Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2023 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739.exe

  • Size

    4.1MB

  • MD5

    ba1a1a20d031b4dd267634de084ea304

  • SHA1

    a482045dfb2eb23ecd17ec878fb477665a6e218e

  • SHA256

    b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739

  • SHA512

    379dd30d130086cd97e1cc65f4bb4f166142e7732f6451a3afecbf6344ec8fa7efcb041f1db5b7ff8a1de5264e99af88e17b836a8586bacbb5fcc48e98efdb62

  • SSDEEP

    98304:fHv+XyilWYyP9zZxACZeFw7DlvffePBhTqT:HFiEYyP9zPaw7Dlvf0PG

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkitupx

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 17 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 9 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  • Drops file in System32 directory 7 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 4 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of WriteProcessMemory 45 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739.exe
    "C:\Users\Admin\AppData\Local\Temp\b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2300
    • C:\Users\Admin\AppData\Local\Temp\b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739.exe
      "C:\Users\Admin\AppData\Local\Temp\b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4164
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1320
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3564
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:2528
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3028
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2496
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Manipulates WinMonFS driver.
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3756
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nologo -noprofile
          4⤵
          • Drops file in System32 directory
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3676
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Creates scheduled task(s)
          PID:4332
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:4148
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3656
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:936
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4412
          • C:\Windows\SYSTEM32\schtasks.exe
            schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
            4⤵
            • Creates scheduled task(s)
            PID:1616
          • C:\Windows\windefender.exe
            "C:\Windows\windefender.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:4360
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:4196
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /C sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4292
            • C:\Windows\SysWOW64\sc.exe
              sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
              5⤵
              • Launches sc.exe
              • Suspicious use of AdjustPrivilegeToken
              PID:4668
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Modifies data under HKEY_USERS
            • Suspicious use of AdjustPrivilegeToken
            PID:472
          • C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
            4⤵
              PID:4180
      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe
        "C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe" --nt-service -f "C:\Users\Admin\AppData\Local\Temp\csrss\tor\torrc" --Log "notice file C:\Users\Admin\AppData\Local\Temp\csrss\tor\log.txt"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2328
      • C:\Windows\SysWOW64\sc.exe
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        1⤵
        • Launches sc.exe
        • Suspicious use of AdjustPrivilegeToken
        PID:3328
      • C:\Windows\windefender.exe
        C:\Windows\windefender.exe
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:3004

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fkoauqmk.kb5.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
        Filesize

        3.2MB

        MD5

        f801950a962ddba14caaa44bf084b55c

        SHA1

        7cadc9076121297428442785536ba0df2d4ae996

        SHA256

        c3946ec89e15b24b743c46f9acacb58cff47da63f3ce2799d71ed90496b8891f

        SHA512

        4183bc76bdc84fb779e2e573d9a63d7de47096b63b945f9e335bee95ae28eb208f5ee15f6501ac59623b97c5b77f3455ca313512e7d9803e1704ae22a52459c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
        Filesize

        3.2MB

        MD5

        f801950a962ddba14caaa44bf084b55c

        SHA1

        7cadc9076121297428442785536ba0df2d4ae996

        SHA256

        c3946ec89e15b24b743c46f9acacb58cff47da63f3ce2799d71ed90496b8891f

        SHA512

        4183bc76bdc84fb779e2e573d9a63d7de47096b63b945f9e335bee95ae28eb208f5ee15f6501ac59623b97c5b77f3455ca313512e7d9803e1704ae22a52459c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        Filesize

        281KB

        MD5

        d98e33b66343e7c96158444127a117f6

        SHA1

        bb716c5509a2bf345c6c1152f6e3e1452d39d50d

        SHA256

        5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

        SHA512

        705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        Filesize

        281KB

        MD5

        d98e33b66343e7c96158444127a117f6

        SHA1

        bb716c5509a2bf345c6c1152f6e3e1452d39d50d

        SHA256

        5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

        SHA512

        705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\cached-microdesc-consensus.tmp
        Filesize

        2.9MB

        MD5

        bd0c8fdb9e1bece6ff959270017c57d2

        SHA1

        e37a70946a955202f1e2825fe36f94967496f6e4

        SHA256

        98c3bb8ce968f5f20c35ae97eb04a49e417c3887899af95ec1d1e3e32cb55aad

        SHA512

        9fda5909a76d1d188bf937f17fcc25fcaf9994c0d1d87547f87955e0a15dfe378fcb34deb6505a5925c135b7e418c964a4a720de433ef8393a6d56ff1298fb7e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\cached-microdescs.new
        Filesize

        6.0MB

        MD5

        e8310a25aa6f6c1955bc941339458d86

        SHA1

        a61b718dc53da3c45a7d4e03654e9be495e02a71

        SHA256

        bd99283f3f16fb295dda0c699bd83f624bb340db4c9c12f509a4c4306d230ec9

        SHA512

        592cbe87f01053c6f1a68b6d085d8d34246578888155b2f6107b71b85396a49378cbfaa437403c4b9cd39dfd3f397245fab31ad1afa40fce0fb4f108de134229

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\geoip
        Filesize

        3.8MB

        MD5

        c72911dec6ae8c4bc62bb2a6a21ba85b

        SHA1

        0ae7077313a53103c2b32100d74aafc04216289d

        SHA256

        7e777efc194ea9788171636085b19875d19397d3249fbb88136534037a3dc38f

        SHA512

        99dc9761ad69f5508d96a2362b930728d451f5ddcf7bb1e210ec5b0f14ee00ee71efaaab150ffa16a2f92fbbb1e2a6b5cd92d51721996df7ac794491c441c304

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\geoip6
        Filesize

        5.6MB

        MD5

        ed2f9b19dd1584d7e26f5ba460ef2fbf

        SHA1

        dcbf1789bf1eeb03276b830cb2ab92bcf779d97f

        SHA256

        f11bd1d7546cad00b6db0a1594f3ac1daf9f541004fd7efb5414e068693d6add

        SHA512

        dcfc780d1e34968390969b64ea2091b630c8eec94ac4724a4103a003a2f31545c3791a39f514517153538b4d3f5c50b6bfba74cc9cf8c0b1b5daba0a4849c856

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libcrypto-1_1.dll
        Filesize

        3.5MB

        MD5

        b7c32c8e7d21aa9b79470037227eba43

        SHA1

        38d719b10ca035cee65162c1a44e2c62123d41b4

        SHA256

        99b4042a858a9e437917c8256692e9ba161b87054ccf5e22538e86bb35c34f23

        SHA512

        d85345380b9605c8484e11873218aa4eaeea573ca51eedada6d0518695a2b184bb22faf7c5e3d88330935774ced17e9d80c577b06603aa1ca6dab748b0bd15a7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libcrypto-1_1.dll
        Filesize

        3.5MB

        MD5

        b7c32c8e7d21aa9b79470037227eba43

        SHA1

        38d719b10ca035cee65162c1a44e2c62123d41b4

        SHA256

        99b4042a858a9e437917c8256692e9ba161b87054ccf5e22538e86bb35c34f23

        SHA512

        d85345380b9605c8484e11873218aa4eaeea573ca51eedada6d0518695a2b184bb22faf7c5e3d88330935774ced17e9d80c577b06603aa1ca6dab748b0bd15a7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libcrypto-1_1.dll
        Filesize

        3.5MB

        MD5

        b7c32c8e7d21aa9b79470037227eba43

        SHA1

        38d719b10ca035cee65162c1a44e2c62123d41b4

        SHA256

        99b4042a858a9e437917c8256692e9ba161b87054ccf5e22538e86bb35c34f23

        SHA512

        d85345380b9605c8484e11873218aa4eaeea573ca51eedada6d0518695a2b184bb22faf7c5e3d88330935774ced17e9d80c577b06603aa1ca6dab748b0bd15a7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libevent-2-1-7.dll
        Filesize

        876KB

        MD5

        736443b08b5a52b6958f001e8200be71

        SHA1

        e56ddc8476aef0d3482c99c5bfaf0f57458b2576

        SHA256

        da1f75b9ce5f47cb78a6930a50c08397ee4d9778302746340f4057fcd838dbf4

        SHA512

        9dfcdb1186b089e7961767d427de986ad8e5f7715b7592984349d0b8e7f02198137c83e8c79a096a7475ad9f4695f52539fa08fa65912860ddf0a85515a7cda1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libevent-2-1-7.dll
        Filesize

        876KB

        MD5

        736443b08b5a52b6958f001e8200be71

        SHA1

        e56ddc8476aef0d3482c99c5bfaf0f57458b2576

        SHA256

        da1f75b9ce5f47cb78a6930a50c08397ee4d9778302746340f4057fcd838dbf4

        SHA512

        9dfcdb1186b089e7961767d427de986ad8e5f7715b7592984349d0b8e7f02198137c83e8c79a096a7475ad9f4695f52539fa08fa65912860ddf0a85515a7cda1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libgcc_s_dw2-1.dll
        Filesize

        668KB

        MD5

        36e1c3814bde3418ba3d38517954cb7c

        SHA1

        495e1ba5b0b442e70124d33daa6fea4e3e5931b0

        SHA256

        b34edd252f46dd881e79cfd274777fe5e90943d511c8e002aeca0528d7f3b4b1

        SHA512

        df7b608c51a782ad5cdfd753577a3dcacf4e2515ac02ce9e35b3cbc543895862844e8adcaff983b1348884085cf7427c33a67acc5ce48fe656f5b2083d0813b0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libgcc_s_dw2-1.dll
        Filesize

        668KB

        MD5

        36e1c3814bde3418ba3d38517954cb7c

        SHA1

        495e1ba5b0b442e70124d33daa6fea4e3e5931b0

        SHA256

        b34edd252f46dd881e79cfd274777fe5e90943d511c8e002aeca0528d7f3b4b1

        SHA512

        df7b608c51a782ad5cdfd753577a3dcacf4e2515ac02ce9e35b3cbc543895862844e8adcaff983b1348884085cf7427c33a67acc5ce48fe656f5b2083d0813b0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libgcc_s_dw2-1.dll
        Filesize

        668KB

        MD5

        36e1c3814bde3418ba3d38517954cb7c

        SHA1

        495e1ba5b0b442e70124d33daa6fea4e3e5931b0

        SHA256

        b34edd252f46dd881e79cfd274777fe5e90943d511c8e002aeca0528d7f3b4b1

        SHA512

        df7b608c51a782ad5cdfd753577a3dcacf4e2515ac02ce9e35b3cbc543895862844e8adcaff983b1348884085cf7427c33a67acc5ce48fe656f5b2083d0813b0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libssl-1_1.dll
        Filesize

        938KB

        MD5

        d92e59b71bf8a0d827597ed95b2eca42

        SHA1

        cfc49ff29eddb7127fbed166a8a1e740ea3dfb9a

        SHA256

        b6ef5cb4c093431f3e73c53e66df33d08237ba46d457d119a2c4dcae582314e3

        SHA512

        be65e003a498e753b08912d697e9b4d8a28828581c17d1e8e20880372a81030ce18610eeff230c8880e68a831041075bb2ebffcf318d29ebf58bc856fac3df04

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libssl-1_1.dll
        Filesize

        938KB

        MD5

        d92e59b71bf8a0d827597ed95b2eca42

        SHA1

        cfc49ff29eddb7127fbed166a8a1e740ea3dfb9a

        SHA256

        b6ef5cb4c093431f3e73c53e66df33d08237ba46d457d119a2c4dcae582314e3

        SHA512

        be65e003a498e753b08912d697e9b4d8a28828581c17d1e8e20880372a81030ce18610eeff230c8880e68a831041075bb2ebffcf318d29ebf58bc856fac3df04

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libssp-0.dll
        Filesize

        95KB

        MD5

        7cdbaca31739500aefc06dd85a8558ff

        SHA1

        adc36ec6a3cdc7e57a1b706c820e382627f6cb90

        SHA256

        0a1dee5dd5234971f7526f3d5f8b7e2cfdcb536e18debd51c985010fb504fbdb

        SHA512

        6df8ac9054f27ebbef9642ce79ff7ba836411ea0ed0bd04b3cfe724a336a91f665c2cc0b7a4bfc99a80786d1a6d361b971a7dbb7a298b919a1baa812541841ba

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libssp-0.dll
        Filesize

        95KB

        MD5

        7cdbaca31739500aefc06dd85a8558ff

        SHA1

        adc36ec6a3cdc7e57a1b706c820e382627f6cb90

        SHA256

        0a1dee5dd5234971f7526f3d5f8b7e2cfdcb536e18debd51c985010fb504fbdb

        SHA512

        6df8ac9054f27ebbef9642ce79ff7ba836411ea0ed0bd04b3cfe724a336a91f665c2cc0b7a4bfc99a80786d1a6d361b971a7dbb7a298b919a1baa812541841ba

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libwinpthread-1.dll
        Filesize

        301KB

        MD5

        07f4bbf18077231cb44750684dd8daf4

        SHA1

        8560627e9e05d6022abdfe7e576856e91ac90188

        SHA256

        4a146671b1fed4906799cb1cfc670753f1b1922793f5b40d5cf710befb287316

        SHA512

        04e31ad60e797cdbd1f3db36a8473139bbd1b763d2d67a160454b24b524e8bbc4d5784c62446a0f9d83b95dd518534ab4581d3a43a14146b17d0035ecc79c151

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\libwinpthread-1.dll
        Filesize

        301KB

        MD5

        07f4bbf18077231cb44750684dd8daf4

        SHA1

        8560627e9e05d6022abdfe7e576856e91ac90188

        SHA256

        4a146671b1fed4906799cb1cfc670753f1b1922793f5b40d5cf710befb287316

        SHA512

        04e31ad60e797cdbd1f3db36a8473139bbd1b763d2d67a160454b24b524e8bbc4d5784c62446a0f9d83b95dd518534ab4581d3a43a14146b17d0035ecc79c151

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe
        Filesize

        4.3MB

        MD5

        055ae7c584a7b012955bf5d874f30cfa

        SHA1

        f2b4d8c5307ff09607be929ec08fc2727bf03dcf

        SHA256

        d51b5bf807f6de3b5521b49b9a722592fb85aee1ea2f1c03bbb5255d62bfb9c8

        SHA512

        910bb0be7a3840bb37cb453ea066677a5327e272cfa0995f7a600bd4eb2e7c31685dcc0758c3b2cf07c7622fd45b2d4cdd3a4272cddaf9e97e2ffc48120646c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe
        Filesize

        4.3MB

        MD5

        055ae7c584a7b012955bf5d874f30cfa

        SHA1

        f2b4d8c5307ff09607be929ec08fc2727bf03dcf

        SHA256

        d51b5bf807f6de3b5521b49b9a722592fb85aee1ea2f1c03bbb5255d62bfb9c8

        SHA512

        910bb0be7a3840bb37cb453ea066677a5327e272cfa0995f7a600bd4eb2e7c31685dcc0758c3b2cf07c7622fd45b2d4cdd3a4272cddaf9e97e2ffc48120646c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\zlib1.dll
        Filesize

        135KB

        MD5

        f08b1f044c68770c190daf1eb1f3157e

        SHA1

        f94103a542459d60434f9ddb6b5f45b11eae2923

        SHA256

        1d0278386f8922bdf4808861e6e901541ad23cc6337bb022c78dc05915202f27

        SHA512

        0667416a7515cd845e96d2ad26ca676cffd2d1c9f0449ff05455e8cf6a7ab595d3f972785d051f45332c04f1c0b576726f645e3669122608a4f374e984ba161c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\zlib1.dll
        Filesize

        135KB

        MD5

        f08b1f044c68770c190daf1eb1f3157e

        SHA1

        f94103a542459d60434f9ddb6b5f45b11eae2923

        SHA256

        1d0278386f8922bdf4808861e6e901541ad23cc6337bb022c78dc05915202f27

        SHA512

        0667416a7515cd845e96d2ad26ca676cffd2d1c9f0449ff05455e8cf6a7ab595d3f972785d051f45332c04f1c0b576726f645e3669122608a4f374e984ba161c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\tor\torrc
        Filesize

        227B

        MD5

        17c2994d6a89cb7d277f1b3f0b49e5ed

        SHA1

        2a72ffc34cb2a7d7d3057f4725f2ac660a809158

        SHA256

        38ad4c6fb403fc2d5dc0dc83a165983a3fb426e0a850847fefc35e62a5ced67f

        SHA512

        d145ea667f70ed08b12d44228aea09cab637dd1acee131b919f22efdd4730b0c18daa0c83b196f5efa2082cf8f90bcd618b7c7efaab79ca5f0478ade0aca4728

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
        Filesize

        2KB

        MD5

        3d086a433708053f9bf9523e1d87a4e8

        SHA1

        b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

        SHA256

        6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

        SHA512

        931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        25a4a24a74b70634f023d46e1f543b44

        SHA1

        f763a57270fdd44dd28bc12b455a1b6f52535f7e

        SHA256

        8f38cd2c76b2c1be0a394b09ba776ed465bd76397362d4c8cab3de69521cdc57

        SHA512

        a62d5400bbc1d5f8eff8ed200bd479c6cd9d0635ea7928c82df4239d231a3a36a71b8dbab4f85687384ddab1cee642458a5cf3cd401afacfa621a6ac777f6edc

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        9c36cb7096ffa3852cbb6aa0d1d3af61

        SHA1

        4ece5dd038feb3e029b89bf94ab39a7dfe40044b

        SHA256

        cc14899b2e61963ad227b23bbb1e403ee2782648b268e13c126f65418060dfcf

        SHA512

        4693ec451808c463688280610d1f360808bf54e0a994fed03caaa94efe7a6827fd23e61cb2e5747b5d279f20ac2b082489a87db82555118fe70f8d91cfe01438

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        b2e27d6d8fc69a720e55949e5840bd3c

        SHA1

        5de31b273d966b831217c6c5c3a18892d73630f1

        SHA256

        e60c8e573e733891b1f46bc14bf16bf41f308cbbedf72b3aa2059d258fbb2167

        SHA512

        9646be6ab916690d1bfde2b505fddf70ab6e72bf52dc1d8bd3c3a86979532caff230b362a225c52f8d8a3d763b72fca5247a1cec05abb54bc0c50e08e46a43fc

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        81c57187b3c48436ebfe3d3c37c6efe1

        SHA1

        cfc70847f389b4d24085ee72f2c0398b136f7008

        SHA256

        2a0d4638da1158cd8e27ebc4d0fe49d210828353c56cc0e7a18adf3f25af3fad

        SHA512

        33dfa637fb585849deb74b6e2e93aaa62e9021c4206a71338e5b94f80a4f98ce02a802b70c88979b9b8e19cefc73f9ab45e2fad5acbcefc7f4dc4c5ff547ac84

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        0bb95aeaf4215e31dbbc1d92dc2e79e1

        SHA1

        26aca9942dcbf3abc9417d2258868065ab5b3b96

        SHA256

        cdbec17ed3f8bf4def374702112c97bcf73e5a3f0a2705b75ba7f63de94f5d50

        SHA512

        287b1cca1a699f5b7462dd57966b05d1517eb51658126b767136aa0f468ef9005a1ca3f1e5fc0f64254317d5893051317caf9f0dcde18cf4ccf0743e5a289134

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        f506ca9ba2f1488b25d641bcfed86099

        SHA1

        c1d593c28bc3bc2bdaf6ac496a533c29f9397c54

        SHA256

        e5efcadcce137aa5775e8fefbeae17bce8c1142e2dd1674f429495663d49294f

        SHA512

        27d64dff5a1044fb39b20f046df33a2b362245dbf02c1dc751712fded58f377a216cbd74764929c2f9d7c2145a48cdb0388d77eae25af9c5e079b6da5996f6fb

        Download Submit

      • C:\Windows\rss\csrss.exe
        Filesize

        4.1MB

        MD5

        ba1a1a20d031b4dd267634de084ea304

        SHA1

        a482045dfb2eb23ecd17ec878fb477665a6e218e

        SHA256

        b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739

        SHA512

        379dd30d130086cd97e1cc65f4bb4f166142e7732f6451a3afecbf6344ec8fa7efcb041f1db5b7ff8a1de5264e99af88e17b836a8586bacbb5fcc48e98efdb62

        Download Submit

      • C:\Windows\rss\csrss.exe
        Filesize

        4.1MB

        MD5

        ba1a1a20d031b4dd267634de084ea304

        SHA1

        a482045dfb2eb23ecd17ec878fb477665a6e218e

        SHA256

        b196c7fed00f6efcb818d9f7c6e4cc86f5354c7aff1c461f9d992d61efa65739

        SHA512

        379dd30d130086cd97e1cc65f4bb4f166142e7732f6451a3afecbf6344ec8fa7efcb041f1db5b7ff8a1de5264e99af88e17b836a8586bacbb5fcc48e98efdb62

        Download Submit

      • C:\Windows\windefender.exe
        Filesize

        2.0MB

        MD5

        8e67f58837092385dcf01e8a2b4f5783

        SHA1

        012c49cfd8c5d06795a6f67ea2baf2a082cf8625

        SHA256

        166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

        SHA512

        40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

        Download Submit

      • C:\Windows\windefender.exe
        Filesize

        2.0MB

        MD5

        8e67f58837092385dcf01e8a2b4f5783

        SHA1

        012c49cfd8c5d06795a6f67ea2baf2a082cf8625

        SHA256

        166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

        SHA512

        40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

        Download Submit

      • C:\Windows\windefender.exe
        Filesize

        2.0MB

        MD5

        8e67f58837092385dcf01e8a2b4f5783

        SHA1

        012c49cfd8c5d06795a6f67ea2baf2a082cf8625

        SHA256

        166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

        SHA512

        40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

        Download Submit

      • memory/1320-62-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1320-63-0x0000000004E40000-0x0000000004E50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1320-64-0x0000000004E40000-0x0000000004E50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1320-74-0x0000000004E40000-0x0000000004E50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1320-75-0x00000000703B0000-0x00000000703FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/1320-76-0x0000000070530000-0x0000000070884000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/1320-86-0x00000000074B0000-0x0000000007553000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1320-87-0x00000000077B0000-0x00000000077C1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1320-88-0x0000000007800000-0x0000000007814000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1320-92-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2300-51-0x0000000007830000-0x0000000007838000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2300-48-0x00000000077E0000-0x00000000077EE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2300-4-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2300-6-0x00000000027A0000-0x00000000027B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2300-5-0x0000000002710000-0x0000000002746000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2300-7-0x00000000027A0000-0x00000000027B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2300-8-0x0000000005340000-0x0000000005968000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2300-9-0x0000000005070000-0x0000000005092000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2300-10-0x0000000005970000-0x00000000059D6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2300-16-0x00000000059E0000-0x0000000005A46000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2300-21-0x0000000005BD0000-0x0000000005F24000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/2300-22-0x00000000060D0000-0x00000000060EE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2300-23-0x0000000006110000-0x000000000615C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/2300-24-0x0000000006680000-0x00000000066C4000-memory.dmp

        Filesize

        272KB

        Download

      • memory/2300-26-0x00000000027A0000-0x00000000027B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2300-27-0x0000000007200000-0x0000000007276000-memory.dmp

        Filesize

        472KB

        Download

      • memory/2300-28-0x0000000007900000-0x0000000007F7A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/2300-29-0x00000000072A0000-0x00000000072BA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2300-30-0x000000007FCE0000-0x000000007FCF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2300-31-0x0000000007650000-0x0000000007682000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2300-32-0x00000000703B0000-0x00000000703FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/2300-33-0x0000000070530000-0x0000000070884000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/2300-43-0x0000000007630000-0x000000000764E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2300-55-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2300-44-0x0000000007690000-0x0000000007733000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2300-45-0x0000000007780000-0x000000000778A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2300-46-0x0000000007840000-0x00000000078D6000-memory.dmp

        Filesize

        600KB

        Download

      • memory/2300-50-0x00000000078E0000-0x00000000078FA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2300-49-0x00000000077F0000-0x0000000007804000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2300-47-0x00000000077A0000-0x00000000077B1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2328-324-0x0000000074C40000-0x0000000074C5E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2328-327-0x0000000074A70000-0x0000000074A9A000-memory.dmp

        Filesize

        168KB

        Download

      • memory/2328-389-0x0000000000BB0000-0x0000000000FFE000-memory.dmp

        Filesize

        4.3MB

        Download

      • memory/2328-375-0x0000000000BB0000-0x0000000000FFE000-memory.dmp

        Filesize

        4.3MB

        Download

      • memory/2328-364-0x0000000000BB0000-0x0000000000FFE000-memory.dmp

        Filesize

        4.3MB

        Download

      • memory/2328-350-0x0000000000BB0000-0x0000000000FFE000-memory.dmp

        Filesize

        4.3MB

        Download

      • memory/2328-330-0x0000000074670000-0x0000000074971000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/2328-328-0x0000000074A20000-0x0000000074A6D000-memory.dmp

        Filesize

        308KB

        Download

      • memory/2328-329-0x0000000074980000-0x0000000074A20000-memory.dmp

        Filesize

        640KB

        Download

      • memory/2328-326-0x0000000074AA0000-0x0000000074B62000-memory.dmp

        Filesize

        776KB

        Download

      • memory/2328-325-0x0000000074B70000-0x0000000074C31000-memory.dmp

        Filesize

        772KB

        Download

      • memory/2328-323-0x0000000000BB0000-0x0000000000FFE000-memory.dmp

        Filesize

        4.3MB

        Download

      • memory/2328-298-0x0000000074B70000-0x0000000074C31000-memory.dmp

        Filesize

        772KB

        Download

      • memory/2328-299-0x0000000074A70000-0x0000000074A9A000-memory.dmp

        Filesize

        168KB

        Download

      • memory/2328-304-0x0000000000BB0000-0x0000000000FFE000-memory.dmp

        Filesize

        4.3MB

        Download

      • memory/2496-125-0x0000000002380000-0x0000000002390000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2496-126-0x00000000055E0000-0x0000000005934000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/2496-124-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2496-140-0x00000000703B0000-0x00000000703FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/2496-139-0x000000007F810000-0x000000007F820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2496-127-0x0000000002380000-0x0000000002390000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2496-138-0x0000000002380000-0x0000000002390000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3004-372-0x0000000000400000-0x00000000008DF000-memory.dmp

        Filesize

        4.9MB

        Download

      • memory/3004-331-0x0000000000400000-0x00000000008DF000-memory.dmp

        Filesize

        4.9MB

        Download

      • memory/3028-109-0x00000000703B0000-0x00000000703FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3028-110-0x0000000070530000-0x0000000070884000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/3028-94-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3028-108-0x00000000055A0000-0x00000000055B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3028-95-0x00000000055A0000-0x00000000055B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3028-122-0x0000000074510000-0x0000000074CC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3028-111-0x000000007FD50000-0x000000007FD60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3756-313-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3756-361-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3756-373-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3756-222-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3756-258-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3756-333-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3756-387-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4164-123-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4164-96-0x0000000002AD0000-0x0000000002ECB000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/4164-58-0x0000000002AD0000-0x0000000002ECB000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/4164-156-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4164-89-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4164-60-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4360-311-0x0000000000400000-0x00000000008DF000-memory.dmp

        Filesize

        4.9MB

        Download

      • memory/5028-59-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/5028-57-0x0000000003000000-0x00000000038EB000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/5028-25-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/5028-52-0x0000000002C00000-0x0000000003000000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/5028-1-0x0000000002C00000-0x0000000003000000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/5028-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/5028-2-0x0000000003000000-0x00000000038EB000-memory.dmp

        Filesize

        8.9MB

        Download