Analysis Overview
SHA256
d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2
Threat Level: Known bad
The file d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2 was found to be: Known bad.
Malicious Activity Summary
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-30 17:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 17:47
Reported
2024-05-30 18:05
Platform
win11-20240508-en
Max time kernel
1043s
Max time network
971s
Command Line
Signatures
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\axplont.job | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 828 wrote to memory of 3120 | N/A | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe |
| PID 828 wrote to memory of 3120 | N/A | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe |
| PID 828 wrote to memory of 3120 | N/A | C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe | C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe
"C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe"
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| RU | 147.45.47.70:80 | 147.45.47.70 | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| RU | 147.45.47.70:80 | 147.45.47.70 | tcp |
| RU | 147.45.47.70:80 | 147.45.47.70 | tcp |
| RU | 147.45.47.70:80 | 147.45.47.70 | tcp |
| RU | 147.45.47.70:80 | 147.45.47.70 | tcp |
| RU | 147.45.47.70:80 | 147.45.47.70 | tcp |
Files
memory/828-0-0x0000000000EF0000-0x00000000013B7000-memory.dmp
memory/828-1-0x0000000077C26000-0x0000000077C28000-memory.dmp
memory/828-2-0x0000000000EF1000-0x0000000000F1F000-memory.dmp
memory/828-3-0x0000000000EF0000-0x00000000013B7000-memory.dmp
memory/828-5-0x0000000000EF0000-0x00000000013B7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
| MD5 | 7ed56e09edb6badc89bf9c17c5ffeb75 |
| SHA1 | d4b80e6c219a63aaaf7f9d3dc3e216944cc2b7c7 |
| SHA256 | d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2 |
| SHA512 | 6f3a3c3555a05ad68479134ddeba61dff98767c0a9598501112fed553e84a0c4a1db66d709da64f5ca52af59acaf390949d94ebf9b136a97a941770db6e7e7c2 |
memory/828-17-0x0000000000EF0000-0x00000000013B7000-memory.dmp
memory/3120-18-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-19-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-20-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-21-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-22-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-23-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-24-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-25-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-26-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4440-28-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4440-29-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4440-30-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4440-31-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-32-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-33-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-34-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-35-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-36-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-37-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3484-39-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3484-40-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-41-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-42-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-43-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-44-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-45-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-46-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/1096-48-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-49-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-50-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-51-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-52-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-53-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-54-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/2260-56-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/2260-57-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-58-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-59-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-60-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-61-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-62-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-63-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3548-65-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3548-66-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-67-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-68-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-69-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-70-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-71-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-72-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3916-74-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3916-75-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-76-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-77-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-78-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-79-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-80-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-81-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/2112-83-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/2112-84-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-85-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-86-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-87-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-88-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-89-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-90-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/240-92-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/240-93-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-94-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-95-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-96-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-97-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-98-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-99-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/5064-101-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-102-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-103-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-104-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3120-105-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/1412-110-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4344-118-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4344-120-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/5024-128-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/5024-130-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/5060-139-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3376-147-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/3376-149-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/940-157-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/940-159-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/2588-167-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/2588-169-0x0000000000E30000-0x00000000012F7000-memory.dmp
memory/4584-178-0x0000000000E30000-0x00000000012F7000-memory.dmp