60a66c5d9d508a2cfa80510a9630660910e00b96356934cadbbc41404afb37ac

Analysis

max time kernel
144s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca67156efa90ee91d28ffde2cced06142e79316704c5b3bafe74b980b806e031.xlsm
Size

42KB
MD5

c2f9809cf3145aad896839336e6c8870
SHA1

7a5558f20e60820a261f4ea4c86d7b7232520f07
SHA256

ca67156efa90ee91d28ffde2cced06142e79316704c5b3bafe74b980b806e031
SHA512

8fe02e9dee2a2a631b2c906bbf5625238dbdf079e47b839e784e076fd45fd1be6ab865af725986a51e9ea4aa31018eb1bcfd7e7dc5a8527bc01d667db28cfb77
SSDEEP

768:hEx/KgamErbZjfyS56agBDh8efxqVrEmzhRgEICHgSo5FNW3zuq:sCtW6efzi/OCASMNAt

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2308	malcod.exe
1192	Process not Found

Loads dropped DLL 2 IoCs

pid	Process
2364	EXCEL.EXE
1192	Process not Found

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Tasks\malcod.exe	EXCEL.EXE

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}\ = "IMultiPage"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}\ = "ImageEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents2"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\TypeLib\{061CEAE1-A08E-451F-A98F-DAE1950721BD}\2.0\HELPDIR	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}\ = "IReturnSingle"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\TypeLib\{061CEAE1-A08E-451F-A98F-DAE1950721BD}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\VBE"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSelect"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}\ = "IDataAutoWrapper"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}\ = "ITabStrip"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLReset"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents7"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}\ = "MultiPageEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}\ = "IControl"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSubmitButton"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLTextArea"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}\ = "MdcComboEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}\ = "MdcOptionButtonEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}\ = "MdcToggleButtonEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}\ = "ILabelControl"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcCombo"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}\ = "IImage"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{061CEAE1-A08E-451F-A98F-DAE1950721BD}\2.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\VBE\\MSForms.exd"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\TypeLib\{061CEAE1-A08E-451F-A98F-DAE1950721BD}\2.0\0\win32	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcToggleButton"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{061CEAE1-A08E-451F-A98F-DAE1950721BD}\2.0\FLAGS	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}\ = "Controls"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents6"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}\ = "Pages"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{061CEAE1-A08E-451F-A98F-DAE1950721BD}\2.0\HELPDIR	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}\ = "_UserForm"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents7"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}\ = "IMultiPage"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcText"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSubmitButton"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}\ = "ControlEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcList"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcList"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}\ = "MdcCheckBoxEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents5"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2364	EXCEL.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2364	EXCEL.EXE
2364	EXCEL.EXE
2364	EXCEL.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2308	2364	EXCEL.EXE	31
PID 2364 wrote to memory of 2308	2364	EXCEL.EXE	31
PID 2364 wrote to memory of 2308	2364	EXCEL.EXE	31
PID 2364 wrote to memory of 2308	2364	EXCEL.EXE	31

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\ca67156efa90ee91d28ffde2cced06142e79316704c5b3bafe74b980b806e031.xlsm
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\WINDOWS\Tasks\malcod.exe
  C:\WINDOWS\Tasks\malcod.exe
  2⤵
  - Executes dropped EXE
  PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Tasks\malcod.exe

Filesize
11KB

MD5
77bfcca0a57983b380d6f732b2dd145c

SHA1
6d9b5261aac522192839d5e3310dafdb18f52ffa

SHA256
8a98f8e6dd13660d8bb84a92a1aa852a077d932c483d2ef2ad03fddc88f173de

SHA512
867d16035d233c6a0f72d4a8f36682de9b5ca17896f29fcf043c704ee4bbf57b605bc679f13feb7b391ff1668fbcd646ae61221365000834f3b817b5fec2e31c

Download Submit
memory/2364-15-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-11-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-10-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-37-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-30-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-29-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-28-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-27-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-26-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-25-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-24-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-22-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-23-0x0000000006630000-0x0000000006730000-memory.dmp

Filesize
1024KB

Download
memory/2364-21-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-20-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-19-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-18-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-17-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-16-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2364-12-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-13-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-14-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-31-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-59-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-58-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-61-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-60-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-104-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-103-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-83-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-465-0x0000000071D5D000-0x0000000071D68000-memory.dmp

Filesize
44KB

Download
memory/2364-466-0x0000000006630000-0x0000000006730000-memory.dmp

Filesize
1024KB

Download
memory/2364-467-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-468-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-1-0x0000000071D5D000-0x0000000071D68000-memory.dmp

Filesize
44KB

Download
memory/2364-475-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-476-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-477-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-478-0x0000000007070000-0x0000000007270000-memory.dmp

Filesize
2.0MB

Download
memory/2364-479-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download
memory/2364-480-0x00000000004B0000-0x00000000005B0000-memory.dmp

Filesize
1024KB

Download