ZIRAT BANKA.IFT MESAJI

General
Target

ZIRAT BANKA.IFT MESAJI.exe

Filesize

1MB

Completed

16-06-2020 09:53

Score
10 /10
MD5

96463f1796847224b85a96752b59ff17

SHA1

ca05cf6c0eac29a22d1296a15804cec36a908347

SHA256

1f1e1c079253f774dc02a7ff4e103a781573288802ba8c87af6790626fbcfca6

Malware Config

Extracted

Path C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt
Family masslogger
Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/16/2020 11:52:28 AM MassLogger Started: 6/16/2020 11:52:25 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:
Signatures 11

Filter: none

  • Executes dropped EXE
    InstallUtil.exe

    Reported IOCs

    pidprocess
    384InstallUtil.exe
  • Suspicious use of SetWindowsHookEx
    InstallUtil.exe

    Reported IOCs

    pidprocess
    384InstallUtil.exe
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

    Reported IOCs

    flowioc
    5api.ipify.org
  • Suspicious use of AdjustPrivilegeToken
    ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe

    Reported IOCs

    descriptionpidprocess
    Token: SeDebugPrivilege804ZIRAT BANKA.IFT MESAJI.exe
    Token: SeDebugPrivilege384InstallUtil.exe
  • Suspicious use of SetThreadContext
    ZIRAT BANKA.IFT MESAJI.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 804 set thread context of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
  • Suspicious use of WriteProcessMemory
    ZIRAT BANKA.IFT MESAJI.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
    PID 804 wrote to memory of 384804ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe
  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

    Reported IOCs

    yara_rule
    masslogger_log_file
  • Suspicious behavior: AddClipboardFormatListener
    InstallUtil.exe

    Reported IOCs

    pidprocess
    384InstallUtil.exe
  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

  • Suspicious behavior: EnumeratesProcesses
    ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe

    Reported IOCs

    pidprocess
    804ZIRAT BANKA.IFT MESAJI.exe
    804ZIRAT BANKA.IFT MESAJI.exe
    804ZIRAT BANKA.IFT MESAJI.exe
    384InstallUtil.exe
    384InstallUtil.exe
  • Loads dropped DLL
    ZIRAT BANKA.IFT MESAJI.exe

    Reported IOCs

    pidprocess
    804ZIRAT BANKA.IFT MESAJI.exe
Processes 2
  • C:\Users\Admin\AppData\Local\Temp\ZIRAT BANKA.IFT MESAJI.exe
    "C:\Users\Admin\AppData\Local\Temp\ZIRAT BANKA.IFT MESAJI.exe"
    Suspicious use of AdjustPrivilegeToken
    Suspicious use of SetThreadContext
    Suspicious use of WriteProcessMemory
    Suspicious behavior: EnumeratesProcesses
    Loads dropped DLL
    PID:804
    • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe"
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of AdjustPrivilegeToken
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: EnumeratesProcesses
      PID:384
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe

                          • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe

                          • \Users\Admin\AppData\Local\Temp\InstallUtil.exe

                          • memory/384-66-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-6-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-7-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-4-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-9-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-10-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-11-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-12-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-13-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-14-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-15-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-16-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-17-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-18-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-19-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-20-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-21-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-22-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-23-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-24-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-25-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-26-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-27-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-28-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-29-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-30-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-31-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-32-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-33-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-34-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-35-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-36-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-37-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-38-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-39-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-40-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-41-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-42-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-43-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-44-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-45-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-46-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-47-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-48-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-49-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-50-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-51-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-52-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-53-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-54-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-55-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-56-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-57-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-58-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-59-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-60-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-61-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-62-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-63-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-64-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-65-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-260-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-67-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-68-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-69-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-70-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-71-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-72-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-73-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-74-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-75-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-76-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-77-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-78-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-79-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-80-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-81-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-82-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-83-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-84-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-85-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-86-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-87-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-88-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-89-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-90-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-91-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-92-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-93-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-94-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-95-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-96-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-97-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-98-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-99-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-100-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-101-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-102-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-103-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-104-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-105-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-106-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-107-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-108-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-109-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-110-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-111-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-112-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-113-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-114-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-115-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-116-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-117-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-118-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-119-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-120-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-121-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-122-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-123-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-124-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-125-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-126-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-127-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-128-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-129-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-130-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-131-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-132-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-133-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-134-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-135-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-136-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-137-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-138-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-139-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-140-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-141-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-142-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-143-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-144-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-145-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-146-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-147-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-148-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-149-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-150-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-151-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-152-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-153-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-154-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-155-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-156-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-157-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-158-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-159-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-160-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-161-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-162-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-163-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-164-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-165-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-166-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-167-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-168-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-169-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-170-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-171-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-172-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-173-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-174-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-175-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-176-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-177-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-178-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-179-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-180-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-181-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-182-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-183-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-184-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-185-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-186-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-187-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-188-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-189-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-190-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-191-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-192-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-193-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-194-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-195-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-196-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-197-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-198-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-199-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-200-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-201-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-202-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-203-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-204-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-205-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-206-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-207-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-208-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-209-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-210-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-211-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-212-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-213-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-214-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-215-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-216-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-217-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-218-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-219-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-220-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-221-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-222-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-223-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-224-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-225-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-226-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-227-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-228-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-229-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-230-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-231-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-232-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-233-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-234-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-235-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-236-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-237-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-238-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-239-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-240-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-241-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-242-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-243-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-244-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-245-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-246-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-247-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-248-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-249-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-250-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-251-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-252-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-253-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-254-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-255-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-256-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-257-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-258-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-259-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/384-261-0x0000000000400000-0x00000000004A8000-memory.dmp

                          • memory/804-1-0x0000000000000000-0x0000000000000000-disk.dmp