a80e92d8065c60ef2ea8a7488d346df1ab116326c16dd53d9408821d225e7fcc

Analysis

max time kernel
134s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

order_inquiry-000293829294829489343.xls
Size

111KB
MD5

486261c3d7edfb458815e95c4f78c122
SHA1

7c32a4a65f77260be36b30e5a6b925baa4d4bbb0
SHA256

095f25938f2489a4e70b174bc4eb1fdaf2ed956cf9c9efd8d4602103bc77af3c
SHA512

51c9fccbb6bfaf2b7748fdf6f9f0e4f1cf82ac2686b3f9c51513a251a34796f2eb790832e20d055f654c51237872a2180c11c12828d8b19338464d08c2e94354
SSDEEP

1536:RRlTjKXZuqDBvnXOrFbn1pYBcTs1L3BX64E7J2auv0iJ5fCPMZB+XQMKss0oStH2:9K4QB2rF71HIhjEt2auffCPkhqtv

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEEXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEEXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Modifies registry class 37 IoCs

Processes:

EXCEL.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000a8587c66100041646d696e003c0009000400efbea8582d61b758d8062e00000068e10100000001000000000000000000000000000000f0145000410064006d0069006e00000014000000	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 7e00310000000000a858d86511004465736b746f7000680009000400efbea8582d61b758f5062e00000072e101000000010000000000000000003e00000000001ed509004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000a8582d611100557365727300640009000400efbe874f7748b758d8062e000000c70500000000010000000000000000003a00000000005423290055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

776 EXCEL.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

EXCEL.EXE

pid process

3864 EXCEL.EXE
3864 EXCEL.EXE

pid	process
3864	EXCEL.EXE
3864	EXCEL.EXE

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

EXCEL.EXEEXCEL.EXE

pid	process
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
3864	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\order_inquiry-000293829294829489343.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:776

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\order_inquiry-000293829294829489343.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\343FF784-8E66-4A6E-8FE1-39BA5A22103E

Filesize
1KB

MD5
85ad173999ed440af6120f3b4fd436fa

SHA1
eebe3bae40b0c82db581b905e2a4c4a90055c9b3

SHA256
2fb3e7ca57b5ec8657ff2b909c74dee246e7ed2b30abd60dec96fc4fb88bd165

SHA512
3c506252a27bc4a3d718fc2ad89036850ee3c9d5fd79966fc5e28debe1844d96e8d2777e160e8537034129fd8109dff027bf5eb4a082c99d0db93730ec31427e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\A262D371-D526-4D87-B142-1D4C3E93E775

Filesize
397B

MD5
2f82426450332b558a61ae9ca551abd9

SHA1
abdbf8f8bdd7572bcdefbd1e0b7da8d3cf17144d

SHA256
57d6315a8f1f11aaa111a9956ddd0d560f791f757c379ed77bbb5a1b5b577f52

SHA512
dbc43dab6cbde98647c5a88cd508a1528ef79c030286cf82cb4cb03c4af81930ad1c3b2644ead9eceea27cd5772324f42a51f04f1693102254567205a6abf0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\88540366-4782-4918-AACB-690E222E2CC3

Filesize
161KB

MD5
9d8f362c65013ad999177612ac86bbfa

SHA1
2e5b0fef2c3194fe7bdcceb2265ee29ea1e1b379

SHA256
eb3dbcb9ef068520affef50d31d2a2918cc18b62a7f0a34287d4d621c4b7679f

SHA512
e13ff81decf5b45b21a7afbc939d888c6f2ba9e495e39a00071fe9f8ead1f6bbf1c7c646c0ebf533aed489e98d9a3ee1f495f967e1b01e701e21d3ffb4d5eb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
67f36f3c0ac40b3318b0241f929fe06b

SHA1
7b9aee92f248b674b974a8469fd0b0ddddf6243d

SHA256
59f39c79c6f4ce39372c39f194fea499d0bf1eef2ecb2f2b7a941898fd7200f2

SHA512
d58458e054b4c202a887c57b234cdce0913ed83481237700d70ac51412273289d49dcf79c29f06a1b87749020a66a4b7b3a280886ff8ae0c60e5cbc9debef279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
52KB

MD5
7b7afdf24b4ba9dcc824fa29d0f8bcd9

SHA1
c6e4fd4cd8bee6f469506c97bc0b31bdd43799e9

SHA256
c956a67241b8b1c2358e2d56f07e38d90b6e499ee85dc62ef989491a73c9c68b

SHA512
5ba1a5288a77610613b6bda7234dd600411bdd7a29b61becc75370abcec6c3bf23bfc491076affde992d49ca3c6c0c099f4e4db415af72a10c668649ae0b57cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
5208a67f750ecce12a723987a2b43e37

SHA1
9e27998bc5a7b543cb60f75ead67cbee99e6660f

SHA256
f37d9d298336dc7cd7b23f3e32cf1dc56070cb8b34710e923961d2ef75d1b6ea

SHA512
1d92828c192aef4cca2db9ad595e7d7eec975277352ddd7fb64f19d01a17afb7a617abc13e0322ae86c73f81139de5c1b9c5484751624b6b79cda6516c9987c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
318B

MD5
fd86990ba8bf8c646ad369401c510c62

SHA1
17daa1ab7814757308839a93a636125e852aac88

SHA256
e05008a5b5e975d63ac8b118735c9eb1bdc8be2ef1a9b87dc874fb364a910b43

SHA512
a1f564ebd5b7355c8bf21f657ce9d78a3a0892b4fcd97d2973ac9c9414565c89ccdd11763b1d224f3bd645e2f6779b656df6f25f6bd76d160bb52e3948a3b6e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
738B

MD5
81590dec172a42a5e9872f702197daf5

SHA1
c6b1bf88c5ca026bfe852c98c1e605c667a096e5

SHA256
84aab2825e0c44ec867bc544b9630dd7f275b8db86f22a79d985b9390a0e1638

SHA512
2fa76e6750c08a86b66d5076ccf05953edd3be4a979fe46d2a020dd52f001a3c3cc993d172c5005ebd903a16bb570138e549450f31b97a4f5532cdc46746922c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
memory/776-9-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-37-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-11-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-13-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-16-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-17-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-15-0x00007FFBD3FE0000-0x00007FFBD3FF0000-memory.dmp

Filesize
64KB

Download
memory/776-19-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-18-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-14-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-10-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-35-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-36-0x00007FFC162CD000-0x00007FFC162CE000-memory.dmp

Filesize
4KB

Download
memory/776-12-0x00007FFBD3FE0000-0x00007FFBD3FF0000-memory.dmp

Filesize
64KB

Download
memory/776-0-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/776-6-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-7-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-8-0x00007FFC16230000-0x00007FFC16425000-memory.dmp

Filesize
2.0MB

Download
memory/776-5-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/776-1-0x00007FFC162CD000-0x00007FFC162CE000-memory.dmp

Filesize
4KB

Download
memory/776-2-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/776-3-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/776-4-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/3864-107-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/3864-105-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/3864-106-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download
memory/3864-104-0x00007FFBD62B0000-0x00007FFBD62C0000-memory.dmp

Filesize
64KB

Download