Analysis Overview
SHA256
233cc662669c79de8f54bd016d0534c6d2700a2d9b01d2851086a97d682befc6
Threat Level: Shows suspicious behavior
The file PEGASUS LIME HVNC.7z was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-18 08:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-18 08:35
Reported
2023-10-18 08:41
Platform
win7-20230831-en
Max time kernel
312s
Max time network
319s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe
"C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe"
Network
Files
memory/2196-0-0x0000000074640000-0x0000000074D2E000-memory.dmp
memory/2196-1-0x0000000000AA0000-0x0000000005C12000-memory.dmp
memory/2196-2-0x0000000074640000-0x0000000074D2E000-memory.dmp
memory/2196-3-0x0000000009DD0000-0x0000000009E10000-memory.dmp
memory/2196-4-0x000000000AEE0000-0x000000000B11E000-memory.dmp
\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
C:\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/2196-11-0x0000000074540000-0x00000000745C0000-memory.dmp
memory/2196-12-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-13-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-15-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-17-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-19-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-21-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-23-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-27-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-25-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-29-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-73-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-71-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-69-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-67-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-65-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-63-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-61-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-59-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-57-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-55-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-53-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-51-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-49-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-47-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-45-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-43-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-41-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-39-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-37-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-35-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-33-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-31-0x000000000AEE0000-0x000000000B11A000-memory.dmp
memory/2196-741-0x0000000009DD0000-0x0000000009E10000-memory.dmp
memory/2196-14033-0x000000000AD90000-0x000000000AD9C000-memory.dmp
memory/2196-14034-0x0000000009DD0000-0x0000000009E10000-memory.dmp
memory/2196-14035-0x0000000009DD0000-0x0000000009E10000-memory.dmp
memory/2196-14037-0x000000000B8C0000-0x000000000BA34000-memory.dmp
memory/2196-14039-0x00000000070F0000-0x0000000007120000-memory.dmp
memory/2196-14038-0x000000000AAB0000-0x000000000ABC6000-memory.dmp
memory/2196-14040-0x0000000009DD0000-0x0000000009E10000-memory.dmp
memory/2196-14041-0x0000000009DD0000-0x0000000009E10000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-18 08:35
Reported
2023-10-18 08:41
Platform
win10-20230915-en
Max time kernel
258s
Max time network
324s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ifconfig.me | N/A | N/A |
| N/A | ifconfig.me | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe
"C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifconfig.me | udp |
| US | 34.160.111.145:443 | ifconfig.me | tcp |
| US | 8.8.8.8:53 | 145.111.160.34.in-addr.arpa | udp |
Files
memory/4168-0-0x00000000731A0000-0x000000007388E000-memory.dmp
memory/4168-1-0x0000000000B00000-0x0000000005C72000-memory.dmp
memory/4168-2-0x000000000A170000-0x000000000A66E000-memory.dmp
memory/4168-3-0x0000000009C70000-0x0000000009D02000-memory.dmp
memory/4168-4-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-5-0x00000000075F0000-0x00000000075FA000-memory.dmp
memory/4168-6-0x000000000B670000-0x000000000B8AE000-memory.dmp
\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
C:\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/4168-15-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-14-0x0000000071C10000-0x0000000071C90000-memory.dmp
memory/4168-16-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-18-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-20-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-22-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-24-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-26-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-28-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-30-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-32-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-34-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-36-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-38-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-40-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-42-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-44-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-46-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-48-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-50-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-52-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-54-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-56-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-58-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-60-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-62-0x00000000731A0000-0x000000007388E000-memory.dmp
memory/4168-63-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-65-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-67-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-69-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-71-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-73-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-75-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-77-0x000000000B670000-0x000000000B8AA000-memory.dmp
memory/4168-373-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14037-0x00000000008B0000-0x00000000008BC000-memory.dmp
memory/4168-14038-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14039-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14041-0x000000000C1A0000-0x000000000C314000-memory.dmp
memory/4168-14042-0x000000000C610000-0x000000000C726000-memory.dmp
memory/4168-14043-0x000000000B470000-0x000000000B4A0000-memory.dmp
memory/4168-14044-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14045-0x000000000D4C0000-0x000000000D55C000-memory.dmp
memory/4168-14046-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14047-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14048-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14049-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14050-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14051-0x0000000009C60000-0x0000000009C70000-memory.dmp
memory/4168-14052-0x0000000009C60000-0x0000000009C70000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-18 08:35
Reported
2023-10-18 08:41
Platform
win10v2004-20230915-en
Max time kernel
307s
Max time network
313s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe
"C:\Users\Admin\AppData\Local\Temp\PEGASUS LIME HVNC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
memory/5036-0-0x0000000074F50000-0x0000000075700000-memory.dmp
memory/5036-1-0x0000000000350000-0x00000000054C2000-memory.dmp
memory/5036-2-0x000000000A5B0000-0x000000000AB54000-memory.dmp
memory/5036-3-0x0000000009E40000-0x0000000009ED2000-memory.dmp
memory/5036-4-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-5-0x0000000009E20000-0x0000000009E2A000-memory.dmp
memory/5036-6-0x000000000B980000-0x000000000BBBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
C:\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/5036-14-0x0000000073960000-0x00000000739E9000-memory.dmp
memory/5036-15-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-16-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-18-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-20-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-22-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-24-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-26-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-28-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-30-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-32-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-34-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-36-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-38-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-40-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-42-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-44-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-46-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-48-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-50-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-52-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-54-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-56-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-58-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-60-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-62-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-64-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-66-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-68-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-70-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-72-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-74-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-76-0x000000000B980000-0x000000000BBBA000-memory.dmp
memory/5036-107-0x0000000074F50000-0x0000000075700000-memory.dmp
memory/5036-343-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14037-0x0000000005920000-0x000000000592C000-memory.dmp
memory/5036-14038-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14039-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14041-0x000000000CDA0000-0x000000000CF14000-memory.dmp
memory/5036-14042-0x000000000CAA0000-0x000000000CBB6000-memory.dmp
memory/5036-14043-0x000000000CBC0000-0x000000000CBF0000-memory.dmp
memory/5036-14044-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14045-0x00000000100E0000-0x000000001017C000-memory.dmp
memory/5036-14046-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14047-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14048-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14049-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14050-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14051-0x000000000DA00000-0x000000000DB22000-memory.dmp
memory/5036-14052-0x0000000009FF0000-0x000000000A000000-memory.dmp
memory/5036-14053-0x0000000009FF0000-0x000000000A000000-memory.dmp