Analysis Overview
SHA256
e84208a0987b1aa7ac21615bdbc0712ad8e741b4f8a102a89c887de316d428d5
Threat Level: Shows suspicious behavior
The file 17141111231.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
VMProtect packed file
Suspicious use of SetThreadContext
Drops file in Windows directory
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-10 13:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 13:37
Reported
2024-05-10 13:42
Platform
win10v2004-20240426-en
Max time kernel
299s
Max time network
295s
Command Line
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2696 set thread context of 2520 | N/A | C:\Windows\system32\svchost.exe | C:\Windows\SysWOW64\cliconfg.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\mac.txt | C:\Windows\SysWOW64\cliconfg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\cliconfg.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll,#1
C:\Windows\SysWOW64\cliconfg.exe
C:\Windows\SysWOW64\cliconfg.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| HK | 8.217.162.222:80 | 8.217.162.222 | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.162.217.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 255.255.255.255:23779 | udp | |
| BE | 88.221.83.179:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.179:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:62623 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:62624 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:62625 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:62626 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60721 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:51996 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:51997 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:51998 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:51509 | udp | |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:54735 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:54736 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:54737 | udp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:55087 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 10.127.0.80:55783 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60804 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60805 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60806 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60807 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60808 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60809 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60810 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60811 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60812 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60813 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60814 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60815 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60816 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60817 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60818 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60819 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60820 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60821 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60822 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60823 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60824 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60825 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60826 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60827 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60828 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60829 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60830 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.80:60831 | udp |
Files
memory/2696-0-0x0000000032DF0000-0x0000000032EF6000-memory.dmp
memory/2696-2-0x0000000180000000-0x00000001800F4000-memory.dmp
memory/2696-8-0x0000000180000000-0x00000001800F4000-memory.dmp
memory/2520-10-0x0000000000410000-0x00000000004E0000-memory.dmp
memory/2520-13-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-20-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-25-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-24-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-26-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-28-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-27-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-29-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2520-30-0x0000000010000000-0x00000000102D9000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 13:37
Reported
2024-05-10 13:39
Platform
win7-20240508-en
Max time kernel
123s
Max time network
122s
Command Line
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1192 set thread context of 2712 | N/A | C:\Windows\Explorer.EXE | C:\Windows\SysWOW64\xwizard.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\mac.txt | C:\Windows\SysWOW64\xwizard.exe | N/A |
| File opened for modification | C:\Windows\appcompat\programs\RecentFileCache.bcf | C:\Windows\system32\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\xwizard.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll,#1
C:\Windows\SysWOW64\xwizard.exe
C:\Windows\SysWOW64\xwizard.exe
C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
Network
| Country | Destination | Domain | Proto |
| HK | 8.217.162.222:80 | 8.217.162.222 | tcp |
| N/A | 255.255.255.255:23779 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51965 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51966 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51967 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51968 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51969 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51970 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51971 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51972 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51973 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51974 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51975 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51976 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51977 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51978 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51979 | udp | |
| N/A | 255.255.255.255:23881 | udp | |
| N/A | 10.127.0.45:51980 | udp |
Files
memory/864-1-0x0000000001A20000-0x0000000001B26000-memory.dmp
memory/864-2-0x0000000001A20000-0x0000000001B26000-memory.dmp
memory/864-4-0x0000000001A20000-0x0000000001B26000-memory.dmp
memory/1192-17-0x0000000004FA0000-0x00000000050A6000-memory.dmp
memory/1192-16-0x0000000004FA0000-0x00000000050A6000-memory.dmp
memory/1192-15-0x0000000004FA0000-0x00000000050A6000-memory.dmp
memory/864-11-0x0000000002850000-0x0000000002956000-memory.dmp
memory/864-10-0x0000000002850000-0x0000000002956000-memory.dmp
memory/864-9-0x0000000002850000-0x0000000002956000-memory.dmp
memory/864-3-0x0000000001A20000-0x0000000001B26000-memory.dmp
memory/864-0-0x0000000001A20000-0x0000000001B26000-memory.dmp
memory/1192-20-0x0000000180000000-0x00000001800F4000-memory.dmp
memory/1192-26-0x0000000180000000-0x00000001800F4000-memory.dmp
memory/2712-30-0x0000000000080000-0x0000000000150000-memory.dmp
memory/2712-28-0x0000000000080000-0x0000000000150000-memory.dmp
memory/2712-33-0x0000000000080000-0x0000000000150000-memory.dmp
memory/2712-34-0x0000000000080000-0x0000000000150000-memory.dmp
memory/2712-35-0x0000000000080000-0x0000000000150000-memory.dmp
memory/2712-37-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-45-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-49-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-50-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-51-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-53-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-54-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-60-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/2712-61-0x0000000010000000-0x00000000102D9000-memory.dmp
memory/1192-199-0x000007FEF5D37000-0x000007FEF5D55000-memory.dmp
memory/1192-200-0x000007FEF5C20000-0x000007FEF5D63000-memory.dmp