Analysis Overview
SHA256
0c2c3ab1cd68cededb7e9b52c1f0dd589207f93bf9d8f014bd6ec58178266fa2
Threat Level: Known bad
The file 100547724a5774642d81e8dd87775a88.exe was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Loads dropped DLL
Executes dropped EXE
Checks whether UAC is enabled
Adds Run key to start application
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-01 19:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-01 19:50
Reported
2024-01-01 19:53
Platform
win7-20231215-en
Max time kernel
46s
Max time network
120s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Windows\CurrentVersion\Run\Bsfvntd = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\AliVo3X\\msinfo32.exe" | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1188 wrote to memory of 1328 | N/A | N/A | C:\Windows\system32\msdt.exe |
| PID 1188 wrote to memory of 1328 | N/A | N/A | C:\Windows\system32\msdt.exe |
| PID 1188 wrote to memory of 1328 | N/A | N/A | C:\Windows\system32\msdt.exe |
| PID 1188 wrote to memory of 2648 | N/A | N/A | C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe |
| PID 1188 wrote to memory of 2648 | N/A | N/A | C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe |
| PID 1188 wrote to memory of 2648 | N/A | N/A | C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe |
| PID 1188 wrote to memory of 1612 | N/A | N/A | C:\Windows\system32\msinfo32.exe |
| PID 1188 wrote to memory of 1612 | N/A | N/A | C:\Windows\system32\msinfo32.exe |
| PID 1188 wrote to memory of 1612 | N/A | N/A | C:\Windows\system32\msinfo32.exe |
| PID 1188 wrote to memory of 2484 | N/A | N/A | C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe |
| PID 1188 wrote to memory of 2484 | N/A | N/A | C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe |
| PID 1188 wrote to memory of 2484 | N/A | N/A | C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe |
| PID 1188 wrote to memory of 1152 | N/A | N/A | C:\Windows\system32\taskmgr.exe |
| PID 1188 wrote to memory of 1152 | N/A | N/A | C:\Windows\system32\taskmgr.exe |
| PID 1188 wrote to memory of 1152 | N/A | N/A | C:\Windows\system32\taskmgr.exe |
| PID 1188 wrote to memory of 1248 | N/A | N/A | C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe |
| PID 1188 wrote to memory of 1248 | N/A | N/A | C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe |
| PID 1188 wrote to memory of 1248 | N/A | N/A | C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\100547724a5774642d81e8dd87775a88.dll,#1
C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe
C:\Users\Admin\AppData\Local\NpNA8l\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\msinfo32.exe
C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe
C:\Users\Admin\AppData\Local\GWzLHG3\msinfo32.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe
C:\Users\Admin\AppData\Local\V5yj8XJS\taskmgr.exe
Network
Files
memory/1676-1-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1676-0-0x00000000001A0000-0x00000000001A7000-memory.dmp
memory/1188-4-0x00000000770B6000-0x00000000770B7000-memory.dmp
memory/1188-9-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-15-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-25-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-35-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-42-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-50-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-60-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-65-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-64-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-63-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-71-0x0000000002D30000-0x0000000002D37000-memory.dmp
memory/1188-62-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-80-0x0000000077320000-0x0000000077322000-memory.dmp
memory/1188-79-0x00000000771C1000-0x00000000771C2000-memory.dmp
memory/1188-61-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-59-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-58-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/2648-107-0x0000000001AC0000-0x0000000001AC7000-memory.dmp
memory/1188-57-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-56-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-55-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-54-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-53-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-52-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-51-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-49-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-48-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-47-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-46-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-45-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-44-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-43-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-41-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-40-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-39-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-38-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-37-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-36-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-34-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-33-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-32-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-31-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-30-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-29-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-28-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-27-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/2484-131-0x0000000000190000-0x0000000000197000-memory.dmp
memory/1188-26-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-24-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-23-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-22-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-21-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-20-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-19-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-18-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-17-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-16-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-14-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-13-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-12-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-11-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-10-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1676-8-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1188-7-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/1248-157-0x0000000000180000-0x0000000000187000-memory.dmp
memory/1188-5-0x0000000002D50000-0x0000000002D51000-memory.dmp
memory/1188-186-0x00000000770B6000-0x00000000770B7000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-01 19:50
Reported
2024-01-01 19:53
Platform
win10v2004-20231215-en
Max time kernel
5s
Max time network
124s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\100547724a5774642d81e8dd87775a88.dll,#1
C:\Windows\system32\Narrator.exe
C:\Windows\system32\Narrator.exe
C:\Users\Admin\AppData\Local\3a83\Narrator.exe
C:\Users\Admin\AppData\Local\3a83\Narrator.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\system32\SnippingTool.exe
C:\Users\Admin\AppData\Local\VbUA94\SnippingTool.exe
C:\Users\Admin\AppData\Local\VbUA94\SnippingTool.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Users\Admin\AppData\Local\xjZOvMC\mmc.exe
C:\Users\Admin\AppData\Local\xjZOvMC\mmc.exe
C:\Windows\system32\tcmsetup.exe
C:\Windows\system32\tcmsetup.exe
C:\Users\Admin\AppData\Local\ijsIrn4oG\tcmsetup.exe
C:\Users\Admin\AppData\Local\ijsIrn4oG\tcmsetup.exe
C:\Windows\system32\WindowsActionDialog.exe
C:\Windows\system32\WindowsActionDialog.exe
C:\Users\Admin\AppData\Local\SaZk5P\WindowsActionDialog.exe
C:\Users\Admin\AppData\Local\SaZk5P\WindowsActionDialog.exe
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 29.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| IE | 52.111.236.22:443 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.179.17.96.in-addr.arpa | udp |
Files
memory/4876-1-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/4876-0-0x000001A7B3160000-0x000001A7B3167000-memory.dmp
memory/3440-4-0x0000000002860000-0x0000000002861000-memory.dmp
memory/3440-9-0x00007FFEB93FA000-0x00007FFEB93FB000-memory.dmp
memory/3440-7-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-12-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-14-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-17-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-18-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-20-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-22-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-25-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-28-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-30-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-33-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-36-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-38-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-39-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-42-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-43-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-45-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-48-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-51-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-54-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-57-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-56-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-60-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-62-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-65-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-64-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-63-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-71-0x0000000002810000-0x0000000002817000-memory.dmp
memory/3440-61-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-59-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-58-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-79-0x00007FFEBAB80000-0x00007FFEBAB90000-memory.dmp
memory/3440-55-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-53-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-52-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-50-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-49-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-47-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-46-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-44-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-40-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-41-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-37-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-35-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-34-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-32-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-31-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-29-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-27-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-26-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-24-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-23-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-21-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-19-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-16-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-15-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-13-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-11-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-10-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/3440-8-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/4876-6-0x0000000140000000-0x00000001402E2000-memory.dmp
memory/4912-118-0x0000000000FC0000-0x0000000000FC7000-memory.dmp
memory/4540-131-0x0000023C3E470000-0x0000023C3E477000-memory.dmp
memory/780-148-0x000001C14BBC0000-0x000001C14BBC7000-memory.dmp