Malware Analysis Report

2025-01-03 09:24

Sample ID 240620-qpgkxazdmc
Target 67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe
SHA256 67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1
Tags
bootkit persistence privilege_escalation upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1

Threat Level: Likely malicious

The file 67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit persistence privilege_escalation upx

Event Triggered Execution: AppInit DLLs

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 13:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 13:26

Reported

2024-06-20 13:28

Platform

win7-20240611-en

Max time kernel

142s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe"

Signatures

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File created C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL.dat C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.aieov.com udp
US 45.33.20.235:80 www.aieov.com tcp
US 45.33.20.235:80 www.aieov.com tcp
US 45.33.20.235:80 www.aieov.com tcp
US 45.33.20.235:80 www.aieov.com tcp
US 45.33.20.235:80 www.aieov.com tcp
US 45.33.20.235:80 www.aieov.com tcp

Files

\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/1792-4-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1792-5-0x000000000042E000-0x0000000000431000-memory.dmp

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL.tmp

MD5 d8d44fcbf5aee31b91bd73d75dfada2e
SHA1 59c66378aa9c0803a7318e49205493d252d70247
SHA256 f68f716b7cfc04614fab0fdc5e716d9d6d452cd39c141b382fb33a64cc24083b
SHA512 e6bc91962679142b957e7ef0c5dc54ea8ca0db012e440bf8d4f2adc7e7a67e7a799fa8fb2dab543f7867113b2ad7e3d72c8f7b17458a5cac15cfdf09d14536dc

memory/1792-16-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1792-17-0x0000000073FA0000-0x00000000743AB000-memory.dmp

memory/1792-20-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1792-22-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1792-25-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1792-29-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files\Common Files\System\symsrv.dll.000

MD5 1130c911bf5db4b8f7cf9b6f4b457623
SHA1 48e734c4bc1a8b5399bff4954e54b268bde9d54c
SHA256 eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1
SHA512 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

memory/1792-35-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1792-38-0x0000000010000000-0x0000000010030000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 13:26

Reported

2024-06-20 13:28

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

62s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe"

Signatures

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\67ca57918c1c11dae826b801603fb6cbe9e7ad2300a8fa0d11d0f7b42d414ac1_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.aieov.com udp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.aieov.com udp

Files

C:\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/1496-4-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1496-6-0x000000000042E000-0x0000000000431000-memory.dmp

memory/1496-13-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1496-15-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-16-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1496-17-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-18-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-19-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-20-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-22-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-23-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-24-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-25-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-26-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-27-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1496-28-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-29-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-30-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-31-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-32-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1496-34-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-35-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-37-0x0000000000400000-0x0000000000533000-memory.dmp

memory/1496-38-0x0000000000400000-0x0000000000533000-memory.dmp