Malware Analysis Report

2025-08-10 19:57

Sample ID 250630-w49sws1ybx
Target 30062025_1829_Shipping Bill28060483 dated 28062025.PDF.zip
SHA256 e2ddf82263d14205ee0daf3bb3a975ed253fc867ab438f8535a53e6de3d4454a
Tags
strrat discovery persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e2ddf82263d14205ee0daf3bb3a975ed253fc867ab438f8535a53e6de3d4454a

Threat Level: Known bad

The file 30062025_1829_Shipping Bill28060483 dated 28062025.PDF.zip was found to be: Known bad.

Malicious Activity Summary

strrat discovery persistence stealer trojan

STRRAT

Strrat family

Drops startup file

Adds Run key to start application

System Network Configuration Discovery: Internet Connection Discovery

Suspicious use of WriteProcessMemory

Scheduled Task/Job: Scheduled Task

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-30 18:29

Signatures

Strrat family

strrat

Analysis: behavioral2

Detonation Overview

Submitted

2025-06-30 18:29

Reported

2025-06-30 18:34

Platform

win11-20250619-en

Max time kernel

295s

Max time network

298s

Command Line

java -jar "C:\Users\Admin\AppData\Local\Temp\Shipping Bill2806083 dated 28062025.PDF.jar"

Signatures

STRRAT

trojan stealer strrat

Strrat family

strrat

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill2806083 dated 28062025.PDF.jar C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-625765727-1271952295-745797415-1000\Software\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\SYSTEM32\cmd.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\java.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\AppData\Local\Temp\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Windows\SYSTEM32\cmd.exe

cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Windows\system32\schtasks.exe

schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

Network

Country Destination Domain Proto
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp

Files

memory/1472-2-0x000001D680000000-0x000001D680270000-memory.dmp

memory/1472-12-0x000001D680270000-0x000001D680280000-memory.dmp

memory/1472-14-0x000001D680280000-0x000001D680290000-memory.dmp

memory/1472-16-0x000001D680290000-0x000001D6802A0000-memory.dmp

memory/1472-20-0x000001D6802B0000-0x000001D6802C0000-memory.dmp

memory/1472-19-0x000001D6802A0000-0x000001D6802B0000-memory.dmp

memory/1472-23-0x000001D6802C0000-0x000001D6802D0000-memory.dmp

memory/1472-24-0x000001D6802D0000-0x000001D6802E0000-memory.dmp

memory/1472-26-0x000001D6802E0000-0x000001D6802F0000-memory.dmp

memory/1472-28-0x000001D6802F0000-0x000001D680300000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill2806083 dated 28062025.PDF.jar

MD5 8a30b5e4b7e88307428e06d20a2c215e
SHA1 258651d8b434c450f31d0ca53f7b3b0777fd6532
SHA256 d4a0cff4585e4c3f173848935b24350a882edd846dc58a52cff5809a30e38cc9
SHA512 2c8f5062f0ef5c59fce3dda07317695b3059c743e687fcb0422eadb62c745e9db5166be9ca924e521276d3a2b7b66d0a2ca1ff7d029c43c3eb8cd258570c7f94

memory/1472-34-0x000001D6F8F50000-0x000001D6F8F51000-memory.dmp

memory/1472-44-0x000001D6802E0000-0x000001D6802F0000-memory.dmp

memory/1472-43-0x000001D6802D0000-0x000001D6802E0000-memory.dmp

memory/1472-42-0x000001D6802C0000-0x000001D6802D0000-memory.dmp

memory/1472-41-0x000001D6802B0000-0x000001D6802C0000-memory.dmp

memory/1472-40-0x000001D6802A0000-0x000001D6802B0000-memory.dmp

memory/1472-39-0x000001D680290000-0x000001D6802A0000-memory.dmp

memory/1472-38-0x000001D680280000-0x000001D680290000-memory.dmp

memory/1472-37-0x000001D680270000-0x000001D680280000-memory.dmp

memory/1472-36-0x000001D680000000-0x000001D680270000-memory.dmp

memory/4544-48-0x0000026880000000-0x0000026880270000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4544-67-0x00000268F5ED0000-0x00000268F5ED1000-memory.dmp

memory/4544-69-0x0000026880000000-0x0000026880270000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-30 18:29

Reported

2025-06-30 18:34

Platform

win10v2004-20250619-en

Max time kernel

293s

Max time network

297s

Command Line

java -jar "C:\Users\Admin\AppData\Local\Temp\Shipping Bill2806083 dated 28062025.PDF.jar"

Signatures

STRRAT

trojan stealer strrat

Strrat family

strrat

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill2806083 dated 28062025.PDF.jar C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Windows\SYSTEM32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\java.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\AppData\Local\Temp\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Windows\SYSTEM32\cmd.exe

cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

C:\Windows\system32\schtasks.exe

schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
US 8.8.8.8:53 giversclub.dns04.com udp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp
FR 194.59.30.123:1750 giversclub.dns04.com tcp

Files

memory/1448-2-0x000001D0EC090000-0x000001D0EC300000-memory.dmp

memory/1448-14-0x000001D0EC310000-0x000001D0EC320000-memory.dmp

memory/1448-13-0x000001D0EC300000-0x000001D0EC310000-memory.dmp

memory/1448-17-0x000001D0EC320000-0x000001D0EC330000-memory.dmp

memory/1448-18-0x000001D0EC330000-0x000001D0EC340000-memory.dmp

memory/1448-24-0x000001D0EC360000-0x000001D0EC370000-memory.dmp

memory/1448-23-0x000001D0EC350000-0x000001D0EC360000-memory.dmp

memory/1448-22-0x000001D0EC340000-0x000001D0EC350000-memory.dmp

memory/1448-27-0x000001D0EC370000-0x000001D0EC380000-memory.dmp

memory/1448-29-0x000001D0EC380000-0x000001D0EC390000-memory.dmp

memory/1448-30-0x000001D0EC390000-0x000001D0EC3A0000-memory.dmp

memory/1448-36-0x000001D0EA830000-0x000001D0EA831000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Shipping Bill2806083 dated 28062025.PDF.jar

MD5 8a30b5e4b7e88307428e06d20a2c215e
SHA1 258651d8b434c450f31d0ca53f7b3b0777fd6532
SHA256 d4a0cff4585e4c3f173848935b24350a882edd846dc58a52cff5809a30e38cc9
SHA512 2c8f5062f0ef5c59fce3dda07317695b3059c743e687fcb0422eadb62c745e9db5166be9ca924e521276d3a2b7b66d0a2ca1ff7d029c43c3eb8cd258570c7f94

memory/1448-39-0x000001D0EC090000-0x000001D0EC300000-memory.dmp

memory/1448-49-0x000001D0EC390000-0x000001D0EC3A0000-memory.dmp

memory/1448-48-0x000001D0EC380000-0x000001D0EC390000-memory.dmp

memory/1448-47-0x000001D0EC370000-0x000001D0EC380000-memory.dmp

memory/1448-46-0x000001D0EC360000-0x000001D0EC370000-memory.dmp

memory/1448-45-0x000001D0EC350000-0x000001D0EC360000-memory.dmp

memory/1448-44-0x000001D0EC340000-0x000001D0EC350000-memory.dmp

memory/1448-43-0x000001D0EC330000-0x000001D0EC340000-memory.dmp

memory/1448-42-0x000001D0EC320000-0x000001D0EC330000-memory.dmp

memory/1448-41-0x000001D0EC310000-0x000001D0EC320000-memory.dmp

memory/1448-40-0x000001D0EC300000-0x000001D0EC310000-memory.dmp

memory/2908-53-0x000001BBB26B0000-0x000001BBB2920000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 24e065d0ebd8442d90edae56e3eda8d3
SHA1 6f848b248203f11fe3d14b0b54a94e71e04500db
SHA256 180b67a9611e296d6a472cef416b335c135b469c74e66bb878e825a583f55631
SHA512 b3d7389ddaca45fa7dd86af0e966a19bb51bfd2095c3db38fdcc228bd77fe27b9d94705d00c2ae98af23678f012901a7302c638bfa63a7ece53c4178a3c294f5

memory/2908-64-0x000001BBB2920000-0x000001BBB2930000-memory.dmp

memory/2908-66-0x000001BBB2930000-0x000001BBB2940000-memory.dmp

memory/2908-68-0x000001BBB2940000-0x000001BBB2950000-memory.dmp

memory/2908-73-0x000001BBB2960000-0x000001BBB2970000-memory.dmp

memory/2908-72-0x000001BBB2950000-0x000001BBB2960000-memory.dmp

memory/2908-76-0x000001BBB2970000-0x000001BBB2980000-memory.dmp

memory/2908-78-0x000001BBB2990000-0x000001BBB29A0000-memory.dmp

memory/2908-77-0x000001BBB2980000-0x000001BBB2990000-memory.dmp

memory/2908-80-0x000001BBB29A0000-0x000001BBB29B0000-memory.dmp

memory/2908-81-0x000001BBB2690000-0x000001BBB2691000-memory.dmp

memory/2908-82-0x000001BBB26B0000-0x000001BBB2920000-memory.dmp

memory/2908-83-0x000001BBB2920000-0x000001BBB2930000-memory.dmp

memory/2908-84-0x000001BBB2930000-0x000001BBB2940000-memory.dmp

memory/2908-86-0x000001BBB2940000-0x000001BBB2950000-memory.dmp

memory/2908-88-0x000001BBB2960000-0x000001BBB2970000-memory.dmp

memory/2908-87-0x000001BBB2950000-0x000001BBB2960000-memory.dmp

memory/2908-89-0x000001BBB2970000-0x000001BBB2980000-memory.dmp

memory/2908-91-0x000001BBB2990000-0x000001BBB29A0000-memory.dmp

memory/2908-90-0x000001BBB2980000-0x000001BBB2990000-memory.dmp

memory/2908-92-0x000001BBB29A0000-0x000001BBB29B0000-memory.dmp

memory/2908-95-0x000001BBB29B0000-0x000001BBB29C0000-memory.dmp