Analysis Overview
SHA256
e04b61d1ca799559e8e22b4df62e49c134934fad3e9efe55d7336d171e4009d7
Threat Level: Known bad
The file 42af7513c4f90b903faea61ef6f3730e was found to be: Known bad.
Malicious Activity Summary
BitRAT
Detect ZGRat V1
ZGRat
Checks computer location settings
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-05 03:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-05 03:52
Reported
2024-01-05 03:55
Platform
win7-20231215-en
Max time kernel
0s
Max time network
121s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ZGRat
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1992 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 1992 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 1992 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 1992 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
"C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
Files
memory/1992-0-0x00000000002D0000-0x000000000051E000-memory.dmp
memory/1992-1-0x0000000074BC0000-0x00000000752AE000-memory.dmp
memory/1992-2-0x0000000004580000-0x00000000045C0000-memory.dmp
memory/2328-5-0x000000006FE10000-0x00000000703BB000-memory.dmp
memory/2328-9-0x0000000002730000-0x0000000002770000-memory.dmp
memory/2328-8-0x0000000002730000-0x0000000002770000-memory.dmp
memory/2328-7-0x000000006FE10000-0x00000000703BB000-memory.dmp
memory/2328-6-0x0000000002730000-0x0000000002770000-memory.dmp
memory/2328-10-0x000000006FE10000-0x00000000703BB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LFRKQ2I9LTB8QBRMLIUY.temp
| MD5 | f194a34d8debfa0823a215a37bc1d9f9 |
| SHA1 | 74ff9592e37907cdab3f98f3a0ff1605f0b9e688 |
| SHA256 | 0969ecadde5434130e7e21d8185830cb6e4fdbd5c578590d595f2de61dd7ca94 |
| SHA512 | 4c0e4d0371472efa7135bce813f1f1b1f1704ae56057ab8c27f2a324fc1b846abdb04644260bf49bc80066200e2ea074955c24583d845701c99753e6e0b28849 |
memory/2148-17-0x0000000002F90000-0x0000000002FD0000-memory.dmp
memory/2148-20-0x0000000002F90000-0x0000000002FD0000-memory.dmp
memory/2148-19-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2148-18-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2148-16-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2148-21-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2340-28-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/2340-31-0x0000000002E40000-0x0000000002E80000-memory.dmp
memory/2340-30-0x0000000002E40000-0x0000000002E80000-memory.dmp
memory/2340-29-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/2340-32-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/2660-39-0x0000000002B30000-0x0000000002B70000-memory.dmp
memory/2660-40-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2660-38-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2660-41-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2520-47-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/2520-49-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/2520-50-0x0000000001CB0000-0x0000000001CF0000-memory.dmp
memory/2520-48-0x0000000001CB0000-0x0000000001CF0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2520-51-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/1992-57-0x0000000074BC0000-0x00000000752AE000-memory.dmp
memory/2028-60-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/1992-63-0x0000000004580000-0x00000000045C0000-memory.dmp
memory/2028-62-0x0000000002E00000-0x0000000002E40000-memory.dmp
memory/2028-61-0x0000000002E00000-0x0000000002E40000-memory.dmp
memory/2028-59-0x0000000002E00000-0x0000000002E40000-memory.dmp
memory/2028-58-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2220-70-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2220-71-0x0000000002120000-0x0000000002160000-memory.dmp
memory/2220-74-0x0000000002120000-0x0000000002160000-memory.dmp
memory/2220-73-0x0000000002120000-0x0000000002160000-memory.dmp
memory/2220-72-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2028-64-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2276-81-0x000000006FE40000-0x00000000703EB000-memory.dmp
memory/2276-85-0x0000000002E80000-0x0000000002EC0000-memory.dmp
memory/2276-84-0x0000000002E80000-0x0000000002EC0000-memory.dmp
memory/2276-83-0x000000006FE40000-0x00000000703EB000-memory.dmp
memory/2276-82-0x0000000002E80000-0x0000000002EC0000-memory.dmp
memory/2220-75-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/2276-86-0x000000006FE40000-0x00000000703EB000-memory.dmp
memory/1668-94-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/1668-96-0x00000000027B0000-0x00000000027F0000-memory.dmp
memory/1668-95-0x00000000027B0000-0x00000000027F0000-memory.dmp
memory/1668-93-0x00000000027B0000-0x00000000027F0000-memory.dmp
memory/1668-92-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/112-105-0x0000000002C40000-0x0000000002C80000-memory.dmp
memory/112-108-0x0000000002C40000-0x0000000002C80000-memory.dmp
memory/112-107-0x0000000002C40000-0x0000000002C80000-memory.dmp
memory/112-106-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/112-104-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/1668-97-0x000000006FEB0000-0x000000007045B000-memory.dmp
memory/1992-110-0x0000000009070000-0x0000000009294000-memory.dmp
memory/1992-112-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-120-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-128-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-134-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-142-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-150-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-156-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-164-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-170-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-174-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-172-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-168-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-175-0x00000000050E0000-0x0000000005152000-memory.dmp
memory/1992-166-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-162-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-160-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-158-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-154-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-152-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-148-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-146-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-144-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-140-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-138-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-136-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-132-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-130-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-126-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-124-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-122-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-118-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-116-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-114-0x0000000009070000-0x000000000928F000-memory.dmp
memory/1992-111-0x0000000009070000-0x000000000928F000-memory.dmp
memory/112-109-0x000000006FE80000-0x000000007042B000-memory.dmp
memory/1992-2561-0x0000000074BC0000-0x00000000752AE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-05 03:52
Reported
2024-01-05 03:57
Platform
win10v2004-20231215-en
Max time kernel
58s
Max time network
201s
Command Line
Signatures
BitRAT
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ZGRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
"C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
C:\Users\Admin\AppData\Local\Temp\42af7513c4f90b903faea61ef6f3730e.exe
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| SE | 185.157.160.147:1975 | tcp | |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| SE | 185.157.160.147:1975 | tcp | |
| GB | 87.248.204.0:80 | tcp | |
| GB | 87.248.204.0:80 | tcp | |
| GB | 87.248.204.0:80 | tcp | |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.134.221.88.in-addr.arpa | udp |
Files
memory/4708-0-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4708-1-0x00000000000D0000-0x000000000031E000-memory.dmp
memory/4708-2-0x0000000005370000-0x0000000005914000-memory.dmp
memory/4708-3-0x0000000004CF0000-0x0000000004D82000-memory.dmp
memory/4708-4-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/4708-5-0x0000000004DC0000-0x0000000004DCA000-memory.dmp
memory/756-7-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/756-6-0x0000000004B50000-0x0000000004B86000-memory.dmp
memory/756-8-0x0000000004C40000-0x0000000004C50000-memory.dmp
memory/756-9-0x0000000004C40000-0x0000000004C50000-memory.dmp
memory/756-10-0x0000000005280000-0x00000000058A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_54wiaoku.m2v.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/756-18-0x0000000005B30000-0x0000000005B96000-memory.dmp
memory/756-17-0x0000000005A50000-0x0000000005AB6000-memory.dmp
memory/756-11-0x0000000005240000-0x0000000005262000-memory.dmp
memory/756-23-0x0000000005CA0000-0x0000000005FF4000-memory.dmp
memory/756-25-0x0000000006170000-0x00000000061BC000-memory.dmp
memory/756-24-0x0000000006110000-0x000000000612E000-memory.dmp
memory/756-26-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/3460-28-0x0000000004D40000-0x0000000004D50000-memory.dmp
memory/3460-30-0x0000000005B40000-0x0000000005E94000-memory.dmp
memory/3460-29-0x0000000004D40000-0x0000000004D50000-memory.dmp
memory/3460-27-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/3460-40-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4236-42-0x0000000000F10000-0x0000000000F20000-memory.dmp
memory/4236-41-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4708-43-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4424-53-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4708-55-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/4424-54-0x0000000002D90000-0x0000000002DA0000-memory.dmp
memory/4752-58-0x0000000002870000-0x0000000002880000-memory.dmp
memory/4424-60-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4236-59-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4752-57-0x0000000002870000-0x0000000002880000-memory.dmp
memory/4752-56-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2240-70-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2632-71-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2632-72-0x0000000004930000-0x0000000004940000-memory.dmp
memory/2632-75-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2204-77-0x00000000053F0000-0x0000000005400000-memory.dmp
memory/2204-78-0x00000000053F0000-0x0000000005400000-memory.dmp
memory/2204-76-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4752-74-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2632-73-0x0000000004930000-0x0000000004940000-memory.dmp
memory/1844-88-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4708-100-0x0000000006370000-0x0000000006594000-memory.dmp
memory/4708-101-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-104-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-106-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-102-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-108-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-112-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-114-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-116-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-122-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-124-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-130-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-132-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-138-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-136-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-142-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-146-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-150-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-154-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-156-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-160-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-162-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-164-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-158-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-165-0x0000000006970000-0x00000000069E6000-memory.dmp
memory/4708-152-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-148-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-144-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-140-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-134-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-128-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-126-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-120-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-118-0x0000000006370000-0x000000000658F000-memory.dmp
memory/4708-110-0x0000000006370000-0x000000000658F000-memory.dmp
memory/1844-99-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2204-89-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/4708-166-0x00000000025B0000-0x0000000002622000-memory.dmp
memory/4708-2551-0x00000000069F0000-0x0000000006A0E000-memory.dmp
memory/4708-2558-0x0000000075010000-0x00000000757C0000-memory.dmp
memory/2812-2557-0x0000000000400000-0x00000000007CE000-memory.dmp
memory/2812-2560-0x0000000074F20000-0x0000000074F59000-memory.dmp
memory/2812-2568-0x00000000752A0000-0x00000000752D9000-memory.dmp
memory/2812-2569-0x0000000000400000-0x00000000007CE000-memory.dmp
memory/2812-2572-0x00000000752A0000-0x00000000752D9000-memory.dmp
memory/2812-2575-0x00000000752A0000-0x00000000752D9000-memory.dmp