Analysis
-
max time kernel
1250s -
max time network
1250s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 21:02
General
-
Target
https://anonfiles.com/3eqaq5Y2u9/TrafficBot_7.60_rar
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Registers COM server for autorun 1 TTPs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Downloads MZ/PE file
-
Executes dropped EXE 23 IoCs
-
Modifies Windows Firewall 1 TTPs
-
Drops startup file 4 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 1 IoCs
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 7 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 10 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 2 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe1⤵
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation2⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork2⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs2⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskeng.exetaskeng.exe {2A01A96A-B67F-4A4E-B482-79210683D7C9} S-1-5-18:NT AUTHORITY\System:Service:3⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE "[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"4⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService2⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted2⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted2⤵
- Modifies Internet Explorer settings
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4703⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch2⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}3⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}3⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe /Processid:{b6195073-7093-421d-8aa0-77f4e4b1d544}2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://anonfiles.com/3eqaq5Y2u9/TrafficBot_7.60_rar2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://anonfiles.com/3eqaq5Y2u9/TrafficBot_7.60_rar3⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.0.828200798\1706778218" -parentBuildID 20200403170909 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 1 -prefMapSize 219799 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 1272 gpu4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.3.211857467\787760434" -childID 1 -isForBrowser -prefsHandle 1728 -prefMapHandle 1724 -prefsLen 156 -prefMapSize 219799 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 1772 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.13.180309017\469327637" -childID 2 -isForBrowser -prefsHandle 2620 -prefMapHandle 2616 -prefsLen 7013 -prefMapSize 219799 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 2632 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.20.117848371\519810011" -childID 3 -isForBrowser -prefsHandle 3088 -prefMapHandle 3132 -prefsLen 7013 -prefMapSize 219799 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 2532 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.27.269473457\1783571977" -childID 4 -isForBrowser -prefsHandle 6024 -prefMapHandle 3044 -prefsLen 8543 -prefMapSize 219799 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 7572 tab4⤵
-
C:\Users\Admin\Downloads\7z1900-x64.exe"C:\Users\Admin\Downloads\7z1900-x64.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TrafficBot_7.60\" -spe -an -ai#7zMap13935:92:7zEvent101322⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TrafficBot_7.60\License-Password.txt2⤵
- Opens file in notepad (likely ransom note)
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\" -spe -an -ai#7zMap9303:122:7zEvent240792⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\User_Agents.txt2⤵
- Opens file in notepad (likely ransom note)
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exe"C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exe"C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\DiabolicLabs.exe"C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\DiabolicLabs.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\CHROME UPDATE.EXE"C:\Users\Admin\AppData\Local\Temp\CHROME UPDATE.EXE"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"cmd" cmd /c powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA" & powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA=" & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA"5⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA="5⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "servicesupdate" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\servicesupdate.exe"4⤵
-
C:\Windows\system32\cmd.exe"cmd" cmd /c "C:\Users\Admin\AppData\Roaming\Microsoft\servicesupdate.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\servicesupdate.exeC:\Users\Admin\AppData\Roaming\Microsoft\servicesupdate.exe5⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"cmd" cmd /c powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA" & powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA=" & exit6⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA"7⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA="7⤵
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Telemetry\sihost64.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Telemetry\sihost64.exe"6⤵
- Executes dropped EXE
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" "uflniqjjzekonnq"7⤵
-
C:\Users\Admin\AppData\Local\Temp\CHROME.EXE"C:\Users\Admin\AppData\Local\Temp\CHROME.EXE"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"cmd" cmd /c powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA" & powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA=" & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA"5⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA="5⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\nslookup.exeC:\Windows\System32\nslookup.exe4⤵
- Drops file in Windows directory
-
C:\Windows\system32\cmd.exe"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\services.exe"4⤵
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "services" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\services.exe"5⤵
- Creates scheduled task(s)
-
C:\Windows\system32\cmd.exe"cmd" cmd /c "C:\Users\Admin\AppData\Roaming\Microsoft\services.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\services.exeC:\Users\Admin\AppData\Roaming\Microsoft\services.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\system32\cmd.exe"cmd" cmd /c powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA" & powershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA=" & exit6⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAALQBGAG8AcgBjAGUA"7⤵
- Drops file in System32 directory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -EncodedCommand "QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIABAACgAJwBlAHgAZQAnACwAJwBkAGwAbAAnACkAIAAtAEYAbwByAGMAZQA="7⤵
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Telemetry\sihost64.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Telemetry\sihost64.exe"6⤵
- Executes dropped EXE
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" "uflniqjjzekonnq"7⤵
-
C:\Windows\System32\nslookup.exeC:\Windows\System32\nslookup.exe sftvajqyhq0 Xji3FXYfqqI2timPThbgZueMNpSES88mLhMz2ywydJS5a+kDe4w1mLzYsRI/LuCd6FAArVGer+fGI7AGs5V/i1l3RkntgnURxXlB6//2VjxVCI+Y6C+CXIc06SY0rs6kBeXVFHc2CHK39Mfl0SjCv7idMDtIMYnUkXuL3CDdDxh8N8AmoKBatGiJsH0Rbb52aAJmb4vq3sWUtVan9b4riuhJfhV7s/ssXFVbyBZM7oqx/ZG1guFpT334AoH/LyKl2GU3UlJ+xWa5R9QGSALZ93yai32VNe3EiSxlcjwWccfm4+dDfYIe1/oNXvKQcvYm58w4oha65/CLmmwfV0MRLFUmx7aZywYBY41aLenObWAPiQmf9dzCvLpdIhSZMVhKh2WQMM3g7f6U+DzDbAIQ6KKyVRXQ9i4ep5kcxvRG7GVQSXXvE7U0aRZThxD21wjOx5m07be+XADWn0AVjktWo33v6RYjetPkeb6WXmTp08Oqlj3o88lt8OE0RVizcsjhdCFoi9TI+IockCfmpTYG1sHOnaPjLG0RiVNb+yqvAtXiy8zKnecp7CZuu4b/jiFW8sQelPXB9cVk01Kkb4I1daMatStvVzc0KSVG8mKggxec8XjPfyFNTdwC6YmaLprIY1qtgre6j93Lsp4RvRk08GiA7Z8m7c93+5XI8z6UdPqP50axZPkt4XplOgRZuDsdsULEm5QwCfDQ453GqGAbN1KbMIIsyvIkYTlNPgq06Pz1T5lVNMVXeFpapiDKKOdEjwiidghJqBkx9fGVUUJ5hROYSaHIe3H7XBQ2uA1aylhpGUQf8xpWLy+t1n9yA8YzzS9mX8HkCswg+95bJbWIXuHdgBsFKKgR+r/4nuEK11pTaplR1OK+cnNprdEfTuWu6⤵
-
C:\Users\Admin\AppData\Local\Temp\GOOGLE CHROME.EXE"C:\Users\Admin\AppData\Local\Temp\GOOGLE CHROME.EXE"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- outlook_office_path
- outlook_win_path
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "GOOGLE CHROME.EXE"4⤵
-
C:\Windows\SysWOW64\timeout.exeC:\Windows\system32\timeout.exe 35⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "servicesupdate" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\servicesupdate.exe"4⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\NOTEPAD.EXE"C:\Users\Admin\AppData\Local\Temp\NOTEPAD.EXE"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\WinCFG\Libs\sihost64.exe"C:\Users\Admin\AppData\Roaming\WinCFG\Libs\sihost64.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"3⤵
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
-
C:\Users\Admin\AppData\Local\Temp\WINDOWS UPDATE.EXE"C:\Users\Admin\AppData\Local\Temp\WINDOWS UPDATE.EXE"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\server.exe"C:\Users\Admin\AppData\Local\Temp\server.exe"4⤵
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE5⤵
-
C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE"C:\Users\Admin\AppData\Local\Temp\WINDOWS.EXE"3⤵
- Executes dropped EXE
- Windows security modification
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /42⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\DiabolicLabs\" -spe -an -ai#7zMap16513:180:7zEvent219212⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\NOTEPAD.EXE"C:\Users\Admin\AppData\Local\Temp\NOTEPAD.EXE"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\WinCFG\Libs\sihost64.exe"C:\Users\Admin\AppData\Roaming\WinCFG\Libs\sihost64.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\Services.exe"C:\Users\Admin\Services.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\lpksetup-20211208-153819-0.log2⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1642797737-1378151535-1000223227-1544198674-1040131951794419277-948854786592144445"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1135402411-66593050760811220-259049040-1028538545-2012946550120231027-636488727"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "80348711763897213510869997191811060718-2037164005-14934280305609181251735704326"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "586550628-166897286-355698210-1470191344885423153-1737787030-2077182068-1608056034"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1022371437-26328759-840736382-1993826790-945844420343929616934003080-1437656253"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\7-Zip\7z.dllMD5
72491c7b87a7c2dd350b727444f13bb4
SHA11e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA25634ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511
-
C:\Program Files\7-Zip\7zG.exeMD5
04fb3ae7f05c8bc333125972ba907398
SHA1df22612647e9404a515d48ebad490349685250de
SHA2562fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef
SHA51294c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2
-
C:\Program Files\7-Zip\7zG.exeMD5
04fb3ae7f05c8bc333125972ba907398
SHA1df22612647e9404a515d48ebad490349685250de
SHA2562fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef
SHA51294c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2
-
C:\Users\Admin\Downloads\7z1900-x64.exeMD5
d7b20f933be6cdae41efbe75548eba5f
SHA19fa11a63b43f83980e0b48dc9ba2cb59d545a4e8
SHA2560f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e
SHA512af8f38679e16c996ffac152cac49369cf4b609abbd2cad07f49a114a82c6b5e564be29630c0fd2418110cf1a3d0ef3c9cc12f9164a69a575c91d9b98ce0df1a9
-
C:\Users\Admin\Downloads\7z1900-x64.exeMD5
d7b20f933be6cdae41efbe75548eba5f
SHA19fa11a63b43f83980e0b48dc9ba2cb59d545a4e8
SHA2560f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e
SHA512af8f38679e16c996ffac152cac49369cf4b609abbd2cad07f49a114a82c6b5e564be29630c0fd2418110cf1a3d0ef3c9cc12f9164a69a575c91d9b98ce0df1a9
-
C:\Users\Admin\Downloads\TrafficBot_7.60.rarMD5
13a929c9a8322dcbe9951f21dafd6777
SHA17b3826b5f9d105b08cb420b9506942dc0bb569d9
SHA256cd345067d0ce266d6f2e2fe89d096b5b5ea2f9569ec76bb151982ac32deda640
SHA512701a8dcafca019b6a7d868de44201f158fd2f41da623d3921d46fda5c4a7ec119dde739e86bf02faee0426f643bcd04b9803be2232ba78ae1a3a98412e543c1b
-
C:\Users\Admin\Downloads\TrafficBot_7.60\License-Password.txtMD5
5cab683c84bfbe320e78993ea3a051ba
SHA1d2d22563d8af2d492dedb0f4606e6b93d9e3af3a
SHA2565c29b9d289d7e9fe2de31da520cc8d8a90a458d543e781772cbb2a15d17703a2
SHA512dfb65c84b7754cfb80b7dd9c384633deae66e13ab4d4aa8be1021e93d49db21fc1240da4422537ed410d36706d1fe0a6f619d06dae7d4649d2d1e8db96d5e68e
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60.zipMD5
28ff0eac51c966fdc22dddc729a1cbf7
SHA1c36196ac7717209017b394ad65f8ba32d5f54edb
SHA256c485fac4892d86f341a1994f6214014d405a47f564702cd79f278c21a3d3f916
SHA512067cd703388d20e611418cf271ab23ead78857add9072eb5182167f1d7f549e3746bb88e808dda8776a1f114ca3e7549425cc12835a9e2d00732032bdd1be82d
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\MSVCP120.dllMD5
fd5cabbe52272bd76007b68186ebaf00
SHA1efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA25687c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA5121563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\MSVCR120.dllMD5
034ccadc1c073e4216e9466b720f9849
SHA1f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
SHA25686e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
SHA5125f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icudt56.dllMD5
38f6cf4d7bd9a592422aaa9ffff9f62f
SHA1a07c9e29cccd6222babed37070413c324f54d584
SHA2564195579bcc38b1224a6ecd6906285b70b2e643b30804d93f29171ebde97ebe51
SHA5125c7cb6b17c30f1d4e780aa52bc0c5b3d3b34a1c9a1343f7a89e5d7075e5417853af56444e203fabd249394bf5b1c8a8e64ab1a26fc48567818c36dec1056825b
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icuin56.dllMD5
109a802aaa0177266cf0d045b8c26c56
SHA1d179cb4c6c4c2598c02aabb75e0ceb8bad9dea12
SHA25658356af3f49e25ed2201d3367eb3ca49dec8ec78d5711475719778eba3cfd8ad
SHA5127ef37ad4ac93cb7b938162d29409aca87a485cdd2a8ce8e1060f7877d7501abda650c9636023a5cad220f39cb1da461b7b1b7c0d7b10feed087d4e1ac589a7ad
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icuuc56.dllMD5
cd75f5084539123b8664d05a42649498
SHA1b91b090f7b86f2f3b7ec53a0d97ed613028c0d38
SHA256db4a924f2de1998590918702abe526cfc5579646c8f327e14e445e62b1f789d4
SHA512c143011751ee90a6fcfedc6655f69b307c0d80b339a9a3875877b882903f9b098e23b8709f611e89164a60e576f6a3e9fc02410e4eb1c3d1938b6f554ec07535
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\lgpllibs.dllMD5
6e218202cf13e07df71b28a5cb797387
SHA166dda784733d960e5e29186e6a4b8b91dd440101
SHA2568546698d1c5e38cd055e41ed9b5787bfd0299aac0c2923c5759884b5a9b944b8
SHA512e9214525234ec0bb3f6562f3723965e1255e84d04e591279bfa489a618584ecee6f0dfe6bdb4ae2955325b9ea916e8553817eb760ae8db6197ed59ee60f0656e
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\mozglue.DLLMD5
67360640285661eb1004c704d760f7ad
SHA148effcc57c6eebcd672d612c115ebc6e7a6170a8
SHA2560edcfa424f9da0d1894d99b99db4de8ea1b31f7717e8e14dd643f87d4d1c8eb6
SHA5122e1017d2e7fabd6c42e615915248466ebb7aa7559dfaefb198fd82c36f6b5c3eaf14e912018e270a4b03dfc1bce8c18339aaa771a0f87fd42205be85ee64d73b
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\nss3.dllMD5
165fa7cd4a06c3b14eb24ffce036f69b
SHA12db9c1412cb60034f7f576ab5924e118e245883c
SHA2564c965ab79d4c7131f87d5cde7ecc8923be8d26e86f4ee3a6a15463aeb97a413a
SHA5128c8be2674562c3df88b7aaaa7340413542acaddfe89d6baec56781ce66ba2a98f3a04a2111eb9aca2110bd1f7f8966b703468c9c714035e6aabd1b5d3d197959
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\sandboxbroker.dllMD5
e15060600dd74baff625e75132beb6af
SHA1940196d0a449be1b57683da9df573aff8bcb126b
SHA256c58556ea4237f702c5893756006788cb17b5ef16b8d97bfede1c51432c35ab79
SHA5126f26287c7918a6bd61a6c8ad6e1a3ef8b3a34407774928129056c6994c547dd53f0fa58251d4f5bd4dde09accdde6a227ccc0adc9ba47adee2b304b516dc3f6a
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Core.dllMD5
850e3d7a1dde0b423c45fa230775d3d1
SHA1a67c4f82a6b7c9601a55fc3447abe963ecca3891
SHA256dabff9f0ee61a9cd171e49e7590493c3c65d5eebdd6b63d872f8bf729e18c31a
SHA512c7df9a0933d4f7e3de4ecd00fb7004a0de78f7e1c38fa603f74da9c3b9cd47659a9141aa1f34fcf30436c01808f5e84230e53368d43bca2a41151087846157ae
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Winforms.dllMD5
57ff6cf5c0f164cfdff058811230b567
SHA190e4716419465318b7756f50821d473ae9aca833
SHA2569f66e91690954d85d316e84f94b04e5cdc6491b8b6c2efbee3952e7932abe640
SHA512933f94ff0b45abfe6c004566e16580d1e4f428b7554f3f52ec6bcaaf4848d8ac5c4a72ac2870f57ab9669b6fe0a475b5210cd37391d9ed72ad7e66fc6e114576
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\User_Agents.txtMD5
0324426dff9441b8b99117d4ced56e8a
SHA198ab9953c4cc092af2ceb96a9ae1fcc57b22aa12
SHA2569f376bd68251c6b9e41a769873d3263d10d6b9697de741588072d38b4c2badac
SHA5127c3938697b294d88c53b81dfd2f49fe8efc1d0b0c214eab8f588e2dbd961a037b8a43ffb20f813bb22e3d3f6c15bc4b44cf749c53e668ce8b1b674a485c21fb1
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exeMD5
27d67b34cb127432802292d756ccca2c
SHA1c46142e2557913d287592293f9870a98a195779a
SHA256ed6b51230a730b3e99fbe149856fa0c95d6dfa5e9bb474435bca9e038908cda7
SHA512664dac169a7d445eaa14cffd014f9f1b0044843d3fb89351b9f12e5d4c085ee864c31e8b3d748c5db0cc69cddd4b4a9421740f743734450d5027d7fdaab72bd5
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exeMD5
27d67b34cb127432802292d756ccca2c
SHA1c46142e2557913d287592293f9870a98a195779a
SHA256ed6b51230a730b3e99fbe149856fa0c95d6dfa5e9bb474435bca9e038908cda7
SHA512664dac169a7d445eaa14cffd014f9f1b0044843d3fb89351b9f12e5d4c085ee864c31e8b3d748c5db0cc69cddd4b4a9421740f743734450d5027d7fdaab72bd5
-
C:\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\dengine.exeMD5
27d67b34cb127432802292d756ccca2c
SHA1c46142e2557913d287592293f9870a98a195779a
SHA256ed6b51230a730b3e99fbe149856fa0c95d6dfa5e9bb474435bca9e038908cda7
SHA512664dac169a7d445eaa14cffd014f9f1b0044843d3fb89351b9f12e5d4c085ee864c31e8b3d748c5db0cc69cddd4b4a9421740f743734450d5027d7fdaab72bd5
-
\Program Files\7-Zip\7-zip.dllMD5
1193cbe87e8c399b0d52c6789ad560ed
SHA139b0cfa96f37f943aa7c993d2199bb590efbc14b
SHA256d7104b8ca24d8bd9bf42675418e7a807ffc738d25d20b613e25c274672b2d530
SHA512989841e2265d676c17e8474b4aff65b37846030433243c6bceac957368e009a7538740535c78cb09b55dee65da6908ae245ce7cdb4386b0b1d8421609a6cef7f
-
\Program Files\7-Zip\7z.dllMD5
72491c7b87a7c2dd350b727444f13bb4
SHA11e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA25634ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511
-
\Program Files\7-Zip\7z.dllMD5
72491c7b87a7c2dd350b727444f13bb4
SHA11e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA25634ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511
-
\Program Files\7-Zip\7zFM.exeMD5
c8f40f25f783a52262bdaedeb5555427
SHA1e45e198607c8d7398745baa71780e3e7a2f6deca
SHA256e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316
SHA512f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191
-
\Program Files\7-Zip\7zG.exeMD5
04fb3ae7f05c8bc333125972ba907398
SHA1df22612647e9404a515d48ebad490349685250de
SHA2562fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef
SHA51294c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2
-
\Program Files\7-Zip\7zG.exeMD5
04fb3ae7f05c8bc333125972ba907398
SHA1df22612647e9404a515d48ebad490349685250de
SHA2562fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef
SHA51294c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2
-
\Program Files\7-Zip\7zG.exeMD5
04fb3ae7f05c8bc333125972ba907398
SHA1df22612647e9404a515d48ebad490349685250de
SHA2562fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef
SHA51294c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2
-
\Program Files\7-Zip\7zG.exeMD5
04fb3ae7f05c8bc333125972ba907398
SHA1df22612647e9404a515d48ebad490349685250de
SHA2562fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef
SHA51294c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icudt56.dllMD5
38f6cf4d7bd9a592422aaa9ffff9f62f
SHA1a07c9e29cccd6222babed37070413c324f54d584
SHA2564195579bcc38b1224a6ecd6906285b70b2e643b30804d93f29171ebde97ebe51
SHA5125c7cb6b17c30f1d4e780aa52bc0c5b3d3b34a1c9a1343f7a89e5d7075e5417853af56444e203fabd249394bf5b1c8a8e64ab1a26fc48567818c36dec1056825b
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icudt56.dllMD5
38f6cf4d7bd9a592422aaa9ffff9f62f
SHA1a07c9e29cccd6222babed37070413c324f54d584
SHA2564195579bcc38b1224a6ecd6906285b70b2e643b30804d93f29171ebde97ebe51
SHA5125c7cb6b17c30f1d4e780aa52bc0c5b3d3b34a1c9a1343f7a89e5d7075e5417853af56444e203fabd249394bf5b1c8a8e64ab1a26fc48567818c36dec1056825b
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icuin56.dllMD5
109a802aaa0177266cf0d045b8c26c56
SHA1d179cb4c6c4c2598c02aabb75e0ceb8bad9dea12
SHA25658356af3f49e25ed2201d3367eb3ca49dec8ec78d5711475719778eba3cfd8ad
SHA5127ef37ad4ac93cb7b938162d29409aca87a485cdd2a8ce8e1060f7877d7501abda650c9636023a5cad220f39cb1da461b7b1b7c0d7b10feed087d4e1ac589a7ad
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icuin56.dllMD5
109a802aaa0177266cf0d045b8c26c56
SHA1d179cb4c6c4c2598c02aabb75e0ceb8bad9dea12
SHA25658356af3f49e25ed2201d3367eb3ca49dec8ec78d5711475719778eba3cfd8ad
SHA5127ef37ad4ac93cb7b938162d29409aca87a485cdd2a8ce8e1060f7877d7501abda650c9636023a5cad220f39cb1da461b7b1b7c0d7b10feed087d4e1ac589a7ad
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icuuc56.dllMD5
cd75f5084539123b8664d05a42649498
SHA1b91b090f7b86f2f3b7ec53a0d97ed613028c0d38
SHA256db4a924f2de1998590918702abe526cfc5579646c8f327e14e445e62b1f789d4
SHA512c143011751ee90a6fcfedc6655f69b307c0d80b339a9a3875877b882903f9b098e23b8709f611e89164a60e576f6a3e9fc02410e4eb1c3d1938b6f554ec07535
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\icuuc56.dllMD5
cd75f5084539123b8664d05a42649498
SHA1b91b090f7b86f2f3b7ec53a0d97ed613028c0d38
SHA256db4a924f2de1998590918702abe526cfc5579646c8f327e14e445e62b1f789d4
SHA512c143011751ee90a6fcfedc6655f69b307c0d80b339a9a3875877b882903f9b098e23b8709f611e89164a60e576f6a3e9fc02410e4eb1c3d1938b6f554ec07535
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\lgpllibs.dllMD5
6e218202cf13e07df71b28a5cb797387
SHA166dda784733d960e5e29186e6a4b8b91dd440101
SHA2568546698d1c5e38cd055e41ed9b5787bfd0299aac0c2923c5759884b5a9b944b8
SHA512e9214525234ec0bb3f6562f3723965e1255e84d04e591279bfa489a618584ecee6f0dfe6bdb4ae2955325b9ea916e8553817eb760ae8db6197ed59ee60f0656e
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\mozglue.dllMD5
67360640285661eb1004c704d760f7ad
SHA148effcc57c6eebcd672d612c115ebc6e7a6170a8
SHA2560edcfa424f9da0d1894d99b99db4de8ea1b31f7717e8e14dd643f87d4d1c8eb6
SHA5122e1017d2e7fabd6c42e615915248466ebb7aa7559dfaefb198fd82c36f6b5c3eaf14e912018e270a4b03dfc1bce8c18339aaa771a0f87fd42205be85ee64d73b
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\mozglue.dllMD5
67360640285661eb1004c704d760f7ad
SHA148effcc57c6eebcd672d612c115ebc6e7a6170a8
SHA2560edcfa424f9da0d1894d99b99db4de8ea1b31f7717e8e14dd643f87d4d1c8eb6
SHA5122e1017d2e7fabd6c42e615915248466ebb7aa7559dfaefb198fd82c36f6b5c3eaf14e912018e270a4b03dfc1bce8c18339aaa771a0f87fd42205be85ee64d73b
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\msvcp120.dllMD5
fd5cabbe52272bd76007b68186ebaf00
SHA1efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA25687c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA5121563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\msvcp120.dllMD5
fd5cabbe52272bd76007b68186ebaf00
SHA1efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA25687c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA5121563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\msvcr120.dllMD5
034ccadc1c073e4216e9466b720f9849
SHA1f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
SHA25686e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
SHA5125f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\msvcr120.dllMD5
034ccadc1c073e4216e9466b720f9849
SHA1f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
SHA25686e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
SHA5125f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\nss3.dllMD5
165fa7cd4a06c3b14eb24ffce036f69b
SHA12db9c1412cb60034f7f576ab5924e118e245883c
SHA2564c965ab79d4c7131f87d5cde7ecc8923be8d26e86f4ee3a6a15463aeb97a413a
SHA5128c8be2674562c3df88b7aaaa7340413542acaddfe89d6baec56781ce66ba2a98f3a04a2111eb9aca2110bd1f7f8966b703468c9c714035e6aabd1b5d3d197959
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\nss3.dllMD5
165fa7cd4a06c3b14eb24ffce036f69b
SHA12db9c1412cb60034f7f576ab5924e118e245883c
SHA2564c965ab79d4c7131f87d5cde7ecc8923be8d26e86f4ee3a6a15463aeb97a413a
SHA5128c8be2674562c3df88b7aaaa7340413542acaddfe89d6baec56781ce66ba2a98f3a04a2111eb9aca2110bd1f7f8966b703468c9c714035e6aabd1b5d3d197959
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\sandboxbroker.dllMD5
e15060600dd74baff625e75132beb6af
SHA1940196d0a449be1b57683da9df573aff8bcb126b
SHA256c58556ea4237f702c5893756006788cb17b5ef16b8d97bfede1c51432c35ab79
SHA5126f26287c7918a6bd61a6c8ad6e1a3ef8b3a34407774928129056c6994c547dd53f0fa58251d4f5bd4dde09accdde6a227ccc0adc9ba47adee2b304b516dc3f6a
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\sandboxbroker.dllMD5
e15060600dd74baff625e75132beb6af
SHA1940196d0a449be1b57683da9df573aff8bcb126b
SHA256c58556ea4237f702c5893756006788cb17b5ef16b8d97bfede1c51432c35ab79
SHA5126f26287c7918a6bd61a6c8ad6e1a3ef8b3a34407774928129056c6994c547dd53f0fa58251d4f5bd4dde09accdde6a227ccc0adc9ba47adee2b304b516dc3f6a
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Firefox\xul.dllMD5
f8ad5141abbb51b548d49cc6fcf8492d
SHA176fdc6b6fc4ad4df434aacb4ea77e239aa227a36
SHA256756f78a4295f0870f858fb59147cbf59947ddb4cea2ba285263b600f3bf6dd39
SHA51298e2de7c930723bb3d74ce99be2977fb5c532775b3f8f24f5b305080f5dfeb1c1438dffde3e4b5009a2c32e26eb78ec44f69d1595449f6f3b11d5e63afeade02
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Core.dllMD5
850e3d7a1dde0b423c45fa230775d3d1
SHA1a67c4f82a6b7c9601a55fc3447abe963ecca3891
SHA256dabff9f0ee61a9cd171e49e7590493c3c65d5eebdd6b63d872f8bf729e18c31a
SHA512c7df9a0933d4f7e3de4ecd00fb7004a0de78f7e1c38fa603f74da9c3b9cd47659a9141aa1f34fcf30436c01808f5e84230e53368d43bca2a41151087846157ae
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Core.dllMD5
850e3d7a1dde0b423c45fa230775d3d1
SHA1a67c4f82a6b7c9601a55fc3447abe963ecca3891
SHA256dabff9f0ee61a9cd171e49e7590493c3c65d5eebdd6b63d872f8bf729e18c31a
SHA512c7df9a0933d4f7e3de4ecd00fb7004a0de78f7e1c38fa603f74da9c3b9cd47659a9141aa1f34fcf30436c01808f5e84230e53368d43bca2a41151087846157ae
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Core.dllMD5
850e3d7a1dde0b423c45fa230775d3d1
SHA1a67c4f82a6b7c9601a55fc3447abe963ecca3891
SHA256dabff9f0ee61a9cd171e49e7590493c3c65d5eebdd6b63d872f8bf729e18c31a
SHA512c7df9a0933d4f7e3de4ecd00fb7004a0de78f7e1c38fa603f74da9c3b9cd47659a9141aa1f34fcf30436c01808f5e84230e53368d43bca2a41151087846157ae
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Core.dllMD5
850e3d7a1dde0b423c45fa230775d3d1
SHA1a67c4f82a6b7c9601a55fc3447abe963ecca3891
SHA256dabff9f0ee61a9cd171e49e7590493c3c65d5eebdd6b63d872f8bf729e18c31a
SHA512c7df9a0933d4f7e3de4ecd00fb7004a0de78f7e1c38fa603f74da9c3b9cd47659a9141aa1f34fcf30436c01808f5e84230e53368d43bca2a41151087846157ae
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Winforms.dllMD5
57ff6cf5c0f164cfdff058811230b567
SHA190e4716419465318b7756f50821d473ae9aca833
SHA2569f66e91690954d85d316e84f94b04e5cdc6491b8b6c2efbee3952e7932abe640
SHA512933f94ff0b45abfe6c004566e16580d1e4f428b7554f3f52ec6bcaaf4848d8ac5c4a72ac2870f57ab9669b6fe0a475b5210cd37391d9ed72ad7e66fc6e114576
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Winforms.dllMD5
57ff6cf5c0f164cfdff058811230b567
SHA190e4716419465318b7756f50821d473ae9aca833
SHA2569f66e91690954d85d316e84f94b04e5cdc6491b8b6c2efbee3952e7932abe640
SHA512933f94ff0b45abfe6c004566e16580d1e4f428b7554f3f52ec6bcaaf4848d8ac5c4a72ac2870f57ab9669b6fe0a475b5210cd37391d9ed72ad7e66fc6e114576
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Winforms.dllMD5
57ff6cf5c0f164cfdff058811230b567
SHA190e4716419465318b7756f50821d473ae9aca833
SHA2569f66e91690954d85d316e84f94b04e5cdc6491b8b6c2efbee3952e7932abe640
SHA512933f94ff0b45abfe6c004566e16580d1e4f428b7554f3f52ec6bcaaf4848d8ac5c4a72ac2870f57ab9669b6fe0a475b5210cd37391d9ed72ad7e66fc6e114576
-
\Users\Admin\Downloads\TrafficBot_7.60\TrafficBot7.60\TrafficBot.7.60\Geckofx-Winforms.dllMD5
57ff6cf5c0f164cfdff058811230b567
SHA190e4716419465318b7756f50821d473ae9aca833
SHA2569f66e91690954d85d316e84f94b04e5cdc6491b8b6c2efbee3952e7932abe640
SHA512933f94ff0b45abfe6c004566e16580d1e4f428b7554f3f52ec6bcaaf4848d8ac5c4a72ac2870f57ab9669b6fe0a475b5210cd37391d9ed72ad7e66fc6e114576
-
memory/416-233-0x000007FEBEB80000-0x000007FEBEB90000-memory.dmpFilesize
64KB
-
memory/416-231-0x0000000000830000-0x0000000000853000-memory.dmpFilesize
140KB
-
memory/416-234-0x0000000037B10000-0x0000000037B20000-memory.dmpFilesize
64KB
-
memory/460-238-0x0000000037B10000-0x0000000037B20000-memory.dmpFilesize
64KB
-
memory/460-236-0x000007FEBEB80000-0x000007FEBEB90000-memory.dmpFilesize
64KB
-
memory/476-242-0x0000000037B10000-0x0000000037B20000-memory.dmpFilesize
64KB
-
memory/476-241-0x000007FEBEB80000-0x000007FEBEB90000-memory.dmpFilesize
64KB
-
memory/484-245-0x000007FEBEB80000-0x000007FEBEB90000-memory.dmpFilesize
64KB
-
memory/484-246-0x0000000037B10000-0x0000000037B20000-memory.dmpFilesize
64KB
-
memory/600-248-0x000007FEBEB80000-0x000007FEBEB90000-memory.dmpFilesize
64KB
-
memory/600-250-0x0000000037B10000-0x0000000037B20000-memory.dmpFilesize
64KB
-
memory/612-148-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/680-251-0x000007FEBEB80000-0x000007FEBEB90000-memory.dmpFilesize
64KB
-
memory/860-217-0x000007FEE49D0000-0x000007FEE552D000-memory.dmpFilesize
11.4MB
-
memory/860-219-0x0000000077AD0000-0x0000000077C79000-memory.dmpFilesize
1.7MB
-
memory/860-220-0x0000000001262000-0x0000000001264000-memory.dmpFilesize
8KB
-
memory/860-222-0x0000000001264000-0x0000000001267000-memory.dmpFilesize
12KB
-
memory/860-218-0x0000000001260000-0x0000000001262000-memory.dmpFilesize
8KB
-
memory/860-221-0x00000000778B0000-0x00000000779CF000-memory.dmpFilesize
1.1MB
-
memory/1328-132-0x00000000051F0000-0x0000000005200000-memory.dmpFilesize
64KB
-
memory/1328-136-0x0000000004E22000-0x0000000004E23000-memory.dmpFilesize
4KB
-
memory/1328-128-0x0000000000BB0000-0x0000000000BB1000-memory.dmpFilesize
4KB
-
memory/1328-94-0x0000000004E20000-0x0000000004E21000-memory.dmpFilesize
4KB
-
memory/1328-138-0x0000000004E2A000-0x0000000004E2B000-memory.dmpFilesize
4KB
-
memory/1328-135-0x0000000004E28000-0x0000000004E2A000-memory.dmpFilesize
8KB
-
memory/1328-134-0x0000000004E23000-0x0000000004E24000-memory.dmpFilesize
4KB
-
memory/1328-140-0x0000000004E2F000-0x0000000004E40000-memory.dmpFilesize
68KB
-
memory/2120-228-0x0000000077AD0000-0x0000000077C79000-memory.dmpFilesize
1.7MB
-
memory/2120-230-0x00000000778B0000-0x00000000779CF000-memory.dmpFilesize
1.1MB
-
memory/2120-227-0x0000000140000000-0x0000000140040000-memory.dmpFilesize
256KB
-
memory/2152-223-0x0000000000C80000-0x00000000018CA000-memory.dmpFilesize
12.3MB
-
memory/2152-224-0x0000000000C80000-0x00000000018CA000-memory.dmpFilesize
12.3MB
-
memory/2160-210-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-213-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-212-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-211-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-208-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-209-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-204-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-207-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-205-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2160-206-0x0000000140000000-0x0000000140057000-memory.dmpFilesize
348KB
-
memory/2316-150-0x0000000000330000-0x0000000000370000-memory.dmpFilesize
256KB
-
memory/2316-144-0x0000000001170000-0x0000000001178000-memory.dmpFilesize
32KB
-
memory/2348-139-0x0000000002330000-0x00000000043C0000-memory.dmpFilesize
32.6MB
-
memory/2348-137-0x0000000002330000-0x00000000043C0000-memory.dmpFilesize
32.6MB
-
memory/2348-141-0x0000000002330000-0x00000000043C0000-memory.dmpFilesize
32.6MB
-
memory/2348-77-0x0000000000EF0000-0x0000000000F22000-memory.dmpFilesize
200KB
-
memory/2348-133-0x0000000002330000-0x00000000043C0000-memory.dmpFilesize
32.6MB
-
memory/2348-131-0x0000000002330000-0x00000000043C0000-memory.dmpFilesize
32.6MB
-
memory/2348-81-0x0000000004D90000-0x0000000004F74000-memory.dmpFilesize
1.9MB
-
memory/2348-86-0x0000000000490000-0x00000000004B8000-memory.dmpFilesize
160KB
-
memory/2348-87-0x0000000002330000-0x00000000043C0000-memory.dmpFilesize
32.6MB
-
memory/2348-129-0x00000000006D0000-0x00000000006D1000-memory.dmpFilesize
4KB
-
memory/2348-130-0x000000000F800000-0x000000000F810000-memory.dmpFilesize
64KB
-
memory/2364-149-0x000000013F250000-0x00000001403C6000-memory.dmpFilesize
17.5MB
-
memory/2408-194-0x000007FEE3690000-0x000007FEE41ED000-memory.dmpFilesize
11.4MB
-
memory/2408-195-0x000000001B730000-0x000000001BA2F000-memory.dmpFilesize
3.0MB
-
memory/2408-200-0x0000000002800000-0x0000000002802000-memory.dmpFilesize
8KB
-
memory/2408-202-0x0000000002804000-0x0000000002807000-memory.dmpFilesize
12KB
-
memory/2408-201-0x0000000002802000-0x0000000002804000-memory.dmpFilesize
8KB
-
memory/2408-203-0x000000000280B000-0x000000000282A000-memory.dmpFilesize
124KB
-
memory/2420-168-0x00000000008D0000-0x0000000000AC7000-memory.dmpFilesize
2.0MB
-
memory/2420-184-0x000000001B917000-0x000000001B918000-memory.dmpFilesize
4KB
-
memory/2420-172-0x000000001B914000-0x000000001B916000-memory.dmpFilesize
8KB
-
memory/2420-182-0x000000001B916000-0x000000001B917000-memory.dmpFilesize
4KB
-
memory/2420-169-0x000000001B912000-0x000000001B914000-memory.dmpFilesize
8KB
-
memory/2420-166-0x000000001BB90000-0x000000001BD88000-memory.dmpFilesize
2.0MB
-
memory/2548-54-0x0000000076C61000-0x0000000076C63000-memory.dmpFilesize
8KB
-
memory/2568-161-0x0000000000150000-0x0000000000151000-memory.dmpFilesize
4KB
-
memory/2588-147-0x0000000000A40000-0x0000000000A48000-memory.dmpFilesize
32KB
-
memory/2596-167-0x000000001BF30000-0x000000001C196000-memory.dmpFilesize
2.4MB
-
memory/2596-186-0x000000001BC46000-0x000000001BC47000-memory.dmpFilesize
4KB
-
memory/2596-183-0x000000001BC42000-0x000000001BC44000-memory.dmpFilesize
8KB
-
memory/2596-171-0x0000000000870000-0x0000000000AD7000-memory.dmpFilesize
2.4MB
-
memory/2596-185-0x000000001BC44000-0x000000001BC46000-memory.dmpFilesize
8KB
-
memory/2596-187-0x000000001BC47000-0x000000001BC48000-memory.dmpFilesize
4KB
-
memory/2636-155-0x00000000023A4000-0x00000000023A7000-memory.dmpFilesize
12KB
-
memory/2636-159-0x00000000023AB000-0x00000000023CA000-memory.dmpFilesize
124KB
-
memory/2636-153-0x00000000023A0000-0x00000000023A2000-memory.dmpFilesize
8KB
-
memory/2636-156-0x000000001B740000-0x000000001BA3F000-memory.dmpFilesize
3.0MB
-
memory/2636-152-0x000007FEE5170000-0x000007FEE5CCD000-memory.dmpFilesize
11.4MB
-
memory/2636-154-0x00000000023A2000-0x00000000023A4000-memory.dmpFilesize
8KB
-
memory/2640-164-0x000000013F4D0000-0x000000013F4D6000-memory.dmpFilesize
24KB
-
memory/2756-61-0x000007FEFC321000-0x000007FEFC323000-memory.dmpFilesize
8KB
-
memory/2840-189-0x000000000260B000-0x000000000262A000-memory.dmpFilesize
124KB
-
memory/2840-176-0x0000000002602000-0x0000000002604000-memory.dmpFilesize
8KB
-
memory/2840-175-0x0000000002600000-0x0000000002602000-memory.dmpFilesize
8KB
-
memory/2840-181-0x0000000002604000-0x0000000002607000-memory.dmpFilesize
12KB
-
memory/2840-174-0x000007FEE4030000-0x000007FEE4B8D000-memory.dmpFilesize
11.4MB
-
memory/2840-188-0x000000001B6F0000-0x000000001B9EF000-memory.dmpFilesize
3.0MB
-
memory/2920-177-0x000007FEE4030000-0x000007FEE4B8D000-memory.dmpFilesize
11.4MB
-
memory/2920-190-0x000000000226B000-0x000000000228A000-memory.dmpFilesize
124KB
-
memory/2920-180-0x0000000002264000-0x0000000002267000-memory.dmpFilesize
12KB
-
memory/2920-178-0x0000000002260000-0x0000000002262000-memory.dmpFilesize
8KB
-
memory/2920-179-0x0000000002262000-0x0000000002264000-memory.dmpFilesize
8KB
-
memory/2976-193-0x000007FEE3690000-0x000007FEE41ED000-memory.dmpFilesize
11.4MB
-
memory/2976-198-0x0000000002994000-0x0000000002997000-memory.dmpFilesize
12KB
-
memory/2976-199-0x000000000299B000-0x00000000029BA000-memory.dmpFilesize
124KB
-
memory/2976-196-0x0000000002990000-0x0000000002992000-memory.dmpFilesize
8KB
-
memory/2976-197-0x0000000002992000-0x0000000002994000-memory.dmpFilesize
8KB