Analysis Overview
SHA256
7b481550cb6ceae28deacb4072eafb5201bb111c65a7389c4aa66495fa670b55
Threat Level: Shows suspicious behavior
The file mcedit2-win64-2.0.0-beta14(1).exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 09:27
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 09:27
Reported
2024-06-19 09:31
Platform
win11-20240611-en
Max time kernel
196s
Max time network
202s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | N/A |
Loads dropped DLL
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14(1).exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 416 wrote to memory of 4588 | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe |
| PID 416 wrote to memory of 4588 | N/A | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe | C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14(1).exe
"C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14(1).exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe
"C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe"
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe
"C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004BC
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
Network
| Country | Destination | Domain | Proto |
| US | 13.107.253.64:443 | launchermeta.mojang.com | tcp |
| US | 13.107.253.64:443 | launchermeta.mojang.com | tcp |
| US | 13.107.253.64:443 | launchermeta.mojang.com | tcp |
| US | 13.107.253.64:443 | launchermeta.mojang.com | tcp |
| US | 13.107.253.64:443 | launchermeta.mojang.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe
| MD5 | d88fb7bf9f3b9267a03e69848a6aaf95 |
| SHA1 | d288e1689cc9294f6791f35792dcdaacb6107a30 |
| SHA256 | 2ff35487800697e6a61cbd58e1f70097c39f0cd53104a086674cf78fdc7a0361 |
| SHA512 | aaa5bd52341c3f554bb7aa88a4fe91810f30b17510c6e4b79ed351ed3e859f8bbe708a62bbbbb08a9ee7cfa03205a3173125c2ab3743532058701438387ad6e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\mcedit2\rendering\minecraft_hiddenstates_raw.json
| MD5 | 697f8d27d757a28d3282ffb46a9b0f5a |
| SHA1 | d698f7effc84b42d512a4ec5a5cc49b39d9684b8 |
| SHA256 | b5bf77984412aa1b9475bbe0f5c02800e27a9320785d303fdd6b49011aa4a4e2 |
| SHA512 | 3f35315584165611bd050c386dec0a5df19d9d873e46be13f730f4dc83ab8f2a2422188a71062435b53797b729f5716aeda80e53ada2d64bf2fa57f6907c8dbb |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\mceditlib\blocktypes\idmapping_raw_1_12.json
| MD5 | 7838d885003a07016a8d817b89e5e367 |
| SHA1 | 1c17b51a86dc274c4d2473a7dd5695a2196539c9 |
| SHA256 | dc1294304ef29c86d0400ad5d64fc005eb6c6c97bb9ff18e1d681d3f6207477d |
| SHA512 | 222a52c8a5fc1b94d6f034464d337a8fd2ca77a68c8cdc5a14e0b880f2088c2f5eafb05e532152f82ce8e803de1fddcc5e4541db71fb1b5c45e1ecc6d77eb159 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\mcedit2.exe.manifest
| MD5 | 05f84418fa1c7ea4e98d3b37addd9f25 |
| SHA1 | bb70cc427d702a83302befd9d121b8837e271d26 |
| SHA256 | 54e610cea1007ffc9083fee27b042f226e8fb7403a613e07c1661bcaba12415e |
| SHA512 | 8444e6dbc37eb0a737188a72612342e034ed7ab54b753942a7b665ddf2c069f3c25125eb79557e89e05db3418acfc6fa97a44cb333cf1db00086f2491de3d84e |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\python27.dll
| MD5 | cdd62ebf980af1672d588873cdbda7f9 |
| SHA1 | 9dba63cb6e40cea976e11b5c048c1ca80417b66b |
| SHA256 | e87c5b9eaabb9958f24c447da366dfe735f301d20f00cd4899e6378913a45ad1 |
| SHA512 | f5d81c50655e2715f8fcbb0a4879dd30bd6b2bccd633430ec438ce4db2ad3a836d0cb5026eb74ee6cc32bb17efb5df77ff93102a40f22691cb2c8cdbabe95e7e |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\_ctypes.pyd
| MD5 | 43d728dca22fa15a90426900eb6a11d2 |
| SHA1 | 888bdb94315383cee0727d2cd60f0baa0bb2dd98 |
| SHA256 | 510e917666061200868396f69c26c508fd07c44ee48a94d310c59e69b3804cff |
| SHA512 | c54b118d3ff7f7134879a3b542c6587af27282affdffd8189d01428ad1040b3cc03587b170355111eca0cbab100ce0f0eb634ef2e3928fb119007ff14551ae4f |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\_hashlib.pyd
| MD5 | d256d9116eaede4dbf39a90cc90d594b |
| SHA1 | 9e52edf54d10eb722b3cce72cb1e5fba8468e16c |
| SHA256 | 456376da077b6abf0a7533607ef31b658d02afff2f7bcc25a3e454966b6ffa51 |
| SHA512 | d2e501353516409b8ef88b1ae9812c74977a4acf2f739c62c7622c8adc2c48d1672194b3d5891dab902d4133b7b7bd172ceeba5e13fe6abaab9072b512cbbedc |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\win32api.pyd
| MD5 | 3545b238993f7aefa80b7878999fa76b |
| SHA1 | fafca47b22a0b4595952af0c783670334c9d5ead |
| SHA256 | b34ae3cd825301c0e6278657ecf40da47260ade5ac408bab5ac6e5e28aaa1951 |
| SHA512 | 103fcfd068b9aaa1ba21b78feac58d78d679b5c3c0fd9388f57ce3b5f1f9dc5c63f6c4524dbe6d9fbc6516591b88e1908ae164472782adbf5847a0cc4480fe55 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\pythoncom27.dll
| MD5 | b1a7a42894c19ec23356fafdcb65eefc |
| SHA1 | 07b4f30416cb5b9a81d8d8d31d2cb8f9b54f4bc3 |
| SHA256 | 5bdb4d4cc70cc763069f3afea5f1c75d1533e36100617ac443df598427150a49 |
| SHA512 | 4b463a71637d2119ae5e65847f0d1254d7952d9f380ea92d9021d1b6ccad25b3da343f5b70861d4d9939cc6c5550816a24ef2f26d05676b9994523d766a407ff |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\_ssl.pyd
| MD5 | b3483d38078d934ec4662ec8c52cf5cf |
| SHA1 | e80f8b01eed86882d3ec333c3a6521ae73ec7561 |
| SHA256 | f013395e9bff0d2bb7a2687c5748184139f77f61de9d285c5e7b267ddef0da7d |
| SHA512 | 2d8ad8a04f379204adb7d2488f11d3bbf4cdbc5bb85390f00d3b1995213f076194b262c85582d1b73a7deb6cbf36008dbb70097b67ef0144ddd807d8b6087d55 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\_socket.pyd
| MD5 | a4d40e5cd4a75c68d460773fb0625be2 |
| SHA1 | 60456c263f350a9b23fd8a54c3ea36595dfec0e1 |
| SHA256 | 898936f85d2dc26575856a3ef8fefc2b30c733e858b6595adf10ef232928e189 |
| SHA512 | bdc53264a6659e1185a05dc3f94277a4e05288313fa6ade11015a538176782c3f692a57c27d7c4b15c839351bfacd63dd869d1374a010cf1f25877b6c2f2f89d |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\_multiprocessing.pyd
| MD5 | d945e0fe5638a5955189ecf8ad156f29 |
| SHA1 | 996f2fac787a8fe6a24a812e724c5badc7d15154 |
| SHA256 | 2ac1673c1d14d02dea009686f93df075c701a14e693af2c7dc9bf69bfb128668 |
| SHA512 | 57dc1f3e51c98a018dfaad227c74b8a3a7c6b2685ac8eb3b1e7fce7c0b57028e710f49f31856859899d408958811ff2be72d37d4f83af60b15991a8749bf654b |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\QtCore4.dll
| MD5 | b6bfa23296560f3a47734ded06e061f2 |
| SHA1 | 21dd7dc422656a0e600cbd164af8b6750d0b5648 |
| SHA256 | 1c2bc1e054c3c519403c053aa7ca30089f4b9417d213ad778ee3f3646d943fdf |
| SHA512 | 12b08d116bedc720a748fa72f0096990722bd79fa4eb1bdae48b455c23f7c04e0505197288c02e44fce77675df5a543bb61bf2e9a0dfa23b487b1eaa2cb9b6cf |
memory/4588-295-0x0000000180000000-0x0000000180237000-memory.dmp
memory/4588-294-0x000001F629760000-0x000001F629786000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\pyside-python2.7.dll
| MD5 | 9e1b5a74f597e92ff8f8a12847a98dba |
| SHA1 | dbb3051169f59f351ed77e4632817a75a40be662 |
| SHA256 | 9e45e2190b7068dbbd93e838d636335f2435aad297112bb7282565b16af009ec |
| SHA512 | 2f81d09e937cbee65ac8ed5da4b10d1ab97f463963232af1a6b57404dd8f8209d4858d770d9b2439599e0ce3051c575e0821d6833d47f77d88640c13fe9e5410 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\PySide.QtGui.pyd
| MD5 | fefb9d77bf8b8a7bb5b1ef7110ad5ee2 |
| SHA1 | 5b1c4531de46fa7e12f90f5997c9d150c32b6d39 |
| SHA256 | af3b5186892af4df059748d98c01674b4253a733439b4ff6865cb3d39df4ab93 |
| SHA512 | 968d8373a26ae3f55cefb377eab593f3a0fe4f652c463ef927bfb9e8cc84e194ddeb7d40f3017681863c1aac667f677156692e5dc8c33931e72cbdf53631a254 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\unicodedata.pyd
| MD5 | 7aff74ee0bc42f0862e1d58d8147c081 |
| SHA1 | 8cfe4fbcb9c35828e8ad611dc680bf1fe383f99a |
| SHA256 | 7a0e39ef1bd3991cb18374c69c47b24a0e4b25cded4727e50ce645f5e751a213 |
| SHA512 | 60e50c66a1bca1ad0f12c38d4d6ca9181acb26f67e1a1d439dc597c019df808d3cc89e3739b67827162890a9f4d8344dcfb8516d0cc6ad9e55a0e53f08871e41 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\QtGui4.dll
| MD5 | 616a06e8582339e0109e307a9ea058d1 |
| SHA1 | 021ef6977583c23eaa5decdc170865996cf2c1b0 |
| SHA256 | 7b2024c68f86b128a82c1f68a4fda449da6b6f39bb95834f0de8510ee86a5aef |
| SHA512 | 3fd4fedee4b4b07b46bc212c6117647a3e8e5f4f4b8b60a141de6614f67976c1575ae517e6948b4bab982285bb0fa55672ad334861664cc8a3604c82d8d20b16 |
memory/4588-305-0x000001F62A770000-0x000001F62AFC9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\libopenblas.CSRRD7HKRKC3T3YXA7VY7TAZGLSWDKW6.gfortran-win_amd64.dll
| MD5 | efef1d95ad279d471ee051ce7eb43e80 |
| SHA1 | f6497d64abde7555905620fe9044cf9dbf84e915 |
| SHA256 | a51f7a4df02e3a6ca0d0d552def8150da53bc7edd70c53f6702ebb6557c3fc60 |
| SHA512 | 51bf7155c778edda698d0fa7a9f403381db5fe6b2d77cb283fad5ed478985291ad352e2acbd65cb94eaec0136ed03033e50d6b56b3d6e341eeedd3886a9517f4 |
memory/4588-309-0x000001F62B480000-0x000001F62B62B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.linalg.lapack_lite.pyd
| MD5 | 0e5e761c10e4b95c1c222c38e174863d |
| SHA1 | 8445b540af9e8177e6146c37c215b0e8c47168d2 |
| SHA256 | 6f677d5c3eaa28b92b5e560ab1dcce1154ed3b89a82474c15967347c997a077d |
| SHA512 | 06416851d16f8e75f8e9c1db3f2e38f5fd23735afc4f132f6ff5cd5d765d2c9c5d224a451c7ff69bdebda9cfdb53a7e8cb489582be06407838ee3d05e9819de2 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.fft.fftpack_lite.pyd
| MD5 | 67b8f04c21935c9af4bb503f6fa5f10e |
| SHA1 | 12fc4a3897cecb7c033aa8903f782d843c3c909f |
| SHA256 | 07741bb530232ef8afc4f60c4944f3fc995122c9dafe67f7f1ee7b817adc1526 |
| SHA512 | cc2bbfd98b379a7c013a8cc150b535817df48ab554f570c88cbc14ec4dc02fa65f5c53ac0d2889e1be80e8f5980c1125a6445876c74458d260a6050b661633eb |
memory/4588-329-0x000001F639770000-0x000001F639822000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.random.mtrand.pyd
| MD5 | b61619ae88efcd7f9646d43696ee9830 |
| SHA1 | aedd5879f1f13e1684f886a4ff4dc427c2974694 |
| SHA256 | ea497e0ff6dbb8a6ff3f6ce8b33b8246096f9def67bb455aa449b93b5b7ef88d |
| SHA512 | 7bf1e5898f358795d47ca9c4047fcc8f5f20fec8caffac913589c198a37521726a01011fac6a9ba943ab52b7a87fb0b3f547b3949fe117e8e3971a6c09a8579d |
memory/4588-331-0x000001F63A930000-0x000001F63A990000-memory.dmp
memory/4588-332-0x000001F63C990000-0x000001F63C9CC000-memory.dmp
memory/4588-336-0x000001F63DC50000-0x000001F63DC79000-memory.dmp
memory/4588-333-0x000001F63DB80000-0x000001F63DBBA000-memory.dmp
memory/4588-330-0x000001F63A8F0000-0x000001F63A930000-memory.dmp
memory/4588-338-0x000001F63DCF0000-0x000001F63DD59000-memory.dmp
memory/4588-337-0x000001F63DC80000-0x000001F63DCF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.core._multiarray_tests.pyd
| MD5 | 76fc713cd91f39e20b17075f974dbe76 |
| SHA1 | 80ffbcae02d8ba641a66307a5c1a62e40af50923 |
| SHA256 | d9014a794b543768de15f90cabd0059f1b2e179f6bc75ec7abb650904c0bf587 |
| SHA512 | f25639813bd6198195ff19f93fb4fa93e6aa8368a20d9d9bfd69c2e981dfb9edb427aabb8d54f9ce73f57598ebea8bbfb9a452517b6f8cbd2c73d18f0c3ca10e |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.linalg._umath_linalg.pyd
| MD5 | c31700b10f62ee143ea02e91a65b17d6 |
| SHA1 | 06bc54ed8c0a0588cc7a9d65cbe70033c2fc3c5b |
| SHA256 | 16f428236c85815ff11a4748f5c89aa4652be2fd40e08cff396a7414135098f1 |
| SHA512 | 681c078ae33fbdc16e7a39acd30404b0c29c9a0d829bcf274a8a32f8994a2f8aae3257bc7a94ddbe9c80877d6c6ff26edfc8d2f35f8819ba625df0cdb44b6cac |
memory/4588-315-0x000001F62B630000-0x000001F62B707000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.core.umath.pyd
| MD5 | 2f1a24f1c663c35127e7006d694cc4a7 |
| SHA1 | 9cfd8f66d923be755510619a42a92df9c6c0cae7 |
| SHA256 | b0d82c68a339b4c28b5507322bdc69fee5e3bf94003db6b1101a94b7389c2eb0 |
| SHA512 | 23ca55d5c55fa93d309d3b5c83ac011258ab148b3b51c2ddaebf4e68e01c1c0dc775d1893bbe6028c2d5846cb7680e027624271ac879442896e1a8d4b1139242 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\numpy.core.multiarray.pyd
| MD5 | 742f5be2846aa4155298b9f3928a72e1 |
| SHA1 | b3a204455aea9436fb316c452f2017465e34b4af |
| SHA256 | da27e624710efeaaa4741ccf18241340270b22157b639b20166ee415572e28b1 |
| SHA512 | 67f1b37f4bad7b4328d4183f91b0ac71fec53a89959c0a9d4ed7d7dce1991b65edf2cab0ca4057db5bcd80b9d02a302db11f9479b9d6f6d8637851624b58d4e8 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\select.pyd
| MD5 | cb188090ab2fa92cba084d7a5a2207a6 |
| SHA1 | f52d7cca91b126ca50d4b970f2bf32bdf107e959 |
| SHA256 | a39444e2873b2730caecbbbb19c83f748c6292d367c6b61ab58b3476d5c5877c |
| SHA512 | a1ec59b486ecf6c211a6d1811a24e62d4bfaf58825f3794319f42f1c3c43ae389fce24fae601825706a98d49ecfdfa15c4892b7e9fa442357fa3595061461907 |
memory/4588-292-0x000001F629730000-0x000001F629759000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI4162\shiboken-python2.7.dll
| MD5 | 7a0a0bd238f0db6b93bdab03df47ab09 |
| SHA1 | cdd817262cefeea6f16382268e49d3c1a3f28a80 |
| SHA256 | e2729282aa38b540a2c5667e83574620188b1df4a2b27de27350556bdd2b0d04 |
| SHA512 | 741a7f53c2986d54aca38dadc74cec50a6c85926d15dddee49628e610747543015fed6f3eada6b0756fc5ee366c8e038eeb3007c0d6284edfbc1ca818af48ce2 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\PySide.QtCore.pyd
| MD5 | 2f08ac1fa08d6da312623e73038109f1 |
| SHA1 | 1c4b9966630cbc930d16b6cf32ecbe6414482edf |
| SHA256 | b9604c9420ea5beec738de7e8530b29d1812bc4797de8fe550a23c3faae60bea |
| SHA512 | c5888843b0aa816f7d062005415ea6f661d32876ae315fd6f0f26d6bf5fd5e2388bfd215ce059f621fa5c84cdd6506e1441cfc0d39d2dfbf1a22f13a2f50730b |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\pywintypes27.dll
| MD5 | 34819ac261da8420f0030f1b7280dfc2 |
| SHA1 | bdf8c5f2329723173b014909b47247ef35157d45 |
| SHA256 | f4c9eb864295ff8702e423fec66676ed0e81c1e14f37f26ea8b0790fb2be45f2 |
| SHA512 | 8c8f4b4494a7356645250fd135f13a83b40edade4f6355c00678563a5827cf6307445eb36aff67b73107a6e3325424b5a73b5708a1bdd03fdbbd2d28b31b01a6 |
C:\Users\Admin\AppData\Local\Temp\_MEI4162\bz2.pyd
| MD5 | e139c613c4aab0de3dfabe287e1dda29 |
| SHA1 | ae4ecc55bd82d5c9cb54ee1510e5d83d3c0aa2fb |
| SHA256 | d09a7a68c62a54548a19582b956b332ea3de431156125eaa8e7476c8ec16c002 |
| SHA512 | 35314235e118e620b335c30165056dd2a0ecbe07f1e37b3215a424d10cfc4dd866976b64bc4d155c18e73eaf9bae10d77c289c5afc08ab2076c9c5afefaedd02 |
memory/4588-340-0x0000000066800000-0x0000000068CAF000-memory.dmp