562c915dcfed76d44e22ae9c7aa7b0b4a9dd31ea3c9cd6179d533659a356c33b

Analysis

max time kernel
127s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 17:33

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-18T17:36:39Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win7-20240221-en/instance_28-dirty.qcow2\"}"

Report Analysis Logs

General

Target

GAMERS_1_STAR_RATING_1.mp4
Size

211KB
MD5

90e42c3ce39e71cfc6f6b88d90f9a8ca
SHA1

c412b9bc0caea8709f4b4ecf0914a2991fe397cf
SHA256

562c915dcfed76d44e22ae9c7aa7b0b4a9dd31ea3c9cd6179d533659a356c33b
SHA512

4202617df32314a6c5a4e4c09f7104d87ae423cdcda3e93fda066686f89befc386272a18db1b5860b70a27ac879810baf7038f91831970472db3be358f325ed7
SSDEEP

3072:HT5oqqxogDO7kZTh6OgILDCI+C6I9efUYzAui1qaAmGe8mnIw:HTGWkxlNzLd+JLUYzARWm58mnv

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_927AA725431A42F4B2D3940A674AAA4B.dat	utilman.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_927AA725431A42F4B2D3940A674AAA4B.dat	utilman.exe

Enumerates system info in registry 2 TTPs 32 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Identifier	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data	csrss.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information	csrss.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\CLSID = "{A8C680EB-3D32-11D2-9EE7-00C04F797396}"	utilman.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\Voices	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\Files\Datafile = "%1a%\\Microsoft\\Speech\\Files\\UserLexicons\\SP_927AA725431A42F4B2D3940A674AAA4B.dat"	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\System	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\DeviceName = "Speakers (High Definition Audio Device)"	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\Attributes	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96"	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\Files	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor"	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\AppLexicons	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput	utilman.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel = "1"	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\DefaultTokenId = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech\\AudioOutput\\TokenEnums\\MMAudioOut\\"	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1"	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	utilman.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\Generation = "0"	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\ = "Current User Lexicon"	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AppLexicons	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\PhoneConverters\DefaultTokenId = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech\\PhoneConverters\\Tokens\\English"	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\Voices\DefaultTokenId = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech\\Voices\\Tokens\\MS-Anna-1033-20-DSK"	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\Attributes\Vendor = "Microsoft"	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\Attributes\Technology = "MMSys"	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon\CLSID = "{C9E37C15-DF92-4727-85D6-72E5EEB6995A}"	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\PhoneConverters	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut	utilman.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\ = "Speakers (High Definition Audio Device)"	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize"	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\CurrentUserLexicon	utilman.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}\DeviceId = "{0.0.0.00000000}.{a1758a1b-7967-45d4-8c49-dc01acbc8efc}"	utilman.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2856	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2744	utilman.exe
2744	utilman.exe
1720	utilman.exe
1720	utilman.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2856	vlc.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: 33	2856	vlc.exe
Token: SeIncBasePriorityPrivilege	2856	vlc.exe
Token: SeShutdownPrivilege	2452	LogonUI.exe
Token: SeShutdownPrivilege	2452	LogonUI.exe
Token: SeSecurityPrivilege	2616	winlogon.exe
Token: SeBackupPrivilege	2616	winlogon.exe
Token: SeSecurityPrivilege	2616	winlogon.exe
Token: SeTcbPrivilege	2616	winlogon.exe
Token: SeShutdownPrivilege	2452	LogonUI.exe
Token: SeShutdownPrivilege	2452	LogonUI.exe
Token: SeShutdownPrivilege	2616	winlogon.exe
Token: SeShutdownPrivilege	2616	winlogon.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe
2856	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2856	vlc.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2616 wrote to memory of 2452	2616	winlogon.exe	32
PID 2616 wrote to memory of 2452	2616	winlogon.exe	32
PID 2616 wrote to memory of 2452	2616	winlogon.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2452	2348	csrss.exe	32
PID 2348 wrote to memory of 2744	2348	csrss.exe	35
PID 2348 wrote to memory of 2744	2348	csrss.exe	35
PID 2616 wrote to memory of 2744	2616	winlogon.exe	35
PID 2616 wrote to memory of 2744	2616	winlogon.exe	35
PID 2616 wrote to memory of 2744	2616	winlogon.exe	35
PID 2348 wrote to memory of 2744	2348	csrss.exe	35
PID 2348 wrote to memory of 2744	2348	csrss.exe	35
PID 2348 wrote to memory of 1720	2348	csrss.exe	37
PID 2348 wrote to memory of 1720	2348	csrss.exe	37
PID 2616 wrote to memory of 1720	2616	winlogon.exe	37
PID 2616 wrote to memory of 1720	2616	winlogon.exe	37
PID 2616 wrote to memory of 1720	2616	winlogon.exe	37
PID 2348 wrote to memory of 1720	2348	csrss.exe	37
PID 2348 wrote to memory of 1720	2348	csrss.exe	37

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\GAMERS_1_STAR_RATING_1.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2348

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\system32\LogonUI.exe
  "LogonUI.exe" /flags:0x0
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2452
- C:\Windows\system32\utilman.exe
  utilman.exe /debug
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Windows\system32\utilman.exe
  utilman.exe /debug
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
1⤵
PID:2756

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1560

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-999-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

Filesize
4KB

Download
memory/2452-333-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2452-334-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2744-912-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2856-5-0x000000013FD90000-0x000000013FE88000-memory.dmp

Filesize
992KB

Download
memory/2856-6-0x000007FEF8130000-0x000007FEF8164000-memory.dmp

Filesize
208KB

Download
memory/2856-7-0x000007FEF6080000-0x000007FEF6334000-memory.dmp

Filesize
2.7MB

Download
memory/2856-10-0x000007FEF8110000-0x000007FEF8121000-memory.dmp

Filesize
68KB

Download
memory/2856-9-0x000007FEFA8C0000-0x000007FEFA8D7000-memory.dmp

Filesize
92KB

Download
memory/2856-13-0x000007FEF72F0000-0x000007FEF730D000-memory.dmp

Filesize
116KB

Download
memory/2856-12-0x000007FEF7310000-0x000007FEF7321000-memory.dmp

Filesize
68KB

Download
memory/2856-11-0x000007FEF7330000-0x000007FEF7347000-memory.dmp

Filesize
92KB

Download
memory/2856-8-0x000007FEFB940000-0x000007FEFB958000-memory.dmp

Filesize
96KB

Download
memory/2856-14-0x000007FEF5E80000-0x000007FEF6080000-memory.dmp

Filesize
2.0MB

Download
memory/2856-20-0x000007FEF66D0000-0x000007FEF66E1000-memory.dmp

Filesize
68KB

Download
memory/2856-21-0x000007FEF66B0000-0x000007FEF66C1000-memory.dmp

Filesize
68KB

Download
memory/2856-19-0x000007FEF66F0000-0x000007FEF6701000-memory.dmp

Filesize
68KB

Download
memory/2856-22-0x000007FEF5E60000-0x000007FEF5E7B000-memory.dmp

Filesize
108KB

Download
memory/2856-18-0x000007FEF6710000-0x000007FEF6728000-memory.dmp

Filesize
96KB

Download
memory/2856-17-0x000007FEF6730000-0x000007FEF6751000-memory.dmp

Filesize
132KB

Download
memory/2856-16-0x000007FEF6760000-0x000007FEF679F000-memory.dmp

Filesize
252KB

Download
memory/2856-23-0x000007FEF5E40000-0x000007FEF5E51000-memory.dmp

Filesize
68KB

Download
memory/2856-15-0x000007FEF67A0000-0x000007FEF67B1000-memory.dmp

Filesize
68KB

Download
memory/2856-25-0x000007FEF5DF0000-0x000007FEF5E20000-memory.dmp

Filesize
192KB

Download
memory/2856-24-0x000007FEF5E20000-0x000007FEF5E38000-memory.dmp

Filesize
96KB

Download
memory/2856-26-0x000007FEF4D40000-0x000007FEF5DEB000-memory.dmp

Filesize
16.7MB

Download
memory/2856-27-0x000007FEF4CD0000-0x000007FEF4D37000-memory.dmp

Filesize
412KB

Download
memory/2856-28-0x000007FEF4C60000-0x000007FEF4CCF000-memory.dmp

Filesize
444KB

Download
memory/2856-29-0x000007FEF4C40000-0x000007FEF4C51000-memory.dmp

Filesize
68KB

Download
memory/2856-30-0x000007FEF4BE0000-0x000007FEF4C36000-memory.dmp

Filesize
344KB

Download
memory/2856-31-0x000007FEF4A60000-0x000007FEF4BD8000-memory.dmp

Filesize
1.5MB

Download
memory/2856-32-0x000007FEF4A40000-0x000007FEF4A57000-memory.dmp

Filesize
92KB

Download
memory/2856-33-0x000007FEFA8B0000-0x000007FEFA8C0000-memory.dmp

Filesize
64KB

Download
memory/2856-35-0x000007FEF49F0000-0x000007FEF4A01000-memory.dmp

Filesize
68KB

Download
memory/2856-36-0x000007FEF49D0000-0x000007FEF49E6000-memory.dmp

Filesize
88KB

Download
memory/2856-34-0x000007FEF4A10000-0x000007FEF4A3F000-memory.dmp

Filesize
188KB

Download
memory/2856-37-0x000007FEF4900000-0x000007FEF49C5000-memory.dmp

Filesize
788KB

Download
memory/2856-38-0x000007FEF4880000-0x000007FEF48F5000-memory.dmp

Filesize
468KB

Download
memory/2856-39-0x000007FEF4810000-0x000007FEF4872000-memory.dmp

Filesize
392KB

Download
memory/2856-40-0x000007FEF47A0000-0x000007FEF480D000-memory.dmp

Filesize
436KB

Download
memory/2856-41-0x000007FEF4780000-0x000007FEF4793000-memory.dmp

Filesize
76KB

Download
memory/2856-42-0x000007FEF4760000-0x000007FEF4774000-memory.dmp

Filesize
80KB

Download
memory/2856-43-0x000007FEF4710000-0x000007FEF4760000-memory.dmp

Filesize
320KB

Download
memory/2856-44-0x000007FEF45A0000-0x000007FEF4710000-memory.dmp

Filesize
1.4MB

Download
memory/2856-45-0x000007FEF4580000-0x000007FEF4592000-memory.dmp

Filesize
72KB

Download
memory/2856-46-0x000007FEF4530000-0x000007FEF4572000-memory.dmp

Filesize
264KB

Download
memory/2856-47-0x000007FEF44E0000-0x000007FEF452C000-memory.dmp

Filesize
304KB

Download
memory/2856-48-0x000007FEF4370000-0x000007FEF44DB000-memory.dmp

Filesize
1.4MB

Download
memory/2856-49-0x000007FEF4310000-0x000007FEF4367000-memory.dmp

Filesize
348KB

Download
memory/2856-50-0x000007FEF40C0000-0x000007FEF430B000-memory.dmp

Filesize
2.3MB

Download
memory/2856-51-0x000007FEF2910000-0x000007FEF40C0000-memory.dmp

Filesize
23.7MB

Download
memory/2856-52-0x000007FEF28F0000-0x000007FEF2905000-memory.dmp

Filesize
84KB

Download
memory/2856-53-0x000007FEF26D0000-0x000007FEF28ED000-memory.dmp

Filesize
2.1MB

Download
memory/2856-54-0x000007FEF26B0000-0x000007FEF26C5000-memory.dmp

Filesize
84KB

Download
memory/2856-55-0x000007FEF2680000-0x000007FEF26A3000-memory.dmp

Filesize
140KB

Download
memory/2856-56-0x000007FEF2660000-0x000007FEF2673000-memory.dmp

Filesize
76KB

Download
memory/2856-57-0x000007FEF2540000-0x000007FEF2634000-memory.dmp

Filesize
976KB

Download
memory/2856-58-0x000007FEF2520000-0x000007FEF2531000-memory.dmp

Filesize
68KB

Download
memory/2856-59-0x000007FEF24F0000-0x000007FEF251A000-memory.dmp

Filesize
168KB

Download
memory/2856-60-0x000007FEF24D0000-0x000007FEF24E3000-memory.dmp

Filesize
76KB

Download
memory/2856-61-0x000007FEF24B0000-0x000007FEF24C2000-memory.dmp

Filesize
72KB

Download
memory/2856-62-0x000007FEF2490000-0x000007FEF24AB000-memory.dmp

Filesize
108KB

Download
memory/2856-63-0x000007FEF2470000-0x000007FEF2482000-memory.dmp

Filesize
72KB

Download
memory/2856-64-0x000007FEF2450000-0x000007FEF2465000-memory.dmp

Filesize
84KB

Download
memory/2856-65-0x000007FEF22D0000-0x000007FEF244A000-memory.dmp

Filesize
1.5MB

Download
memory/2856-66-0x000007FEF22B0000-0x000007FEF22C3000-memory.dmp

Filesize
76KB

Download
memory/2856-67-0x000007FEF2290000-0x000007FEF22A4000-memory.dmp

Filesize
80KB

Download
memory/2856-68-0x000007FEF2270000-0x000007FEF2282000-memory.dmp

Filesize
72KB

Download
memory/2984-1081-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download