Malware Analysis Report

2025-08-05 09:09

Sample ID 240325-b361dsce62
Target 4480d63a90a0688c746403e1619450e9.bin
SHA256 9a639d7a67be8419c8d2adee9f18122c6f2f60d7d52c4cc873707add5d7c1227
Tags
socks5systemz botnet discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9a639d7a67be8419c8d2adee9f18122c6f2f60d7d52c4cc873707add5d7c1227

Threat Level: Known bad

The file 4480d63a90a0688c746403e1619450e9.bin was found to be: Known bad.

Malicious Activity Summary

socks5systemz botnet discovery

Detect Socks5Systemz Payload

Socks5Systemz

Loads dropped DLL

Unexpected DNS network traffic destination

Executes dropped EXE

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-25 01:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 01:41

Reported

2024-03-25 01:43

Platform

win7-20240221-en

Max time kernel

145s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe"

Signatures

Detect Socks5Systemz Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Socks5Systemz

botnet socks5systemz

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 152.89.198.214 N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2208 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2912 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe

"C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe"

C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp

"C:\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp" /SL5="$70120,1788021,54272,C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe"

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

"C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe" -i

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

"C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe" -s

Network

Country Destination Domain Proto
RU 152.89.198.214:53 aiwabkd.ru udp
MD 45.142.214.240:80 aiwabkd.ru tcp

Files

memory/2208-0-0x0000000000400000-0x0000000000414000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-MSDIR.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp

MD5 d394fc26de69f06950dc1c71959b0261
SHA1 7c9448fc3582f19763eaa8e3c5383b7873aee017
SHA256 405e474735b776fc09dc71d3a5b44c50b9e2c745cdf7e79eb89dc791866ffe2a
SHA512 63ef7265aac27715f5b799b588955dd5df3f49ecd0042fba69d0effe7dfe24d6777079677a809e817e4e8243a2185ca9c3a8022c9247bb2a070c213f06d7bc10

memory/2912-7-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-6S76S.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

\Users\Admin\AppData\Local\Temp\is-6S76S.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

MD5 36034616bd610bfff5c595bd9da7a3fb
SHA1 5e32a6df5c008b7c02b861436ec47886b5ea7c52
SHA256 4e8223269a0a95a4b8791f7f8be7e7545649b8a9259f8cf621f371b1ebc9b8aa
SHA512 204c01db479203a04ff4b304ba18fe48516b9c347a81286a589dbdcb3a69f6b1e464b8c69653bb0f1ad23cb142ff6df92b5181759864e6df85608a46b8b5c8f6

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

MD5 5803e8b58d24fde2937c1251406e57fd
SHA1 bebe3722d8d77864b91b7a97aed423123b4fa8be
SHA256 2afd906a1c936677dd9db125d8bf4cc734e680be6da244babf419c9ba48f8fdc
SHA512 75a8ada6bb7c3c3f007b6c99a243eac034451c7b12f7273c45092cc07fdc8f3efbd6fadc0f24b24d592d9dd7fed87a6886d37a4695bfd5a3406ea81eadfad32c

memory/2912-41-0x0000000003420000-0x0000000003631000-memory.dmp

memory/2812-43-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2812-45-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2812-44-0x0000000000400000-0x0000000000611000-memory.dmp

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

MD5 85116302d8af3431e866b1a5d0cf5d5e
SHA1 09e15b963c590fb5054f1e1c84ecdc0ce2526a6d
SHA256 f20413a98b4094027921ed785672cebc78251a9977c572d0dd77804460734fe1
SHA512 957cb4a3b2017542ea4dc6e3903255f3de14a282c8a34ea244602fa91584a7965e594258ac86b0e1f323dcdd1b3f3fb33d65fdbe43d4747f1282d59e1cc6cfbc

memory/2812-48-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-50-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-52-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2208-53-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2912-54-0x0000000000400000-0x00000000004B8000-memory.dmp

memory/2568-55-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2912-56-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2912-57-0x0000000003420000-0x0000000003631000-memory.dmp

memory/2568-60-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-63-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-64-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-67-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-70-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-73-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-74-0x0000000002650000-0x00000000026F2000-memory.dmp

memory/2568-80-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-83-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-86-0x0000000002650000-0x00000000026F2000-memory.dmp

memory/2568-87-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-90-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-93-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-96-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-100-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2568-103-0x0000000000400000-0x0000000000611000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-25 01:41

Reported

2024-03-25 01:43

Platform

win10v2004-20231215-en

Max time kernel

142s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe"

Signatures

Detect Socks5Systemz Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Socks5Systemz

botnet socks5systemz

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 91.211.247.248 N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3940 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 3940 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 3940 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp
PID 2548 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2548 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2548 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2548 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2548 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe
PID 2548 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe

"C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe"

C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp" /SL5="$40218,1788021,54272,C:\Users\Admin\AppData\Local\Temp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.exe"

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

"C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe" -i

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

"C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe" -s

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
LT 91.211.247.248:53 erkwizl.ua udp
MD 45.142.214.240:80 erkwizl.ua tcp
US 8.8.8.8:53 248.247.211.91.in-addr.arpa udp
NL 89.105.201.183:2023 tcp
US 8.8.8.8:53 183.201.105.89.in-addr.arpa udp
US 8.8.8.8:53 240.214.142.45.in-addr.arpa udp

Files

memory/3940-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3940-2-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-5L5E7.tmp\2b6d8240ec9d04c86a70334f9d04d47188a8962d7cccfe1553ba6e9e77040518.tmp

MD5 d394fc26de69f06950dc1c71959b0261
SHA1 7c9448fc3582f19763eaa8e3c5383b7873aee017
SHA256 405e474735b776fc09dc71d3a5b44c50b9e2c745cdf7e79eb89dc791866ffe2a
SHA512 63ef7265aac27715f5b799b588955dd5df3f49ecd0042fba69d0effe7dfe24d6777079677a809e817e4e8243a2185ca9c3a8022c9247bb2a070c213f06d7bc10

memory/2548-7-0x0000000002340000-0x0000000002341000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1E1L6.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

MD5 85116302d8af3431e866b1a5d0cf5d5e
SHA1 09e15b963c590fb5054f1e1c84ecdc0ce2526a6d
SHA256 f20413a98b4094027921ed785672cebc78251a9977c572d0dd77804460734fe1
SHA512 957cb4a3b2017542ea4dc6e3903255f3de14a282c8a34ea244602fa91584a7965e594258ac86b0e1f323dcdd1b3f3fb33d65fdbe43d4747f1282d59e1cc6cfbc

memory/2112-38-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2112-43-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2112-42-0x0000000000400000-0x0000000000611000-memory.dmp

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

MD5 b6a141e73365cedd9edb23e72ad26ce1
SHA1 4fdea62ac5b5a02e6159bbdc93218d839bf0464c
SHA256 ce8ed1c411258eb9d5b5c70d9218ef6839f8df961170c37043f3aa66cf1b2fd5
SHA512 eee683ffeca04eb2e6d2f682eeb8383d587f6f9e546cba1bce3b7dbff2e5af3b2443a099462371bb7242197e343838d98a6b666e6092fda5b734b04295445d1f

C:\Users\Admin\AppData\Local\Color Picker\colorpicker.exe

MD5 45758d712a9fc88ef8ad0537b26ac643
SHA1 1b48a13c1acb2666ab1159b8db4fd412aacb1610
SHA256 0306c06112f93e2b2f3c4abf7abd23a8e13233c4c6d2d28d60752fae8ad4420a
SHA512 eb01d1b914bbc65293563b07deaba6bbc836d04dc7f3940e1f6d2aac8d76887f7df22193d2c29deb13a4788d3217d13837c15e0d003816759bec47029f9c2512

memory/2112-39-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-46-0x0000000000400000-0x0000000000611000-memory.dmp

memory/3940-47-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2548-48-0x0000000000400000-0x00000000004B8000-memory.dmp

memory/892-49-0x0000000000400000-0x0000000000611000-memory.dmp

memory/2548-50-0x0000000002340000-0x0000000002341000-memory.dmp

memory/892-53-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-54-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-57-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-60-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-63-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-64-0x0000000000800000-0x00000000008A2000-memory.dmp

memory/892-68-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-69-0x0000000000800000-0x00000000008A2000-memory.dmp

memory/892-74-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-77-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-78-0x0000000000800000-0x00000000008A2000-memory.dmp

memory/892-81-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-84-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-87-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-90-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-91-0x0000000000800000-0x00000000008A2000-memory.dmp

memory/892-92-0x0000000000800000-0x00000000008A2000-memory.dmp

memory/892-96-0x0000000000400000-0x0000000000611000-memory.dmp

memory/892-99-0x0000000000400000-0x0000000000611000-memory.dmp