Malware Analysis Report

2025-05-05 22:24

Sample ID 231009-w7msjafe2z
Target BlitzedGrabberV12.exe
SHA256 920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709

Threat Level: Shows suspicious behavior

The file BlitzedGrabberV12.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Drops file in Windows directory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-09 18:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-09 18:33

Reported

2023-10-09 18:35

Platform

win10-20230915-en

Max time kernel

64s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1137129745-4190849146-4270886183-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

N/A

Files

memory/3880-1-0x0000000073900000-0x0000000073FEE000-memory.dmp

memory/3880-0-0x0000000000F50000-0x00000000010FC000-memory.dmp

memory/3880-2-0x0000000006100000-0x00000000065FE000-memory.dmp

memory/3880-3-0x0000000005B00000-0x0000000005B92000-memory.dmp

memory/3880-4-0x0000000005BF0000-0x0000000005C00000-memory.dmp

memory/3880-5-0x0000000005A80000-0x0000000005A8A000-memory.dmp

memory/3880-6-0x0000000005E30000-0x0000000006022000-memory.dmp

\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/3880-14-0x0000000070560000-0x0000000070597000-memory.dmp

memory/3880-15-0x0000000072370000-0x00000000723F0000-memory.dmp

memory/3880-16-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-17-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-19-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-21-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-23-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-25-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-27-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-29-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-31-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-33-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-35-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-37-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-39-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-41-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-43-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-45-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-47-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-49-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-51-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-53-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-55-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-57-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-59-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-61-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-63-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-65-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-67-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-69-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-71-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-73-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-75-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-77-0x0000000005E30000-0x000000000601E000-memory.dmp

memory/3880-417-0x0000000073900000-0x0000000073FEE000-memory.dmp

memory/3880-487-0x0000000005BF0000-0x0000000005C00000-memory.dmp

memory/3880-597-0x0000000070560000-0x0000000070597000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-09 18:33

Reported

2023-10-09 18:36

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/3648-1-0x0000000000430000-0x00000000005DC000-memory.dmp

memory/3648-0-0x00000000751E0000-0x0000000075990000-memory.dmp

memory/3648-2-0x0000000005700000-0x0000000005CA4000-memory.dmp

memory/3648-3-0x0000000004FA0000-0x0000000005032000-memory.dmp

memory/3648-4-0x0000000005140000-0x0000000005150000-memory.dmp

memory/3648-5-0x0000000005150000-0x000000000515A000-memory.dmp

memory/3648-6-0x0000000005310000-0x0000000005502000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/3648-14-0x00000000718E0000-0x0000000071917000-memory.dmp

memory/3648-15-0x0000000073BF0000-0x0000000073C79000-memory.dmp

memory/3648-16-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-17-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-19-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-21-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-23-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-25-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-27-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-29-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-31-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-33-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-35-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-37-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-39-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-41-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-43-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-45-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-47-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-49-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-51-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-53-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-55-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-57-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-59-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-61-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-63-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-65-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-67-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-69-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-71-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-73-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-75-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-77-0x0000000005310000-0x00000000054FE000-memory.dmp

memory/3648-369-0x00000000751E0000-0x0000000075990000-memory.dmp

memory/3648-424-0x0000000005140000-0x0000000005150000-memory.dmp

memory/3648-498-0x00000000718E0000-0x0000000071917000-memory.dmp