Malware Analysis Report

2025-08-05 14:42

Sample ID 250703-f55ybstydv
Target i686.elf
SHA256 09e563ee72e2242d9f2e67d402ffe5b1f480134dd34fe8fd05930a90c1fc11ab
Tags
antivm defense_evasion discovery execution persistence privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

09e563ee72e2242d9f2e67d402ffe5b1f480134dd34fe8fd05930a90c1fc11ab

Threat Level: Shows suspicious behavior

The file i686.elf was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm defense_evasion discovery execution persistence privilege_escalation

Renames itself

Checks hardware identifiers (DMI)

Creates/modifies Cron job

Reads hardware information

Enumerates running processes

Reads MAC address of network interface

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:30

Platform

ubuntu2204-amd64-20250619-en

Max time kernel

149s

Max time network

144s

Command Line

[crontab -l]

Signatures

Renames itself

Description Indicator Process Target
N/A N/A N/A N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /root/.sys/configuration N/A
File opened for reading /sys/class/dmi/id/board_vendor /root/.sys/configuration N/A

Creates/modifies Cron job

execution persistence privilege_escalation
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.sHn8ys /usr/bin/crontab N/A

Enumerates running processes

Reads MAC address of network interface

defense_evasion discovery
Description Indicator Process Target
File opened for reading /sys/class/net/ens3/address /root/.sys/configuration N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /root/.sys/configuration N/A
File opened for reading /sys/class/dmi/id/board_name /root/.sys/configuration N/A
File opened for reading /sys/class/dmi/id/product_uuid /root/.sys/configuration N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /root/.sys/configuration N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /root/.sys/configuration N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/class/net /root/.sys/configuration N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/887/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1303/cmdline /root/.sys/configuration N/A
File opened for reading /proc/6/cmdline /root/.sys/configuration N/A
File opened for reading /proc/194/cmdline /root/.sys/configuration N/A
File opened for reading /proc/497/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1052/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1181/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1283/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1364/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1484/cmdline /root/.sys/configuration N/A
File opened for reading /proc/20/cmdline /root/.sys/configuration N/A
File opened for reading /proc/99/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1162/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1174/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1218/cmdline /root/.sys/configuration N/A
File opened for reading /proc/23/cmdline /root/.sys/configuration N/A
File opened for reading /proc/78/cmdline /root/.sys/configuration N/A
File opened for reading /proc/85/cmdline /root/.sys/configuration N/A
File opened for reading /proc/165/cmdline /root/.sys/configuration N/A
File opened for reading /proc/787/cmdline /root/.sys/configuration N/A
File opened for reading /proc/905/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1307/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1312/cmdline /root/.sys/configuration N/A
File opened for reading /proc/89/cmdline /root/.sys/configuration N/A
File opened for reading /proc/27/cmdline /root/.sys/configuration N/A
File opened for reading /proc/11/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1023/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1088/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1133/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1553/cmdline /root/.sys/configuration N/A
File opened for reading /proc/189/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1058/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1158/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1375/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1551/cmdline /root/.sys/configuration N/A
File opened for reading /proc/14/cmdline /root/.sys/configuration N/A
File opened for reading /proc/73/cmdline /root/.sys/configuration N/A
File opened for reading /proc/95/cmdline /root/.sys/configuration N/A
File opened for reading /proc/101/cmdline /root/.sys/configuration N/A
File opened for reading /proc/188/cmdline /root/.sys/configuration N/A
File opened for reading /proc/588/cmdline /root/.sys/configuration N/A
File opened for reading /proc/593/cmdline /root/.sys/configuration N/A
File opened for reading /proc/604/cmdline /root/.sys/configuration N/A
File opened for reading /proc/74/cmdline /root/.sys/configuration N/A
File opened for reading /proc/186/cmdline /root/.sys/configuration N/A
File opened for reading /proc/522/cmdline /root/.sys/configuration N/A
File opened for reading /proc/773/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1073/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1166/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1195/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1245/cmdline /root/.sys/configuration N/A
File opened for reading /proc/92/cmdline /root/.sys/configuration N/A
File opened for reading /proc/93/cmdline /root/.sys/configuration N/A
File opened for reading /proc/162/cmdline /root/.sys/configuration N/A
File opened for reading /proc/637/cmdline /root/.sys/configuration N/A
File opened for reading /proc/734/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1233/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1317/cmdline /root/.sys/configuration N/A
File opened for reading /proc/15/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1142/cmdline /root/.sys/configuration N/A
File opened for reading /proc/1192/cmdline /root/.sys/configuration N/A
File opened for reading /proc/10/cmdline /root/.sys/configuration N/A
File opened for reading /proc/83/cmdline /root/.sys/configuration N/A
File opened for reading /proc/175/cmdline /root/.sys/configuration N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/root1086f3d /root/.sys/configuration N/A

Processes

/usr/bin/crontab

[crontab -l]

/usr/bin/crontab

[crontab -]

/usr/bin/crontab

[crontab -l]

/root/.sys/configuration

[/tmp/i686.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 time.cloudflare.com udp
US 8.8.8.8:53 bttracker.debian.org udp
US 8.8.8.8:53 router.bittorrent.com udp
SE 130.239.18.158:6881 bttracker.debian.org udp
US 67.215.246.10:6881 router.bittorrent.com udp
FI 135.181.238.57:50000 udp
SE 130.239.18.158:8524 bttracker.debian.org udp
SE 130.239.18.158:8515 bttracker.debian.org udp
NL 178.162.174.43:28004 udp
NL 178.162.174.149:28001 udp
US 172.111.38.128:26084 udp
PL 46.170.109.226:43233 udp
HK 223.122.231.15:15000 udp
NL 81.171.22.85:28016 udp
RU 94.190.121.108:6881 udp
NL 178.162.174.222:28014 udp
NL 178.162.174.228:28004 udp
FR 51.159.104.76:7186 udp
NL 185.183.35.248:6882 udp
FR 62.210.209.241:59642 udp
SE 130.239.18.158:8597 bttracker.debian.org udp
GB 134.209.183.166:6881 udp
FR 178.33.233.79:8999 udp
NL 45.152.210.124:50171 udp
RU 83.172.0.42:60229 udp
NL 5.79.66.11:54337 udp
FI 65.21.129.56:50000 udp
FI 37.27.117.180:50000 udp
FI 37.27.117.113:50000 udp
FI 65.21.129.47:50000 udp
DE 23.158.56.119:10096 udp
FI 37.27.103.253:50000 udp
NL 46.232.210.80:13259 udp
FI 37.27.117.251:50000 udp
FI 65.21.128.216:50000 udp
FI 135.181.227.243:50000 udp
US 100.11.208.248:18631 udp
FI 65.21.128.240:50000 udp
FI 37.27.103.248:50000 udp
FI 65.21.125.186:50000 udp
NL 95.211.81.107:51413 udp
SE 130.239.18.158:8824 bttracker.debian.org udp
FI 65.21.128.214:50000 udp
NL 178.162.174.178:28001 udp
FI 65.21.129.49:50000 udp
US 128.61.217.58:24364 udp
AU 203.123.97.233:17113 udp
CN 49.65.171.12:6537 udp
US 142.202.48.88:10099 udp
US 3.141.159.213:6880 udp
NL 178.162.174.74:28000 udp
US 3.12.65.135:6880 udp
NL 178.162.173.105:28003 udp
US 148.153.170.2:6880 udp
NL 178.162.174.43:28007 udp
RU 94.140.135.117:15674 udp
CN 116.232.182.218:15000 udp
NL 178.162.174.5:28005 udp
RU 109.248.217.202:6881 udp
CA 24.67.108.30:1024 udp
JP 153.193.192.152:60000 udp
NL 45.87.251.11:28127 udp
DE 95.91.226.170:2427 udp
US 73.208.41.226:6881 udp
NL 188.90.169.20:51413 udp
NL 217.121.231.94:59625 udp
SE 130.239.18.158:8508 bttracker.debian.org udp
SE 130.239.18.158:8644 bttracker.debian.org udp
NL 81.171.25.195:64962 udp
SE 130.239.18.158:8521 bttracker.debian.org udp
RU 109.195.163.100:39437 udp
RU 178.70.169.29:6981 udp
AT 63.247.211.162:6881 udp
DE 195.201.179.130:16309 udp
SE 130.239.18.158:8500 bttracker.debian.org udp
CL 101.44.9.31:6880 udp
SE 130.239.18.158:8580 bttracker.debian.org udp
FR 195.154.233.74:6880 udp
SE 130.239.18.158:8516 bttracker.debian.org udp
NL 178.162.173.91:28003 udp
SE 130.239.18.158:8620 bttracker.debian.org udp
SE 130.239.18.158:8513 bttracker.debian.org udp
KR 183.97.84.214:65339 udp
RU 77.39.28.162:59595 udp
RU 185.34.240.192:14172 udp
NL 45.132.114.236:51413 udp
US 54.211.14.111:20871 udp
FR 88.126.118.102:10852 udp
NL 185.149.91.171:51010 udp
GB 86.23.151.204:6881 udp
BR 168.227.166.187:38567 udp
US 69.50.95.40:12097 udp
NL 169.150.223.221:64125 udp
US 142.202.48.88:14008 udp
ES 87.221.100.231:3737 udp
UA 146.120.161.48:25542 udp
RU 79.139.129.30:2395 udp
US 54.211.14.111:6882 udp
NL 193.32.16.134:50171 udp
LV 185.145.245.151:8661 udp
FR 5.39.81.144:56611 udp
NL 45.87.251.132:28183 udp
US 34.207.160.46:20872 udp
US 154.202.133.222:6880 udp
US 54.85.131.184:6880 udp
US 69.50.95.40:10000 udp
RU 188.93.215.82:10992 udp
US 216.128.97.44:6881 udp
FR 93.28.77.229:2624 udp
DE 89.168.69.159:51413 udp
NL 178.162.173.111:28008 udp
RU 95.27.65.254:1588 udp
FI 135.181.238.125:50000 udp
NL 185.107.71.105:27633 udp
FR 5.135.163.217:51413 udp
FR 5.135.155.133:51413 udp
NL 37.48.89.181:48531 udp
NL 178.162.173.163:28006 udp
NL 178.162.174.226:28005 udp
NL 178.162.174.222:28011 udp
NL 45.91.208.243:51936 udp
NL 178.162.173.141:28000 udp
NL 185.107.71.103:44737 udp
NL 178.162.174.77:28014 udp
NL 178.162.174.228:28007 udp
US 45.203.211.8:6880 udp
PH 120.28.214.81:6881 udp
RU 94.180.162.117:20303 udp
CN 203.195.192.49:19560 udp
CL 119.8.148.47:6880 udp
RU 95.181.111.162:26607 udp
RU 188.187.99.27:6881 udp
US 69.50.95.40:12040 udp
NL 188.91.14.180:56158 udp
CA 173.34.201.92:15000 udp
TW 114.34.138.206:51417 udp
AL 79.106.231.163:1434 udp
FI 135.181.227.244:50000 udp
RU 109.195.250.179:39602 udp
FI 37.27.103.181:50000 udp
RU 46.181.82.116:62242 udp
CA 185.196.61.129:6880 udp
AU 159.196.172.33:3167 udp
GB 81.97.170.44:17151 udp
US 34.207.160.46:20873 udp
NL 46.232.210.102:64251 udp
NL 46.232.210.30:13409 udp
FI 37.27.107.126:50000 udp
US 52.15.209.223:6880 udp
KZ 95.58.29.30:62262 udp
NL 51.15.11.208:4786 udp
NL 31.184.113.207:18973 udp
NL 178.162.174.232:28007 udp
SG 43.133.45.199:50028 udp
AU 120.148.20.77:50484 udp
SE 188.150.183.85:6881 udp
NL 95.211.136.213:57087 udp
KR 119.199.44.17:41149 udp
IN 223.184.233.123:56856 udp
KR 222.106.254.52:51413 udp
KR 118.44.255.135:40980 udp
RU 212.193.178.83:51413 udp
CA 108.173.167.132:32339 udp
GB 94.15.15.175:61058 udp
AR 186.153.18.248:6881 udp
RU 178.140.204.15:41963 udp
KR 222.118.227.122:40781 udp
CA 24.122.31.102:26755 udp
BR 170.83.251.168:47746 udp
RU 178.69.32.218:39204 udp
CA 24.207.73.29:27502 udp
FR 188.165.244.171:52138 udp
KZ 2.134.107.246:35598 udp
RU 93.123.214.100:6881 udp
US 23.242.19.174:6881 udp
KR 211.237.36.9:40861 udp
US 98.116.130.67:6881 udp
NL 178.162.174.99:28003 udp
KR 106.243.227.212:33251 udp
KR 118.32.106.27:7587 udp
KR 218.49.131.228:32792 udp
NL 5.79.93.242:61920 udp
NL 185.203.56.44:24841 udp
RU 109.94.86.48:53952 udp
NL 5.79.98.171:6882 udp
KR 14.34.91.83:33052 udp
FI 37.27.113.233:49834 udp
GB 86.158.246.213:51352 udp
HK 219.77.3.229:6881 udp
RU 185.60.46.195:51413 udp
CN 120.235.84.105:12560 udp
FR 195.154.182.247:31860 tcp
RU 80.71.168.252:1797 udp
GB 154.61.186.63:6881 udp
RU 194.39.99.146:24954 udp
CH 31.10.155.217:44031 udp
RU 31.186.74.161:58844 udp
MY 121.123.92.5:6881 udp
CN 124.92.218.170:15000 udp
RU 80.244.46.34:49001 udp
RU 46.17.251.139:5827 udp
US 142.202.48.88:14096 udp
JP 60.103.156.39:11630 udp
RU 31.210.199.204:6881 udp
ES 79.116.251.200:45694 udp
KR 175.208.71.36:33024 udp
IL 93.172.234.143:51413 udp
GB 89.22.197.53:6881 udp
JP 153.192.162.160:6889 udp
KR 218.156.22.144:46287 udp
US 108.12.214.239:14627 udp
CN 112.23.122.241:16269 udp
SG 188.214.125.180:59692 udp
NL 178.162.174.34:28004 udp
TH 49.228.242.228:6881 udp
RU 95.24.18.201:24421 udp
MX 187.243.211.217:13333 udp
NL 37.48.95.50:6920 udp
CN 180.173.60.255:51413 udp
NL 185.149.91.15:20024 udp
KR 59.7.247.226:7823 udp
IE 84.203.100.48:5740 udp
RU 195.98.79.139:43493 udp
SE 130.239.18.158:8547 bttracker.debian.org udp
BR 187.43.184.73:1882 udp
JP 14.133.49.120:9311 udp
FR 90.125.23.240:14080 udp
MA 197.147.223.4:48462 udp
IL 79.178.110.137:40346 udp
US 47.227.248.255:6881 udp
SE 92.244.201.223:6881 udp
DE 91.59.251.27:51413 udp
PT 95.136.8.201:16817 udp
NO 80.203.21.225:29764 udp
US 72.21.17.3:21515 udp
NL 77.165.72.60:33780 udp
BR 189.28.187.56:21268 udp
SI 93.103.59.63:6881 udp
BR 187.36.169.112:20165 udp
SG 58.182.223.228:9091 udp
BR 45.183.241.11:53785 udp
DE 91.21.100.114:39655 udp
RU 91.105.180.32:55583 udp
CN 114.80.9.123:6887 udp
CN 114.80.9.123:6886 udp
CN 27.207.133.175:51413 udp
KR 118.47.239.164:41043 udp
GR 79.130.166.254:54426 udp
IN 223.184.243.101:30909 udp
DE 91.47.100.126:6889 udp
CN 114.92.111.167:51212 udp
HU 84.21.182.152:6881 udp
GB 90.195.112.79:42112 udp
BR 186.226.55.10:55261 udp
US 13.58.27.33:6881 udp
FR 5.39.85.155:52228 udp
HU 145.236.138.251:8999 udp
CA 65.94.68.113:31387 udp
BR 45.183.119.117:6881 udp
BB 65.48.167.8:21797 udp
PE 190.232.205.193:38639 udp
CN 39.163.221.65:62865 udp
IE 54.194.135.233:6992 udp
RU 95.153.180.32:59238 udp
US 76.191.111.51:64022 udp
ID 103.184.51.101:20496 udp
AU 58.107.132.14:24567 udp
CN 27.26.140.44:13824 udp
RU 82.194.247.10:4094 udp
RU 178.129.136.27:6881 udp
DE 209.38.196.30:6811 tcp
NL 159.65.200.220:6816 tcp
UA 46.33.251.139:31312 udp
RU 78.139.120.191:1450 udp
PT 2.80.5.49:46198 udp
TW 111.250.71.208:9078 udp
AU 60.241.19.155:65035 udp
CA 54.39.107.165:16481 udp
US 35.167.186.212:6881 udp
IE 54.194.124.68:6881 udp
BG 83.97.64.97:1148 udp
US 54.214.62.55:6881 udp
DE 43.240.149.123:32681 udp
GB 194.29.101.83:10240 udp
SG 167.99.72.189:6881 udp
CN 121.27.84.81:30406 udp
AR 45.228.190.186:58194 udp
DE 213.244.63.41:6287 udp
RU 185.141.77.190:16116 udp
IN 110.226.183.10:8809 udp
CZ 46.13.217.101:6881 udp
NL 45.155.90.140:8080 udp
FR 162.19.102.3:8080 udp
BG 213.91.213.12:34602 udp
GB 86.16.124.206:6881 udp
TH 223.205.196.225:60554 udp
RU 46.0.3.20:49062 udp
CN 223.149.193.51:4512 udp
RU 46.175.35.238:1359 udp
US 172.56.34.124:38342 udp
TR 88.236.188.189:36361 tcp
NL 159.65.200.220:6814 tcp
NL 159.65.200.220:6811 tcp
LY 102.164.103.159:32512 udp
RS 94.189.212.155:6881 udp
IN 152.59.146.53:44956 udp
IE 54.194.135.233:6892 udp
FR 88.173.210.111:21041 udp
PH 120.28.249.45:6262 udp
AU 124.149.138.41:23252 udp
FR 88.120.48.133:36361 tcp
US 35.163.251.58:6881 udp
US 43.130.56.223:6000 udp
CA 54.39.52.183:18985 udp
US 142.171.125.191:6881 udp
DE 209.38.196.30:6818 tcp
IQ 37.238.53.7:36361 tcp
SI 46.122.67.75:23376 udp
PL 54.36.168.18:46075 udp
NL 159.65.200.220:6813 tcp
BE 81.83.66.151:27773 udp
AT 84.112.211.46:6881 udp
GB 45.133.172.70:50030 udp
PT 149.90.59.54:46565 udp
NL 212.102.35.82:56365 udp
PT 81.193.174.186:45632 udp
NL 185.21.216.153:59404 udp
PT 188.83.153.222:28867 udp
PT 95.92.205.119:24242 udp
US 45.203.206.54:6880 udp
US 47.201.123.125:58017 udp
US 104.195.12.42:6881 udp
NL 37.48.89.198:42087 udp
JP 219.66.208.222:20896 udp
LU 104.244.73.2:51413 udp
MX 201.137.48.56:16073 udp
RU 77.91.111.196:24876 udp
KZ 2.134.111.209:2508 udp
NL 178.162.173.40:28014 udp
CA 99.252.138.226:6881 udp
FR 213.174.124.46:19632 udp
BR 187.108.124.135:53961 udp
LT 78.63.100.13:24803 udp
HK 42.3.12.72:8249 udp
IT 31.171.138.74:6881 udp
FR 37.187.17.173:51413 udp
NZ 203.173.213.234:6881 udp
ES 79.116.182.159:6881 udp
RU 145.255.3.53:26527 udp
CH 176.10.100.20:25610 udp
RU 46.8.6.38:1796 udp
IT 78.134.101.95:53978 udp
TW 118.232.118.101:23225 udp
FR 195.154.172.179:25240 udp
RU 88.135.61.92:32842 udp
BR 201.87.238.42:36361 tcp
CZ 86.49.250.22:36361 tcp
RU 31.200.249.130:31860 tcp
AR 138.36.96.47:52671 udp
HK 43.198.17.172:20965 udp
US 72.46.50.187:25078 udp
FR 188.165.231.103:6881 udp
RU 188.19.52.153:2561 udp
RU 91.245.38.23:1215 udp
KR 115.94.122.77:40974 udp
HK 42.200.151.91:6881 udp
KR 49.166.209.67:51413 udp
KR 220.121.244.198:62771 udp
CN 117.143.142.149:13831 udp
RU 178.66.144.186:49001 udp
LV 83.99.148.109:27495 udp
IN 103.59.75.105:22341 udp
RU 146.66.179.204:6881 udp
JO 86.108.16.181:44162 udp
FR 178.32.206.156:29649 udp
US 98.54.158.67:6881 udp
FI 95.217.228.148:50000 udp
US 172.111.38.128:26044 udp
US 69.50.95.40:10096 udp
BS 108.60.249.45:12926 udp
BR 186.216.49.112:24631 udp
NL 5.79.83.114:28000 udp
CN 125.83.55.23:3774 udp
TR 88.236.100.210:36361 tcp
RU 80.251.239.188:1161 udp
RU 89.222.217.235:16624 udp

Files

/var/spool/cron/crontabs/tmp.sHn8ys

MD5 759a652ed7e7a97a0f00299c595b3d72
SHA1 91c3f7e58a12b98f839aad238a68bc23860eac23
SHA256 d215568de167b4417ddd3d68c65cc53e4d834afe175e35926b2ca8be376a72da
SHA512 af28c7930bfe2f0fb2798b70d9f9b507ca53eafc2f1e58b4ec397915a78158f6f5494a9e90998a1fbd7a5d91c12599b92f2fb49068097fc91d8ce583260090cd

memory/1570-1-0x0000000008048000-0x0000000008152570-memory.dmp