Analysis Overview
SHA256
7224c29dabfb308937e6feeb58e333b2195a3d23b43b3681b35fe1c8b06e3d44
Threat Level: Shows suspicious behavior
The file 2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:55
Reported
2025-07-03 05:57
Platform
win10v2004-20250610-en
Max time kernel
133s
Max time network
139s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe | N/A |
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3912 wrote to memory of 2400 | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe | C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe |
| PID 3912 wrote to memory of 2400 | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe | C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe |
| PID 2400 wrote to memory of 3184 | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe | C:\Windows\system32\cmd.exe |
| PID 2400 wrote to memory of 3184 | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe
C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe
| MD5 | 906bdbe33b16d99872ad3ab0919e9e77 |
| SHA1 | 191dfe5f23a1e10df971983cb400b1269713b6d2 |
| SHA256 | 759c1bd0e218c1e7154720a05e1c31ec73959633f8c3173ad1a89ab50d9f8775 |
| SHA512 | 90448ebd50e1392cc25cced7c1dd23f180fc12d8736a20bf8bd052df97d8190b0b608c3020b8394b8a8cb8386d76dc616b9b9ac134a23d69f0dee3627ab960e0 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\python311.dll
| MD5 | d06da79bfd21bb355dc3e20e17d3776c |
| SHA1 | 610712e77f80d2507ffe85129bfeb1ff72fa38bf |
| SHA256 | 2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1 |
| SHA512 | e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\core\_multiarray_umath.pyd
| MD5 | ea2e696dd221290a44fc7f095c4f185b |
| SHA1 | dd5ae42ae6d2678d65b003ba4ca8286a80586869 |
| SHA256 | c76d812fa5131fe21c8bf9ffbd910f27df80856f910fa61698f23f60cfd9d13e |
| SHA512 | 7a811681652fb53d2da2ec0042b73a6b75b95defc9b47422df0148832a71079832a10d45ac6e457d26a708a30544ad45f08a87e61426c1f3c8252e48c6374b27 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll
| MD5 | 5e46c3d334c90c3029eb6ae2a3fe58f2 |
| SHA1 | ad3d806f720289ccb90ce8bfd0da49fa99e7777b |
| SHA256 | 57b87772bf676b5c2d718c79dddc9f039d79ec3319fee1398cc305adff7b69e5 |
| SHA512 | 4bd29d19b619076a64a928f3871edcce8416bcf100c1aa1250932479d6536d9497f2f9a2668c90b3479d0d4ab4234ffa06f81bc6b107fad1be5097fa2b60ab28 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
| MD5 | a25cdcf630c024047a47a53728dc87cd |
| SHA1 | 8555ae488e0226a272fd7db9f9bdbb7853e61a21 |
| SHA256 | 3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac |
| SHA512 | f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\linalg\_umath_linalg.pyd
| MD5 | c38f96f75d504fa0c2df82327beeca31 |
| SHA1 | d059816e107302a43b60c0081b91a667327ddc13 |
| SHA256 | 05922a2be823ec2e4d2378a73b05bb37f2816aeea86b613a9c80e25764ac8736 |
| SHA512 | a0609881d8d7335fc4dfa79584494b56dd1875e10564035a432bae2bfe206a0f9ddad500bb4d84e3b68a1bea0c698d5b04b19b30e02fe36410451c2a7d2147ba |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\mtrand.pyd
| MD5 | fe1f1ca966c6041483a00d4940380c95 |
| SHA1 | a7c273ccca6bccb4cd709104d02c6e9af01eb49b |
| SHA256 | 7dda3c60d25791c53c2eca99eab696347b6a8ee20f3f8307d7efbf086cbbc5bf |
| SHA512 | 42476929a8307eb088728fb3cabe971239aefd2ca60785f4141b4a215d7a360b256bb8060dbdbcd08b68430719d4ea05214cbd48e25336492909d1378ea29c27 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_common.pyd
| MD5 | 9859d240504af306b9e130b1ae0a28d3 |
| SHA1 | 9f87f3badce2c4f02d8780c35acca16c67c44917 |
| SHA256 | f41809c03d13487fa8940cc30f5ff2125143ebf071bca10e081d026028c435fd |
| SHA512 | 16ff6686f7f058c061e4e5d9f411b195c064c3c4871613957d30b50055e428bb9b51c22558267e4ae1089a33a21fabd4de00b525906aba9aae7325b7ae1d2920 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\_bounded_integers.pyd
| MD5 | f380b1902f06ed89554a6a7f76fef247 |
| SHA1 | 48bc984fe47823eab6d59db171cee6f7ce33bbf6 |
| SHA256 | 05d5fe8a5a79b1d5836e58307afdd0c8570a7c4e1ed0b6a6294f3978db0dc6c4 |
| SHA512 | a4b7f5405836c746148c14145b76e898228ba29d67ed122adfe68007e4ecc8893825f0a6c7e706035d112874894d588533a715a6aea33d3c83a1dfe7161d0ca4 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\_generator.pyd
| MD5 | 6de59567e3c76ab31b85ae334e173721 |
| SHA1 | 03a81c8a9636e5623b7c98c117b1aaf6d34bfef3 |
| SHA256 | 003c7af2699a370efc1a90bf42ac3b449c27ff9c24b11136dd245bf50ed2240f |
| SHA512 | b89e2222bc1f6c13145bd13c404bcff7af304565293d36e0fff619687e65c3909cc94f6adb01447a1bef523a5db5009520a1867aa76045a46f99368201a2f3f5 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_socket.pyd
| MD5 | 485d998a2de412206f04fa028fe6ba90 |
| SHA1 | 286e29d4f91a46171ba1e3c8229e6de94b499f1d |
| SHA256 | 8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76 |
| SHA512 | 68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\tk86t.dll
| MD5 | 499fa3dea045af56ee5356c0ce7d6ce2 |
| SHA1 | 0444b7d4ecd25491245824c17b84916ee5b39f74 |
| SHA256 | 20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94 |
| SHA512 | d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\vcruntime140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\pywintypes311.dll
| MD5 | 90b786dc6795d8ad0870e290349b5b52 |
| SHA1 | 592c54e67cf5d2d884339e7a8d7a21e003e6482f |
| SHA256 | 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a |
| SHA512 | c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\win32api.pyd
| MD5 | 1d6762b494dc9e60ca95f7238ae1fb14 |
| SHA1 | aa0397d96a0ed41b2f03352049dafe040d59ad5d |
| SHA256 | fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664 |
| SHA512 | 0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\tcl\encoding\cp1252.enc
| MD5 | e9117326c06fee02c478027cb625c7d8 |
| SHA1 | 2ed4092d573289925a5b71625cf43cc82b901daf |
| SHA256 | 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e |
| SHA512 | d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\tcl86t.dll
| MD5 | ac6cd2fb2cd91780db186b8d6e447b7c |
| SHA1 | b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a |
| SHA256 | a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6 |
| SHA512 | 45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_tkinter.pyd
| MD5 | b9433c77e6b04532ac587056d21947c2 |
| SHA1 | 0bcbf7b0ae1c3b815788b62879384217d9744abf |
| SHA256 | a3488d90b5493dd0af5054750194cdeafbf05db42e881c78d92449932565308d |
| SHA512 | a0fcbf898038f2337db8b2aa5873e3fd8970f5f7d01725e9a20be091985495feab01d7dc7b8a6b7ab898d2875566029fd3d217883a1301bf67f8c4288bb29b4f |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\select.pyd
| MD5 | e07ae2f7f28305b81adfd256716ae8c6 |
| SHA1 | 9222cd34c14a116e7b9b70a82f72fc523ef2b2f6 |
| SHA256 | fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c |
| SHA512 | acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\unicodedata.pyd
| MD5 | 5cc36a5de45a2c16035ade016b4348eb |
| SHA1 | 35b159110e284b83b7065d2cff0b5ef4ccfa7bf1 |
| SHA256 | f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20 |
| SHA512 | 9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_queue.pyd
| MD5 | 284fbc1b32f0282fc968045b922a4ee2 |
| SHA1 | 7ccea7a48084f2c8463ba30ddae8af771538ae82 |
| SHA256 | ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766 |
| SHA512 | baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_sfc64.pyd
| MD5 | 441f1537e70a2eea00f4369e46a26be0 |
| SHA1 | aff994dd60f33c2aaac480c959351f1684349c39 |
| SHA256 | 180453afefeff645f9fdb2de54a3cb72d8becb87936ea82e2d7a56592aca3068 |
| SHA512 | 124034b67b0a1abe0e2b3ea8605f25970e224c7b9f72cd7ba2fdd63396afc94bf981224f2fbdc2d45fce3bad299a04238f52a147f0cf8519c26360e55e4359ab |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_pcg64.pyd
| MD5 | 6fdbf3346994c777608f0ad5cbaca3cd |
| SHA1 | 79e08ae5c2ee684537c73f58feff25a3deef0bc7 |
| SHA256 | e09a53b33a1908aa4eb58a07166d5beaffe2072ceded2f80df59831adf7fb8df |
| SHA512 | cef969246e8dbc8809ca21b7fc691c6d52eca977f433331ff05a491689dc4ded79a53c390aefa645834fd395477e428b151a91acf9037943279288a261f46403 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_philox.pyd
| MD5 | 7ad1efc0a62a692722b5eef7b6f8414a |
| SHA1 | 5a0d5f305b149c460e7f720efe5ea168643f0177 |
| SHA256 | 9a777f3f9a59f3d88de84dc3e499138335c3a6cf3bee1b875d9626d6cdf6e098 |
| SHA512 | 59bdf9723854683a6955dcd07d99b05a8f11f2a708171e3cd9ed6cde17ce739c27a4cabe13f1997967f9e87672a9bab36591dc530fdca1df5886ab4b5710468e |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_mt19937.pyd
| MD5 | 046eea12f5582cfc5b4dd95c95f3568e |
| SHA1 | 27fd4be133ca784bd8f15ec65234069d7a427325 |
| SHA256 | 36bbd3767a4efc1e5ddd4f96b7b705fc664e95a629abbe7e3b5e5951cdead3f0 |
| SHA512 | 85570a0dc3200387763570a474089e80ab5e61dc3d271fa01f5d0e7ed9bc61954bd2fe92a7a20f6ab5ca5ff47a6047f6f80551b4dcdac13ba962d790b36d91ed |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_hashlib.pyd
| MD5 | ba682dfcdd600a4bb43a51a0d696a64c |
| SHA1 | df85ad909e9641f8fcaa0f8f5622c88d904e9e20 |
| SHA256 | 2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd |
| SHA512 | 79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\bit_generator.pyd
| MD5 | 4f9e45169d349a4922a251df4af06b12 |
| SHA1 | eb4c248b9b5fecc0518d5fbc77652bc8509cc8e3 |
| SHA256 | 9ad713f6a93c26bb733a90f877b50d51d7f22eef161aa58e40735a5cec149501 |
| SHA512 | 90dcd6f1e35dde8a37690a2c70036f6903ce868e0bfdce930941ea71dc58de5748dcd4fd1af8745d85aca7d643199512ddc628615382f26340eda3fb229113b5 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\fft\_pocketfft_internal.pyd
| MD5 | 79f63fa108140ba54d5aea030df4be95 |
| SHA1 | 1ae3b933106095928c54e1dba66f0966f98ce48b |
| SHA256 | 207c894d4a97d5eac328a87936b1c5a160cf1163d8b3f59b3c43792d9b5224a4 |
| SHA512 | 8bef8bcc947c6d7b07a6b9d40eac134c4190abbc302a175e1e7b8d70a2eea8f2f7a9aaa0a0ff6b1fb74f6d7153cf6d63f8fb9d822bc58e98621f54c94c45bd81 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\core\_multiarray_tests.pyd
| MD5 | 54192025aa4449a24e8c84ae0f25b164 |
| SHA1 | 381f50a8354c4abb12b76fa6e74fd526fbce2da9 |
| SHA256 | c31d1abe635e9006caa9fedda260dd4e4fdba31fbdcc8ac0969ab0396a0c6c4e |
| SHA512 | 1a3210c5c24a86d6cd6e3f2c19ba211611d5054cf04f6f5d22268a99f9ce6a8f61cab41d0d636e6163605180a94e90f0cf2b3832b2c3f731371fe4fd3d96a5c7 |
memory/2400-1031-0x00007FFE8F140000-0x00007FFE911F6000-memory.dmp