Resubmissions

29-02-2024 21:17

240229-z5c24acg6v 10

Analysis

  • max time kernel
    139s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-02-2024 21:17

General

  • Target

    TeraBox_sl_b_1.28.0.3.exe

  • Size

    85.5MB

  • MD5

    e1aad2c0bfbccec454765e8a030c8856

  • SHA1

    95dd1d5a2a597f27321868d398a9701bcf0b49dc

  • SHA256

    271de5aed87a398dedf889c16d7927e90f07facb4774a073cd4f365073fe51f8

  • SHA512

    6167a3f6f3e405832292491e466b18dc3fded745f4f0bb5d7cb86e00a6bdcd510aa146558ed22a6a00d60ae25befa5ec123d55d65b2a2a2e6ab2d9b2c78d4530

  • SSDEEP

    1572864:HSgue/UMXkXd9CUAMIaulHaT3hxHbpuH1yv7EjDe40REbstaa0ONE71pO2EY8fvp:ygue/Ui+d9tAYulHaT3hxpv70Doubsa

Malware Config

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Executes dropped EXE 14 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
  • Registers COM server for autorun 1 TTPs 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TeraBox_sl_b_1.28.0.3.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBox_sl_b_1.28.0.3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe
      "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe" -install "createdetectstartup" -install "btassociation" -install "createshortcut" "0" -install "createstartup"
      2⤵
      • Adds Run key to start application
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2524
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Windows\system32\regsvr32.exe
        "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"
        3⤵
        • Loads dropped DLL
        • Modifies system executable filetype association
        • Registers COM server for autorun
        • Modifies registry class
        PID:2440
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:2796
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\system32\regsvr32.exe
        "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"
        3⤵
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        PID:848
    • C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe
      "C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe" --install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2052
    • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
      "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" reg
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:2740
    • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe
      C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2028,10257912587732790210,498523556924153401,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;6.1.7601;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2036 /prefetch:2
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:1736
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10257912587732790210,498523556924153401,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;6.1.7601;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=3016 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        PID:1548
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2028,10257912587732790210,498523556924153401,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;6.1.7601;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2660
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2028,10257912587732790210,498523556924153401,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;6.1.7601;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:432
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2028,10257912587732790210,498523556924153401,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;6.1.7601;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2116 /prefetch:2
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:796
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
        -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.2192.0.2022426626\748014341 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.137" -PcGuid "TBIMXV2-O_838E90C9C00C4C1386214A5EFC5507D3-C_0-D_4d51303031302033202020202020202020202020-M_4A4F109F65B0-V_44F191FA" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
        3⤵
        • Executes dropped EXE
        PID:2056
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.2192.0.2022426626\748014341 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.137" -PcGuid "TBIMXV2-O_838E90C9C00C4C1386214A5EFC5507D3-C_0-D_4d51303031302033202020202020202020202020-M_4A4F109F65B0-V_44F191FA" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2968
      • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.2192.1.2123615168\1577630804 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.137" -PcGuid "TBIMXV2-O_838E90C9C00C4C1386214A5EFC5507D3-C_0-D_4d51303031302033202020202020202020202020-M_4A4F109F65B0-V_44F191FA" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
        3⤵
        • Executes dropped EXE
        PID:3024
      • C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe
        "C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe" -client_info "C:\Users\Admin\AppData\Local\Temp\TeraBox_status" -update_cfg_url "aHR0cHM6Ly90ZXJhYm94LmNvbS9hdXRvdXBkYXRl" -srvwnd 301e0 -unlogin
        3⤵
        • Executes dropped EXE
        PID:1260
    • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
      C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
      2⤵
      • Executes dropped EXE
      PID:2080
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

      Filesize

      959B

      MD5

      d5e98140c51869fc462c8975620faa78

      SHA1

      07e032e020b72c3f192f0628a2593a19a70f069e

      SHA256

      5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

      SHA512

      9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

      Filesize

      192B

      MD5

      c582435c2817d9e5398db8a16eef58da

      SHA1

      4f59850f61c2bcb9acc77c5e2f61f21797f5f93e

      SHA256

      9e7f22bb3a3674f072f6867e5babbe359600bf00a8d39901a9b8da4c84432409

      SHA512

      5d09b0d6edee858dfd818fa728b95949657b15845fe10dcf9e501a53202404c5d55f5bcb9e2b891d52746b317f8a74081512f3441ad4b493c6095a2f9df235e0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      82680b959b4b8df0cab4c1f1a73fe5c7

      SHA1

      8e97c7b68071ad9c194edd3b93b17d1e12c14b79

      SHA256

      7144cf2884c0da6efc1f35a8d5ea6be1711e6b1513801747cde86e2162eb27e8

      SHA512

      dca79d4cce90305561491edab4b61ba5f5082de6853840635d95678639b4f80b47991aea4ec482a8dd2650827a6a79726c520a8716e917cb1dabec57d716a5b6

    • C:\Users\Admin\AppData\Local\Temp\Cab225.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar41F.tmp

      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    • C:\Users\Admin\AppData\Local\Temp\nst678B.tmp\SetupCfg.ini

      Filesize

      80B

      MD5

      86daef0a1abf90f934b20119d95e8b73

      SHA1

      fa9170644b102c598005d1764a16aba54314ab69

      SHA256

      a5b0e58f66055ba5c9730dd7983946f92075bcf7052343b8d64ee95faa99eaaa

      SHA512

      1e95d6b697621f5c8bd194b5252f7717c3aa48a25d91d80fcd5fb0f1d06747c5f39708255bd85f18f776468dcde5645a8ac088431d412af1b10932d7f0df67b7

    • C:\Users\Admin\AppData\Local\Temp\nst678B.tmp\nsProcessW.dll

      Filesize

      4KB

      MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

      SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

      SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

      SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\Download\AutoUpdate.xml

      Filesize

      22KB

      MD5

      9829c6f33fab4cfca817101396683384

      SHA1

      4049f1fd48d260fbbb1c263db460a8d0c8519aa8

      SHA256

      2e76b17632034cfe30226199971403c0d86e0224c07979ca4b43cc224cebf1d2

      SHA512

      281a2215afea6f8abbb737ca3cb911fdff003bcb1dd9f2ebd58d7b9a9fffa20c3a2b9afa1cff8f0b2a2fd09bda7ab52616c134a93f0128e4cf8b0f82fea2400a

    • C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\Download\MainApp\upgrade_12803_12902.cab

      Filesize

      4.5MB

      MD5

      6d9e09a58ed1b7ac293cb7437464b487

      SHA1

      1e68b1968d78afc13156d3a4d0bea7e32c2cbd32

      SHA256

      2cb213c5d25add29da0ddb892e2ed7faafefe523123331e2edf6405dea5aadf7

      SHA512

      466d8b3ab514ae45f4dba2972f862d394b87aef7b970877119ca3953647fe0b27a3fd12971a7074643e8f6babfb2dcc6f79f922ecfb11d083fd51e7052a199f3

    • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

      Filesize

      4.3MB

      MD5

      8e0c3d2a3b63618b9b53339640aca490

      SHA1

      bb2f32ae59e8d3ba0a4efa6b0a40bf79874ceea2

      SHA256

      5ea7db75078f81c89fba38efc1e5555c4b6f34bee116f3eb457bf308cadf5e60

      SHA512

      d84952c372e1a1342334f8d2cc13101936c481ca17b676a8c323678ebc157fb2a942b254594349544e1866e6cc79291094697387ddcc83ec29a51ec86ffef619

    • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

      Filesize

      5.7MB

      MD5

      d89e36f21a5902c0fc26e70957c6d5e7

      SHA1

      b4423ea85817bd56a44d2e61c748837f93c28336

      SHA256

      c7219e20cbd40be5def02fdc0e6c64dfcfdecdb1325ed3b39926f4d076722669

      SHA512

      7d8ab4da97ae554935757d8ae0d641e702ca571db750e4857ab2e3446f36288b69c9eac0631aa3f938ee75799d6395eb7b936936626f8ff76f41960c6189a101

    • C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll

      Filesize

      1011KB

      MD5

      82179b4413766e62e7092357a2d7d04a

      SHA1

      6de04f0ff641b065e2e19a5533a6bede85719a0d

      SHA256

      8416ce1d616f9a2c94769f2f685474bc6a9dfc16af754c0e076016a34f9153b2

      SHA512

      5305f40e29a3fd47baf3fd3275c72635d760fd5d65c13bda4f0bd8e91dce819da78d4c6c9809633d54cc5bc017cd0df2b8f37ab274fa23374bd74801a3dfe308

    • C:\Users\Admin\AppData\Roaming\TeraBox\api-ms-win-core-processthreads-l1-1-1.dll

      Filesize

      11KB

      MD5

      7016bf365a155d29f01a000942a017ef

      SHA1

      47e25b97af56edbdd20ca72bba994c6bcf1b81e6

      SHA256

      b5f815d0a41add7fd9593036a8e6843fcc221298fefd61808f960eed3cc19830

      SHA512

      2cd7e88717a2d81811ce03990737888b8a1e9e351dcdad401ffe5924bdf97be086bd766a1a5b25411b760cbf81b68bebd94d915100b6bc1310360813af11f827

    • C:\Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-conio-l1-1-0.dll

      Filesize

      12KB

      MD5

      4296cf3a7180e10aaf6147f4aecd24e4

      SHA1

      f81e09af979a1146774d554783d1a22a03a61393

      SHA256

      147f86ff93d61fea256b3de9149e1b36b68a83762e62a3389466218e18359ffc

      SHA512

      60357edde6572c5e796f927c3e72c31a96ff700624b7366fdda64bcf51ee00bf1e9ab477a46d8d3ba7391ba10491e69f745efec3607f8f49b6e1a3a3de7a0648

    • C:\Users\Admin\AppData\Roaming\TeraBox\appUtil.DLL

      Filesize

      1.5MB

      MD5

      ea966aaea4634e68ddf601507bdbfbd8

      SHA1

      df2492ee0704ff4a49d1957bd9321c9e24b5b3e7

      SHA256

      2156f931969b571a01f067a61a902655af7eb0280f5476896b42a6f864ac9a07

      SHA512

      55c9c80b705a0621d2e7f4ca6e556581a542f69f9cb4fb6ae2997cb96b02ebc8b111a4030a967738682b46fb672adaeff2a3aa0f270a41e58c159fb49dd0f661

    • C:\Users\Admin\AppData\Roaming\TeraBox\uninst.exe

      Filesize

      697KB

      MD5

      3c2b6acab01820bd74fc22be0b07614b

      SHA1

      dd6e56ee9855a12db7b8bc315fa21c03186ec072

      SHA256

      8d6ec84fd334f9816c9bbc751587ceaa7c1f1029be8497241fe22c237e937094

      SHA512

      4e69d8b534242c84b489405651915b4c1b567c71a4018f953ed6c3c8a466941fcf780c4b40ce0f16125556ee41dc7672177c81aef270c43ac59958157392c6d5

    • C:\Users\Admin\AppData\Roaming\TeraBox\updateagent.dll

      Filesize

      1.1MB

      MD5

      635b7ae278f9b9cb4427f81bdf6ef41b

      SHA1

      598f211f3a15d98788d0428e0c2bb2b23625e349

      SHA256

      f15129d4cb3440c003e3847519957ab367dc95cde15aa5087f8286374b924fc3

      SHA512

      62a3e11f8a922f349b30811cbf44503eb0f96b5121c131f407e766a31ade85926a9c4fd4fe6327e8120970a4a23ad38f62541a9681d11b875fa93fe50c4c28d8

    • C:\Users\Admin\Desktop\TeraBox.lnk

      Filesize

      840B

      MD5

      b8ad5d3afb52c0075506050f76ef5f41

      SHA1

      08151ddd1c151a38cb51321cf77786ac693e02d6

      SHA256

      929f6576551c2e444520776c28d9208aef4ec5af37f95362321f6b2b5891d7f5

      SHA512

      b9b675a9d9baf865b3f873d4856d320c636a09553c1d607d8129b0cb323ef9e894bc34104ec61eccc9aaef02bbe9979dc23ba8dc0240604756672d3860092c46

    • \Users\Admin\AppData\Local\Temp\nst678B.tmp\NsisInstallUI.dll

      Filesize

      2.1MB

      MD5

      7aad5c0c2a4a8e2d4f6c463b63dc0609

      SHA1

      f257472d5a8e441c9300a9e4dd63f6b559a98bd0

      SHA256

      03e2ac88d13ab95dbe53b037c458cc57e3ada6153022d9d2a4097aea938f89b6

      SHA512

      418498124c939a44fb1bf3ce9113bed5cf419475c430e566e93a7c493037f788d82edb4318a4f9f833e1ffb6f3dbeb145ad3ccb82517ecf4cb82bac64dd42ccf

    • \Users\Admin\AppData\Local\Temp\nst678B.tmp\System.dll

      Filesize

      12KB

      MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

      SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

      SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

      SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • \Users\Admin\AppData\Roaming\TeraBox\AppUtil.dll

      Filesize

      1.4MB

      MD5

      fb2dc28b7c5f65a5616fd59126d0de1e

      SHA1

      ea65efec98db4a2050eb6ea61e0388fb72809055

      SHA256

      584bd102d9ea788f0fe0bf1d675256ddbab068cea98ab872bba077c6c1d4294d

      SHA512

      b5808db7b0f730ffd6debdcbd757f1f5f9168aea0ea0cc0f932ea63619f7ab6126548fa2a2fb217f42c30699192b97955f0c2c18b33e83ace8a7b66556379f88

    • \Users\Admin\AppData\Roaming\TeraBox\Bull140U.dll

      Filesize

      3.2MB

      MD5

      b313af0c43927a6b145ad5fa4045f5d4

      SHA1

      6ad88405ff040bcb7950cdf5ecb6edb24cec78ac

      SHA256

      0dc503f6e66b641e6c83385c63e95a62b05154d209da39f9b66ed77f224626eb

      SHA512

      7ff74516b7268d16accada1135b4d29bec8373701851379522637becfc9a0350ec3110fc957f3f3631ef5a2779e26ff9277416dfcecacd2f40ca4f9b4cb4cba6

    • \Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

      Filesize

      6.8MB

      MD5

      bce254dbffa461fd2257839b34b81b15

      SHA1

      e554d9d8d4775d5b5eb8bb1a2cf1cbedd53b38dc

      SHA256

      15a8c8ad6f8b99f758b82843d92a110616df6dd71a4c20873817db69e9b5008a

      SHA512

      3376c40fa1115cffe8da2b7ff2d5b3242d00b6353f0268b3e39abcc72742691e9be2392b0760b74e8a4c722c25e10f816f651082dfefe915a1c7ee2cc1398fcb

    • \Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

      Filesize

      5.2MB

      MD5

      c6ee2808103256f0038b558c4b74e61e

      SHA1

      a75a43f162028d65efc1ece9a21e38eff9617fb9

      SHA256

      d577adec27cb607b61f1bd7e5086da64efbaf12b77b9ca27c59f698ed2ff805d

      SHA512

      0d2d08f3237fefb91397edb0c20cbef60fe938a314548522c4918b6eaca45511e86d00bec95fd4add4b4ac36cebb69d799bb9879b997b9a27bb4a28d1a52eb50

    • \Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

      Filesize

      3.0MB

      MD5

      472ef3e4a0bb94c75a1c64bc329e8b6c

      SHA1

      0924885999a1f4e88902945fb543a8907a873960

      SHA256

      b191c678035abc2be6d63b152fade95ef7d28800e083454a3eaa51b65e185e3d

      SHA512

      5c1b4e1d003f74146103525b1e2a6b6e9343766513238b1eab9c5c650c25b0d33de5eb365d2f1aac30241eb4f71e1bc71c9a11f367989d228c808001879a30d3

    • \Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

      Filesize

      3.3MB

      MD5

      a3062feeb61ee0e8e517c1ec30f313ac

      SHA1

      97cee240a2b79759bfcaa8a7d685786b4d88b512

      SHA256

      a22c056185e1972e14749127bc80e7ee6ad8831ada962d7b854ac7285e1e3eb1

      SHA512

      72386205a88f4b37c2ee0f0a4aed5e5e7c5da944ecf3bf30624aff4d598eceb24c5fe869d8d58d7e3603af292d4dc1dfcc37f72d8f00e3ca654d9766b10d3054

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-core-file-l1-2-0.dll

      Filesize

      11KB

      MD5

      00d8b4bed48a1bb8a0451b967a902977

      SHA1

      f10ef17bda66d7cab2840d7f89c6de022a7b3ff2

      SHA256

      568d7f8551d8b4199db3359d5145bc4cb01d6d2f1347547f47967eb06a45c3b5

      SHA512

      e248cbc06fc610f315d7efcadb39b5cb85dfe5d40858768d5aea8d41b3b4b23eafe0db2b38cce362fd8ba8bc5eb26e9b2dddc00e2e8615395bca818ecfe0decc

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-core-file-l2-1-0.dll

      Filesize

      11KB

      MD5

      534483b0f4a1924b1ae6d7e66b4a4926

      SHA1

      4e954316acd216007f4a0225b138e0c0a04fbbed

      SHA256

      c1bca1bb524c5ae3d877a099f469b6fc34288bab26ae7a7f4fc47cd869f4958d

      SHA512

      cfad2ddf8a9ad67e36e978726d8a12ca26b180f73122b2e8d19a83f73028a050d9f418e7525f576cc3a9601b3369d4494dddbde620b4011b7ca8a7ec4b0d1b12

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-core-localization-l1-2-0.dll

      Filesize

      13KB

      MD5

      73483cbc229c62e129627adbf62b0ffe

      SHA1

      074ce67665c86355d3218b5e3ea4b1b335095af8

      SHA256

      13471eb84db95f8270398ef1deb29f0ea024db17e331497545c36eea7b2a3a7c

      SHA512

      92f06cb8971e29da7607c6b1d1377f21c7e6f0e4a169aaa08326038d5cdb09422b91f4f2d26a7978521e0edbb9cf1235e583f2910048c917ccef8d12c5e1166a

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-core-synch-l1-2-0.dll

      Filesize

      11KB

      MD5

      9efdffac1d337807b52356413b04b97b

      SHA1

      2590bd486abce24312066285fa1c1feaf8332fe0

      SHA256

      e1a87d7d01e2376dde81a16658915ccf2ecb692739fef09adfb962523756e22d

      SHA512

      b3c164e50d48a78bd08cf365e02e263b97ec2dd3efcf04914c8677c838e10be23df5178a8618e3f2a6feb6faa2bb74eaf069e7e2db7c6e6fd9d0137dcffbcead

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-core-timezone-l1-1-0.dll

      Filesize

      11KB

      MD5

      42c72d838c34e4e7164c578a930b8fc7

      SHA1

      82d02cb090eb6d81a1499189e4d3e6b82aa60061

      SHA256

      f1667bbda1b58fc688b422fd2f9f7040919c4ababe00a4be78b258cae2dfc3d3

      SHA512

      1020d6010dca512adbc18f44b6453a974a200766013c39f6cb1cd0a72234a241c73587c929f1d0fcadf90c3eb71264086167f05bd7ebceb5b944f4e4a0811d92

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-convert-l1-1-0.dll

      Filesize

      15KB

      MD5

      5c6fd1c6a5e69313a853a224e18a7fac

      SHA1

      10bae352f09b214edef2dc6adcb364c45fafdbec

      SHA256

      3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

      SHA512

      08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-environment-l1-1-0.dll

      Filesize

      11KB

      MD5

      6a3d5701446f6635faff87014a836eee

      SHA1

      7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

      SHA256

      16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

      SHA512

      839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-filesystem-l1-1-0.dll

      Filesize

      13KB

      MD5

      4ec243792d382305db59dc78b72d0a1e

      SHA1

      63b7285646c72ee640d34cdc200bfc5863db3563

      SHA256

      56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

      SHA512

      88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-heap-l1-1-0.dll

      Filesize

      12KB

      MD5

      a51cfb8cf618571215eeba7095733b25

      SHA1

      db4215890757c7c105a8001b41ae19ce1a5d3558

      SHA256

      6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

      SHA512

      9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-locale-l1-1-0.dll

      Filesize

      11KB

      MD5

      8d097aa5bec8bdb5df8f39e0db30397c

      SHA1

      56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

      SHA256

      42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

      SHA512

      a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-math-l1-1-0.dll

      Filesize

      21KB

      MD5

      ab87bdae2f62e32a533f89cd362d081c

      SHA1

      40311859dd042a7e392877364568aad892792ba9

      SHA256

      0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

      SHA512

      dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-multibyte-l1-1-0.dll

      Filesize

      19KB

      MD5

      169e20a74258b182d2cdc76f1ae77fc5

      SHA1

      fce3f718e6de505ac910cb7333a03a2c6544f654

      SHA256

      224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

      SHA512

      0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-runtime-l1-1-0.dll

      Filesize

      15KB

      MD5

      49363f3cf4671baa6be1abd03033542f

      SHA1

      e58902a82df86adf16f44ebdc558b92ad214a979

      SHA256

      505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

      SHA512

      98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-stdio-l1-1-0.dll

      Filesize

      17KB

      MD5

      be16965acc8b0ce3a8a7c42d09329577

      SHA1

      6ac0f1e759781c7e5342b20f2a200a6aab66535e

      SHA256

      fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

      SHA512

      7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-string-l1-1-0.dll

      Filesize

      17KB

      MD5

      3eae6d370f2623b37ec39c521d1f1461

      SHA1

      86d43e2e69b2066333e4afa28a27c7a74ff89991

      SHA256

      ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

      SHA512

      30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-time-l1-1-0.dll

      Filesize

      13KB

      MD5

      a440776e10098f3a8ef1c5eaca72958e

      SHA1

      7b8662714f6e44fb29a4224a038e4127964003e9

      SHA256

      40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

      SHA512

      b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

    • \Users\Admin\AppData\Roaming\TeraBox\api-ms-win-crt-utility-l1-1-0.dll

      Filesize

      11KB

      MD5

      a0a883e26be6800508162e2a898148d9

      SHA1

      4f79892e7766cb7831211864978575598c86a11b

      SHA256

      9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90

      SHA512

      70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3

    • \Users\Admin\AppData\Roaming\TeraBox\minosagent.dll

      Filesize

      2.9MB

      MD5

      216a2dd23f95bdd63cd88a50eb7e69bd

      SHA1

      9c63635c26e276179f8dba9e02079bb3170b0321

      SHA256

      63da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada

      SHA512

      390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0

    • \Users\Admin\AppData\Roaming\TeraBox\msvcp140.dll

      Filesize

      429KB

      MD5

      1d8c79f293ca86e8857149fb4efe4452

      SHA1

      7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

      SHA256

      c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

      SHA512

      83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

    • \Users\Admin\AppData\Roaming\TeraBox\ucrtbase.dll

      Filesize

      863KB

      MD5

      8ed02a1a11cec72b6a6a4989bf03cfcc

      SHA1

      172908ff0f8d7e1c0cbf107f7075ed1dba4b36c8

      SHA256

      4fd02f2699c49579319079b963425991198f59cb1589b8afa8795b5d6a0e5db3

      SHA512

      444fe62a5c324d38bdc055d298b5784c741f3ca8faaeaed591bd6dcf94205dbf28c7d7f7d3825ccb99eff04e3ffd831e3f98d9b314820841a0c0960ae6a5e416

    • \Users\Admin\AppData\Roaming\TeraBox\vcruntime140.dll

      Filesize

      83KB

      MD5

      b77eeaeaf5f8493189b89852f3a7a712

      SHA1

      c40cf51c2eadb070a570b969b0525dc3fb684339

      SHA256

      b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

      SHA512

      a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

    • memory/1260-2099-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

    • memory/2044-220-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

      Filesize

      4KB

    • memory/2044-121-0x0000000002550000-0x0000000002590000-memory.dmp

      Filesize

      256KB

    • memory/2044-20-0x0000000002550000-0x0000000002590000-memory.dmp

      Filesize

      256KB

    • memory/2080-221-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

    • memory/2192-246-0x00000000012B0000-0x0000000001994000-memory.dmp

      Filesize

      6.9MB

    • memory/2192-912-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

      Filesize

      4KB

    • memory/2192-911-0x00000000012B0000-0x0000000001994000-memory.dmp

      Filesize

      6.9MB

    • memory/2192-1043-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

      Filesize

      4KB

    • memory/2192-1176-0x00000000047F0000-0x0000000004830000-memory.dmp

      Filesize

      256KB

    • memory/2192-1177-0x00000000052B0000-0x00000000054B0000-memory.dmp

      Filesize

      2.0MB

    • memory/2192-1178-0x00000000052B0000-0x00000000054B0000-memory.dmp

      Filesize

      2.0MB

    • memory/2192-247-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

      Filesize

      4KB

    • memory/2192-260-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

      Filesize

      4KB

    • memory/2192-261-0x00000000047F0000-0x0000000004830000-memory.dmp

      Filesize

      256KB

    • memory/2968-1993-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

    • memory/2968-2047-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2968-1982-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

    • memory/2968-1984-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

    • memory/2968-1987-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

    • memory/2968-1986-0x0000000068830000-0x0000000069C5C000-memory.dmp

      Filesize

      20.2MB

    • memory/2968-1991-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

    • memory/2968-1970-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

    • memory/2968-2009-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2968-2017-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2968-2021-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2968-2023-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2968-2045-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2968-1981-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

    • memory/2968-2059-0x0000000000350000-0x0000000000351000-memory.dmp

      Filesize

      4KB

    • memory/2968-2061-0x0000000000350000-0x0000000000351000-memory.dmp

      Filesize

      4KB

    • memory/2968-2063-0x0000000000350000-0x0000000000351000-memory.dmp

      Filesize

      4KB

    • memory/2968-2066-0x0000000077EA0000-0x0000000077EA1000-memory.dmp

      Filesize

      4KB

    • memory/2968-2122-0x0000000068830000-0x0000000069C5C000-memory.dmp

      Filesize

      20.2MB

    • memory/2968-1944-0x0000000000910000-0x00000000009B0000-memory.dmp

      Filesize

      640KB

    • memory/2968-1945-0x00000000000A0000-0x00000000000A1000-memory.dmp

      Filesize

      4KB

    • memory/2968-1968-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

    • memory/2968-2100-0x0000000000910000-0x00000000009B0000-memory.dmp

      Filesize

      640KB

    • memory/3024-2069-0x0000000000910000-0x00000000009B0000-memory.dmp

      Filesize

      640KB

    • memory/3024-2068-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

    • memory/3024-2067-0x0000000000910000-0x00000000009B0000-memory.dmp

      Filesize

      640KB