Malware Analysis Report

2025-04-14 05:15

Sample ID 201215-25hnhh2kce
Target SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587
SHA256 121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8
Tags
masslogger spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8

Threat Level: Known bad

The file SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587 was found to be: Known bad.

Malicious Activity Summary

masslogger spyware stealer upx

MassLogger

MassLogger log file

UPX packed file

Loads dropped DLL

Checks computer location settings

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-12-15 02:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-12-15 02:35

Reported

2020-12-15 02:37

Platform

win7v20201028

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe"

Signatures

MassLogger

stealer spyware masslogger

MassLogger log file

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Reads user/profile data of web browsers

spyware

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 2024 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe

"{path}"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 api.ipify.org udp
N/A 23.21.42.25:80 api.ipify.org tcp
N/A 8.8.8.8:53 mail.bhavnatutor.com udp
N/A 162.211.86.20:587 mail.bhavnatutor.com tcp
N/A 8.8.8.8:53 www.download.windowsupdate.com udp

Files

memory/2024-2-0x0000000074230000-0x000000007491E000-memory.dmp

memory/2024-3-0x0000000000B50000-0x0000000000B51000-memory.dmp

memory/2024-5-0x00000000003E0000-0x00000000003EE000-memory.dmp

memory/2024-6-0x0000000008730000-0x00000000088CE000-memory.dmp

memory/1512-7-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-8-0x0000000000559DFE-mapping.dmp

memory/1512-9-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-10-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-11-0x0000000074230000-0x000000007491E000-memory.dmp

memory/1512-14-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-15-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-16-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-17-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-18-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-19-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-20-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-21-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-22-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-23-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-24-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-25-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-26-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-27-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-28-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-29-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-30-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-31-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-32-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-34-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-35-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-36-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-37-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-38-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-39-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-40-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-33-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-41-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-43-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-44-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-45-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-46-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-47-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-48-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-49-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-50-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-51-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-52-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-53-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-54-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-55-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-56-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-57-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-42-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-59-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-60-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-61-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-62-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-63-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-64-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-65-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-66-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-67-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-68-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-69-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-70-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-71-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-72-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-73-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-58-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-75-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-76-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-77-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-78-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-79-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-80-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-81-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-82-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-83-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-84-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-74-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-85-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-86-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-87-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-88-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-89-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-90-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-91-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-92-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-93-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-94-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-95-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-96-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-97-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-98-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-99-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-100-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-101-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-102-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-103-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-104-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-105-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-106-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-107-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-108-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-109-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-110-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-111-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-112-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-113-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-115-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-116-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-117-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-118-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-119-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-120-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-121-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-122-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-123-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-124-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-125-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-126-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-127-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-128-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-129-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-130-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-131-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-114-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-133-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-134-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-135-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-136-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-137-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-138-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-139-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-140-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-141-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-142-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-143-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-132-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-145-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-146-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-147-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-148-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-149-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-150-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-144-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-151-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-152-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-153-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-154-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-155-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-156-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-157-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-158-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-159-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-160-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-161-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-162-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-163-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-164-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-165-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-166-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-167-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-168-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-169-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-170-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-171-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-172-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-173-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-174-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-175-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-176-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-177-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-178-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-179-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-180-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-181-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-182-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-183-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-184-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-185-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-186-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-187-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-188-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-189-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-190-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-191-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-192-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-193-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-194-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-195-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-196-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-197-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-198-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-199-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-200-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-201-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-202-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-203-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-204-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-205-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-207-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-206-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-208-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-209-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-210-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-212-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-213-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-214-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-215-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-216-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-217-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-211-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-218-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-220-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-221-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-222-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-223-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-224-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-219-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-225-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-226-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-228-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-229-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-230-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-231-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-227-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-232-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-233-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-234-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-235-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-236-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-237-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-238-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-239-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-240-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-241-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-242-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-243-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-244-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-245-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-246-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-248-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-249-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-247-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-250-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-251-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-252-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-253-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-254-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-255-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-256-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-257-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-258-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-259-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-260-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-261-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-262-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-263-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-264-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-265-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-266-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-267-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-268-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-269-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-270-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-271-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-272-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-273-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-274-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-275-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-276-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-277-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-278-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-279-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-280-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-281-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-282-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-283-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-284-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-285-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-286-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-287-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-288-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-289-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-290-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-291-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-292-0x0000000000400000-0x000000000055E000-memory.dmp

memory/1512-293-0x0000000000400000-0x000000000055E000-memory.dmp

\Users\Admin\AppData\Local\Temp\Costura\8E3603ED8A0381E02887C1DBBE921340\32\sqlite.interop.dll

MD5 e81aeac387c5db32b7f9b07d15e788e0
SHA1 829be6eaf1cb0d82b2ddfc98272e1087f4a7a7c3
SHA256 44f31f99f048bfc5195937353b5207332e455bcd5a722bcfd32cacfd93f60f06
SHA512 cc6a96325a01c50c059706a1f4156f109e502ef9c0b0f5de209d1f52e7cc973cebc027f57ed988e9d1b8fca62746b60ee7430d608de95cdd0e5ac3cb61fbe32e

memory/1512-295-0x0000000000370000-0x00000000003AE000-memory.dmp

memory/1512-300-0x0000000006200000-0x000000000628D000-memory.dmp

memory/1512-301-0x0000000005F80000-0x0000000005FD9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-12-15 02:35

Reported

2020-12-15 02:37

Platform

win10v20201028

Max time kernel

134s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe"

Signatures

MassLogger

stealer spyware masslogger

MassLogger log file

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Reads user/profile data of web browsers

spyware

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
PID 3584 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe

"{path}"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 api.ipify.org udp
N/A 54.243.119.179:80 api.ipify.org tcp
N/A 8.8.8.8:53 mail.bhavnatutor.com udp
N/A 162.211.86.20:587 mail.bhavnatutor.com tcp

Files

memory/3584-2-0x0000000073900000-0x0000000073FEE000-memory.dmp

memory/3584-3-0x0000000000E90000-0x0000000000E91000-memory.dmp

memory/3584-5-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

memory/3584-6-0x00000000058B0000-0x00000000058B1000-memory.dmp

memory/3584-7-0x0000000005890000-0x0000000005891000-memory.dmp

memory/3584-8-0x00000000092A0000-0x00000000092A1000-memory.dmp

memory/3584-9-0x0000000008E20000-0x0000000008E2E000-memory.dmp

memory/3584-10-0x0000000009B90000-0x0000000009D2E000-memory.dmp

memory/3584-11-0x0000000009DD0000-0x0000000009DD1000-memory.dmp

memory/2984-12-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-13-0x0000000000559DFE-mapping.dmp

memory/2984-15-0x0000000073900000-0x0000000073FEE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe.log

MD5 3fed8d1dd11972a6e2603bb2d73a3ee5
SHA1 7ecb7f64ade7b91c5815da647e84167c3d95afb4
SHA256 eecf6c0575dc995a485d46a5daaa66f58229e552f16782d873834d218ab17551
SHA512 ca6059eb67f800cc666d5146d24070abf5ee08209f8f9d1668a0ca2201eb3f6fa013c2d807b09925e12b82c37686980fcc26a6a5e4a5ba129c4b2a585961d3bb

memory/2984-18-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-20-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-21-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-22-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-19-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-23-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-24-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-25-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-26-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-28-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-27-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-29-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-30-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-31-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-32-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-33-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-34-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-35-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-36-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-37-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-38-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-39-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-40-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-41-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-42-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-43-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-44-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-45-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-48-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-47-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-49-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-50-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-46-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-51-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-52-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-53-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-54-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-55-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-56-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-57-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-58-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-59-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-60-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-61-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-62-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-63-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-64-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-65-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-66-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-67-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-68-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-69-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-70-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-71-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-72-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-73-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-74-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-75-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-76-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-77-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-78-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-80-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-79-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-82-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-81-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-83-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-84-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-85-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-86-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-87-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-88-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-89-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-90-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-92-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-91-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-94-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-93-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-95-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-96-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-97-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-98-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-99-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-100-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-101-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-103-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-102-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-104-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-105-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-106-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-107-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-108-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-109-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-110-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-111-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-112-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-113-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-114-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-115-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-116-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-117-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-118-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-119-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-120-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-121-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-122-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-123-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-124-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-125-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-126-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-127-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-128-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-129-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-130-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-131-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-132-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-133-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-134-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-136-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-135-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-137-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-138-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-140-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-139-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-141-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-142-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-143-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-144-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-145-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-146-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-147-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-148-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-149-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-150-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-151-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-152-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-153-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-154-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-155-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-156-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-157-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-158-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-159-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-160-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-161-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-162-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-163-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-164-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-165-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-166-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-167-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-168-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-169-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-170-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-171-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-172-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-173-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-174-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-175-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-177-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-176-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-178-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-179-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-180-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-181-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-182-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-183-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-184-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-185-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-186-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-187-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-189-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-188-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-190-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-191-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-193-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-192-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-194-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-195-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-196-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-197-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-198-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-199-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-200-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-201-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-202-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-203-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-204-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-205-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-206-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-207-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-208-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-209-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-210-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-211-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-212-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-213-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-214-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-215-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-216-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-217-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-218-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-219-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-220-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-221-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-222-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-223-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-224-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-225-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-226-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-227-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-228-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-229-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-230-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-231-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-232-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-233-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-234-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-235-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-236-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-237-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-238-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-239-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-240-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-241-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-242-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-243-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-244-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-245-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-246-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-247-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-248-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-249-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-250-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-251-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-252-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-253-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-254-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-255-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-256-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-257-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-258-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-259-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-260-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-261-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-262-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-263-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-264-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-265-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-266-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-267-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-268-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-269-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-270-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-271-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-272-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-273-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-274-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-275-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-276-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-277-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-278-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-279-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-280-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-281-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-282-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-283-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-285-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-284-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-286-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-287-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-288-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-289-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-290-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-291-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-292-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-293-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-294-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-295-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-296-0x0000000000400000-0x000000000055E000-memory.dmp

memory/2984-297-0x0000000000400000-0x000000000055E000-memory.dmp

\Users\Admin\AppData\Local\Temp\Costura\8E3603ED8A0381E02887C1DBBE921340\32\sqlite.interop.dll

MD5 e81aeac387c5db32b7f9b07d15e788e0
SHA1 829be6eaf1cb0d82b2ddfc98272e1087f4a7a7c3
SHA256 44f31f99f048bfc5195937353b5207332e455bcd5a722bcfd32cacfd93f60f06
SHA512 cc6a96325a01c50c059706a1f4156f109e502ef9c0b0f5de209d1f52e7cc973cebc027f57ed988e9d1b8fca62746b60ee7430d608de95cdd0e5ac3cb61fbe32e

memory/2984-301-0x0000000005FB0000-0x0000000005FB1000-memory.dmp

memory/2984-303-0x0000000007800000-0x000000000783E000-memory.dmp

memory/2984-304-0x0000000008260000-0x0000000008261000-memory.dmp

memory/2984-305-0x000000000A2B0000-0x000000000A2B1000-memory.dmp

memory/2984-308-0x000000000A600000-0x000000000A68D000-memory.dmp

memory/2984-309-0x000000000D690000-0x000000000D6E9000-memory.dmp

memory/2984-310-0x000000000D6F0000-0x000000000D6F1000-memory.dmp