Analysis Overview
SHA256
3db20665e5be34a87dfdc3c39d862be6835976e533f062328264981a1aa5a086
Threat Level: Shows suspicious behavior
The file Angetube-40.70.0-Full-Installer-x64.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-08 03:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-08 03:40
Reported
2024-01-08 03:45
Platform
win7-20231215-en
Max time kernel
30s
Max time network
126s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\gl-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\hu-HU.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\en-US.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ca-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\es-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ms-MY.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\libobs\premultiplied_alpha.effect | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\tr-TR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\ro-RO.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\ca-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\zh-CN.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\nl-NL.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\en-GB.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\de-DE.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\ar-SA.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\el-GR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\libobs\format_conversion.effect | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\tl-PH.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\sk-SK.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\scripts\clock-source\dial.png | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File opened for modification | C:\Program Files\angetube\bin\64bit\swscale-5.dll | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\it-IT.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\da-DK.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\el-GR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\pt-BR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\pl-PL.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\hi-IN.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\ro-RO.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\hr-HR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\decklink-captions\.keepme | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\el-GR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\fi-FI.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\pt-PT.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ta-IN.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\et-EE.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\libobs\default.effect | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\it-IT.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\pt-PT.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ka-GE.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\hr-HR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\gd-GB.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ca-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\enc-amf-test64.pdb | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\cs-CZ.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\es-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File opened for modification | C:\Program Files\angetube\data\obs-plugins\win-capture\graphics-hook32.dll | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\sk-SK.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\kab-KAB.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\he-IL.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\it-IT.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\hr-HR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\bn-BD.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\libobs\opaque.effect | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\tr-TR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\gl-ES.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\image-source\locale\ko-KR.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\sk-SK.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\libobs\deinterlace_linear.effect | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ar-SA.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\sv-SE.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\sr-CS.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ba-RU.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\sr-SP.ini | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| File created | C:\Program Files\angetube\data\libobs\deinterlace_blend_2x.effect | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2128 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe |
| PID 2128 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe |
| PID 2128 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe |
| PID 2128 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe | C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe
"C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe"
C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module32.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files\angetube\bin\64bit\angetube64.exe
"C:\Program Files\angetube\bin\64bit\angetube64.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angetube\Angetube (64bit).lnk"
C:\Program Files\angetube\bin\64bit\angetube64.exe
"C:\Program Files\angetube\bin\64bit\angetube64.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nst1A37.tmp\InstallOptions.dll
| MD5 | ece25721125d55aa26cdfe019c871476 |
| SHA1 | b87685ae482553823bf95e73e790de48dc0c11ba |
| SHA256 | c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf |
| SHA512 | 4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480 |
memory/2452-97-0x0000000000400000-0x000000000040E000-memory.dmp
memory/1728-1371-0x000007FEF6040000-0x000007FEF6581000-memory.dmp
memory/1728-1406-0x000000013FD80000-0x00000001407CE000-memory.dmp
memory/1728-1411-0x00000000001A0000-0x00000000001B0000-memory.dmp
memory/1728-1413-0x0000000002DF0000-0x00000000033D8000-memory.dmp
memory/1728-1412-0x0000000002DF0000-0x00000000033D8000-memory.dmp
memory/1728-1433-0x0000000000580000-0x000000000058A000-memory.dmp
memory/1728-1432-0x0000000000580000-0x000000000058A000-memory.dmp
memory/1728-1434-0x0000000002DF0000-0x00000000033D8000-memory.dmp
memory/1728-1435-0x0000000002DF0000-0x00000000033D8000-memory.dmp
memory/1728-1436-0x0000000000580000-0x000000000058A000-memory.dmp
memory/1728-1437-0x0000000000580000-0x000000000058A000-memory.dmp
memory/1728-1447-0x000000006AD00000-0x000000006AD24000-memory.dmp
memory/1728-1454-0x0000000000580000-0x0000000000582000-memory.dmp
memory/1728-1453-0x000007FEF3710000-0x000007FEF37A6000-memory.dmp
memory/1728-1452-0x000000006D840000-0x000000006D8C0000-memory.dmp
memory/1728-1451-0x0000000069D00000-0x0000000069E60000-memory.dmp
memory/1728-1450-0x000007FEF37C0000-0x000007FEF39FB000-memory.dmp
memory/1728-1449-0x000007FEF6900000-0x000007FEF6928000-memory.dmp
memory/1728-1448-0x000007FEF3A00000-0x000007FEF3B25000-memory.dmp
memory/1728-1446-0x000007FEF3B30000-0x000007FEF3EC9000-memory.dmp
memory/1728-1445-0x0000000066280000-0x00000000664A6000-memory.dmp
memory/1728-1444-0x000000006B680000-0x000000006B730000-memory.dmp
memory/1728-1443-0x0000000070680000-0x00000000706B6000-memory.dmp
memory/1728-1442-0x000000006D540000-0x000000006D5A2000-memory.dmp
memory/1728-1441-0x0000000062500000-0x0000000062755000-memory.dmp
memory/1728-1440-0x000007FEF3ED0000-0x000007FEF53A6000-memory.dmp
memory/2124-1455-0x000007FEF5AF0000-0x000007FEF6031000-memory.dmp
memory/2124-1458-0x0000000002FA0000-0x0000000003588000-memory.dmp
memory/2124-1457-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2124-1459-0x0000000002FA0000-0x0000000003588000-memory.dmp
memory/2124-1456-0x000000013F9C0000-0x000000014040E000-memory.dmp
memory/2124-1461-0x0000000001E10000-0x0000000001E1A000-memory.dmp
memory/2124-1460-0x0000000001E10000-0x0000000001E1A000-memory.dmp
memory/2124-1468-0x000000006B680000-0x000000006B730000-memory.dmp
memory/2124-1477-0x000007FEF6090000-0x000007FEF6126000-memory.dmp
memory/2124-1476-0x000000006D840000-0x000000006D8C0000-memory.dmp
memory/2124-1475-0x0000000069D00000-0x0000000069E60000-memory.dmp
memory/2124-1474-0x000007FEF3610000-0x000007FEF384B000-memory.dmp
memory/2124-1473-0x000007FEF6F40000-0x000007FEF6F68000-memory.dmp
memory/2124-1472-0x000007FEF3850000-0x000007FEF3975000-memory.dmp
memory/2124-1471-0x000000006AD00000-0x000000006AD24000-memory.dmp
memory/2124-1470-0x000007FEF6130000-0x000007FEF64C9000-memory.dmp
memory/2124-1469-0x0000000066280000-0x00000000664A6000-memory.dmp
memory/2124-1467-0x0000000070680000-0x00000000706B6000-memory.dmp
memory/2124-1466-0x000000006D540000-0x000000006D5A2000-memory.dmp
memory/2124-1465-0x0000000062500000-0x0000000062755000-memory.dmp
memory/2124-1464-0x000007FEF3980000-0x000007FEF4E56000-memory.dmp