89a324dd66eafea1b3b3b0457f7fdbec9b7b2dcb5a43e1bf36e2dad208b8aed6

Analysis

max time kernel
63s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

46.8MB
MD5

40ad46aafda0403a57420bd4a64a0d2d
SHA1

f202536bd0ff7623674b0e85214e7a5d1d709a98
SHA256

89a324dd66eafea1b3b3b0457f7fdbec9b7b2dcb5a43e1bf36e2dad208b8aed6
SHA512

86ec2a5b6a832d4db2c0f9e37426b3128afc92a11f5a20f566fd1e1beddea245bff94d3255f951760cd5cb74751cb6862c6bbc9b8dd674bf8838c50883936077
SSDEEP

786432:7Cj7EXYoDG26qb40D5oktpWQMqzahTLjgUxDJCn2ovvP0vxTGHoT16T3cZ8uK:7CnEIn2bb40D5rbp6hTLUU3ovvP0vxTo

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4612	Melodyne.exe

Loads dropped DLL 16 IoCs

pid	Process
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4856	Setup.exe
4612	Melodyne.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\desktop.ini	Setup.exe
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\desktop.ini	Setup.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Celemony\Melodyne 5\uninstbr.000	Setup.exe
File opened for modification	C:\Program Files\Celemony\Melodyne 5\uninstall.dat.new	Setup.exe
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\PlugIn.ico	Setup.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\Contents\x64\Melodyne.aaxplugin	Setup.exe
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\Contents\x64\Melodyne.aaxplugin	Setup.exe
File created	C:\Program Files\Celemony\Melodyne 5\uninstbr.000	Setup.exe
File created	C:\Program Files\Common Files\Celemony\Bundles\MelodyneCore-5.3.1.018.dll	Setup.exe
File opened for modification	C:\Program Files\Celemony\Melodyne 5\tclB07.tmp	Setup.exe
File opened for modification	C:\Program Files\Common Files\Celemony\Bundles\MelodyneCore-5.3.1.018.dll	Setup.exe
File created	C:\Program Files\Celemony\Melodyne 5\uninstall.dat	Setup.exe
File opened for modification	C:\Program Files\Celemony\Melodyne 5\uninstall.exe	Setup.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\desktop.ini	Setup.exe
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\desktop.ini	Setup.exe
File created	C:\Program Files\Common Files\VST3\Celemony\Melodyne\Melodyne.vst3	Setup.exe
File opened for modification	C:\Program Files\Common Files\VST3\Celemony\Melodyne\Melodyne.vst3	Setup.exe
File created	C:\Program Files\Celemony\Melodyne 5\Melodyne.exe	Setup.exe
File opened for modification	C:\Program Files\Celemony\Melodyne 5\Melodyne.exe	Setup.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\PlugIn.ico	Setup.exe
File created	C:\Program Files\Celemony\Melodyne 5\uninstall.exe	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4856	Setup.exe
4856	Setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1636	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4856

C:\Program Files\Celemony\Melodyne 5\Melodyne.exe
"C:\Program Files\Celemony\Melodyne 5\Melodyne.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Celemony\Melodyne 5\Melodyne.exe

Filesize
1.5MB

MD5
760136a075184b3ddca7de5bfac3cda4

SHA1
24eff8dacbeccf4f944294e6a5b9cbaaff385323

SHA256
349cd6d2073fe0c33d4cbdec21a2f23012f9b0a2ab15ff4b487687d6491582e4

SHA512
c6361a2b43de67e589d6ff8deec7f5afa4ea41e7063f3f67f91bb8e31da12dcac2efe04770f266bbcc5998fc63ed1a459bf517ea0f555d8d83f5543bd95ebfe7

Download Submit
C:\Program Files\Celemony\Melodyne 5\uninstbr.000

Filesize
6.1MB

MD5
1043d03c8cb769e316c92cf4e173b266

SHA1
8a689755980bfbb39e353ad66e9e356059863174

SHA256
f9d6f7cdd76c4f180180248b50eaa0a25070f75defdc33a69d39fdfb0e41be86

SHA512
381be02895f6fb4daa17a49828ea8d446f5eddf1f63ce4e967d99a27e5c8a926a93e7dca8e1fa78fb9f1a8a541d8ae1311c369aeaab53d4e6d217f3fb5b5c3cc

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\Contents\x64\Melodyne.aaxplugin

Filesize
31.1MB

MD5
de50028237d5668759fc2a7eccce7d61

SHA1
2a80b79b534a4bf792a77aaae77f29227263ca5d

SHA256
91f093264ccb1d9d41ff6d90ec699d0b293111551ce555cbe3fe390a62aa40ab

SHA512
a402bbb6f69de0237923ac3ff03e19edba0b41c1e8a867862bd2f2ef4800d3a382fcb193a4cb19732706c8f28a0cf88de87ed1f0bafb319a52df49e0a04469bf

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\PlugIn.ico

Filesize
354KB

MD5
936945b87a112cbf92d200f2180564a3

SHA1
6787346f7270f5736452830be5fa86b9d8e0b05f

SHA256
6cd99e8cc4d7c8bdc137e2b908210100319181165820649dacc0fae4974150b6

SHA512
f720b961f6517b527f1c6770cdccaa9c22157dae6ed4d26dbd124ca9cf26aaa2e5717730ca1de6b08f714170dd3029fa75c5a09bda8dfe84a0ac9b1f5a8178f5

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Melodyne.aaxplugin\desktop.ini

Filesize
126B

MD5
798095cd31340606c8e81d0a5107d57e

SHA1
39d058c4d45ef84b188f7ece620106124eb3d74e

SHA256
5526ef6345adee7c693e58354dd72b095df152be62ff7298b4c6f6d0f91e2f83

SHA512
9ca995c89d3f23cd2a977fb2826da1f75dc4caa4fe965f9aac3a6d486f6558429a44eaeea35217f85d94ba6d7c2c54ab520c9a1786133b2edd103e36159e53a1

Download Submit
C:\Program Files\Common Files\VST3\Celemony\Melodyne\Melodyne.vst3

Filesize
1.3MB

MD5
c0f10b8569ee69d7c0b2df8026389581

SHA1
f3fe876b908c70fb83e405afb1ff07bf86a776b5

SHA256
10335a895d43474fc4fb44f996adec8b8257804c4a0a701cc109a2cc4edf7ad3

SHA512
df0f56e90fbdfdeb3de7fad3223511f3f9172b1399fd6d705aaa7376ae1314d075fd06b1f858853d56675f01518c4d642e45dd5eef16b1d5dbbbb49a832b011f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE29F.tmp

Filesize
64KB

MD5
d2e59ee980c15085bbe292082abec7e6

SHA1
30154e439177235e768c6fc9c7e6d83e9320a80b

SHA256
eb10d4d4b459f4bbaf611538ed8098c7fad5a839495085f3363b3bf1050c4958

SHA512
6f61f337ee24a8fab29afcbcd2a5e674c5745cf5caaba99e58fc9d762fae3620864262d23118728ed6d124ab51feeaa7d9057042b6a42bc9e49feda18005a7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE31D.tmp

Filesize
356KB

MD5
c3c4f3fe90e3b3b02bea0e8da3447ed2

SHA1
7ac0f54119d2273a2cd261f1fe6c5667e9c486df

SHA256
3524ec77985e390acf9d07d81b1b44305165d711bbca770f7458ea0a78751f82

SHA512
0e24c9394c635a3f1671a297f97b613e6936cd8f862a214125d3456324a18668ae138d5c4fde036f55e2b13b158e4cebc53f78153862a008b1ae747eab228a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE428.tmp

Filesize
59KB

MD5
f62dd6ce51e19349ec1d1f2e88c4ef4d

SHA1
60bd29538b4fecaf527ba8b7d92b7f32d2e72ddb

SHA256
be88244da9faaa6636a9d2f4c4249c08066a0b48359690b9b27a2b9ed47e093d

SHA512
ba68a59427ec252b895e1c3d6879e0c7a010893d23b5a8687ce86d738faaec1367f73abbcf63fb8ce8b95d32afa3049cd59f22f0bc5a2ff2a3b123a54fe02012

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE448.tmp

Filesize
136KB

MD5
119e67e0b0add3f09aabbde47a599e17

SHA1
991c049d2466c5242f67e664159cb025f49e5c70

SHA256
439416fcebcf073600af44a2fb83428896dc8f69120ee4a76ee490a6428d6c94

SHA512
88d85765867555f8bf22db707ae49042db1a1bb1ed8a093afe4d10446b25e6400a2811f88bc5af9edb16b2b4f0366b09177cb9116c89e6950cb96b9fb2d93572

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE469.tmp

Filesize
513KB

MD5
5fbc6bd806a8a6c460faceeea73bd7f7

SHA1
4d1586a9631a72c3e1d75fb3c385dbd278804665

SHA256
8033d1b3af84d47d275e022608da35baac16cf40d9607ca026a47b6cd65e6a97

SHA512
4c51f9f331ac15206942e13504334b4c3549888519388607c44b617a68a9095114b0e6127e82b84170445df06260cc62308bc197b90cfb95af18d7cb6d413195

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE4B8.tmp

Filesize
235KB

MD5
51c675fc1ef0a62322052d3e86567c06

SHA1
e295d0b668105d81f9180ef1056d0528e4b2116a

SHA256
aaa3d7e589e9be1911eee5974afa68c64af1bbd5e039ff6a82a15c2b54c0f9f0

SHA512
a352e82db5c930c73165a48337ae51acda7ebd393b8b0b57d03d2e1b5057c41c26b1f321759b7bc521166890853ecdad7b37531212243ad86e181e2252a3b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE4E8.tmp

Filesize
18KB

MD5
6d2c718c3059ceaa7b90919e6725a09a

SHA1
489967f8fe2b9021a891112754b840fe7dc71d13

SHA256
2ca70bc6394ee1b299a8cf1fe28e95c7d68b765e1828db1b651a7a62acae5356

SHA512
37547e9c6080d0dcb3ea23d9c856ce689997275b40d72bf9fd7c7c165e8cee4afe2ebe52e052c5f8bfc3e618391425219e9681191ee6f650444ebd643cb5a50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE5F2.tmp

Filesize
19KB

MD5
a56543b9cd3aa403311b49189d25851e

SHA1
bd2609d35d4a967fe23ef4092b1daa6f74a858ad

SHA256
034756f772399552cd33605a189ee0e45d7947860e0d83ec12aa6da1a5a42054

SHA512
2237f493d70799675ae0e395f551b6cd46ff4789e46e2453c48fede07b7623b4b8111904d6fa139c204eea4405b5fd5812b0a91f27374219b721339149c25edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE789.tmp

Filesize
36KB

MD5
a8b2a9bc29f24b733d35a8ef30551edd

SHA1
3faee2d4e1ce3ddcaa4c560c40e045cf147622cc

SHA256
22d4a48d7dd5c51c63e277944a91511e69d514721b5cd60b7da877d38bd8744d

SHA512
aca6c103b737e0142913fd12b6783464c7edba1953a0bd07084e996a070a7118d1f571249882f982dc7bd47656ac23b86b598b434176b3ab9553b63512771d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE78A.tmp

Filesize
96KB

MD5
9b299884420745d80c70bba6b8a7f05a

SHA1
195423185a7776e072a65fbabae868c15f7b2f56

SHA256
9426e96a97f41645fab524385a852687792f99b505554b6b9809ed99451b2399

SHA512
ed839dc1b6ef53f3663b6055fb2869a522600b2af8d8a800958ddb531154f4e9a3f1733f32dff5511a22fe01525191c8683519cbdcedec138b1bcf3425f2155b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE7AB.tmp

Filesize
115KB

MD5
54431791b0b31ccd0112486f542858a1

SHA1
e628f2dc29d039d474f97fe67e562bd8798c6ba6

SHA256
b382c74f532ab766c272ed11b107a3ef7c015cca2e716243379058c084981332

SHA512
fab7561a312afdc92dcf70fe8a80356914153bdb9ff46d64b8f4e8d872a5a619a72a9ae5a8af656f371a59672737fe5990d33990154ad3b5d006a68cbefd01f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE7DB.tmp

Filesize
53KB

MD5
2c8f6a964ca7761122f7da22042462f4

SHA1
290e48bf0f83b3f3832f69bb1ea0637ed4d8ccca

SHA256
9d6f2629aa5978dd6b87fe9bce77a5cf0135b8da2980a050579eb4e23a92f8fa

SHA512
88c49dbc5a5cce28fc61689b953e091dc5114196a9ce5977de1bc1ea916333d73a13d06abb56b7afd88f6c4f80953a2b9b720cd79e773a1246d44b37eae4cbf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE7EB.tmp

Filesize
53KB

MD5
4640fd47f64bb72cb34dbafee65dbdde

SHA1
508c8713e06ba55588d41918c5a99308cb4b37a0

SHA256
f02c4352ea80e1b476eb4754455ae684efb4289d95edf925e38bd3789f6ead49

SHA512
de2d05ea66ab37b7120cde8f4aeb79c6365430bd94f56b07019451e1329f8f3a2674af9ed6677b8ade59fa2185c6a48eaead47091edc8284e686260c69544a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE7FC.tmp

Filesize
218KB

MD5
7190ecf05ec3b297d6ded3e204399e95

SHA1
5c085cbbbcc8686266acfb318e75a38794625e88

SHA256
49e2c502923de5f89958de86f1cc6f91e7ddafe46d0f81bfb51a669627650e6e

SHA512
4e12adcaaebdc08e06270437dd4ebf33c4aecd5b6cce7245bf12b0303c809465d75d5b319fb262a807cf9a5cb99d808e466fc30b19d88ddcf2b3f0b9c9f74881

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL000012f8\BRE80C.tmp

Filesize
125KB

MD5
053a60f34c75ca0a4a821b46eae86d31

SHA1
ebcf9f84a393969655969c248c2d572d7a05541c

SHA256
683f19a461948f4cca2fbece26949b34d6347dff279efece983b9f64a868422c

SHA512
346c989ef320079b5978678264059ad9e545081dded233d10dca73a72906fa01df30a3c96f6d319efcea64c198ef409748e511dab8a4d43e1fa7af50ed3f0256

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp#4612#1864.cur

Filesize
36KB

MD5
02b23694228b25bc01c9fbeb4ddd27cc

SHA1
56b240f5165df6cd7158173bca614fd443fb6de5

SHA256
b13b16bd9e63db2f1445d2082cf2cc673be3231b867565f6a6469d8ee567ada0

SHA512
1afc701d09646efbedbcd318aabecb552d83acb707e05525219bd3c9b4c6897a25b47bedeeef77c9ccebd49ce6ee120555ac4988cb810c84be249cae34cfb4ba

Download Submit
C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist

Filesize
2KB

MD5
b1cc7f7d755961ad4f84d908825355bc

SHA1
d40b2f7e242b9aa74f7cb018f2d55e206586fa43

SHA256
2bb6a057f7ff2727af9bdc76ab21174b2d089ee4e50309bff56255e6c46d6c9e

SHA512
16ad2559d19f1c7f2184788d7c42c81f749bd166d1d79bd13e173fa1dcfd3ed51e8ef84e2e91def21fc3f17a874d746b96878981245dfd63f10d3639500cae6b

Download Submit
C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist

Filesize
3KB

MD5
fa7ef6f67eb471002bba92be7f28cf65

SHA1
eb1bcde75c3ca2938d20c750c0658ecef8ee655a

SHA256
aafc8d8430d6dfa2bf3bdab8e666062c7965722a4f05b893f058aad209eeacf6

SHA512
0f26046002fea31dab148c7f329554ddf1bbb750d80e5e2c1e1caa022682e0f10a08df519e26a6a56fe941da587d9fad959596b6be3e354e64641002b29d0fb7

Download Submit
C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist

Filesize
2KB

MD5
7c6e4732d8d8ab7552106970ff629a83

SHA1
670b767f2a18c4c81d1cf92332008e3e7c660299

SHA256
49e6c7d308f562138e1a4e930c32610f5c72ac0abb952cb373220c58cba1b56e

SHA512
5436670d18c5aea46cae9dc080aa9a66cf472e54021f0f7326012aff9a8b21d5e2446d3aa55ae6840cae0904a66a323e5f8f7ae28998b84997e926a62cf1f9a8

Download Submit
C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist

Filesize
3KB

MD5
dc03d9f665f0c475900cdb4272a6f3e0

SHA1
2f342e2fdb2f166809a1eb303f6778e09af3625d

SHA256
1b997155216b05fa3ff6245917776d200e960db26166399329a40dc1e17a33e0

SHA512
4cf2e6d6dd3e33720a4b5958ded77d61f32d75aca231c74a9add40a3e2da8df27018369e3b2b804a5e9c78cf43017d2065c1bc643e347bf8073089e514663f7d

Download Submit
C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist

Filesize
3KB

MD5
6a80ee4e3c2f51ae63c3926f442bcba0

SHA1
54ba62e734827a652e042c304eba71454d9f8bdd

SHA256
143fb868c14416c48055206314e0e50aef856ad021cf3fed1d10abe03b1cf615

SHA512
147ed4a2b9c959c79ddd8d5dbd705b3f60a8060515ce6ce06342653be683cd20ee5307d8e4b0a53ab4986ce7bcc2ae0309702904c5aa2ff32288586a935a8ba3

Download Submit
C:\Users\Admin\AppData\Roaming\Celemony Software GmbH\com.celemony.melodyne.plist~

Filesize
2KB

MD5
f1fab0ea1e9188f6621947d091bfe96d

SHA1
58372e4780f68285737574a059f29701eeb1d8db

SHA256
01951bf1c2be95d341e260c4ca1acd115530f629aecface090654f0e447ca202

SHA512
e153c0ecd90ca546871d0ac323893e8f83c99b5a151d8cf34032e294837e470bb29950bc1922946faf50cbf8ba145d60b36d8e92337bad7a74507e9331f95c6a

Download Submit
memory/4856-149-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/4856-146-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/4856-145-0x00000000710C0000-0x00000000710E3000-memory.dmp

Filesize
140KB

Download
memory/4856-144-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/4856-143-0x00000000594C0000-0x00000000594D5000-memory.dmp

Filesize
84KB

Download
memory/4856-188-0x00000000710C0000-0x00000000710E3000-memory.dmp

Filesize
140KB

Download
memory/4856-196-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/4856-195-0x0000000067E00000-0x0000000067E20000-memory.dmp

Filesize
128KB

Download
memory/4856-194-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/4856-193-0x0000000067380000-0x0000000067391000-memory.dmp

Filesize
68KB

Download
memory/4856-192-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/4856-191-0x00000000594B0000-0x00000000594BE000-memory.dmp

Filesize
56KB

Download
memory/4856-190-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/4856-189-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/4856-185-0x00000000008A0000-0x0000000000B9F000-memory.dmp

Filesize
3.0MB

Download
memory/4856-187-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/4856-186-0x00000000594C0000-0x00000000594D5000-memory.dmp

Filesize
84KB

Download
memory/4856-147-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/4856-148-0x00000000594B0000-0x00000000594BE000-memory.dmp

Filesize
56KB

Download
memory/4856-150-0x0000000067380000-0x0000000067391000-memory.dmp

Filesize
68KB

Download
memory/4856-151-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/4856-152-0x0000000067E00000-0x0000000067E20000-memory.dmp

Filesize
128KB

Download
memory/4856-153-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/4856-142-0x00000000008A0000-0x0000000000B9F000-memory.dmp

Filesize
3.0MB

Download