Malware Analysis Report

2025-08-05 23:58

Sample ID 240324-sdjx1add49
Target 74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91
SHA256 74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91
Tags
socks5systemz botnet discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91

Threat Level: Known bad

The file 74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91 was found to be: Known bad.

Malicious Activity Summary

socks5systemz botnet discovery

Detect Socks5Systemz Payload

Socks5Systemz

Loads dropped DLL

Unexpected DNS network traffic destination

Executes dropped EXE

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-24 15:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-24 15:00

Reported

2024-03-24 15:03

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe"

Signatures

Detect Socks5Systemz Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Socks5Systemz

botnet socks5systemz

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 91.211.247.248 N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4140 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp
PID 4140 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp
PID 4140 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp
PID 316 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 316 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 316 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 316 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 316 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 316 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

Processes

C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe

"C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe"

C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp" /SL5="$70064,1927047,54272,C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe"

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

"C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe" -i

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

"C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe" -s

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
LT 91.211.247.248:53 beeabez.com udp
US 8.8.8.8:53 248.247.211.91.in-addr.arpa udp
MD 45.142.214.240:80 beeabez.com tcp
BG 93.123.39.238:2023 tcp
US 8.8.8.8:53 240.214.142.45.in-addr.arpa udp
US 8.8.8.8:53 238.39.123.93.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
SE 192.229.221.95:80 tcp

Files

memory/4140-0-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-4B4O9.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp

MD5 5a1e3d46cb5a24f8e50b2a59d2ba1cf3
SHA1 fe86894c4757c144449bc744649b7fb9e03346f1
SHA256 d3a2c2ce7d70b3b9c30faf3f72bf4ebcdea8f331d6b6cac5dae906327997985d
SHA512 a27dc5c443abb31826b14e514aa717be5bf0f548b82170f79705f45ca28abaedc485c5b8738044735f61eca9e1f0ca659b519a3947551404085d07202ae709af

memory/316-6-0x00000000006A0000-0x00000000006A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-C39IA.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

MD5 b347167a660c271a5e46da17b4d2ed2e
SHA1 1b924c44838230a69a108bb3ca5da4569f44d94b
SHA256 2a65cae99af2cc9ecb0bad0276a5c5063c837546723dad07f28457a127949211
SHA512 0c8145f72a34a7e9f0739b7541ecf3722cf4fc01ec615dfd988e3ef409b2a4e7360ca8da874701c3fea26aba35339e49595d338c8eff66664bcb0479469999e6

memory/4708-37-0x0000000000400000-0x0000000000633000-memory.dmp

memory/4708-38-0x0000000000400000-0x0000000000633000-memory.dmp

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

MD5 c1888076b9d1fcb3fbea22c7ae9c4efa
SHA1 68cffdd86f24c026347f1954bcdeb25070dbf332
SHA256 4578f40c62734e6f65d1463dd632bb51b01fe3ef19941ee504454085096f3429
SHA512 a81793e23b80d30f6be5983fa7870a1e848dfc4b46ee9287d702c8b695fc5b50a1f8b8dabc71e84f03945faa9818410f6d48315cb2ec0afc0c46ccc632d6d50d

memory/4708-40-0x0000000000400000-0x0000000000633000-memory.dmp

memory/4708-42-0x0000000000400000-0x0000000000633000-memory.dmp

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

MD5 2976e79d536cd5ad67b1964672932e27
SHA1 62a76042d5c9d43e88d8b529a26e40a6b3a93913
SHA256 22197ebaa9577382c2b27fe6aae89cd7c28204fe874ade90320baee6d286c6ff
SHA512 4d51950a18619d3ad9c43b7e50bef1c62c9e8234bd7c8a58ef8d097f1fc399277a03047e09ae8fc69ecb0e96eb5b227515bd72de35542240b9db061e229f43e6

memory/3816-44-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-46-0x0000000000400000-0x0000000000633000-memory.dmp

memory/4140-47-0x0000000000400000-0x0000000000414000-memory.dmp

memory/316-48-0x0000000000400000-0x00000000004B8000-memory.dmp

memory/3816-49-0x0000000000400000-0x0000000000633000-memory.dmp

memory/316-50-0x00000000006A0000-0x00000000006A1000-memory.dmp

memory/3816-53-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-54-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-57-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-60-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-63-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-66-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-68-0x00000000008C0000-0x0000000000962000-memory.dmp

memory/3816-74-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-77-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-78-0x00000000008C0000-0x0000000000962000-memory.dmp

memory/3816-81-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-84-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-87-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-90-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-91-0x00000000008C0000-0x0000000000962000-memory.dmp

memory/3816-92-0x00000000008C0000-0x0000000000962000-memory.dmp

memory/3816-96-0x0000000000400000-0x0000000000633000-memory.dmp

memory/3816-99-0x0000000000400000-0x0000000000633000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-24 15:00

Reported

2024-03-24 15:03

Platform

win11-20240221-en

Max time kernel

148s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe"

Signatures

Detect Socks5Systemz Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Socks5Systemz

botnet socks5systemz

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 45.155.250.90 N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2404 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp
PID 2404 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp
PID 2404 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp
PID 1020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 1020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 1020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 1020 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 1020 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe
PID 1020 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

Processes

C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe

"C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe"

C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp" /SL5="$600DC,1927047,54272,C:\Users\Admin\AppData\Local\Temp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.exe"

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

"C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe" -i

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

"C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe" -s

Network

Country Destination Domain Proto
SE 45.155.250.90:53 dtqjhde.info udp
MD 45.142.214.240:80 dtqjhde.info tcp
BG 93.123.39.238:2023 tcp
US 8.8.8.8:53 238.39.123.93.in-addr.arpa udp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp

Files

memory/2404-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2404-2-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9TV9U.tmp\74c8cd8ed8ea31c6c767410eb34802743933c4ffdba348f8beb4bb6d07ff0d91.tmp

MD5 5a1e3d46cb5a24f8e50b2a59d2ba1cf3
SHA1 fe86894c4757c144449bc744649b7fb9e03346f1
SHA256 d3a2c2ce7d70b3b9c30faf3f72bf4ebcdea8f331d6b6cac5dae906327997985d
SHA512 a27dc5c443abb31826b14e514aa717be5bf0f548b82170f79705f45ca28abaedc485c5b8738044735f61eca9e1f0ca659b519a3947551404085d07202ae709af

memory/1020-7-0x0000000002440000-0x0000000002441000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-47K0I.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

MD5 b347167a660c271a5e46da17b4d2ed2e
SHA1 1b924c44838230a69a108bb3ca5da4569f44d94b
SHA256 2a65cae99af2cc9ecb0bad0276a5c5063c837546723dad07f28457a127949211
SHA512 0c8145f72a34a7e9f0739b7541ecf3722cf4fc01ec615dfd988e3ef409b2a4e7360ca8da874701c3fea26aba35339e49595d338c8eff66664bcb0479469999e6

memory/1228-38-0x0000000000400000-0x0000000000633000-memory.dmp

memory/1228-39-0x0000000000400000-0x0000000000633000-memory.dmp

memory/1228-40-0x0000000000400000-0x0000000000633000-memory.dmp

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

MD5 1642df0fefca25a03dfe6b78202f9881
SHA1 fa45b836081920fe8b501f79773297b740ed55ce
SHA256 ebaadb1179e377dcdbfe742307d7e5ee1662c60925f5514f73974877727ddcb8
SHA512 650ee9160a5d300c2f14d7cfbf08982a4159d14daf9ff67fc22681ce9878008d672c422e8bd61087cd1d57db595188f0a6ea2dda43b2e6cde7b83e0a7635b0ac

C:\Users\Admin\AppData\Local\Site Free Edition\sitefreeedition.exe

MD5 60b61cb4f21584ca890e4e5bbee41cfe
SHA1 32a347ce3a88604811c1f37b92d8c731ff579751
SHA256 b1f2859d94faa804215b51a6b50d12c58c074044f8fc72523c7be6ffbadff0fb
SHA512 fdcc8290d9f6c4c5a857dfc8c9760e15b3f2c2f85840255fb2eb69fa9bcfbcb3e2693035180a99b96a0d593bddc4120721c9a0f16916f8eb197b413f18fb2190

memory/1228-43-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-46-0x0000000000400000-0x0000000000633000-memory.dmp

memory/2404-47-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1020-48-0x0000000000400000-0x00000000004B8000-memory.dmp

memory/5072-49-0x0000000000400000-0x0000000000633000-memory.dmp

memory/1020-50-0x0000000002440000-0x0000000002441000-memory.dmp

memory/5072-53-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-54-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-57-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-60-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-63-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-66-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-67-0x0000000000970000-0x0000000000A12000-memory.dmp

memory/5072-73-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-76-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-77-0x0000000000970000-0x0000000000A12000-memory.dmp

memory/5072-80-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-83-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-86-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-89-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-90-0x0000000000970000-0x0000000000A12000-memory.dmp

memory/5072-91-0x0000000000970000-0x0000000000A12000-memory.dmp

memory/5072-95-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5072-98-0x0000000000400000-0x0000000000633000-memory.dmp