ec868c3afd5037cb16e9735a2cdb0a87928f91704cb330b8a9e8a1a2c48d02b9

Analysis

max time kernel
214s
max time network
289s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23-10-2023 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trueconf_client_x64.exe
Size

165.6MB
MD5

d03ef1d566dcac5f9e2d49f4ed84e53a
SHA1

cfac2dd529b0bb1b3876d7a704980a2bcd755c54
SHA256

ec868c3afd5037cb16e9735a2cdb0a87928f91704cb330b8a9e8a1a2c48d02b9
SHA512

e61a742615632cfb19b2fa57520ffeb54462cecc0eb88f2fea1090fc7e3b26dad04c1575a0645aa85c071fdb15cbf7b4e16dbca4516a22448cb1f71ec71db074
SSDEEP

3145728:W6U4S+4K0osmMZIXg08WLDcaNvmy6/KveF+r+xDCSs7kl2EnKglmkA2pgHzOo:WySw01BIQCmyW7R4LEnKJIgHzOo

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 4 IoCs

evasion

Windows Service

T1543.003

pid	Process
1096	netsh.exe
2216	netsh.exe
1400	netsh.exe
908	netsh.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Windows\CurrentVersion\Run\TrueConf = "C:\\Program Files\\TrueConf\\Client\\TrueConf.exe --min"	trueconf_client_x64.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\TrueConf\Client\resources\is-RLFBN.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\msvcp140_codecvt_ids.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-7SVH1.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-UJ0HM.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Fusion\is-8A7MV.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\Qt\labs\platform\qtlabsplatformplugin.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\is-MLADK.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-7G4OO.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-4I3EC.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\model\is-EEUQ4.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\imageformats\is-P6GB9.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\private\is-F2E6J.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-U8MTA.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-UTEO3.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-G76BL.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\is-9P5DN.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\Qt5QuickTemplates2.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQml\Models.2\is-FMV7A.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\fonts\is-UM3R4.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-4QUB7.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\private\is-1ITK2.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-FUG4R.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-9PLFI.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Material\is-7HU1B.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Extras\is-LU4ER.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Extras\Private\is-BKMHP.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\Qt\labs\platform\is-8A11S.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\is-JVUTU.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Fusion\is-L7KEH.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-O16IG.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-PHGOS.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-MB1BK.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Material\is-JQB7O.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\qml\is-903ST.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\openvino_ir_frontend.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-OS93D.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtWebEngine\is-0VUT9.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-9OOOH.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-CJU05.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Fusion\is-VHKH1.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\qml\is-LA50P.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Window.2\is-TP0IO.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\unins000.dat	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\iconengines\qsvgicon.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-11TAO.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-9J7A9.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-PA80K.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-SBAPB.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtWebEngine\Controls1Delegates\is-0KO2C.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\imageformats\qgif.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-B0FAD.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\is-ECQGB.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-TPNRS.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Window.2\is-FT1KQ.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Imagine\is-OARG4.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\is-C6CVU.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-14EJ8.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-9NS29.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-STHJO.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-7N1NJ.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-UJ4SJ.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-037KN.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Material\is-FABI7.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-6LN3F.tmp	trueconf_client_x64.tmp

Executes dropped EXE 2 IoCs

pid	Process
1612	trueconf_client_x64.tmp
1412	TrueConf.exe

Loads dropped DLL 64 IoCs

pid	Process
2208	trueconf_client_x64.exe
1612	trueconf_client_x64.tmp
1612	trueconf_client_x64.tmp
1612	trueconf_client_x64.tmp
1232	Process not Found
1232	Process not Found
1612	trueconf_client_x64.tmp
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with WMI 1 IoCs

evasion

pid	Process
2068	WMIC.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides\DefaultIcon\ = "C:\\Program Files\\TrueConf\\Client\\mainicon.ico"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell\open	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" trueconf %1"	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" visicall %1"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\DefaultIcon	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides\DefaultIcon	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\URL Protocol	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\shell\open\command	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\shell	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides\ = "TrueConf.Slideshow.1"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell\open	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\shell\open\command	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\DefaultIcon	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\shell\open	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" visicall %1"	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\shell\open	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" trueconf %1"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell\open\command	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\DefaultIcon	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell\open\command	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\DefaultIcon	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\shell	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall\URL Protocol	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\URL Protocol	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\visicall	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\trueconf\URL Protocol	trueconf_client_x64.tmp

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1412	TrueConf.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1612	trueconf_client_x64.tmp
1612	trueconf_client_x64.tmp
1412	TrueConf.exe
1412	TrueConf.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1612	trueconf_client_x64.tmp
1412	TrueConf.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2068	WMIC.exe
Token: SeSecurityPrivilege	2068	WMIC.exe
Token: SeTakeOwnershipPrivilege	2068	WMIC.exe
Token: SeLoadDriverPrivilege	2068	WMIC.exe
Token: SeSystemProfilePrivilege	2068	WMIC.exe
Token: SeSystemtimePrivilege	2068	WMIC.exe
Token: SeProfSingleProcessPrivilege	2068	WMIC.exe
Token: SeIncBasePriorityPrivilege	2068	WMIC.exe
Token: SeCreatePagefilePrivilege	2068	WMIC.exe
Token: SeBackupPrivilege	2068	WMIC.exe
Token: SeRestorePrivilege	2068	WMIC.exe
Token: SeShutdownPrivilege	2068	WMIC.exe
Token: SeDebugPrivilege	2068	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2068	WMIC.exe
Token: SeRemoteShutdownPrivilege	2068	WMIC.exe
Token: SeUndockPrivilege	2068	WMIC.exe
Token: SeManageVolumePrivilege	2068	WMIC.exe
Token: 33	2068	WMIC.exe
Token: 34	2068	WMIC.exe
Token: 35	2068	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2068	WMIC.exe
Token: SeSecurityPrivilege	2068	WMIC.exe
Token: SeTakeOwnershipPrivilege	2068	WMIC.exe
Token: SeLoadDriverPrivilege	2068	WMIC.exe
Token: SeSystemProfilePrivilege	2068	WMIC.exe
Token: SeSystemtimePrivilege	2068	WMIC.exe
Token: SeProfSingleProcessPrivilege	2068	WMIC.exe
Token: SeIncBasePriorityPrivilege	2068	WMIC.exe
Token: SeCreatePagefilePrivilege	2068	WMIC.exe
Token: SeBackupPrivilege	2068	WMIC.exe
Token: SeRestorePrivilege	2068	WMIC.exe
Token: SeShutdownPrivilege	2068	WMIC.exe
Token: SeDebugPrivilege	2068	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2068	WMIC.exe
Token: SeRemoteShutdownPrivilege	2068	WMIC.exe
Token: SeUndockPrivilege	2068	WMIC.exe
Token: SeManageVolumePrivilege	2068	WMIC.exe
Token: 33	2068	WMIC.exe
Token: 34	2068	WMIC.exe
Token: 35	2068	WMIC.exe
Token: 33	1900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1900	AUDIODG.EXE
Token: 33	1900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1900	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
1612	trueconf_client_x64.tmp
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe
1412	TrueConf.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 2208 wrote to memory of 1612	2208	trueconf_client_x64.exe	28
PID 1612 wrote to memory of 2068	1612	trueconf_client_x64.tmp	31
PID 1612 wrote to memory of 2068	1612	trueconf_client_x64.tmp	31
PID 1612 wrote to memory of 2068	1612	trueconf_client_x64.tmp	31
PID 1612 wrote to memory of 2068	1612	trueconf_client_x64.tmp	31
PID 1612 wrote to memory of 908	1612	trueconf_client_x64.tmp	35
PID 1612 wrote to memory of 908	1612	trueconf_client_x64.tmp	35
PID 1612 wrote to memory of 908	1612	trueconf_client_x64.tmp	35
PID 1612 wrote to memory of 908	1612	trueconf_client_x64.tmp	35
PID 1612 wrote to memory of 1096	1612	trueconf_client_x64.tmp	37
PID 1612 wrote to memory of 1096	1612	trueconf_client_x64.tmp	37
PID 1612 wrote to memory of 1096	1612	trueconf_client_x64.tmp	37
PID 1612 wrote to memory of 1096	1612	trueconf_client_x64.tmp	37
PID 1612 wrote to memory of 2216	1612	trueconf_client_x64.tmp	39
PID 1612 wrote to memory of 2216	1612	trueconf_client_x64.tmp	39
PID 1612 wrote to memory of 2216	1612	trueconf_client_x64.tmp	39
PID 1612 wrote to memory of 2216	1612	trueconf_client_x64.tmp	39
PID 1612 wrote to memory of 1400	1612	trueconf_client_x64.tmp	41
PID 1612 wrote to memory of 1400	1612	trueconf_client_x64.tmp	41
PID 1612 wrote to memory of 1400	1612	trueconf_client_x64.tmp	41
PID 1612 wrote to memory of 1400	1612	trueconf_client_x64.tmp	41
PID 1612 wrote to memory of 1412	1612	trueconf_client_x64.tmp	44
PID 1612 wrote to memory of 1412	1612	trueconf_client_x64.tmp	44
PID 1612 wrote to memory of 1412	1612	trueconf_client_x64.tmp	44
PID 1612 wrote to memory of 1412	1612	trueconf_client_x64.tmp	44

C:\Users\Admin\AppData\Local\Temp\trueconf_client_x64.exe
"C:\Users\Admin\AppData\Local\Temp\trueconf_client_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\is-R04FO.tmp\trueconf_client_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-R04FO.tmp\trueconf_client_x64.tmp" /SL5="$60112,172591767,1112064,C:\Users\Admin\AppData\Local\Temp\trueconf_client_x64.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Windows\System32\Wbem\WMIC.exe
    "WMIC" PROCESS WHERE name="Trueconf.exe" call terminate
    3⤵
    - Kills process with WMI
    - Suspicious use of AdjustPrivilegeToken
    PID:2068
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall delete rule name="TrueConf.exe" program="C:\Program Files\TrueConf\Client\TrueConf.exe"
    3⤵
    - Modifies Windows Firewall
    PID:908
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall delete rule name="ExecutorServer.exe" program="C:\Program Files\TrueConf\Client\ExecutorServer.exe"
    3⤵
    - Modifies Windows Firewall
    PID:1096
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall add rule name="TrueConf.exe" dir=in action=allow program="C:\Program Files\TrueConf\Client\TrueConf.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    PID:2216
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall add rule name="ExecutorServer.exe" dir=in action=allow program="C:\Program Files\TrueConf\Client\ExecutorServer.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    PID:1400
- - C:\Program Files\TrueConf\Client\TrueConf.exe
    "C:\Program Files\TrueConf\Client\TrueConf.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x590
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\TrueConf\Client\HidLib.dll

Filesize
86KB

MD5
acace5f52cd7d26aaeab955f89720474

SHA1
14ab6b340ba96a5cb575d54298af387777411b4a

SHA256
e2b1a657580b1e4ad72b981856d0608f3151dca27e50c6cf2671fd19901d8f31

SHA512
212b30b0633df9a884199372249729bbfdf941c1b162d2e3e6a1ad63423e5e397b0e4363913a1f441bdb9454871120100f69828a821ade44b81997213ab41838

Download Submit
C:\Program Files\TrueConf\Client\MSVCP140.dll

Filesize
552KB

MD5
cb75d6437418afe1a7b52acf75730ff1

SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56

SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

Download Submit
C:\Program Files\TrueConf\Client\Qt5Svg.dll

Filesize
336KB

MD5
9ada34c1b3c0165abee9a3194c543e35

SHA1
c7343fb2d1d13852084f5831b3c63c71ffa9cf3e

SHA256
c795950ce4a2c34a0973738376118fb2172af588430d5eb8527dd6f0d4ca3d1f

SHA512
ff13346545b9eb2bdfd77869f27a826a5214fda723eef3c8f9f8151fd6a7f57773ae185d12bbc91278ca9ce24d40dc97e703f5febdc6d8564197d7fff17a977d

Download Submit
C:\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
C:\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
C:\Program Files\TrueConf\Client\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Program Files\TrueConf\Client\VCRUNTIME140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
07f5cee2c70a02a5d35dc7b95be2b993

SHA1
1fa16b5d1453ffc4ce258e7e43663426e2672193

SHA256
d2d231f119e685f1b8ae2df2439d97ea4949f49e6074ab1f7fbafb08d093b40d

SHA512
5163ddcb372216ce6b94fc7df4c32e01c4b4453f51a7a76f7ba8168e4a17ba281b5b2c33b094716f0b0b81ac6d92beb9ce22b888328b2ec9792b0f5ddb94fc78

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
fd5eee653d9ec1fdb3b35899bf018865

SHA1
ac561fa1fe8a16d28d49ca5f5d067809b0399d3b

SHA256
0baa58160b82ce1b75539a8810f5ed012efd6543afed23439ff0d9fa96d9e09b

SHA512
37a485ee2d051a13fd7aab42eecbecb81be95c353aaf277d91aff7875e304467969954e6562a99ee2bb278d7d3451861dcfd540d12c0064d927b5ba149ae05ce

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
203d858be015a470d57ff537e2ff9747

SHA1
c0c1a7b4f5c58dcce3c4a883a198109fddf38369

SHA256
535ad2deb85aec83b8580fdcc568e81b6eb4afe7ec026aaefaddd6dea7ce56cc

SHA512
8b33b1a38e01405f559e2db389cfcb9885a75f7c497fb3778f34c677b3fdb1cae77bdad73b948e6d777bb00b679c951cdf9a37901dc918f8dcd67268ba705f57

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
07799042950861050a9b11f7ad9d11fc

SHA1
7f3bde19ddce2cb9cbe67f0bcf856a4a772cf6af

SHA256
b7a60a943b22e974f0d317ef1ad33d52aa199bbc935c1bb415eed1076814df33

SHA512
663359e4e2e5101b669e3d59e29796c5ed411449cac48770bc78932ee11209200632c58ff98740d5fb2edb17fd1093b34386b21e9d10ee1d795676c9678c3c15

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-core-synch-l1-2-0.dll

Filesize
12KB

MD5
cc10bb3949cdf7b437d6c4948fd82dc9

SHA1
d71784cddf82350f78962e438d6add4c3a4e2f6f

SHA256
2ab56801b0e0db2954d7c4d07d69257945e76f662d08247c92f2eb7b680de415

SHA512
2f7a3416baeae28775eb2a17c988ea62b793f6f86cde8d0832480c66a7745e10e4432d4ab581cea09996802d211b2b49354e081f16ff4d8905a894bed9e23609

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
6c1f2f840caa7d3910f3e61c5937ed06

SHA1
6be847543dba51659c7bf4a1d903ad2f950c76e8

SHA256
0f52f257bf6716ce783b650a19249c4c86168ade916ded0413a230ae9d0ffc43

SHA512
a17e1ea2fc6075b72e6ea388d41efc1db9609e40a20f5fbc948099db3ba1cfada98b9722a887c0af96750403c57facfa11245241de1f2bf8bb956bec566902bd

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
4b5de02b23a0066ab7d5f48258d4dbb6

SHA1
9e7040addd7531aeccce6b31641f96c3da87c262

SHA256
02188802e540df2920019ebceaae649e7976a951d218a64ddd52c5838f823548

SHA512
c843d994ecc41228dd2896a2e7618cee9fb89fc891576e8af570ab29aa2861e55a896dbe1903a4d65a0c7a51d11d81b1bc9aace45c6d7e2c360143cfaee6eb48

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-environment-l1-1-0.dll

Filesize
12KB

MD5
0782920b496c762da1449dacddb0ce43

SHA1
6de4abe4793667458b354f22179d6ea2f50c39de

SHA256
6616d6622f555c0897aa98eb751bdbaa288821e117f4e702b85b009ac059d1f9

SHA512
3d8222ab8f7019b17b11c7c9eae21e4330eae18046aab785fc2df17bb3ec9e4b9e281e6fc3fccb3219d4f139bcc5e21f311c1e2ba328a2ad8c3eb9b02b1dfd60

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
a7177f6a2f7fe36df042597ea0579ae8

SHA1
57a2fb80c1532044655e6d49bc99ce85c75928b5

SHA256
93a1fcdf62e51ddf0647162973be6f682546f404f6513e526ea4b24548de0c00

SHA512
d0d1464f739f3bcd8e3ee0180d6d3f6ba1811044bf07c9f1d19f982ef3547149d494df181f708fd682d89063d67aa27872a8e334126849c9c700153c5e5ef333

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
3dfdc3223d428276a4c68b93bbf74cdb

SHA1
95a628dc9a8c989b41cf5b17acae230160c07eac

SHA256
48774f77048d37529729f34f60832e393eda9c2442583735a3029ed761568a7d

SHA512
3354a5f6e481c6d62484e237bd11bc330fd967074a172aa87017afdbade27bb66752b290515daefd210cf8b4d052a08a5a9b042628ff610defb63383a6b918cf

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-locale-l1-1-0.dll

Filesize
12KB

MD5
ae5384b0aab6074fc81719552224be9b

SHA1
68bc6a402f819b2bccaa37e1a42e4b54ddd49793

SHA256
9dd6c1b8a82f57e9ad29642eec2394ed31def555d6e77d376367bcbb1121bdb7

SHA512
a71cf0e1a0aaf9ce6757f2359d7429eecffacb81276814bced68a0bcfdd73a4fb0be8a3f54049a4390a3cfc3971c6df53de672f29b6705f8bae693047757e49e

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
fc1f76b59a82d23ed683cbf1cab056ca

SHA1
f786c0b61a01db32b68dba43e215f1251d8fe36d

SHA256
3c960a34692bdd3e149b8be8218a6723288a1e0282eb9e02c9b4a5f0af4cfc47

SHA512
4f0ff8388692aa0835b01dac6cb2ffbbeca2b00bd39956d25c1e6e7ae548abfacb606f248062d54cc389b0c99728f7753fe6f29097b445393c1314e135a35845

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
d2c9a35ecba1c116d1e023bbe4856970

SHA1
26a24e8da50cd5d561d4bdc1a68461051c7a133a

SHA256
4755f4f781e066c4fbe9009fa5a38ef4e2f0d9c1b9042c09149c17ad5c75bcb7

SHA512
b6e283688272dc471d0845e9f0f82fb45092069b2661edfd6207206a6775880789f7efc579e8142388f9702f0ce97e4b113842b299fbce5765e202de5727712b

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
080c68d4d1f52d4ba2edff8b0d48bc9f

SHA1
fa0091037f92f48656a2845fdeb1627dcb3b1a09

SHA256
101032ed27fef82d022f8375d48e599391f99991b7b2e3c6c80f853477ee3dc0

SHA512
5d33bdd4464d3189057909868e732e13df508d2c027954d7c61c9b320e11c26459d85f21f330ad2bd9a674516c15754d06e7fe458c297ceac642cc93687218dc

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
7f4cba31bc6f1fbb297292ea1b535eef

SHA1
be68e67f15af7221668cbd34fee155552dced076

SHA256
b87e21f8d421cf21c500bf7443d2a5c93d10ca3bc1ba5da3ecf727b52d7ccc2e

SHA512
4fa770ade9a46ad2b97a4d1cef99320f824abd171d5b061e6add8bdcf12c335ce191847e0c74c7d3fd3591df5c3cba83246db9528993a31fb2dfdb70a2b03352

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-time-l1-1-0.dll

Filesize
14KB

MD5
528413622ecd129bc79d35c2830df28d

SHA1
d73a106b314c5cc12d5385db1098f046598a26c0

SHA256
9d5874f9b46ec97f3dda9008128d0ee558cc5371d0afb9d1cfe58b78c71bba6c

SHA512
47194f33eb3ac8cfcefdbcac8ebd68c291e44d5c4b27597e47fef9881d85cc35fb7f41360d72ab647ea24fd3a99e7d05bb431f181bf5f0147a67495578f7551d

Download Submit
C:\Program Files\TrueConf\Client\api-ms-win-crt-utility-l1-1-0.dll

Filesize
12KB

MD5
7d43a794393544aec41cef7a60f5013c

SHA1
054322e6c0de612a1f8107d5cd1cffcd7e5586a2

SHA256
9a2452e9ba07ab2c3666fcd6748a26837c89a655129c3f3b880c54b90296af2b

SHA512
5736b4d831a4ec4b807ac2b4b9e90c46f82a52728be7b8402911c2339163639bd0910afca5ef570b6120e74d1cd73fd596a339072dccce8100e4af9eafc11b25

Download Submit
C:\Program Files\TrueConf\Client\archive.dll

Filesize
870KB

MD5
dc581e89113f1c494683dda1d0a092c7

SHA1
14527c46792c8f7ecf0ce87645e142784dde2949

SHA256
22364d6db00cbcbd85abe34a1288be044c7911a4bc587cac75f3833a5cef57fc

SHA512
509535befddcb6679ce31d846399b40e156c18828d3a0091f6b72c30280773910545722e1ad8b0ac10c1847a457eb61e92a2ce30b717e541f2df54dc09a822b2

Download Submit
C:\Program Files\TrueConf\Client\icudt58.dll

Filesize
25.0MB

MD5
226c9eac6300980edb488b0bd20d502f

SHA1
7c0b130978ec6f44d0096a46acb957170741a084

SHA256
080826054aa27c2ced8ae7be485e4cc62a352844be7ee458d483f08d5b412516

SHA512
2ea672bfe6dd88da4a98fc1288c2849961bca71cf62123060b179185d88ffc2bbca820c0b2f4b302ee57fa8920f3b6f9e8624a8c058435f821cdb95cec3f755a

Download Submit
C:\Program Files\TrueConf\Client\icuin58.dll

Filesize
2.0MB

MD5
9575faf927fcc0a94acf0f2d0ee4cf6d

SHA1
2a548436f1a7c6266a0bdf11029e0fedc6491b94

SHA256
e17ca1abed6fda40b3c5bc904547940e27e76b1bb0ad098e33c98528971f064b

SHA512
c13848c7c15da758d0ba1b926742755acd6615c9f071cde51b24ec8e5188661878ca85fee251c7ad86ad504437afc47b191248e103c89855e82b71568b04923e

Download Submit
C:\Program Files\TrueConf\Client\icuuc58.dll

Filesize
1.4MB

MD5
73143a8be38b4895bc3bfde4682f23d6

SHA1
4dea4ad44a51ba10a1a1beb70831ac02ea7fcb2a

SHA256
31146e391c488b32867a8fe708d28ef9953bfe79738b4b21738c779595b82be1

SHA512
a45997edf17ce101b7b815f3e3b2d7c706a4eeaea1be260210dd779cb3ab635e8bccc6cb538b723abdc3da03e6cbec647a61df55f82f9433d8518210f1613d75

Download Submit
C:\Program Files\TrueConf\Client\ucrtbase.DLL

Filesize
1002KB

MD5
1496601a77e4f569733c33f5f27ddd53

SHA1
c8d23330b2d8792137ea03f3ca0de5c0a89caf7c

SHA256
e2267734b6ff4a08d6c619b9e9d173b9acd46681602d88979a4866a4ca63dd46

SHA512
1354d9d307fcf69426c08c0d9f5375a22e357a7776710798482b57137223f38d72fe9858a7b682f59442d6fac2e75389fafb4cf152096a84cbdeb1188722bedf

Download Submit
C:\Program Files\TrueConf\Client\unins000.exe

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R04FO.tmp\trueconf_client_x64.tmp

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R04FO.tmp\trueconf_client_x64.tmp

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
\Program Files\TrueConf\Client\HidLib.dll

Filesize
86KB

MD5
acace5f52cd7d26aaeab955f89720474

SHA1
14ab6b340ba96a5cb575d54298af387777411b4a

SHA256
e2b1a657580b1e4ad72b981856d0608f3151dca27e50c6cf2671fd19901d8f31

SHA512
212b30b0633df9a884199372249729bbfdf941c1b162d2e3e6a1ad63423e5e397b0e4363913a1f441bdb9454871120100f69828a821ade44b81997213ab41838

Download Submit
\Program Files\TrueConf\Client\Qt5Svg.dll

Filesize
336KB

MD5
9ada34c1b3c0165abee9a3194c543e35

SHA1
c7343fb2d1d13852084f5831b3c63c71ffa9cf3e

SHA256
c795950ce4a2c34a0973738376118fb2172af588430d5eb8527dd6f0d4ca3d1f

SHA512
ff13346545b9eb2bdfd77869f27a826a5214fda723eef3c8f9f8151fd6a7f57773ae185d12bbc91278ca9ce24d40dc97e703f5febdc6d8564197d7fff17a977d

Download Submit
\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
\Program Files\TrueConf\Client\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
07f5cee2c70a02a5d35dc7b95be2b993

SHA1
1fa16b5d1453ffc4ce258e7e43663426e2672193

SHA256
d2d231f119e685f1b8ae2df2439d97ea4949f49e6074ab1f7fbafb08d093b40d

SHA512
5163ddcb372216ce6b94fc7df4c32e01c4b4453f51a7a76f7ba8168e4a17ba281b5b2c33b094716f0b0b81ac6d92beb9ce22b888328b2ec9792b0f5ddb94fc78

Download Submit
\Program Files\TrueConf\Client\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
fd5eee653d9ec1fdb3b35899bf018865

SHA1
ac561fa1fe8a16d28d49ca5f5d067809b0399d3b

SHA256
0baa58160b82ce1b75539a8810f5ed012efd6543afed23439ff0d9fa96d9e09b

SHA512
37a485ee2d051a13fd7aab42eecbecb81be95c353aaf277d91aff7875e304467969954e6562a99ee2bb278d7d3451861dcfd540d12c0064d927b5ba149ae05ce

Download Submit
\Program Files\TrueConf\Client\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
203d858be015a470d57ff537e2ff9747

SHA1
c0c1a7b4f5c58dcce3c4a883a198109fddf38369

SHA256
535ad2deb85aec83b8580fdcc568e81b6eb4afe7ec026aaefaddd6dea7ce56cc

SHA512
8b33b1a38e01405f559e2db389cfcb9885a75f7c497fb3778f34c677b3fdb1cae77bdad73b948e6d777bb00b679c951cdf9a37901dc918f8dcd67268ba705f57

Download Submit
\Program Files\TrueConf\Client\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
07799042950861050a9b11f7ad9d11fc

SHA1
7f3bde19ddce2cb9cbe67f0bcf856a4a772cf6af

SHA256
b7a60a943b22e974f0d317ef1ad33d52aa199bbc935c1bb415eed1076814df33

SHA512
663359e4e2e5101b669e3d59e29796c5ed411449cac48770bc78932ee11209200632c58ff98740d5fb2edb17fd1093b34386b21e9d10ee1d795676c9678c3c15

Download Submit
\Program Files\TrueConf\Client\api-ms-win-core-synch-l1-2-0.dll

Filesize
12KB

MD5
cc10bb3949cdf7b437d6c4948fd82dc9

SHA1
d71784cddf82350f78962e438d6add4c3a4e2f6f

SHA256
2ab56801b0e0db2954d7c4d07d69257945e76f662d08247c92f2eb7b680de415

SHA512
2f7a3416baeae28775eb2a17c988ea62b793f6f86cde8d0832480c66a7745e10e4432d4ab581cea09996802d211b2b49354e081f16ff4d8905a894bed9e23609

Download Submit
\Program Files\TrueConf\Client\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
6c1f2f840caa7d3910f3e61c5937ed06

SHA1
6be847543dba51659c7bf4a1d903ad2f950c76e8

SHA256
0f52f257bf6716ce783b650a19249c4c86168ade916ded0413a230ae9d0ffc43

SHA512
a17e1ea2fc6075b72e6ea388d41efc1db9609e40a20f5fbc948099db3ba1cfada98b9722a887c0af96750403c57facfa11245241de1f2bf8bb956bec566902bd

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
4b5de02b23a0066ab7d5f48258d4dbb6

SHA1
9e7040addd7531aeccce6b31641f96c3da87c262

SHA256
02188802e540df2920019ebceaae649e7976a951d218a64ddd52c5838f823548

SHA512
c843d994ecc41228dd2896a2e7618cee9fb89fc891576e8af570ab29aa2861e55a896dbe1903a4d65a0c7a51d11d81b1bc9aace45c6d7e2c360143cfaee6eb48

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-environment-l1-1-0.dll

Filesize
12KB

MD5
0782920b496c762da1449dacddb0ce43

SHA1
6de4abe4793667458b354f22179d6ea2f50c39de

SHA256
6616d6622f555c0897aa98eb751bdbaa288821e117f4e702b85b009ac059d1f9

SHA512
3d8222ab8f7019b17b11c7c9eae21e4330eae18046aab785fc2df17bb3ec9e4b9e281e6fc3fccb3219d4f139bcc5e21f311c1e2ba328a2ad8c3eb9b02b1dfd60

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
a7177f6a2f7fe36df042597ea0579ae8

SHA1
57a2fb80c1532044655e6d49bc99ce85c75928b5

SHA256
93a1fcdf62e51ddf0647162973be6f682546f404f6513e526ea4b24548de0c00

SHA512
d0d1464f739f3bcd8e3ee0180d6d3f6ba1811044bf07c9f1d19f982ef3547149d494df181f708fd682d89063d67aa27872a8e334126849c9c700153c5e5ef333

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
3dfdc3223d428276a4c68b93bbf74cdb

SHA1
95a628dc9a8c989b41cf5b17acae230160c07eac

SHA256
48774f77048d37529729f34f60832e393eda9c2442583735a3029ed761568a7d

SHA512
3354a5f6e481c6d62484e237bd11bc330fd967074a172aa87017afdbade27bb66752b290515daefd210cf8b4d052a08a5a9b042628ff610defb63383a6b918cf

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-locale-l1-1-0.dll

Filesize
12KB

MD5
ae5384b0aab6074fc81719552224be9b

SHA1
68bc6a402f819b2bccaa37e1a42e4b54ddd49793

SHA256
9dd6c1b8a82f57e9ad29642eec2394ed31def555d6e77d376367bcbb1121bdb7

SHA512
a71cf0e1a0aaf9ce6757f2359d7429eecffacb81276814bced68a0bcfdd73a4fb0be8a3f54049a4390a3cfc3971c6df53de672f29b6705f8bae693047757e49e

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
fc1f76b59a82d23ed683cbf1cab056ca

SHA1
f786c0b61a01db32b68dba43e215f1251d8fe36d

SHA256
3c960a34692bdd3e149b8be8218a6723288a1e0282eb9e02c9b4a5f0af4cfc47

SHA512
4f0ff8388692aa0835b01dac6cb2ffbbeca2b00bd39956d25c1e6e7ae548abfacb606f248062d54cc389b0c99728f7753fe6f29097b445393c1314e135a35845

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
d2c9a35ecba1c116d1e023bbe4856970

SHA1
26a24e8da50cd5d561d4bdc1a68461051c7a133a

SHA256
4755f4f781e066c4fbe9009fa5a38ef4e2f0d9c1b9042c09149c17ad5c75bcb7

SHA512
b6e283688272dc471d0845e9f0f82fb45092069b2661edfd6207206a6775880789f7efc579e8142388f9702f0ce97e4b113842b299fbce5765e202de5727712b

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
080c68d4d1f52d4ba2edff8b0d48bc9f

SHA1
fa0091037f92f48656a2845fdeb1627dcb3b1a09

SHA256
101032ed27fef82d022f8375d48e599391f99991b7b2e3c6c80f853477ee3dc0

SHA512
5d33bdd4464d3189057909868e732e13df508d2c027954d7c61c9b320e11c26459d85f21f330ad2bd9a674516c15754d06e7fe458c297ceac642cc93687218dc

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
7f4cba31bc6f1fbb297292ea1b535eef

SHA1
be68e67f15af7221668cbd34fee155552dced076

SHA256
b87e21f8d421cf21c500bf7443d2a5c93d10ca3bc1ba5da3ecf727b52d7ccc2e

SHA512
4fa770ade9a46ad2b97a4d1cef99320f824abd171d5b061e6add8bdcf12c335ce191847e0c74c7d3fd3591df5c3cba83246db9528993a31fb2dfdb70a2b03352

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-time-l1-1-0.dll

Filesize
14KB

MD5
528413622ecd129bc79d35c2830df28d

SHA1
d73a106b314c5cc12d5385db1098f046598a26c0

SHA256
9d5874f9b46ec97f3dda9008128d0ee558cc5371d0afb9d1cfe58b78c71bba6c

SHA512
47194f33eb3ac8cfcefdbcac8ebd68c291e44d5c4b27597e47fef9881d85cc35fb7f41360d72ab647ea24fd3a99e7d05bb431f181bf5f0147a67495578f7551d

Download Submit
\Program Files\TrueConf\Client\api-ms-win-crt-utility-l1-1-0.dll

Filesize
12KB

MD5
7d43a794393544aec41cef7a60f5013c

SHA1
054322e6c0de612a1f8107d5cd1cffcd7e5586a2

SHA256
9a2452e9ba07ab2c3666fcd6748a26837c89a655129c3f3b880c54b90296af2b

SHA512
5736b4d831a4ec4b807ac2b4b9e90c46f82a52728be7b8402911c2339163639bd0910afca5ef570b6120e74d1cd73fd596a339072dccce8100e4af9eafc11b25

Download Submit
\Program Files\TrueConf\Client\archive.dll

Filesize
870KB

MD5
dc581e89113f1c494683dda1d0a092c7

SHA1
14527c46792c8f7ecf0ce87645e142784dde2949

SHA256
22364d6db00cbcbd85abe34a1288be044c7911a4bc587cac75f3833a5cef57fc

SHA512
509535befddcb6679ce31d846399b40e156c18828d3a0091f6b72c30280773910545722e1ad8b0ac10c1847a457eb61e92a2ce30b717e541f2df54dc09a822b2

Download Submit
\Program Files\TrueConf\Client\icudt58.dll

Filesize
25.0MB

MD5
226c9eac6300980edb488b0bd20d502f

SHA1
7c0b130978ec6f44d0096a46acb957170741a084

SHA256
080826054aa27c2ced8ae7be485e4cc62a352844be7ee458d483f08d5b412516

SHA512
2ea672bfe6dd88da4a98fc1288c2849961bca71cf62123060b179185d88ffc2bbca820c0b2f4b302ee57fa8920f3b6f9e8624a8c058435f821cdb95cec3f755a

Download Submit
\Program Files\TrueConf\Client\icuin58.dll

Filesize
2.0MB

MD5
9575faf927fcc0a94acf0f2d0ee4cf6d

SHA1
2a548436f1a7c6266a0bdf11029e0fedc6491b94

SHA256
e17ca1abed6fda40b3c5bc904547940e27e76b1bb0ad098e33c98528971f064b

SHA512
c13848c7c15da758d0ba1b926742755acd6615c9f071cde51b24ec8e5188661878ca85fee251c7ad86ad504437afc47b191248e103c89855e82b71568b04923e

Download Submit
\Program Files\TrueConf\Client\icuuc58.dll

Filesize
1.4MB

MD5
73143a8be38b4895bc3bfde4682f23d6

SHA1
4dea4ad44a51ba10a1a1beb70831ac02ea7fcb2a

SHA256
31146e391c488b32867a8fe708d28ef9953bfe79738b4b21738c779595b82be1

SHA512
a45997edf17ce101b7b815f3e3b2d7c706a4eeaea1be260210dd779cb3ab635e8bccc6cb538b723abdc3da03e6cbec647a61df55f82f9433d8518210f1613d75

Download Submit
\Program Files\TrueConf\Client\msvcp140.dll

Filesize
552KB

MD5
cb75d6437418afe1a7b52acf75730ff1

SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56

SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

Download Submit
\Program Files\TrueConf\Client\ucrtbase.dll

Filesize
1002KB

MD5
1496601a77e4f569733c33f5f27ddd53

SHA1
c8d23330b2d8792137ea03f3ca0de5c0a89caf7c

SHA256
e2267734b6ff4a08d6c619b9e9d173b9acd46681602d88979a4866a4ca63dd46

SHA512
1354d9d307fcf69426c08c0d9f5375a22e357a7776710798482b57137223f38d72fe9858a7b682f59442d6fac2e75389fafb4cf152096a84cbdeb1188722bedf

Download Submit
\Program Files\TrueConf\Client\unins000.exe

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
\Program Files\TrueConf\Client\vcruntime140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
\Program Files\TrueConf\Client\vcruntime140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-R04FO.tmp\trueconf_client_x64.tmp

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
memory/1412-1896-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1903-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1920-0x0000000000570000-0x000000000057A000-memory.dmp

Filesize
40KB

Download
memory/1412-1861-0x000007FEF56A0000-0x000007FEF5BF5000-memory.dmp

Filesize
5.3MB

Download
memory/1412-1885-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1412-1893-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1897-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1898-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1899-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1900-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1901-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1902-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1907-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/1412-1905-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1867-0x0000000000570000-0x000000000057A000-memory.dmp

Filesize
40KB

Download
memory/1412-1868-0x0000000000570000-0x000000000057A000-memory.dmp

Filesize
40KB

Download
memory/1412-1884-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1412-1876-0x000000000D0B0000-0x000000000D4F0000-memory.dmp

Filesize
4.2MB

Download
memory/1412-1878-0x000000000D4F0000-0x000000000D6F0000-memory.dmp

Filesize
2.0MB

Download
memory/1412-1880-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1412-1881-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1412-1883-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1412-1886-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1412-1918-0x0000000000570000-0x000000000057A000-memory.dmp

Filesize
40KB

Download
memory/1412-1863-0x000007FEF4380000-0x000007FEF4728000-memory.dmp

Filesize
3.7MB

Download
memory/1412-1887-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1412-1888-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1412-1889-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1412-1890-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1412-1891-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1412-1894-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1412-1895-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1412-1865-0x000000013F9B0000-0x00000001409B0000-memory.dmp

Filesize
16.0MB

Download
memory/1412-1904-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1612-1864-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1612-8-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1612-12-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1612-13-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1612-42-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1636-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1795-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1798-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1800-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1869-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/2208-10-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/2208-1-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download