Analysis Overview
SHA256
fb75c71c3a6a1f8d9bcc680521b053e2d6b9b3fbcf29ed86ac5cf01c7ce74d02
Threat Level: Known bad
The file 0b44d3630f3bde3a89adb3dbfcd83a68 was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Checks whether UAC is enabled
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-30 02:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 02:13
Reported
2023-12-30 15:49
Platform
win7-20231215-en
Max time kernel
7s
Max time network
140s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b44d3630f3bde3a89adb3dbfcd83a68.dll,#1
C:\Windows\system32\dccw.exe
C:\Windows\system32\dccw.exe
C:\Users\Admin\AppData\Local\kWz\dccw.exe
C:\Users\Admin\AppData\Local\kWz\dccw.exe
C:\Windows\system32\WFS.exe
C:\Windows\system32\WFS.exe
C:\Users\Admin\AppData\Local\4X9mdPGr\WFS.exe
C:\Users\Admin\AppData\Local\4X9mdPGr\WFS.exe
C:\Windows\system32\shrpubw.exe
C:\Windows\system32\shrpubw.exe
C:\Users\Admin\AppData\Local\IK0Ju\shrpubw.exe
C:\Users\Admin\AppData\Local\IK0Ju\shrpubw.exe
Network
Files
memory/2156-0-0x0000000140000000-0x0000000140233000-memory.dmp
memory/2156-1-0x0000000000210000-0x0000000000217000-memory.dmp
memory/1236-4-0x0000000077826000-0x0000000077827000-memory.dmp
memory/1236-5-0x0000000002AF0000-0x0000000002AF1000-memory.dmp
memory/1236-7-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-14-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-17-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-22-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-26-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-27-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-28-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-29-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-31-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-32-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-33-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-34-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-35-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-36-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-37-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-39-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-40-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-43-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-44-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-45-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-47-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-49-0x0000000002AC0000-0x0000000002AC7000-memory.dmp
memory/1236-48-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-46-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-42-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-56-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-41-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-57-0x0000000077A31000-0x0000000077A32000-memory.dmp
memory/1236-58-0x0000000077B90000-0x0000000077B92000-memory.dmp
memory/1236-38-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-30-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-24-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-25-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-23-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-21-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-20-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-19-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-67-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-18-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-16-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-71-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-15-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-13-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-76-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-12-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-11-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-10-0x0000000140000000-0x0000000140233000-memory.dmp
memory/1236-9-0x0000000140000000-0x0000000140233000-memory.dmp
C:\Users\Admin\AppData\Local\kWz\dccw.exe
| MD5 | acc928c260140cfb6f3d5620bad197ff |
| SHA1 | 9f3ef01962e9f7d44052584270d935ce2235aa63 |
| SHA256 | 1c3b4d6f3520b9f49a28653385eabb7e07f991faaf55522047a5d239724d2abd |
| SHA512 | 5a1db503b3a376ac81f4a73605b4294b27af01ada7d4725eb69e495d4572596bc8ea032778106d71ce6e360ee0660c7f985f19055234ca6ce60dc4f86405ecd5 |
\Users\Admin\AppData\Local\kWz\mscms.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2116-85-0x00000000001F0000-0x00000000001F7000-memory.dmp
C:\Users\Admin\AppData\Local\kWz\mscms.dll
| MD5 | 10c744ddd5b038896b79402fc56a09a5 |
| SHA1 | bd0913e5aed77e2b46b224d07ef2081a0053edf2 |
| SHA256 | 72bb7bebc86f78c2c811bf450387202579ff2a05fbfb046390a4e65645e892fb |
| SHA512 | cc3cc0128cdc85be4c1ed18e4b15cafb1e20bc3fc2dfdcf5960e7fd22327a68e4d7b14e7674a496077ab16cc6cb2fbd394358e53b95f896ffb50dc45525d4dcc |
\Users\Admin\AppData\Local\kWz\dccw.exe
| MD5 | 61901a249f052192c4c6307e3eb63ceb |
| SHA1 | 59268d7a45aa13faed6d279e3e615a2608a4c57a |
| SHA256 | 2a583a04c619c21efb41217698bfb3b0e7a2797432c28ff7685ef3b5ead2a130 |
| SHA512 | 06d68a379612e6e5d4acca54fea4ab9426c33aadd377e46b5c1f55a004e5757b0d7d9564a2730510fdbd1a168296451c15d5c5001c0038ce7246f272885fd46d |
memory/2156-8-0x0000000140000000-0x0000000140233000-memory.dmp
C:\Users\Admin\AppData\Local\kWz\dccw.exe
| MD5 | a0b57e20e142e149461653b33e4f6efa |
| SHA1 | 5dce0d2061f8bf52997fba285c9f3e87c6c987c5 |
| SHA256 | 1ab67ff7731c37dae510550eb63eba5a463772464890d07269ef834a928fadc4 |
| SHA512 | 894ff0ad3850dc7e9a5a0f689499ab4c28da6d08ee1aa21910025be8a6bdd13fe677f9582affa69e4be7b76efc05c16b7e6dbbe5c2640577987f84c78d089fc0 |
C:\Users\Admin\AppData\Local\4X9mdPGr\MFC42u.dll
| MD5 | 1f9278f703f0345e8dbe8340b613fd4c |
| SHA1 | 38c3a08f9b6a0ef5e0be5b4948a6de66adebf151 |
| SHA256 | 1b64008c331a2ea7ab9c627baa5cd095b0b0c2650c7d04bc08179f0931299a05 |
| SHA512 | 2a23d48867fe2924f11cb563e5a7d71701b759cdbaaa7d4bc1f08da06a4df3e65a42cbcb2469a3a3e3398cb29c159d53a0bd8c0562c2afb5bb12173f2516656b |
memory/2808-109-0x0000000000170000-0x0000000000177000-memory.dmp
C:\Users\Admin\AppData\Local\4X9mdPGr\WFS.exe
| MD5 | 507e23cdd843f648ece60dcd05f85100 |
| SHA1 | 4b9aaa90f5725f52ac0f96c66d289af6a088c7a6 |
| SHA256 | 052ed5034f5a71fc0a5a95e9615f6449fd28b33cfb960b123d5e6a6305d23828 |
| SHA512 | 8d39e0b8227daacf13825ef197623be184ce6c8026e8ceacd443de06455a2cd7dcf80a2d48304e0dba829b1ba90c32e3eba48be4a6930b872c58e0ec072bfe2e |
C:\Users\Admin\AppData\Local\4X9mdPGr\WFS.exe
| MD5 | 15200e500fbdc8952e98a107b7caecd4 |
| SHA1 | 6d4ef781ee7759002eccdbe97a6b1785c408f55e |
| SHA256 | 8918fcb9d1e6805b8983eb129c324466f7cd1fe001b414c489775c63e94e168d |
| SHA512 | 84e06abecfa4aeb85155357c85137c5b63ffa75c6e4ca1dee0290e267d30598a79d4cbbb75e99f2eff7501e70844ec90c0b7c7a518f54a4542b6e3b0d71e4463 |
\Users\Admin\AppData\Local\IK0Ju\MFC42u.dll
| MD5 | caca4cc0c37b895fce4ffe4099c139e8 |
| SHA1 | f7f11ed1393f563826f15c82c4eb5ca09bb6ade3 |
| SHA256 | 1abefafa2e6524573662495891dd65a43461f54c42ec614440b9be931c97d37d |
| SHA512 | 16ec616b51953406602e7adabe35303d3b0bc5b80ce96614753f1ce0ec6d6fdf78a2d179fa12c0ed2fb0f1b884be868e24040edfe7643d5f539935b4d54baf27 |
C:\Users\Admin\AppData\Local\IK0Ju\shrpubw.exe
| MD5 | 77284b7c883e4c8a4c0d5cf48f3b3806 |
| SHA1 | d79d04da0501b636ad4c6e5071997ce8e4675725 |
| SHA256 | e4c9a8f76416141f1c053d37d0b75d70bb898ee90c42e1da0c736f1aaa12f765 |
| SHA512 | ee38ee10f4cf55d4fd3b6cc84369dd1d40325894bcd7e100bcedc48e113477ff868ab05bc90a3199efb72678e5128d2bd1c5aab45b1f9d1cc9dbe7ad027d1a76 |
memory/2916-133-0x0000000000310000-0x0000000000317000-memory.dmp
C:\Users\Admin\AppData\Local\IK0Ju\MFC42u.dll
| MD5 | 15f90f81a9628056169e97505094d1a7 |
| SHA1 | 9f82501246ff27539fc93b8ff2fce21bd3b808d9 |
| SHA256 | 7fc782186913bc7a84e0a8a8627cfabca0117a50f3260ee1194f40e7b38e6bf9 |
| SHA512 | 04376d47b930273c5c96685647fc555362e6d6589ff7e81e2d89ab1b47d917de99da8a60c26b295cb8a528882386df9a1f59ec9c3d9054f141b810d7b97c2ac7 |
\Users\Admin\AppData\Local\IK0Ju\shrpubw.exe
| MD5 | e2e2bf67316a84b985615fd5dc44f5e2 |
| SHA1 | 5063dc1c08294f5bc651560bfdb47c587cf1e911 |
| SHA256 | 53225f840310d1115d3d248b74c2382b3235776f9eac9a9f43cc9f54fd20e7bc |
| SHA512 | 5696e13fbeceee6fdf51ec2814c78f85709cf370dd992aad70f05b35c3aa3afe39dfdb223804ae9b0640860620e4d7b3cfde7073ff48b47dcfe6cb6353298c88 |
C:\Users\Admin\AppData\Local\IK0Ju\shrpubw.exe
| MD5 | 765b714a2703db55f63344bb1ec59e00 |
| SHA1 | 7627c470358e0ef515ac83fbe8a249a3bbda8d2f |
| SHA256 | d21dcc2dc084207532bdb72124c0a1d286ffb161918bfc6240243e526b2924a5 |
| SHA512 | 0474e254b9e5f018bed4c9b1eab7a519c750b578a7d5c2ecff882b6d57275e0c0c5ed5983a5aa28bea243a15af4efc2ad35b6cf951cdaba38bd31222c6b4f143 |
\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\Vh9xR78\shrpubw.exe
| MD5 | 9667b029a2817f2a380dbec1c8b8b981 |
| SHA1 | 6f4ff92e77f69a78ecafa0bd14956584d9daef82 |
| SHA256 | e7f48206665a02e29184b0f182cd65708f5973cdb604043901a691a1eae90b6d |
| SHA512 | 9848b5636b094f7a4c6e072c00da601386b2440719ab98092fab6535e916d9fdc3bea54e8db012c6a2bbb62c22d94e68ae65394640c6703784ed64b2ac23870c |
memory/1236-158-0x0000000077826000-0x0000000077827000-memory.dmp
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gmfoo.lnk
| MD5 | 863991e126203d1b9eed4b7408c261c7 |
| SHA1 | 16a482dbaebadfae9e16d4744a4fab7ca2a8df63 |
| SHA256 | 529cec24e1b769833773c9b3763f557fa7b3cc0224b9b5e0e6dd218fffc332a1 |
| SHA512 | a652f4c086eee05758d63bf26d6635c00ab0741804cb11c01e2efedcb9dcfc5381bddf8c6de5ecba959f5f98ce45281acbb1e6326e66cc40477044dabf62bf3c |
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\oxIs\mscms.dll
| MD5 | 4cb9c5dc9e4d108301e59e799f71c59a |
| SHA1 | 7ae1a27d9851ad6cd45f2f7d2a11757738dbde58 |
| SHA256 | 75a2c17f67346d193a424b0472f581a1b21dd41090e85d1e1c8476ecb64ed794 |
| SHA512 | 92eeed7132262fc795ac350984cc4e6c6af620c46a7783474d1aa7a501ea5d5a0e462df35b984eda88c9412fd19e7af873b0a95aa8c56d2cb3af202cb41096b5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\8uy\MFC42u.dll
| MD5 | 2e73d6b675b82084a72f55af7ccf3826 |
| SHA1 | fcb494eb10dad928647b2c5a23a0b2c1527edc66 |
| SHA256 | 81d471e90837a9ce87daf6897a6629ad4c295e6b54e61cd8291a3fdc8dc0b54f |
| SHA512 | 445823c3c7410d8119492aa251033692a1ee96a9164fe2154334ffc377a2968c0e061d8bf31c78a000e157025be3611e649a485defcf50b6c445e5779463924f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\Vh9xR78\MFC42u.dll
| MD5 | dcdf037fe878b710408d91ad043e8289 |
| SHA1 | 939cc5a7338111c1272ec373510e245443a1de4c |
| SHA256 | 1c51426c70a03f66721e2212f88c29a97345d73fdae7f4cb2436efca7b674c57 |
| SHA512 | feb96d3b66479d44aeb49177f42ecac8201b78486e6fccdc24b94f9353b323dfddbd694ad2b3a0119995884edc859eb821f8aec32529ff7fca4901bcbc1fbd52 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 02:13
Reported
2023-12-30 15:49
Platform
win10v2004-20231222-en
Max time kernel
0s
Max time network
130s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b44d3630f3bde3a89adb3dbfcd83a68.dll,#1
C:\Windows\system32\bdechangepin.exe
C:\Windows\system32\bdechangepin.exe
C:\Users\Admin\AppData\Local\m4z\bdechangepin.exe
C:\Users\Admin\AppData\Local\m4z\bdechangepin.exe
C:\Windows\system32\LicensingUI.exe
C:\Windows\system32\LicensingUI.exe
C:\Windows\system32\LicensingUI.exe
C:\Windows\system32\LicensingUI.exe
C:\Users\Admin\AppData\Local\HlLZ1AQva\LicensingUI.exe
C:\Users\Admin\AppData\Local\HlLZ1AQva\LicensingUI.exe
C:\Users\Admin\AppData\Local\MRVmZ4\LicensingUI.exe
C:\Users\Admin\AppData\Local\MRVmZ4\LicensingUI.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 193.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| IE | 20.166.126.56:443 | tcp | |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
Files
memory/4736-0-0x0000022A6D550000-0x0000022A6D557000-memory.dmp
memory/4736-1-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-12-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-18-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-24-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-29-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-34-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-39-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-44-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-48-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-51-0x0000000002010000-0x0000000002017000-memory.dmp
memory/3492-56-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-57-0x00007FFB6BBC0000-0x00007FFB6BBD0000-memory.dmp
memory/3492-68-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-66-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-47-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-46-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-45-0x0000000140000000-0x0000000140233000-memory.dmp
memory/592-77-0x0000000140000000-0x0000000140279000-memory.dmp
memory/592-83-0x0000000140000000-0x0000000140279000-memory.dmp
memory/592-79-0x0000012BB5050000-0x0000012BB5057000-memory.dmp
memory/3492-43-0x0000000140000000-0x0000000140233000-memory.dmp
memory/4068-94-0x00000204586F0000-0x00000204586F7000-memory.dmp
memory/3492-42-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-41-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-40-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3608-111-0x00000235BE230000-0x00000235BE237000-memory.dmp
memory/3492-38-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-37-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-36-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-35-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-33-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-32-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-31-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-30-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-28-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-27-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-26-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-25-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-22-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-23-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-21-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-20-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-19-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-17-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-16-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-15-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-14-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-13-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-11-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-10-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-9-0x00007FFB6AD4A000-0x00007FFB6AD4B000-memory.dmp
memory/3492-7-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-8-0x0000000140000000-0x0000000140233000-memory.dmp
memory/4736-6-0x0000000140000000-0x0000000140233000-memory.dmp
memory/3492-4-0x0000000002400000-0x0000000002401000-memory.dmp