Malware Analysis Report

2024-10-18 21:10

Sample ID 240407-jqb89agg76
Target 6ec74da2134bd56250ca32be04b9b697
SHA256 1ab1a15e1e4a19c7d77a01f00de5d401bc7ab0ffaa33c332788aadeeedddc386
Tags
bitrat persistence trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1ab1a15e1e4a19c7d77a01f00de5d401bc7ab0ffaa33c332788aadeeedddc386

Threat Level: Known bad

The file 6ec74da2134bd56250ca32be04b9b697 was found to be: Known bad.

Malicious Activity Summary

bitrat persistence trojan upx

Bitrat family

BitRAT

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 07:52

Signatures

Bitrat family

bitrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 07:51

Reported

2024-04-07 07:59

Platform

win7-20240221-en

Max time kernel

297s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\java_update = "C:\\Users\\Admin\\AppData\\Local\\Java_update\\java_update.exe" C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 360 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe C:\Users\Admin\AppData\Local\Temp\ttttt.exe
PID 360 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe C:\Users\Admin\AppData\Local\Temp\ttttt.exe
PID 360 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe C:\Users\Admin\AppData\Local\Temp\ttttt.exe
PID 360 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe C:\Users\Admin\AppData\Local\Temp\ttttt.exe
PID 1684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\ttttt.exe C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe

"C:\Users\Admin\AppData\Local\Temp\6ec74da2134bd56250ca32be04b9b697.exe"

C:\Users\Admin\AppData\Local\Temp\ttttt.exe

"C:\Users\Admin\AppData\Local\Temp\ttttt.exe"

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

"C:\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe" -f torrc

Network

Country Destination Domain Proto
SE 85.230.178.139:443 tcp
FR 178.33.183.251:443 tcp
N/A 127.0.0.1:49245 tcp
N/A 127.0.0.1:45808 tcp
FR 51.254.136.195:443 tcp
NL 45.66.33.45:443 tcp
AT 37.252.187.111:443 tcp
N/A 127.0.0.1:45808 tcp
DK 85.235.250.88:443 tcp
DE 131.188.40.189:443 tcp
FI 95.216.33.30:443 tcp
US 51.81.93.39:443 tcp
FI 95.216.33.30:443 tcp
DE 88.216.223.2:443 tcp
N/A 127.0.0.1:49334 tcp
N/A 127.0.0.1:49371 tcp
FI 95.216.33.30:443 tcp
DE 88.216.223.2:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
DE 81.7.13.84:443 tcp
DE 88.216.223.2:443 tcp
FI 95.216.33.30:443 tcp
N/A 127.0.0.1:49478 tcp
N/A 127.0.0.1:49511 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:49580 tcp
N/A 127.0.0.1:49612 tcp
RO 185.225.17.3:443 tcp
DE 88.216.223.2:443 tcp
FI 95.216.33.30:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
CZ 46.28.110.244:443 tcp
N/A 127.0.0.1:49663 tcp
N/A 127.0.0.1:49692 tcp
DE 88.216.223.2:443 tcp
FI 95.216.33.30:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:49762 tcp
N/A 127.0.0.1:49793 tcp
FR 51.254.136.195:443 tcp
FI 95.216.33.30:443 tcp
DE 88.216.223.2:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:49850 tcp
FR 163.172.149.155:443 tcp
DE 88.216.223.2:443 tcp
N/A 127.0.0.1:49884 tcp
FI 95.216.33.30:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:49934 tcp
N/A 127.0.0.1:49968 tcp
FR 163.172.157.213:443 tcp
FI 95.216.33.30:443 tcp
DE 88.216.223.2:443 tcp
N/A 127.0.0.1:45808 tcp

Files

memory/360-0-0x0000000001150000-0x000000000192C000-memory.dmp

memory/360-1-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

memory/360-2-0x0000000000AF0000-0x0000000000B70000-memory.dmp

memory/360-3-0x0000000000330000-0x0000000000338000-memory.dmp

memory/360-4-0x0000000000AF0000-0x0000000000B70000-memory.dmp

memory/360-6-0x0000000000AF0000-0x0000000000B70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ttttt.exe

MD5 fb3275ed37c90f2157066dcb2a8e46cb
SHA1 9eca563f4a66414d05ae700bcd57dfbb06644a19
SHA256 b9a5fed33c62e470f337ee1da21e4b1abab7a4b5107aabb01e432d8b32eab9ab
SHA512 408661a5c3b10a46bac7d5f4f0cf20baa4f97da31d1c9e7b994710f5e00de9afd343d3e74f60337058b06530aaca95c66af7698b0da34e9592a49f67933c8671

memory/360-13-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

\Users\Admin\AppData\Local\a0d62031\tor\adobe.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2648-34-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/1684-33-0x0000000004000000-0x0000000004404000-memory.dmp

memory/1684-32-0x0000000004000000-0x0000000004404000-memory.dmp

C:\Users\Admin\AppData\Local\a0d62031\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2648-40-0x00000000749D0000-0x0000000074A19000-memory.dmp

memory/2648-38-0x0000000074470000-0x000000007473F000-memory.dmp

\Users\Admin\AppData\Local\a0d62031\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\a0d62031\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\a0d62031\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\a0d62031\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\a0d62031\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\a0d62031\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\a0d62031\tor\torrc

MD5 aed5236dc2f3c2c8244913bc771a0980
SHA1 24bf716687ea54e3f44f405da94acce3046aba2a
SHA256 69b07fcdeb4c47ad20869ac27c2b39dfe4afcba2e972500d24a5670904226f12
SHA512 ef367214b48860bd704eb52d35881f75cd18fe177be6d49c407e77b6b44dee46f717f578236a14f4028164beaaf616777aaef58b593b8f980a66c5241076c053

memory/2648-53-0x0000000074A70000-0x0000000074A94000-memory.dmp

memory/2648-55-0x0000000074290000-0x000000007439A000-memory.dmp

memory/2648-52-0x00000000741C0000-0x000000007428E000-memory.dmp

memory/2648-51-0x0000000074940000-0x00000000749C8000-memory.dmp

memory/2648-50-0x00000000743A0000-0x0000000074468000-memory.dmp

memory/2648-59-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/2648-60-0x0000000074470000-0x000000007473F000-memory.dmp

memory/2648-65-0x00000000741C0000-0x000000007428E000-memory.dmp

memory/2648-62-0x00000000743A0000-0x0000000074468000-memory.dmp

memory/2648-61-0x00000000749D0000-0x0000000074A19000-memory.dmp

memory/1684-68-0x0000000004000000-0x0000000004404000-memory.dmp

memory/2648-69-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/1684-67-0x0000000004000000-0x0000000004404000-memory.dmp

memory/2648-70-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/2648-78-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/2648-86-0x0000000000860000-0x0000000000C64000-memory.dmp

C:\Users\Admin\AppData\Local\a0d62031\tor\data\cached-microdesc-consensus.tmp

MD5 8d6b76e1f974e946202f398d5a313b17
SHA1 948108131d7d40b2fa9ee4cc8b051ec32ce1f2da
SHA256 04124c9bcba1f78c18845e32713911d0fc9b6c9dbf45522a4c704122da46eb34
SHA512 419adb7b37fb392821264fb9ee293e652308459172ed81d1bc7786597826d99fd77331da0229b28d20b835618fad17e3e8bb0bc8fc2860184aea35df24d5b3b7

memory/2648-110-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/2920-128-0x0000000074470000-0x000000007473F000-memory.dmp

memory/2920-130-0x00000000749D0000-0x0000000074A19000-memory.dmp

memory/2920-135-0x0000000074290000-0x000000007439A000-memory.dmp

memory/2920-138-0x0000000074940000-0x00000000749C8000-memory.dmp

memory/2920-139-0x0000000074470000-0x000000007473F000-memory.dmp

memory/2920-144-0x0000000074290000-0x000000007439A000-memory.dmp

memory/2920-143-0x0000000074A70000-0x0000000074A94000-memory.dmp

memory/2920-142-0x00000000743A0000-0x0000000074468000-memory.dmp

memory/2920-141-0x00000000749D0000-0x0000000074A19000-memory.dmp

memory/2920-140-0x00000000741C0000-0x000000007428E000-memory.dmp

memory/2920-136-0x0000000000860000-0x0000000000C64000-memory.dmp

memory/2920-132-0x00000000743A0000-0x0000000074468000-memory.dmp

memory/1684-118-0x0000000004AC0000-0x0000000004EC4000-memory.dmp

memory/792-165-0x0000000001130000-0x0000000001534000-memory.dmp

memory/792-176-0x0000000074670000-0x0000000074738000-memory.dmp

memory/792-181-0x0000000074040000-0x000000007410E000-memory.dmp

memory/792-180-0x00000000741A0000-0x000000007446F000-memory.dmp

memory/792-179-0x00000000749F0000-0x0000000074A14000-memory.dmp

memory/792-178-0x00000000744D0000-0x0000000074558000-memory.dmp

memory/792-177-0x0000000074560000-0x000000007466A000-memory.dmp

C:\Users\Admin\AppData\Local\a0d62031\tor\data\cached-microdescs.new

MD5 0eb76a4304f5a8bcdd2ebcbe0a1e5cad
SHA1 04124be2aaea462788294873309b4234118ec9fe
SHA256 296acf16ef85e986a1b9b0b7118950eed91abd4bee265d9632438e6b70348b06
SHA512 f0f9598429f48857bc0699b1e54b2e94a12752ccb8abbf0de38f21f809e4f269e957eb5c1c4242621d8ed47e8b54fde4daca7c92b86817fea54cddb66e18cf04

C:\Users\Admin\AppData\Local\a0d62031\tor\data\cached-certs

MD5 728c4eaf6f451285555f3ed749175d51
SHA1 628c488f2ea00fbac28b1a92758789e6226d3288
SHA256 24eb04f5a5ebe7457c93aa6aeb9511e4609f7dc95d786e8fcf565dc7b0801ef3
SHA512 045ec45da0e23b196203f0870c96c83e8a8a8b1a4fb4420fcc20b3539af80e8f692a11e3d3d722b1c5201fd18d68d5b90b15e30e3db21225bef6dd460c6675d3

C:\Users\Admin\AppData\Local\a0d62031\tor\data\state

MD5 31dd061211c0a981bb07727ad8776bc8
SHA1 b8aa095c8c82dbe669bf9e0423100cbaa444394a
SHA256 0da1567c6b148290a4ebade3e41f1c34454ced8d619163975dee7f4ff4985bd1
SHA512 d382ff25850b66c9af1b59226d48836d0ed3927d8c39542535a2b7fc52d7ed68f5394d8878513b01f18104e27566202db4e67e19215fe213666ae2a9662f9097

memory/792-166-0x0000000074980000-0x00000000749C9000-memory.dmp

memory/1684-162-0x0000000004AC0000-0x0000000004EC4000-memory.dmp

C:\Users\Admin\AppData\Local\a0d62031\tor\data\cached-microdescs.new

MD5 32759a46242c2541558ee88aff5c6e41
SHA1 c711716a0bf1117d4d969ad4768d3010fa41ef0f
SHA256 59efe5f5ed6f560fd9760708c21799e7456e58df0d5907255b26677445ae10c8
SHA512 a5e30c0d00150090b0c284ccc339bdebd0a1ae936fd5518ce754e369fdefb033f844d3c23ed1cb1950bf5175fb15127c479b0fc10125e7c550ff57e6798e99d0

memory/792-196-0x0000000001130000-0x0000000001534000-memory.dmp

memory/792-204-0x0000000001130000-0x0000000001534000-memory.dmp

memory/1684-212-0x0000000004AC0000-0x0000000004EC4000-memory.dmp

memory/792-213-0x0000000001130000-0x0000000001534000-memory.dmp

memory/1684-214-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/1684-215-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/1256-260-0x0000000001130000-0x0000000001534000-memory.dmp

memory/1256-262-0x0000000074980000-0x00000000749C9000-memory.dmp

memory/1256-267-0x0000000074560000-0x000000007466A000-memory.dmp

memory/1256-270-0x00000000744D0000-0x0000000074558000-memory.dmp

memory/1256-273-0x0000000074040000-0x000000007410E000-memory.dmp

memory/1256-275-0x00000000749F0000-0x0000000074A14000-memory.dmp

memory/1256-264-0x0000000074670000-0x0000000074738000-memory.dmp

memory/1256-278-0x00000000741A0000-0x000000007446F000-memory.dmp

memory/1684-251-0x0000000005840000-0x0000000005C44000-memory.dmp

memory/1256-283-0x0000000074980000-0x00000000749C9000-memory.dmp

memory/1256-300-0x0000000074560000-0x000000007466A000-memory.dmp

memory/2944-305-0x0000000074670000-0x0000000074738000-memory.dmp

memory/2944-307-0x00000000744D0000-0x0000000074558000-memory.dmp

memory/2944-309-0x00000000749F0000-0x0000000074A14000-memory.dmp

memory/2944-308-0x0000000074040000-0x000000007410E000-memory.dmp

memory/2944-306-0x0000000074560000-0x000000007466A000-memory.dmp

memory/2944-304-0x0000000074980000-0x00000000749C9000-memory.dmp

memory/2944-299-0x00000000741A0000-0x000000007446F000-memory.dmp

memory/1256-298-0x0000000074670000-0x0000000074738000-memory.dmp

memory/2944-297-0x0000000001130000-0x0000000001534000-memory.dmp

memory/1256-282-0x0000000001130000-0x0000000001534000-memory.dmp

memory/1684-321-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/1684-320-0x00000000003B0000-0x00000000003BA000-memory.dmp