d718a6b8c9daec06f4c37f13eb6073ae2f0a9e9164f3095185225d50311880562a1712b1ccaf036d13e338f5

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Batteries.FSharp.dll
    Filesize

    287KB

    MD5

    ecfb009a1da449f9b0c7bcbdcf1b0ecb

    SHA1

    d9cef96a90aed34af541fa679a37c8f5f45f0825

    SHA256

    7b304771b27f496e5f52c30ae32b0217588df61b61ad119722e49364eca15f71

    SHA512

    c8c25fe4c9cc03088b16f423694053ff0145c8fb74e2a224544f579af1561257591ae9ff67afa0b8d517d37da964d00d22e42309e31f7743a1bf1c91ccb03a4f

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Batteries.dll
    Filesize

    30KB

    MD5

    44a675c3bad40eb602050829fa79a286

    SHA1

    428fd43f9bda0b3019278df6ea3c841d5c5c3c84

    SHA256

    b082d70ae26a15955711efcf11e4b315b1ced1d076eb1c102042dcc4c1c4a709

    SHA512

    f75f847b8de3f026bcbc13aacf4950b8d75bb263a9519168b9e898d0117ad6d22eefaa5986a341ac62e768738a6a0faec597a0e2fc146b4d0c9a008b184aa3a8

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Bootstrapper.UI.dll
    Filesize

    2.6MB

    MD5

    048bcad1b8eb39c2cfb88d1eb755b6d4

    SHA1

    6b153cbd6dc6ba9706344c650b67dd7623ee4b4d

    SHA256

    32d09fd2b66eed94112a273f14581ce1c16f24392a8fd0b31ccc958d7a4fb70c

    SHA512

    d7c945f99e27f0c6aca1450d9c37f9639810ae757ae058815e42635910ec3c0bd3bc31ecbed04fc90dc32752ea026f8c9bbfc942ec33f8d544eaa486c51a4ebe

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Http.dll
    Filesize

    89KB

    MD5

    1da12442491caebc2c77c37b74b8386a

    SHA1

    839f55b57c1491d6c396ca739c6dcd03eafc78e6

    SHA256

    38b2fb044dec114c2ad90ea3c8efb085bdbcfb38dd5a1c29668cb9b41a8489c5

    SHA512

    b915887f9b45568e57a49463905b5294bc43c83f00f00002cfc4bfe94b90a25d0f3f376fe097b35d3d2bb202605fd32e37b9e4ac823b8a816a6095bc2a9e06de

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Json.dll
    Filesize

    133KB

    MD5

    64afca32d62af1f42d3b90d24cb3acc1

    SHA1

    980e3dab8c1d1f5f8da543ab338d4d8c9cab27b6

    SHA256

    71ac8260df684faba7dd0e67cc5d15bbc2fd82c5c01f69357e2c6f4a193a851b

    SHA512

    5627518f91611683f5be4dbce62613a26cafa48a12c95a0637507e5dd32d4921d1365db6f8b6aae0d9389e1b659725428aad13192659c000d128a53697d22a7f

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Logging.dll
    Filesize

    36KB

    MD5

    9babfd37d038596b7ed8d3c53b8ef819

    SHA1

    203441ca67f6999a0cce59f10b19a04d39cc7f97

    SHA256

    1b3b06e908ec25d28ca5beea3035a670d5eb4ecd8a4951c4bb10208aed9a3f62

    SHA512

    52434040ee44936e15c3ddef8effbd28b799f3a7dfcccb10c5a1aff483e993658137f569e580c44515d076b47b9c667a0d640d79d56a439c51bdf973601e9c87

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Tracking.FSharp.dll
    Filesize

    221KB

    MD5

    7a9b8391936ea5b48c873fa20b111293

    SHA1

    cf683bf2f31197d5da107fe4c6fe438f00e0b79f

    SHA256

    bd951b380c270ae4d8ce4066f0d0ac1865cee225db43719d8263f26b107615cb

    SHA512

    ea2e4737bd593c082e766c9072638c0b716b4582618e2f7c189902c6c32d5388c65ca6ab4ebc95769a5e692f8f791e836631032291fce6c3b8a4667f5b4a0942

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Tracking.GnarClient.dll
    Filesize

    78KB

    MD5

    20d48d1cf0665d0455584b7b65d7604c

    SHA1

    7458f9ad1e6aa852c9ca87288cd40563332c374d

    SHA256

    d665a88d650346680d5ff9a00e6fe78e5a9123b7a5f0b903d43f37968a9048c7

    SHA512

    70179d67c9bfc9e2c5a5e850b93eabd7827a74a3f204425a6cad23986b4b7d37bebe713dbfc5f7cc2d02aa84b3509583b2784c7b4492eb596d2fe97ce97ddb0d

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Grammarly.Tracking.dll
    Filesize

    41KB

    MD5

    1a8d3f310c4ecabef86ff4d5a84ceddd

    SHA1

    a2295df8f21f58d934c8d8bbf21713e61ef64cd8

    SHA256

    b5f159c4798b6c8d270d37f071f484d58227e04aa432b500d4edcf604d8aff2e

    SHA512

    e9c1c3e3b8befdc358fcaf2a700ef9838d3e47c9243e18a2ed48e5de8797c989917c4415aeb167997cae28aaa9b43e7dcb5560854fa38f4909a37f856d42eb9b

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\LanguageExt.Core.dll
    Filesize

    3.3MB

    MD5

    109494b64443173f0de9d753002fc180

    SHA1

    91a763817d6e3e9124fe096c2629a9a0a5d2b7db

    SHA256

    4e4ca3ce9b8fabe17c5197ac4b801b8fcf37a89e49447a6c711775e18ebc78e4

    SHA512

    a0a5e39a21a9fbe308ed12778e46b087f16a499d16efaabae19348884c7c96b0ed9b904c575e44b98e220edbac1854b9fb207fb7222db705764f0cca647c3d3e

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\LanguageExt.Core.dll
    Filesize

    3.7MB

    MD5

    bd8686d1ed44180cb005c001d5b9a122

    SHA1

    b0e1a98fd80eb82efaf6ffb4692ff2cc963ac771

    SHA256

    6a69f556539215d34047b407ae16b0c3cd7145610591cc1af7a4322170e3c2fa

    SHA512

    9d3bf1193134be1f72f9fd9eb1f7fbf4707bdc7daa3cdc8bca2bce5981d7026ebf2af2b3e495d446b10d6f51ba486d371ec15f1519659a4ba651bcd62d55c295

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\ReactiveUI.dll
    Filesize

    274KB

    MD5

    3674d451e7bdbcc085cbeaecae28cb82

    SHA1

    6ebfc8b6fc173138dd3a93a23983a905b204693f

    SHA256

    9b05af797a1847662afbebce97293cbb7d11d30a853084dc4ddc03fa323ac1d7

    SHA512

    f643b253d0cd8bd947984d998c78f9279d198f3e5ccad4cd6a00cf3462f71edec5ce5d48768a9964bda9e2950ae59d0b6a9ac8aaaf2f020628feb9ba6cd83eb7

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\Splat.dll
    Filesize

    51KB

    MD5

    9d567a6047ea34f421c52e11c90574d8

    SHA1

    ec93d183f53bf894fa22a1d331dd60134909a2c8

    SHA256

    59f64453ced6e4bcaa2dccaf0d68abfab593c044cf9a3dc413b3167e35a06587

    SHA512

    ae9e0e675463cfb4ed82678d111c3eb6e77925f0dc1646338985a99468c4402eeea1d3a0c0be754133d4d5a7c6db74a94b50065c79a9a07115ac088eb5805297

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\System.Reactive.Core.dll
    Filesize

    103KB

    MD5

    f30b8c15a72dc8e9df72a79d0f6edef7

    SHA1

    904c72eb5f43683b4c2e9de10e62bc21b2720933

    SHA256

    8d60c49052587404da8de3b5075f03379f926a24064926add03d428a919579f0

    SHA512

    4f27fe838b151fccaedcda0af494b34457ba2b8f849cf8dcdbe6ed1141af97cb8526ce41f207382e6d13b1cc645e68e6df63071381be306418ab8895009d818b

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\System.Reactive.Interfaces.dll
    Filesize

    14KB

    MD5

    8456496526d4ae39976c01fb66dec3b4

    SHA1

    48692a3202892031a8d6082ff12d86e577b817e3

    SHA256

    ce49e5c5d339477285c2a4b8363dd1bdab53c4de085560f0831e8c86ef63a195

    SHA512

    56d866f6dabe4178fc0137313d6a9497ac57a5667ca550a83a5a3e0f201d3b4796a2b3e1c63871f84ff2056155f2a1518928423d1c8ac430ac04dd7347e2203f

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\System.Reactive.Linq.dll
    Filesize

    683KB

    MD5

    d8d6b991baee2043fc59868e30a694eb

    SHA1

    5245617144772d5318186580ec60ed1cfd40fd04

    SHA256

    38e486e6dce12416936550e5cda476e6ced49cd60671e7672cd19607e2d7e09f

    SHA512

    54a060eca5d134b69ec0bbfd19131e5b10eab0e6914a2a115622d38a5a28dd651b960e964360d41f335d05de5a44366209f298e8d26236db7c4e1be0b2e73239

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\System.Reactive.PlatformServices.dll
    Filesize

    28KB

    MD5

    38594076e1d4747e0486bc6fcba5c710

    SHA1

    427aec497ac466a92cd0e7766150f8978296ad1e

    SHA256

    e9db79e6fa6df07e866916c540f580e59fdeeb5e145d825870b473992fcd3deb

    SHA512

    7b3041eb762b0e8dfed346d70e144e0d57570e1d69dff2c3b244ac5fcf3bd5e9e6aa0fff75d42947213a9a38d8e6657aa5151eebc642731ee21d2b73d55de66e

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\System.Reactive.Windows.Threading.dll
    Filesize

    20KB

    MD5

    6c8bc73c381974f5f5cb7659edb0aa3c

    SHA1

    800c2d42becf50292c47f373188995e26262a6a8

    SHA256

    7909c50b7fb24efc13bb9c16b1af01da5d9769892655c5dd9669fa6ba4dd9274

    SHA512

    a0a103de5ebe051d95858fa157689eb3e05ca867e73a7fff5c7d3496952aa1752643a2e5ae282cb8bf6e2376e6283fc0b03aa8a1c9ad8db88050c36df62ab546

    Download Submit

  • C:\Windows\Temp\{1B842BF2-9EFD-423C-BBAC-CD2DA84A814A}\.ba\mbahost.dll
    Filesize

    111KB

    MD5

    d7c697ceb6f40ce91dabfcbe8df08e22

    SHA1

    49cd0213a1655dcdb493668083ab2d7f55135381

    SHA256

    b925d9d3e1e2c49bf05a1b0713e2750ee6e0c43c7adc9d3c3a1b9fb8c557c3df

    SHA512

    22ca87979ca68f10b5fda64c27913d0f2a12c359b04e4a6caa3645303fbd47cd598c805fd9a43c8f3e0934e9d2db85f7a4e1eff26cb33d233efc05ee2613cfc1

    Download Submit

  • C:\Windows\Temp\{60647770-25B7-4B90-9086-3390853C6B90}\.cr\GrammarlyAddInSetup.exe
    Filesize

    5.3MB

    MD5

    7d2efae26413e6b3cf2ce0b7c8c52585

    SHA1

    a201311949a5c6033de4d5ce05f0ad44c114702b

    SHA256

    41b5f4747f349e5068bc2761cd617ac157f90e8b689bd16752f1418fc413d777

    SHA512

    c0afe78c0794f27f4d6e534070023f5825a51a5fcbb013845b2b1df21844bc25688e1c9deff7ffb70cf4025322733d5bd2f7f2183bf50a11b98a1a30eac6a095

    Download Submit

  • memory/4248-125-0x0000000007730000-0x0000000007756000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4248-161-0x00000000076D0000-0x00000000076DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4248-129-0x0000000007600000-0x000000000760E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4248-121-0x0000000007FD0000-0x00000000082B6000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/4248-87-0x0000000003B60000-0x0000000003B6E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4248-133-0x0000000007810000-0x00000000078BC000-memory.dmp

    Filesize

    688KB

    Download

  • memory/4248-137-0x0000000007760000-0x000000000777A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4248-83-0x00000000071D0000-0x0000000007468000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/4248-91-0x0000000007080000-0x00000000070CA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4248-141-0x0000000007780000-0x000000000779E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4248-95-0x0000000004840000-0x0000000004852000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4248-145-0x00000000076E0000-0x00000000076E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4248-117-0x00000000076F0000-0x000000000772C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4248-149-0x00000000077B0000-0x00000000077BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4248-113-0x00000000075D0000-0x00000000075E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4248-153-0x0000000007970000-0x0000000007A20000-memory.dmp

    Filesize

    704KB

    Download

  • memory/4248-96-0x0000000007A20000-0x0000000007FC4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4248-109-0x00000000075B0000-0x00000000075CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4248-157-0x0000000008A30000-0x00000000091A0000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/4248-105-0x0000000007590000-0x00000000075B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4248-76-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-77-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-165-0x0000000008450000-0x000000000849C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4248-97-0x0000000007610000-0x00000000076A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4248-169-0x0000000008680000-0x000000000868A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4248-171-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-174-0x00000000093D0000-0x00000000093D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4248-173-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-175-0x000000000C050000-0x000000000C088000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4248-176-0x000000000BDB0000-0x000000000BDBE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4248-177-0x0000000073C30000-0x00000000743E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4248-178-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-179-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-180-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-74-0x0000000006D20000-0x0000000006D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4248-73-0x0000000073C30000-0x00000000743E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4248-72-0x00000000039B0000-0x00000000039C8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4248-101-0x0000000004950000-0x000000000495C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4248-288-0x0000000073C30000-0x00000000743E0000-memory.dmp

    Filesize

    7.7MB

    Download