Analysis Overview
SHA256
739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022
Threat Level: Known bad
The file 739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Deletes itself
Unsigned PE
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-23 18:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-23 18:52
Reported
2023-09-23 18:55
Platform
win7-20230831-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
SmokeLoader
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe
"C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gudintas.at | udp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
| AR | 186.13.17.220:80 | gudintas.at | tcp |
Files
memory/1932-1-0x0000000000800000-0x0000000000900000-memory.dmp
memory/1932-2-0x0000000000400000-0x0000000000711000-memory.dmp
memory/1932-3-0x0000000000220000-0x0000000000229000-memory.dmp
memory/1932-5-0x0000000000400000-0x0000000000711000-memory.dmp
memory/1268-4-0x0000000002A80000-0x0000000002A96000-memory.dmp
memory/1268-11-0x000007FEF5540000-0x000007FEF5683000-memory.dmp
memory/1268-12-0x000007FE81C00000-0x000007FE81C0A000-memory.dmp
memory/1268-13-0x000007FEF5540000-0x000007FEF5683000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-23 18:52
Reported
2023-09-23 18:55
Platform
win10v2004-20230915-en
Max time kernel
150s
Max time network
140s
Command Line
Signatures
SmokeLoader
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe
"C:\Users\Admin\AppData\Local\Temp\739c8d45ca4059f0b591bd553bdab486519b663fb092ad11868a8c6c3d9ec022_JC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gudintas.at | udp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| US | 8.8.8.8:53 | 9.254.120.175.in-addr.arpa | udp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| KR | 175.120.254.9:80 | gudintas.at | tcp |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
Files
memory/3256-1-0x0000000000770000-0x0000000000870000-memory.dmp
memory/3256-2-0x0000000000400000-0x0000000000711000-memory.dmp
memory/3256-3-0x0000000002460000-0x0000000002469000-memory.dmp
memory/3232-4-0x0000000003150000-0x0000000003166000-memory.dmp
memory/3256-5-0x0000000000400000-0x0000000000711000-memory.dmp
memory/3232-12-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-13-0x0000000008A10000-0x0000000008A20000-memory.dmp
memory/3232-14-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-15-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-11-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-16-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-17-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-18-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-20-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-22-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-23-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-21-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-24-0x0000000008AB0000-0x0000000008AC0000-memory.dmp
memory/3232-25-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-27-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-26-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-29-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-28-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-33-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-31-0x0000000008AB0000-0x0000000008AC0000-memory.dmp
memory/3232-30-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-35-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-36-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-37-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-34-0x0000000008A10000-0x0000000008A20000-memory.dmp
memory/3232-38-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-40-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-41-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-42-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-44-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-43-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-45-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-46-0x0000000008AB0000-0x0000000008AC0000-memory.dmp
memory/3232-47-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-48-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-50-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-51-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-49-0x0000000003040000-0x0000000003050000-memory.dmp
memory/3232-52-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-54-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-53-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-56-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-58-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-59-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-60-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-61-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-62-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-63-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-64-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-67-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-66-0x0000000003040000-0x0000000003050000-memory.dmp
memory/3232-65-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-68-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-70-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-72-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-69-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-73-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-74-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-75-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-76-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-77-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-79-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-81-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-80-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-82-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-78-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-83-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-84-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-85-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-86-0x0000000003070000-0x0000000003080000-memory.dmp
memory/3232-87-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-88-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-89-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-93-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-92-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-91-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-90-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-95-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-96-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-97-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-98-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-99-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-103-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-102-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-107-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-105-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-104-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-101-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-100-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-109-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-110-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-111-0x0000000003050000-0x0000000003060000-memory.dmp
memory/3232-112-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-114-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-113-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-116-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-115-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-118-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-117-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3232-119-0x00000000032C0000-0x00000000032D0000-memory.dmp