Malware Analysis Report

2025-08-05 14:40

Sample ID 250703-f4g5watyby
Target mipsel.elf
SHA256 f686accbe32136fab610609332b5b463049be4a85e1eb145311c9b3c137d253e
Tags
antivm defense_evasion discovery execution persistence privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f686accbe32136fab610609332b5b463049be4a85e1eb145311c9b3c137d253e

Threat Level: Shows suspicious behavior

The file mipsel.elf was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm defense_evasion discovery execution persistence privilege_escalation

Renames itself

Checks hardware identifiers (DMI)

Enumerates running processes

Reads MAC address of network interface

Creates/modifies Cron job

Reads hardware information

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

System Network Configuration Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:25

Reported

2025-07-03 05:28

Platform

debian9-mipsel-20250619-en

Max time kernel

149s

Max time network

151s

Command Line

[/tmp/mipsel.elf]

Signatures

Renames itself

Description Indicator Process Target
N/A N/A /tmp/mipsel.elf N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /root/.sys/configuration N/A
File opened for reading /sys/class/dmi/id/board_vendor /root/.sys/configuration N/A

Creates/modifies Cron job

execution persistence privilege_escalation
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.BvD2nx /usr/bin/crontab N/A

Enumerates running processes

Reads MAC address of network interface

defense_evasion discovery
Description Indicator Process Target
File opened for reading /sys/class/net/enp0s19/address /root/.sys/configuration N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/class/dmi/id/product_uuid /root/.sys/configuration N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /root/.sys/configuration N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /root/.sys/configuration N/A
File opened for reading /sys/class/dmi/id/board_name /root/.sys/configuration N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /root/.sys/configuration N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /root/.sys/configuration N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/class/net /root/.sys/configuration N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/20/cmdline /root/.sys/configuration N/A
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/2/cmdline /root/.sys/configuration N/A
File opened for reading /proc/9/cmdline /root/.sys/configuration N/A
File opened for reading /proc/10/cmdline /root/.sys/configuration N/A
File opened for reading /proc/17/cmdline /root/.sys/configuration N/A
File opened for reading /proc/359/cmdline /root/.sys/configuration N/A
File opened for reading /proc/384/cmdline /root/.sys/configuration N/A
File opened for reading /proc/12/cmdline /root/.sys/configuration N/A
File opened for reading /proc/681/cmdline /root/.sys/configuration N/A
File opened for reading /proc/705/cmdline /root/.sys/configuration N/A
File opened for reading /proc/82/cmdline /root/.sys/configuration N/A
File opened for reading /proc/161/cmdline /root/.sys/configuration N/A
File opened for reading /proc/mounts /root/.sys/configuration N/A
File opened for reading /proc/69/cmdline /root/.sys/configuration N/A
File opened for reading /proc/70/cmdline /root/.sys/configuration N/A
File opened for reading /proc/73/cmdline /root/.sys/configuration N/A
File opened for reading /proc/110/cmdline /root/.sys/configuration N/A
File opened for reading /proc/157/cmdline /root/.sys/configuration N/A
File opened for reading /proc/6/cmdline /root/.sys/configuration N/A
File opened for reading /proc/22/cmdline /root/.sys/configuration N/A
File opened for reading /proc/24/cmdline /root/.sys/configuration N/A
File opened for reading /proc/71/cmdline /root/.sys/configuration N/A
File opened for reading /proc/675/cmdline /root/.sys/configuration N/A
File opened for reading /proc/680/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1/cmdline /root/.sys/configuration N/A
File opened for reading /proc/14/cmdline /root/.sys/configuration N/A
File opened for reading /proc/76/cmdline /root/.sys/configuration N/A
File opened for reading /proc/708/cmdline /root/.sys/configuration N/A
File opened for reading /proc/710/cmdline /root/.sys/configuration N/A
File opened for reading /proc/device-tree/model /root/.sys/configuration N/A
File opened for reading /proc/36/cmdline /root/.sys/configuration N/A
File opened for reading /proc/72/cmdline /root/.sys/configuration N/A
File opened for reading /proc/360/cmdline /root/.sys/configuration N/A
File opened for reading /proc/364/cmdline /root/.sys/configuration N/A
File opened for reading /proc/7/cmdline /root/.sys/configuration N/A
File opened for reading /proc/37/cmdline /root/.sys/configuration N/A
File opened for reading /proc/709/cmdline /root/.sys/configuration N/A
File opened for reading /proc/251/cmdline /root/.sys/configuration N/A
File opened for reading /proc/23/cmdline /root/.sys/configuration N/A
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/4/cmdline /root/.sys/configuration N/A
File opened for reading /proc/8/cmdline /root/.sys/configuration N/A
File opened for reading /proc/79/cmdline /root/.sys/configuration N/A
File opened for reading /proc/81/cmdline /root/.sys/configuration N/A
File opened for reading /proc/127/cmdline /root/.sys/configuration N/A
File opened for reading /proc/5/cmdline /root/.sys/configuration N/A
File opened for reading /proc/18/cmdline /root/.sys/configuration N/A
File opened for reading /proc/19/cmdline /root/.sys/configuration N/A
File opened for reading /proc/664/cmdline /root/.sys/configuration N/A
File opened for reading /proc/731/cmdline /root/.sys/configuration N/A
File opened for reading /proc/15/cmdline /root/.sys/configuration N/A
File opened for reading /proc/77/cmdline /root/.sys/configuration N/A
File opened for reading /proc/68/cmdline /root/.sys/configuration N/A
File opened for reading /proc/126/cmdline /root/.sys/configuration N/A
File opened for reading /proc/337/cmdline /root/.sys/configuration N/A
File opened for reading /proc/383/cmdline /root/.sys/configuration N/A
File opened for reading /proc/387/cmdline /root/.sys/configuration N/A
File opened for reading /proc/723/cmdline /root/.sys/configuration N/A
File opened for reading /proc/13/cmdline /root/.sys/configuration N/A
File opened for reading /proc/16/cmdline /root/.sys/configuration N/A
File opened for reading /proc/178/cmdline /root/.sys/configuration N/A
File opened for reading /proc/235/cmdline /root/.sys/configuration N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/mipsel.elf N/A
N/A N/A /root/.sys/configuration N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/root1086f3d /root/.sys/configuration N/A

Processes

/tmp/mipsel.elf

[/tmp/mipsel.elf]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c (crontab -l ; echo "@reboot /root/.sys/configuration")| crontab -]

/usr/bin/crontab

[crontab -l]

/usr/bin/crontab

[crontab -]

/root/.sys/configuration

[/tmp/mipsel.elf]

Network

Country Destination Domain Proto
AU 1.1.1.1:53 time.cloudflare.com udp
AU 1.1.1.1:53 bttracker.debian.org udp
AU 1.1.1.1:53 router.bittorrent.com udp
SE 130.239.18.158:6881 bttracker.debian.org udp
US 67.215.246.10:6881 router.bittorrent.com udp
FI 135.181.238.57:50000 udp
FI 65.21.128.232:50000 udp
NL 178.162.174.43:28004 udp
NL 178.162.174.149:28001 udp
SE 130.239.18.158:8524 bttracker.debian.org udp
FI 65.21.129.60:50000 udp
NL 178.162.174.228:28004 udp
FI 65.21.129.55:50000 udp
SE 130.239.18.158:8515 bttracker.debian.org udp
FI 37.27.117.246:50000 udp
FR 51.159.104.76:7186 udp
US 54.211.14.111:20871 udp
FR 62.210.209.241:59642 udp
SE 130.239.18.158:8597 bttracker.debian.org udp
FR 178.33.233.79:8999 udp
FR 88.160.95.5:34785 udp
NL 46.232.211.148:11209 udp
RU 83.172.0.42:60229 udp
FI 135.181.227.243:50000 udp
US 100.11.208.248:18631 udp
FI 65.21.128.240:50000 udp
FI 37.27.103.248:50000 udp
FI 65.21.125.186:50000 udp
NL 95.211.81.107:51413 udp
NL 5.79.66.11:54337 udp
FI 65.21.128.214:50000 udp
NL 178.162.174.178:28001 udp
FI 65.21.129.49:50000 udp
US 128.61.217.58:24364 udp
AU 203.123.97.233:17113 udp
CN 49.65.171.12:6537 udp
US 142.202.48.88:10099 udp
US 3.141.159.213:6880 udp
SE 46.59.108.221:33272 udp
US 3.12.65.135:6880 udp
NL 178.162.173.105:28003 udp
US 148.153.170.2:6880 udp
GB 81.102.24.145:21967 udp
RU 109.229.232.55:6881 udp
FR 176.31.120.24:51413 udp
RU 84.22.138.237:6881 udp
RU 176.77.51.198:51413 udp
NL 45.132.114.236:51413 udp
US 71.34.173.137:9010 udp
NL 178.162.174.43:28007 udp
RU 94.140.135.117:15674 udp
CN 116.232.182.218:15000 udp
NL 178.162.174.5:28005 udp
RU 109.248.217.202:6881 udp
JP 153.193.192.152:60000 udp
RU 109.195.163.100:39437 udp
SE 130.239.18.158:8824 bttracker.debian.org udp
RU 178.70.169.29:6981 udp
AT 63.247.211.162:6881 udp
DE 195.201.179.130:16309 udp
SE 130.239.18.158:8500 bttracker.debian.org udp
CL 101.44.9.31:6880 udp
SE 130.239.18.158:8580 bttracker.debian.org udp
FR 195.154.233.74:6880 udp
SE 130.239.18.158:8516 bttracker.debian.org udp
NL 178.162.174.74:28000 udp
NL 178.162.173.91:28003 udp
SE 130.239.18.158:8620 bttracker.debian.org udp
SE 130.239.18.158:8513 bttracker.debian.org udp
KR 183.97.84.214:65339 udp
RU 77.39.28.162:59595 udp
RU 185.34.240.192:14172 udp
NL 185.183.35.248:6882 udp
FR 88.126.118.102:10852 udp
CA 24.67.108.30:1024 udp
NL 185.149.91.171:51010 udp
GB 81.153.103.174:6881 udp
RU 176.57.72.125:62514 udp
CA 107.159.28.214:6881 udp
FR 193.32.126.149:42944 udp
US 69.50.95.40:10080 udp
JP 14.11.128.160:9142 udp
NL 37.48.95.194:41493 udp
GB 86.23.151.204:6881 udp
BR 168.227.166.187:38567 udp
US 69.50.95.40:12097 udp
US 142.202.48.88:14008 udp
ES 87.221.100.231:3737 udp
UA 146.120.161.48:25542 udp
RU 79.139.129.30:2395 udp
FR 138.199.27.226:51413 udp
US 54.211.14.111:6882 udp
US 174.161.237.148:6881 udp
DK 93.165.252.80:11887 udp
FR 37.187.20.193:51413 udp
NL 178.162.174.227:28004 udp
NL 81.171.20.66:64010 udp
NL 178.162.173.172:28009 udp
RU 95.27.65.254:1588 udp
FI 135.181.238.125:50000 udp
NL 185.107.71.105:27633 udp
FR 5.135.163.217:51413 udp
FR 5.135.155.133:51413 udp
NL 178.162.173.163:28006 udp
NL 178.162.174.226:28005 udp
US 69.50.95.40:10000 udp
RU 188.93.215.82:10992 udp
US 216.128.97.44:6881 udp
FR 93.28.77.229:2624 udp
DE 89.168.69.159:51413 udp
NL 178.162.173.111:28008 udp
NL 178.162.174.77:28014 udp
NL 178.162.174.222:28011 udp
NL 45.91.208.243:51936 udp
NL 37.48.89.181:48531 udp
NL 178.162.173.141:28000 udp
NL 185.107.71.103:44737 udp
NL 178.162.174.228:28007 udp
FI 37.27.104.47:50000 udp
FI 65.21.129.62:50000 udp
FI 37.27.117.62:50000 udp
FI 37.27.120.51:50000 udp
TW 58.115.91.43:11581 udp
FI 37.27.117.53:50000 udp
CN 59.34.57.200:6881 udp
CY 93.109.30.242:6881 udp
BR 45.186.37.166:10609 udp
FI 37.27.117.182:50000 udp
FI 65.21.128.209:50000 udp
NL 178.162.174.173:28016 udp
IR 178.213.24.71:6881 udp
AL 79.106.231.163:1434 udp
FI 135.181.227.244:50000 udp
NL 178.162.174.222:28014 udp
IT 195.43.182.105:6881 udp
FI 65.21.128.216:50000 udp
US 45.203.211.8:6880 udp
FI 37.27.103.181:50000 udp
NL 46.232.211.117:11209 udp
DE 213.239.211.209:51413 udp
NL 185.203.56.69:10268 udp
SE 46.59.93.54:55445 udp
CN 39.188.131.12:6488 udp
CA 192.95.24.28:51413 udp
US 100.36.106.91:49001 udp
NL 81.171.6.43:28009 udp
DE 57.129.45.79:8654 udp
CA 173.34.201.92:15000 udp
US 68.82.216.40:8621 udp
US 76.92.20.112:6881 udp
IE 51.186.46.120:38303 udp
TW 210.66.204.39:25934 udp
US 52.15.209.223:6880 udp
GB 51.6.238.169:8621 udp
JP 111.104.215.113:6881 udp
US 68.38.185.231:29447 udp
DE 176.199.252.36:65079 udp
AU 144.6.252.122:57687 udp
SE 194.71.193.239:49001 udp
IS 157.97.4.103:6889 udp
US 129.146.27.208:61661 udp
RU 217.117.248.129:6881 udp
JP 138.199.39.24:52693 udp
NL 178.162.173.216:28011 udp
NL 185.21.216.147:60258 udp
TR 78.166.97.156:41087 udp
AU 1.123.48.81:24770 udp
NL 178.162.174.162:28011 udp
BR 201.182.161.193:12857 udp
KR 175.211.176.210:40846 udp
HK 143.89.199.68:6881 udp
KR 220.90.38.115:40909 udp
UA 146.19.159.143:23035 udp
JP 60.104.139.146:51413 udp
JP 114.190.10.251:6889 udp
IT 88.41.55.133:8621 udp
CA 96.21.46.22:6889 udp
NZ 222.154.155.197:53805 udp
KR 222.100.58.95:6881 udp
CA 198.245.61.26:61221 udp
JP 153.192.104.153:51413 udp
NL 80.115.120.20:55552 udp
AU 122.150.241.41:1477 udp
NL 46.232.210.80:64118 udp
KR 175.213.130.196:7739 udp
RU 93.123.214.100:6881 udp
MO 60.246.157.137:11276 udp
FR 88.183.157.81:3589 udp
NL 178.162.174.99:28003 udp
NL 185.203.56.36:26206 udp
ES 92.58.42.102:51413 udp
US 147.253.241.251:6882 udp
US 129.101.59.28:65006 udp
IN 144.24.119.225:44525 udp
NL 178.162.174.223:28006 udp
HK 161.81.220.240:6881 udp
NP 27.34.72.162:20777 udp
CZ 90.176.81.95:6889 udp
NL 185.149.91.15:51516 udp
FR 88.181.71.243:55040 udp
NL 178.162.173.49:28013 udp
KR 114.129.231.113:40799 udp
NL 5.255.101.158:51413 udp
RU 79.136.159.148:41174 udp
PH 136.158.46.85:50587 udp
PE 38.250.154.255:60306 udp
AU 120.148.150.146:6882 udp
CH 212.102.37.58:27218 udp
BY 46.53.253.26:49701 udp
SE 82.96.51.239:6881 udp
CN 223.109.90.116:6892 udp
HK 118.140.210.86:52130 udp
HU 176.63.12.59:35491 udp
UA 94.244.59.101:33717 udp
NL 5.79.77.53:61114 udp
PE 38.25.18.10:38833 udp
EC 102.177.166.75:6881 udp
ES 185.183.106.3:1211 udp
RU 94.180.181.96:6881 udp
RU 94.181.254.195:39729 udp
IL 212.199.160.156:6881 udp
MT 46.11.31.89:42657 udp
US 208.87.240.21:11162 udp
FI 65.108.143.34:31029 udp
AT 178.189.213.19:6881 udp
RU 5.79.198.231:6881 udp
CN 222.208.4.117:58888 udp
US 45.33.39.224:6881 udp
EE 82.131.43.24:6881 udp
ID 182.3.104.193:53981 udp
CA 108.172.158.203:62076 udp
AE 94.202.152.28:48731 udp
ID 36.85.110.22:29080 udp
PK 182.186.152.28:41963 udp
CN 223.166.244.116:51413 udp
RU 31.200.249.146:31822 tcp
PH 120.29.90.87:5462 udp
CN 117.65.152.254:33164 udp
TW 114.34.175.132:6881 udp
IN 152.59.34.217:49503 udp
CZ 78.80.34.215:63580 udp
AU 180.150.36.0:29940 udp
RU 159.253.172.189:3949 udp
JO 94.249.81.211:33198 udp
KR 175.208.71.36:33024 udp
RU 79.105.116.32:2272 udp
ZA 105.213.10.223:50054 udp
US 97.113.149.72:64318 udp
HU 84.21.182.152:6881 udp
PE 38.25.10.132:1343 udp
KR 218.156.22.144:46287 udp
ES 46.6.44.91:1796 udp
FR 5.39.85.155:52228 udp
HU 145.236.138.251:8999 udp
CA 65.94.68.113:31387 udp
BR 45.183.119.117:6881 udp
FR 94.103.121.193:15271 udp
CN 113.232.201.38:15000 udp
GD 192.214.127.87:28554 udp
NL 78.142.231.133:6767 udp
CA 66.70.178.54:38686 udp
US 35.163.251.58:6881 udp
CN 27.26.140.44:13824 udp
GB 89.22.197.53:6881 udp
CN 180.173.60.255:51413 udp
CO 181.236.10.251:1152 udp
RU 93.92.202.251:6881 udp
BS 24.244.177.221:8579 udp
NL 159.65.200.220:6816 tcp
MA 197.147.223.4:48462 udp
BR 186.226.55.10:55261 udp
SE 87.251.203.105:6881 udp
AZ 212.47.151.4:2465 udp
RU 185.169.103.44:12631 udp
AU 58.107.132.14:24567 udp
IN 110.226.183.10:8809 udp
NL 159.65.200.220:6814 tcp
US 54.214.62.31:6881 udp
GR 79.130.166.254:54426 udp
IN 223.184.243.101:30909 udp
DE 91.47.100.126:6889 udp
CN 114.92.111.167:51212 udp
US 54.214.62.55:6881 udp
FR 5.135.138.137:6881 udp
DE 43.240.149.123:32681 udp
GB 194.29.101.83:10240 udp
CN 121.27.84.81:30406 udp
AR 45.228.190.186:58194 udp
RU 176.49.217.162:6881 udp
DE 213.244.63.41:6287 udp
CZ 46.13.217.101:6881 udp
CN 223.149.193.51:4512 udp
RU 95.153.180.32:59238 udp
ID 103.184.51.101:20496 udp
CN 14.104.200.234:6881 tcp
PL 46.227.240.79:2347 udp
DE 209.38.196.30:6811 tcp
CA 54.39.107.165:16481 udp
US 35.167.186.212:6881 udp
IE 54.194.124.68:6881 udp
BG 83.97.64.97:1148 udp
GB 90.195.112.79:42112 udp
CN 171.213.190.192:3094 udp
SI 46.122.67.75:56994 udp
PE 38.25.17.211:48788 udp
BR 191.218.146.158:6881 tcp
PL 54.36.168.18:46075 udp
NL 159.65.200.220:6811 tcp
DE 209.38.196.30:6818 tcp
UA 46.211.232.193:2269 udp
US 34.57.159.4:6881 udp
DE 34.107.106.144:6881 udp
ID 110.138.91.197:27304 udp
US 18.191.2.28:6881 udp
JP 13.114.205.93:6992 udp
CN 106.14.195.230:11160 udp
SG 167.99.72.189:6881 udp
US 52.9.197.152:6881 udp
US 43.130.56.223:6000 udp
GY 190.80.34.215:47294 udp
FR 176.31.183.98:41109 udp
US 18.221.7.72:6881 udp
EG 41.68.98.201:6881 tcp
IE 54.194.124.68:6882 udp
US 13.58.27.33:6881 udp
CA 54.39.52.183:18985 udp
NL 159.65.200.220:6813 tcp
US 142.171.125.191:6881 udp
RU 185.141.77.190:16116 udp
IN 103.59.75.105:22341 udp
EG 105.196.62.186:49383 udp
CN 117.183.230.17:6176 udp
RU 46.146.33.211:24993 udp
NL 46.232.211.157:41204 udp
HK 43.198.17.172:20965 udp
CH 176.10.100.20:25610 udp
DE 23.158.56.119:10037 udp
US 172.111.38.128:26067 udp
NL 45.152.209.84:49643 udp
NL 83.149.84.236:45178 udp
NL 178.162.174.211:28006 udp
US 23.234.86.75:6881 tcp
FR 86.237.84.120:6881 tcp
NL 178.162.174.163:28001 udp
KR 220.118.70.96:6881 udp
NL 178.162.173.57:28007 udp
NL 37.48.118.87:28002 udp
CN 36.7.114.8:58794 udp
NL 46.232.210.176:64216 udp
NL 37.48.89.198:42087 udp
NL 178.162.174.168:28009 udp
NL 178.162.174.110:28015 udp
NL 178.162.173.40:28014 udp
NL 95.211.155.89:54521 udp
KR 106.244.71.126:32583 udp
KZ 2.134.111.209:2508 udp
PT 37.189.143.52:50321 udp
GB 82.36.216.88:6881 udp
JP 14.8.2.34:64147 udp
UA 62.122.70.218:22921 udp
TW 125.227.206.176:10450 udp
RU 62.148.157.83:13549 udp
IL 62.56.149.79:4375 udp
RU 178.68.249.247:34496 udp
RU 94.29.6.200:1392 udp
NL 5.79.93.242:61920 udp
KR 121.135.27.44:7574 udp
CL 176.52.132.96:6880 udp
JP 113.153.192.104:14996 udp
US 72.21.17.44:64605 udp
CN 115.230.233.144:34053 udp
RU 109.233.168.146:37035 udp
BR 200.15.17.33:24389 udp
US 34.200.68.90:19272 udp
IT 93.47.44.49:17408 udp
JP 210.149.154.151:6880 udp
RU 85.172.100.233:12032 udp
NL 83.149.84.32:28029 udp

Files

/var/spool/cron/crontabs/tmp.BvD2nx

MD5 966c021897fcf49d3fb44a7ca850c2e0
SHA1 28095d46a647dec4740c0381d15c2095ceea3bb4
SHA256 0772c433455268054bbd5fcaa67eee22f1edc84839ebf0a507a1a8f2411bfc52
SHA512 0aec57e2a4d618147e2417048c9031c542c2566530fe07d95572bdb25135080c30483ba486cb7b6ee5bd81a9852e89aaad1d2deb37a1b3fd8e65d0e4ebf52af0

memory/728-1-0x00400000-0x0050a78c-memory.dmp