Overview

overview

10

Static

static

10

9b035bad2b...18.exe

windows7-x64

10

9b035bad2b...18.exe

windows10-1703-x64

10

9b035bad2b...18.exe

windows10-2004-x64

10

9b035bad2b...18.exe

windows11-21h2-x64

10

Resubmissions

11-04-2024 11:14

240411-nb5z8sdd7y 10

11-04-2024 11:14

240411-nb5dpsdd7w 10

11-04-2024 11:14

240411-nb43yaac56 10

11-04-2024 11:14

240411-nb3vwadd7t 10

11-04-2024 11:14

240411-nb3j4sac55 10

09-04-2024 03:54

240409-egc2zahd2z 10

09-04-2024 03:53

240409-ef443adg89 10

09-04-2024 03:53

240409-efxd8ahc9v 10

09-04-2024 03:53

240409-efmvsahc8w 10

03-04-2024 00:16

240403-akzypahh9t 10

Analysis

  • max time kernel
    1799s
  • max time network
    1800s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2024 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

  • Size

    7.6MB

  • MD5

    9b035bad2b8a21fb2c57fd784c89b8d5

  • SHA1

    ee15fad65f3f22df7f54e218176c45d369ebb70f

  • SHA256

    2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c

  • SHA512

    96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde

  • SSDEEP

    196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.32

C2

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    dllhost

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • BitRAT payload 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 42 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3872
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4572
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3820
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4580
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3952
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1728
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:368
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4948
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3520
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:5012
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4144
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4648
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3688
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3572
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2904
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:224
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1932
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2544
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1400
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4256
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:876
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:64
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2056
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2340
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:640
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1440
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:400
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1692
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3692
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4704
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4528
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1076
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3096
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3800
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1012
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1992
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2568
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:748
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3680
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4848
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2464
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2200
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4852
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1844
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1780
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1400
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2748
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4716
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2212
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4948
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1372
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3312
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4800
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3552
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3228
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2584
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1160
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3284
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4428
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3304
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4240
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4392
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:5080
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1088
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
        PID:4660
      • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
        "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
        2⤵
          PID:4404
        • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
          "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
          2⤵
            PID:1000
          • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
            "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
            2⤵
              PID:4904
            • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
              "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
              2⤵
                PID:2904
              • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                2⤵
                  PID:684
                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                  2⤵
                    PID:1420
                  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                    "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                    2⤵
                      PID:4652
                    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                      2⤵
                        PID:2208
                      • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                        "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                        2⤵
                          PID:4400
                        • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                          "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                          2⤵
                            PID:496
                          • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                            "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                            2⤵
                              PID:4648
                            • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                              "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                              2⤵
                                PID:4780
                              • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                2⤵
                                  PID:1776
                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                  2⤵
                                    PID:1912
                                  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                    "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                    2⤵
                                      PID:3888
                                    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                      2⤵
                                        PID:2908
                                      • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                        "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                        2⤵
                                          PID:3800
                                        • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                          "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                          2⤵
                                            PID:4564
                                          • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                            "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                            2⤵
                                              PID:1100
                                            • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                              "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                              2⤵
                                                PID:4684
                                              • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                                "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                                2⤵
                                                  PID:4028
                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                                  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
                                                  2⤵
                                                    PID:1596

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-certs
                                                  Filesize

                                                  20KB

                                                  MD5

                                                  e0f2b64459b4eee12b49ee222217bd17

                                                  SHA1

                                                  0427727df52a6ed1877fafe7485c8d9c5a76faec

                                                  SHA256

                                                  9bf9d51abe98b5b39165d86685981485fa798286385fd877cab08959639c35fe

                                                  SHA512

                                                  f299e6da7d4a23676746c1496a1483eaa6e198e52f3afe32832eb8696234f384552d87d390878e142e8e657854abc777566100e96d25b506bc3e6f69ba2a72f0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdesc-consensus.tmp
                                                  Filesize

                                                  2.7MB

                                                  MD5

                                                  a1ef6838f217c027c3abe2eb5891dc6c

                                                  SHA1

                                                  a93bdbe5e553e23e45378153fb86026a76741fd0

                                                  SHA256

                                                  43d67abc74bf54528d587ced07804275f3bc4d046f495d6bb931a101f0e99bd8

                                                  SHA512

                                                  e81782ea2293bc3e52320446b8b83a31bd82647bc470396bac8c54e9d58a7b79aa11c6cd48e8d0fa1fdc5144a5c6bcaa89b0b4daa905b3075ee2706fa0ed10b7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs
                                                  Filesize

                                                  20.3MB

                                                  MD5

                                                  66aa09cf292cba4a187b8ba7e6a49e15

                                                  SHA1

                                                  e362ed039067960cc4bb4a69188e59fc8c628f90

                                                  SHA256

                                                  6a59adaa82c6c0ea1d280d720530dc223e1405704561fc7f248c9ee587ed88e8

                                                  SHA512

                                                  3c4201140137b2aaadbf913c40fd2b8a455b48d9d1339a2f37b968abf754f126bc13a10387625a0629bbb37cebae19301f9abe5a3067bd9481cfe81b51518e84

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
                                                  Filesize

                                                  20.3MB

                                                  MD5

                                                  ec4c0011c2922a90330486ea6a38363b

                                                  SHA1

                                                  44d6cd5f6320ed109f567abb6431469cc1f1c565

                                                  SHA256

                                                  e028bbb6a5195658944d73744338ed8c68237f31e0f7ddfdf4fdc917cb9697c1

                                                  SHA512

                                                  d84681e88a8d453898769541d5e24d602c754f140e0fbc57b304def69bb961a90d6a5c9e7a81ac47379bd1be015634f6035b247bb4d07f19744cedc990a15b9e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
                                                  Filesize

                                                  5.8MB

                                                  MD5

                                                  5e408d94cddb93d87e7b6b2ce64887c7

                                                  SHA1

                                                  82a4d412053120d31066067754bf689ea1d0365e

                                                  SHA256

                                                  c4cb7057e3d1f78e64bf9e92256a26612a342eafb34bc825493515d9b173e23c

                                                  SHA512

                                                  12aa598df5ff67aa1d8408b8c15f59beb229f6f13e210b0ab886adfb92506fc36247a273153f0b487902ef75de821147bbbe6e6c2e23f1285d9767d296c64ec1

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state
                                                  Filesize

                                                  9KB

                                                  MD5

                                                  d759da7304f97fda211a1d475c59c509

                                                  SHA1

                                                  6e8d3174e68e4a0b13277e66a52971fcd7f038aa

                                                  SHA256

                                                  7035948fc2ab151509551ef7ba73b7f9d8855df8f9d7ddd87e11460d667c6cc6

                                                  SHA512

                                                  43e46a5e181383c2f3ac4c7770c57adda7f60da944b6e2d62a7fa54ca7bc25d6d37e7709276051aa7a657476a521e965d90cb86290cb92e5ba90cbbce0509ee4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  33d66316cdfcb3f2d79533d41847704f

                                                  SHA1

                                                  178a8cd3bf7eece226dd3f84e3a670cd1eb15b99

                                                  SHA256

                                                  9e9716d67cf8566fd185a6272a54e613d73ac01c4f94f3e7bb47614071d6101d

                                                  SHA512

                                                  2a1819263944fb80dac96218f642ad29d26f09ef4ef7e198f434e3f79d25785c5fc6435643bc7d711263743a315ce305cd99cbd7fcec01ef73df2bce999d409e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
                                                  Filesize

                                                  973KB

                                                  MD5

                                                  5cfe61ff895c7daa889708665ef05d7b

                                                  SHA1

                                                  5e58efe30406243fbd58d4968b0492ddeef145f2

                                                  SHA256

                                                  f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

                                                  SHA512

                                                  43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libcrypto-1_1.dll
                                                  Filesize

                                                  1.7MB

                                                  MD5

                                                  2384a02c4a1f7ec481adde3a020607d3

                                                  SHA1

                                                  7e848d35a10bf9296c8fa41956a3daa777f86365

                                                  SHA256

                                                  c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

                                                  SHA512

                                                  1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libevent-2-1-6.dll
                                                  Filesize

                                                  366KB

                                                  MD5

                                                  099983c13bade9554a3c17484e5481f1

                                                  SHA1

                                                  a84e69ad9722f999252d59d0ed9a99901a60e564

                                                  SHA256

                                                  b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

                                                  SHA512

                                                  89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libgcc_s_sjlj-1.dll
                                                  Filesize

                                                  286KB

                                                  MD5

                                                  b0d98f7157d972190fe0759d4368d320

                                                  SHA1

                                                  5715a533621a2b642aad9616e603c6907d80efc4

                                                  SHA256

                                                  2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

                                                  SHA512

                                                  41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssl-1_1.dll
                                                  Filesize

                                                  439KB

                                                  MD5

                                                  c88826ac4bb879622e43ead5bdb95aeb

                                                  SHA1

                                                  87d29853649a86f0463bfd9ad887b85eedc21723

                                                  SHA256

                                                  c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

                                                  SHA512

                                                  f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssp-0.dll
                                                  Filesize

                                                  88KB

                                                  MD5

                                                  2c916456f503075f746c6ea649cf9539

                                                  SHA1

                                                  fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

                                                  SHA256

                                                  cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

                                                  SHA512

                                                  1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libwinpthread-1.dll
                                                  Filesize

                                                  188KB

                                                  MD5

                                                  d407cc6d79a08039a6f4b50539e560b8

                                                  SHA1

                                                  21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

                                                  SHA256

                                                  92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

                                                  SHA512

                                                  378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\torrc
                                                  Filesize

                                                  139B

                                                  MD5

                                                  dbd537e3da06f7d7aeaf58f4decc0c94

                                                  SHA1

                                                  7e740ea6dcf8545710f99519014e9bb029028a84

                                                  SHA256

                                                  349b36a467d778e29b96528cdd25d6c34a54be659a9ef516b3833106ceb679b2

                                                  SHA512

                                                  a84633c420c825b15ef2fc5cf83a6d75fcdddbb06d3b7dc74537d5bc98b5d910d3dec4838f30be3a06373662d2946f156f36bd2e033e0b6089753006ac327a90

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\07fa2a3b\tor\zlib1.dll
                                                  Filesize

                                                  52KB

                                                  MD5

                                                  add33041af894b67fe34e1dc819b7eb6

                                                  SHA1

                                                  6db46eb021855a587c95479422adcc774a272eeb

                                                  SHA256

                                                  8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

                                                  SHA512

                                                  bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

                                                  Download Submit

                                                • memory/1544-47-0x0000000073150000-0x0000000073189000-memory.dmp

                                                  Filesize

                                                  228KB

                                                  Download

                                                • memory/1544-125-0x0000000073CD0000-0x0000000073D09000-memory.dmp

                                                  Filesize

                                                  228KB

                                                  Download

                                                • memory/1544-0-0x0000000000400000-0x0000000000BAA000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/1544-1-0x00000000746A0000-0x00000000746D9000-memory.dmp

                                                  Filesize

                                                  228KB

                                                  Download

                                                • memory/1544-56-0x0000000000400000-0x0000000000BAA000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/1728-314-0x0000000073850000-0x0000000073918000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/1728-312-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/1728-322-0x00000000736C0000-0x00000000737CA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/1728-324-0x0000000073630000-0x00000000736B8000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/1728-327-0x0000000073920000-0x0000000073BEF000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/1728-317-0x0000000073800000-0x0000000073849000-memory.dmp

                                                  Filesize

                                                  292KB

                                                  Download

                                                • memory/1728-316-0x0000000073560000-0x000000007362E000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/1728-320-0x00000000737D0000-0x00000000737F4000-memory.dmp

                                                  Filesize

                                                  144KB

                                                  Download

                                                • memory/3820-188-0x0000000073850000-0x0000000073918000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/3820-194-0x0000000073630000-0x00000000736B8000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/3820-195-0x0000000073560000-0x000000007362E000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/3820-218-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3820-244-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3820-193-0x00000000736C0000-0x00000000737CA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/3820-189-0x0000000073920000-0x0000000073BEF000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/3820-191-0x00000000737D0000-0x00000000737F4000-memory.dmp

                                                  Filesize

                                                  144KB

                                                  Download

                                                • memory/3820-185-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3820-190-0x0000000073800000-0x0000000073849000-memory.dmp

                                                  Filesize

                                                  292KB

                                                  Download

                                                • memory/3872-43-0x0000000001200000-0x0000000001288000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/3872-58-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-137-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-129-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-117-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-100-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-80-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-19-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-159-0x0000000001200000-0x0000000001288000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/3872-66-0x0000000001200000-0x0000000001288000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/3872-67-0x0000000001AA0000-0x0000000001D6F000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/3872-39-0x0000000073A00000-0x0000000073ACE000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/3872-57-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-48-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3872-46-0x0000000073BA0000-0x0000000073BE9000-memory.dmp

                                                  Filesize

                                                  292KB

                                                  Download

                                                • memory/3872-45-0x0000000073560000-0x000000007382F000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/3872-44-0x0000000001AA0000-0x0000000001D6F000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/3872-38-0x0000000073AD0000-0x0000000073B98000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/3872-42-0x0000000073830000-0x00000000738B8000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/3872-41-0x00000000738C0000-0x00000000739CA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/3872-40-0x00000000739D0000-0x00000000739F4000-memory.dmp

                                                  Filesize

                                                  144KB

                                                  Download

                                                • memory/3952-308-0x0000000073850000-0x0000000073918000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/3952-306-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3952-276-0x0000000073850000-0x0000000073918000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/3952-283-0x00000000736C0000-0x00000000737CA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/3952-282-0x0000000073560000-0x000000007362E000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/3952-281-0x0000000073630000-0x00000000736B8000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/3952-280-0x00000000737D0000-0x00000000737F4000-memory.dmp

                                                  Filesize

                                                  144KB

                                                  Download

                                                • memory/3952-307-0x0000000073920000-0x0000000073BEF000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/3952-279-0x0000000073800000-0x0000000073849000-memory.dmp

                                                  Filesize

                                                  292KB

                                                  Download

                                                • memory/3952-274-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/3952-275-0x0000000073920000-0x0000000073BEF000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/4572-162-0x00000000739D0000-0x00000000739F4000-memory.dmp

                                                  Filesize

                                                  144KB

                                                  Download

                                                • memory/4572-163-0x0000000073560000-0x000000007382F000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/4572-151-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/4572-153-0x0000000073560000-0x000000007382F000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/4572-156-0x0000000073AD0000-0x0000000073B98000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/4572-161-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/4572-160-0x0000000073BA0000-0x0000000073BE9000-memory.dmp

                                                  Filesize

                                                  292KB

                                                  Download

                                                • memory/4572-165-0x00000000738C0000-0x00000000739CA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/4572-158-0x0000000073A00000-0x0000000073ACE000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/4572-166-0x0000000073A00000-0x0000000073ACE000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/4572-167-0x0000000073830000-0x00000000738B8000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download

                                                • memory/4580-249-0x0000000000980000-0x0000000000D84000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/4580-251-0x0000000073920000-0x0000000073BEF000-memory.dmp

                                                  Filesize

                                                  2.8MB

                                                  Download

                                                • memory/4580-261-0x00000000736C0000-0x00000000737CA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/4580-253-0x0000000073850000-0x0000000073918000-memory.dmp

                                                  Filesize

                                                  800KB

                                                  Download

                                                • memory/4580-256-0x0000000073560000-0x000000007362E000-memory.dmp

                                                  Filesize

                                                  824KB

                                                  Download

                                                • memory/4580-260-0x00000000737D0000-0x00000000737F4000-memory.dmp

                                                  Filesize

                                                  144KB

                                                  Download

                                                • memory/4580-258-0x0000000073800000-0x0000000073849000-memory.dmp

                                                  Filesize

                                                  292KB

                                                  Download

                                                • memory/4580-262-0x0000000073630000-0x00000000736B8000-memory.dmp

                                                  Filesize

                                                  544KB

                                                  Download