4e8b03e8baf9effcf582373f156b4a65210bf2392038ba64d0aecc13108776b9

Analysis

max time kernel
37s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/05/2023, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pake nanya.mp4
Size

280KB
MD5

da77238f7eba7c4ffed6ec49f3aaeb91
SHA1

72963d3d14561e56f89f287f45e5d9db14c79bc6
SHA256

4e8b03e8baf9effcf582373f156b4a65210bf2392038ba64d0aecc13108776b9
SHA512

22b9e9cf3abeeea649bc68523515d80e90770aed6be33169481fafa9df2881e9589f06fb792119c9aca0d20b474c09a3d46420c1e07f43ba5c0aa0666382c710
SSDEEP

6144:leWguLjN6SVPnQQ6KXWkf8SzW/kiZgrHv/73k7Hs:auvgmQJKXWkf8SzkkieL73OM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1988	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
692	chrome.exe
692	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1988	vlc.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: 33	564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	564	AUDIODG.EXE
Token: 33	564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	564	AUDIODG.EXE
Token: 33	1988	vlc.exe
Token: SeIncBasePriorityPrivilege	1988	vlc.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
1988	vlc.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1988	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 1300	692	chrome.exe	30
PID 692 wrote to memory of 1300	692	chrome.exe	30
PID 692 wrote to memory of 1300	692	chrome.exe	30
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 1924	692	chrome.exe	32
PID 692 wrote to memory of 268	692	chrome.exe	33
PID 692 wrote to memory of 268	692	chrome.exe	33
PID 692 wrote to memory of 268	692	chrome.exe	33
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34
PID 692 wrote to memory of 1500	692	chrome.exe	34

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\pake nanya.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xdc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feefe49758,0x7feefe49768,0x7feefe49778
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1240 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:8
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1312 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4128 --field-trial-handle=1256,i,4741985510905734121,3168518410854762111,131072 /prefetch:1
  2⤵
  PID:2816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1576

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7d8957c0e09b751b5675b152ec74595e

SHA1
d0f9707c3d46564fd0459f8b810752e357c74602

SHA256
1efbcf37de6097cf23b7d94a26bad73dcfe66cd0791cca5d4158e79e6f079e0f

SHA512
c5e04839ceb0e6653fefdca8c4f147d8662104a68c09bf24b610efa1f35ae08acbc5810be36c61fc975c0532c9f44ab94ae94ce0b73176899cdc4fe2794aede8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
077d65490aa233d042f8ae8f9eaf9c3e

SHA1
871991b17dc03d3501ea6704ff27cf55a51c8ccd

SHA256
d6583ed1e6d5a6549bf66d9469b9305481bebc9131bd1041066547aa42d67ea1

SHA512
e63792c784e4c3797cab3d74862aaf0f65b3539bf5c7838852aac30b00a75d13cb9f353d4e5f592bac004c7dcd7dd3dbb4c5fc40effffc7cd7a32002a30168c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae07665e-0bd6-4b86-b0f6-338d861e8e4e.tmp

Filesize
4KB

MD5
4ffa960c7a9f8f3e5da9e42c3738392a

SHA1
d20f0e47b2a852d74eebdddc62f9f505deb7cf11

SHA256
6970b7634e039a8c7c79eaa0a2a5b768460ae097844598f4ce83ba6162bda68c

SHA512
e464f255c5410c88f938f123b0fea6b9ce156717dfa12e742df8fd36eb828203afe719385de09bb5a5eb9df9a0029526f816efb4373d66acaa979d0c6eda6c70

Download Submit
memory/1988-90-0x000007FEF6A50000-0x000007FEF6A62000-memory.dmp

Filesize
72KB

Download
memory/1988-96-0x000007FEF4D70000-0x000007FEF4FBB000-memory.dmp

Filesize
2.3MB

Download
memory/1988-64-0x000007FEFB8C0000-0x000007FEFB8D8000-memory.dmp

Filesize
96KB

Download
memory/1988-65-0x000007FEFB340000-0x000007FEFB357000-memory.dmp

Filesize
92KB

Download
memory/1988-66-0x000007FEFB320000-0x000007FEFB331000-memory.dmp

Filesize
68KB

Download
memory/1988-67-0x000007FEFB300000-0x000007FEFB317000-memory.dmp

Filesize
92KB

Download
memory/1988-68-0x000007FEFB130000-0x000007FEFB141000-memory.dmp

Filesize
68KB

Download
memory/1988-69-0x000007FEFB110000-0x000007FEFB12D000-memory.dmp

Filesize
116KB

Download
memory/1988-70-0x000007FEF6810000-0x000007FEF6A10000-memory.dmp

Filesize
2.0MB

Download
memory/1988-71-0x000007FEFB0F0000-0x000007FEFB101000-memory.dmp

Filesize
68KB

Download
memory/1988-72-0x000007FEFB0B0000-0x000007FEFB0EF000-memory.dmp

Filesize
252KB

Download
memory/1988-73-0x000007FEFB080000-0x000007FEFB0A1000-memory.dmp

Filesize
132KB

Download
memory/1988-74-0x000007FEFB060000-0x000007FEFB078000-memory.dmp

Filesize
96KB

Download
memory/1988-75-0x000007FEFB040000-0x000007FEFB051000-memory.dmp

Filesize
68KB

Download
memory/1988-76-0x000007FEF4FC0000-0x000007FEF606B000-memory.dmp

Filesize
16.7MB

Download
memory/1988-77-0x000007FEFAE20000-0x000007FEFAE31000-memory.dmp

Filesize
68KB

Download
memory/1988-78-0x000007FEFAE00000-0x000007FEFAE11000-memory.dmp

Filesize
68KB

Download
memory/1988-79-0x000007FEFADE0000-0x000007FEFADFB000-memory.dmp

Filesize
108KB

Download
memory/1988-80-0x000007FEFADC0000-0x000007FEFADD1000-memory.dmp

Filesize
68KB

Download
memory/1988-81-0x000007FEFADA0000-0x000007FEFADB8000-memory.dmp

Filesize
96KB

Download
memory/1988-82-0x000007FEFAD70000-0x000007FEFADA0000-memory.dmp

Filesize
192KB

Download
memory/1988-83-0x000007FEF6E70000-0x000007FEF6ED7000-memory.dmp

Filesize
412KB

Download
memory/1988-84-0x000007FEF67A0000-0x000007FEF680F000-memory.dmp

Filesize
444KB

Download
memory/1988-85-0x000007FEFAD50000-0x000007FEFAD61000-memory.dmp

Filesize
68KB

Download
memory/1988-86-0x000007FEF6740000-0x000007FEF6796000-memory.dmp

Filesize
344KB

Download
memory/1988-87-0x000007FEF65C0000-0x000007FEF6738000-memory.dmp

Filesize
1.5MB

Download
memory/1988-88-0x000007FEF6E50000-0x000007FEF6E67000-memory.dmp

Filesize
92KB

Download
memory/1988-89-0x000007FEF6450000-0x000007FEF65C0000-memory.dmp

Filesize
1.4MB

Download
memory/1988-62-0x000007FEFB370000-0x000007FEFB3A4000-memory.dmp

Filesize
208KB

Download
memory/1988-91-0x000007FEF6400000-0x000007FEF6442000-memory.dmp

Filesize
264KB

Download
memory/1988-63-0x000007FEF6A70000-0x000007FEF6D24000-memory.dmp

Filesize
2.7MB

Download
memory/1988-93-0x000007FEF63B0000-0x000007FEF63FC000-memory.dmp

Filesize
304KB

Download
memory/1988-105-0x000007FEF3460000-0x000007FEF34CD000-memory.dmp

Filesize
436KB

Download
memory/1988-94-0x000007FEF6240000-0x000007FEF63AB000-memory.dmp

Filesize
1.4MB

Download
memory/1988-99-0x000007FEF61B0000-0x000007FEF61DF000-memory.dmp

Filesize
188KB

Download
memory/1988-101-0x000007FEF6190000-0x000007FEF61A6000-memory.dmp

Filesize
88KB

Download
memory/1988-100-0x000007FEF6A30000-0x000007FEF6A41000-memory.dmp

Filesize
68KB

Download
memory/1988-103-0x000007FEF3540000-0x000007FEF35B5000-memory.dmp

Filesize
468KB

Download
memory/1988-104-0x000007FEF34D0000-0x000007FEF3532000-memory.dmp

Filesize
392KB

Download
memory/1988-102-0x000007FEF60C0000-0x000007FEF6185000-memory.dmp

Filesize
788KB

Download
memory/1988-95-0x000007FEF61E0000-0x000007FEF6237000-memory.dmp

Filesize
348KB

Download
memory/1988-106-0x000007FEF60A0000-0x000007FEF60B3000-memory.dmp

Filesize
76KB

Download
memory/1988-107-0x000007FEF6080000-0x000007FEF6094000-memory.dmp

Filesize
80KB

Download
memory/1988-108-0x000007FEF3410000-0x000007FEF3460000-memory.dmp

Filesize
320KB

Download
memory/1988-109-0x000007FEF33F0000-0x000007FEF3405000-memory.dmp

Filesize
84KB

Download
memory/1988-97-0x000007FEF35C0000-0x000007FEF4D70000-memory.dmp

Filesize
23.7MB

Download
memory/1988-98-0x000007FEFB2F0000-0x000007FEFB300000-memory.dmp

Filesize
64KB

Download
memory/1988-111-0x000007FEF31B0000-0x000007FEF31C5000-memory.dmp

Filesize
84KB

Download
memory/1988-112-0x000007FEF3180000-0x000007FEF31A3000-memory.dmp

Filesize
140KB

Download
memory/1988-113-0x000007FEF3160000-0x000007FEF3173000-memory.dmp

Filesize
76KB

Download
memory/1988-125-0x000007FEF2EF0000-0x000007FEF2F01000-memory.dmp

Filesize
68KB

Download
memory/1988-124-0x000007FEF2F10000-0x000007FEF2F25000-memory.dmp

Filesize
84KB

Download
memory/1988-123-0x000007FEF2F30000-0x000007FEF2F45000-memory.dmp

Filesize
84KB

Download
memory/1988-122-0x000007FEF2F50000-0x000007FEF2F62000-memory.dmp

Filesize
72KB

Download
memory/1988-121-0x000007FEF2F70000-0x000007FEF2F84000-memory.dmp

Filesize
80KB

Download
memory/1988-120-0x000007FEF2F90000-0x000007FEF2FA3000-memory.dmp

Filesize
76KB

Download
memory/1988-119-0x000007FEF2FB0000-0x000007FEF2FC5000-memory.dmp

Filesize
84KB

Download
memory/1988-118-0x000007FEF2FD0000-0x000007FEF2FE2000-memory.dmp

Filesize
72KB

Download
memory/1988-61-0x000000013F020000-0x000000013F118000-memory.dmp

Filesize
992KB

Download
memory/1988-117-0x000007FEF2FF0000-0x000007FEF300B000-memory.dmp

Filesize
108KB

Download
memory/1988-116-0x000007FEF3010000-0x000007FEF3023000-memory.dmp

Filesize
76KB

Download
memory/1988-115-0x000007FEF3030000-0x000007FEF305A000-memory.dmp

Filesize
168KB

Download
memory/1988-114-0x000007FEF3060000-0x000007FEF3154000-memory.dmp

Filesize
976KB

Download
memory/1988-110-0x000007FEF31D0000-0x000007FEF33ED000-memory.dmp

Filesize
2.1MB

Download