Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2024 23:04

General

  • Target

    201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9N.exe

  • Size

    9.2MB

  • MD5

    8fcc43370d7bdc75cf0381164a6bee50

  • SHA1

    af7c3b094d2c5cbd153b8fa6815418eb28d7ddbd

  • SHA256

    201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9

  • SHA512

    137a418afed97a79352a6981b91793bfecd9026f6b5bc45c5268ad60aa1d1d6e6095571bdec0a8103ce8087ec41ed5ae387b43c26ede02c91dea4962030e6368

  • SSDEEP

    196608:ltqD/NMreh/CtTODi/hXFufhOAjXhC01/oicfjRx2g/6GN4Br:cVMmDi/ojFC0qicLR0gCG6V

Malware Config

Extracted

Family

darkcomet

Botnet

don

C2

victoire.dyndns.biz:62955

Mutex

DC_MUTEX-DUXZFBC

Attributes
  • gencode

    pZpvGTDgPY6R

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Darkcomet family
  • Disables Task Manager via registry modification
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 29 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NSIS installer 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 6 IoCs
  • Modifies registry class 6 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 26 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9N.exe
    "C:\Users\Admin\AppData\Local\Temp\201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9N.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Program Files (x86)\Avira Operations GmbH & Co. KG\Avira Phantom VPN\Avira.Phantom.VPN.v2.28.6.26289.exe
      "C:\Program Files (x86)\Avira Operations GmbH & Co. KG\Avira Phantom VPN\Avira.Phantom.VPN.v2.28.6.26289.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3116
      • C:\Windows\SysWOW64\netsh.exe
        netsh.exe advfirewall firewall delete rule name="all" remoteip=95.141.193.133
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2624
      • C:\Windows\SysWOW64\route.exe
        route.exe delete 95.141.193.133
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1864
      • C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\VpnInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\VpnInstaller.exe" /S
        3⤵
        • Sets service image path in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\amd64\tapinstall.exe
          "C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\amd64\tapinstall.exe" tap_remove "phantomtap"
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          PID:412
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" failure AviraPhantomVPN reset= 86400 actions= restart/5000/restart/10000//1000
          4⤵
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:4288
      • C:\Windows\SysWOW64\net.exe
        net.exe stop AviraPhantomVPN
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1864
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop AviraPhantomVPN
          4⤵
          • System Location Discovery: System Language Discovery
          PID:488
      • C:\Windows\SysWOW64\net.exe
        net.exe start AviraPhantomVPN
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1192
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 start AviraPhantomVPN
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4816
    • C:\Users\Admin\AppData\Roaming\dako01fud.exe
      "C:\Users\Admin\AppData\Roaming\dako01fud.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Users\Admin\AppData\Local\Temp\00117830\bhmnlmvpxs.exe
        "C:\Users\Admin\AppData\Local\Temp\00117830\bhmnlmvpxs.exe" qemcqnq.ngs
        3⤵
        • Checks computer location settings
        • Drops startup file
        • Executes dropped EXE
        • Adds Run key to start application
        • Checks whether UAC is enabled
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2136
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1032
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1184
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3960
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4844
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3640
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4184
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\SysWOW64\mshta.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:468
        • C:\Users\Admin\AppData\Local\Temp\RegSvcs.exe
          "C:\Users\Admin\AppData\Local\Temp\RegSvcs.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1160
  • C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
    "C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe"
    1⤵
    • Executes dropped EXE
    • Checks processor information in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:660
    • C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe
      "C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe" delete
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1572
      • C:\Windows\System32\Conhost.exe
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        3⤵
          PID:1864
    • C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
      "C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe" /migrateSettings
      1⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Avira Operations GmbH & Co. KG\Avira Phantom VPN\Avira.Phantom.VPN.v2.28.6.26289.exe

      Filesize

      7.5MB

      MD5

      9a1a105fde49554adb1416169756e0e8

      SHA1

      225ef5756f6ae585d1e8d11dfed42ca9b9d6df62

      SHA256

      9b87578cd4dd8d9112f46ae90632043615fa89aa1a5f4b0ae847911589694853

      SHA512

      1139643d6f0912b393a0b134cbcd66f8e8ac029919aa738ed709a09e518ddc43f3c918dbdf2af5808cd380750c6ea0b3de6caa7303d3d9c3411bfd44de00b36c

    • C:\Program Files (x86)\Avira\VPN\App\Views\Directives\features.html

      Filesize

      12KB

      MD5

      95d195a155c9d424d60e18fb6cdc8bc2

      SHA1

      289be7dd920df5d75840426ed08c51287ca974bf

      SHA256

      b97ae091304a77e5d819a794b9aa1626e25c80c2cb997ade4cf5e479ecb1f833

      SHA512

      26d97b9aa1ac6e377aa84b9b41cd2a8a7ea95ab18bfcf38f0d5535200ffd4cfc0ebdfe0bca62a32eb1c08359c904ea2810a6fbd16a7a21c9a47eb1626f98921a

    • C:\Program Files (x86)\Avira\VPN\App\Views\Directives\header.html

      Filesize

      853B

      MD5

      15e95ddd84b8b7ebbde343b8e22411d5

      SHA1

      8be7feb7a2e3c86b36813346f8499ee697561839

      SHA256

      de9975847f5557263eec5d98cfd7e2a525f18f04a528cb0880206a4ea62f8c89

      SHA512

      96d178e20f7b88066f9b329547413724c334a90485bad25119932f1a7dac109d439818452c3f1ae676533578030c740a3889c2ad0660a72ebb98cf9ea1feafc3

    • C:\Program Files (x86)\Avira\VPN\App\Views\Directives\location.html

      Filesize

      400B

      MD5

      53e041f4f6dcf6246fab53a4f180860e

      SHA1

      1545bd7dcd0ef0d41708200066c8565b8e32fb68

      SHA256

      8e61b3ca9e7080a6d666ec29355cf90349404152c983c3964bc0c3f8e5bb59ea

      SHA512

      0a19d6f5be93909a884e6daee02eb132872d1fb79d1ca53572c8799bdba375e647b7eedacb4922b8800485fbf458b0fd0f1a6dcca42c5c8d64d10b3b44400d91

    • C:\Program Files (x86)\Avira\VPN\App\Views\Directives\traffic.html

      Filesize

      231B

      MD5

      7f812658a2ea569bafc662b86f6acd51

      SHA1

      b6d55f875c930dbd9e7fd80a5551da1c79acbf65

      SHA256

      96c2deabc5c7c13937e6b471430558b096c4b23486d2370763a236e40df3086c

      SHA512

      b56ac9195f60cde94b62b6335ba00bff90e3cf23a3cd2059dcfc4befca54d54ecf705f923fd042aac40007821a8eae67e00d84d616897ce8b92c256d45f1fd08

    • C:\Program Files (x86)\Avira\VPN\App\css\vpn-1.0.0.css

      Filesize

      79KB

      MD5

      bf1f2ff6931a2c53664a1cfbda1d0a08

      SHA1

      77e20c24555b2ef39936033e23ff8bef2aa7fe85

      SHA256

      405e6a10183055962363907e6777091bb0c9dc1bfddc9bb79af8fe7263ed6fdf

      SHA512

      652ef6104f2524a1cc76ed1c7e4aa78c4598787d3c841e7a8dc2d222e1be4a5fe35465d4e98a63dc898ef6b41b0f2882dad369759be264536931bc6ce3f57ab8

    • C:\Program Files (x86)\Avira\VPN\App\css\vpn-1.0.0.min.css

      Filesize

      57KB

      MD5

      73fc31a0d916a4cd80e88ecebe51ea3a

      SHA1

      8ce84808c3d3c8555192c5c14ee72e7063d988b4

      SHA256

      fb3953800850c5d51239bc49d48fbf583daabd015fd697cac171525696eec07e

      SHA512

      1d3b424625c92ee3f759b16ab1ff428ef61d1f3047e0500d7ea27a7b26572dd0ffc96ef6028a2fd3ddaa883b1d59c3f2762676b112c8dfe640767ad1ed2fe242

    • C:\Program Files (x86)\Avira\VPN\App\images\png\VPN.png

      Filesize

      3KB

      MD5

      2ed8ee5abb189105e4366e46039808c6

      SHA1

      d4719e46452d1555d1ca854c44439019c1286d7a

      SHA256

      54486518290f7766543e5e000bd46958132055874296e45ac6178699b3d244e2

      SHA512

      ad0fbadf6630101fad21d31c58d823140d525f4a8de12fbad3443daead45f1b48c1558137c42c17b97d6bcb42b90908e257b2c343302d325585b92ac667b02b1

    • C:\Program Files (x86)\Avira\VPN\App\images\png\regions\no.png

      Filesize

      743B

      MD5

      d3b58f803a9a01a59210dd673998a229

      SHA1

      6caddb6c8e749e9c5b786a3984bb7bdbba2bafc5

      SHA256

      3cf52e677d7f7be201cbf6e3ec56ed1f48b95c47e5969ef2c2510e270133c4f0

      SHA512

      88aade4affd629926e473df3d26ecca5ba49c4b77da9343e58729cf3a2b1cd0b9d27d9e019018455bffd18b7a7570a5c14d918eff46deecc5821903f76094988

    • C:\Program Files (x86)\Avira\VPN\Avira.Common.Core.dll

      Filesize

      81KB

      MD5

      66529a863632a34059b39423a395b2eb

      SHA1

      e45a2dadc30f3d4d01f8af47fc890aa12d403763

      SHA256

      10bb57d115b244a6e0db19d46930d613b585de60c292450a4145d5ae5d7109bb

      SHA512

      86a701a40dbfb3f83a05dd68e797e66d6a923582181df50eff6593d5a27fba7b725d25776c81f1a0ee2280e57ddb3055dd73acd82ae26a898776d09f495c2efe

    • C:\Program Files (x86)\Avira\VPN\Avira.Messaging.dll

      Filesize

      45KB

      MD5

      02314a13c85328939ab1f94a8129161b

      SHA1

      fc294e41374e27e3f44e8e3a364323a0aefff233

      SHA256

      b0b370c7c18fd12ee9467909a231d5462ef22d9e7abec0a4ce57bdf6d4b6553c

      SHA512

      cb71b0eb83221f5e0843bd53af55378791fd8e48a7ed9342604432435825e80ff1a4a3b94462916c4a259c0fc33ac49d3cd4b974f76c42382f5392d285d1c102

    • C:\Program Files (x86)\Avira\VPN\Avira.TrialReset.exe

      Filesize

      183KB

      MD5

      43f3af8aa83a6b8d1e79a8fb4e344c54

      SHA1

      7e058ab6d60d1ae347035c54237856507a8d5673

      SHA256

      2025c58e3c211027c893acaf1c3154cd4fb734704bc8de69d791b620a8add7d4

      SHA512

      c3c270f067956432ebb18492ce99b4aa9b497a126339d3c852d257bcad3cf9d1f8ac9748ffa26b2289b40554c40b0ac8c673740afcf591336bd88e67ee6aab52

    • C:\Program Files (x86)\Avira\VPN\Avira.VPN.Core.dll

      Filesize

      143KB

      MD5

      8953872ce7d04abcfe626304478e995c

      SHA1

      135d91864caef7d4f576f4710f1301c96b8e167d

      SHA256

      7b1c7bf24927e51d93ac1fdd8493df2c09cd09640a07cea0242b8bfacc61d149

      SHA512

      b3e9da53283e12ff68c6294e3c4e3bb55df2f37bd1eaee4ff87833d009f7e2545dc26194edca5829b6a6c6bf27813c00b11361fa7c3e83374657d8b146cdb373

    • C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

      Filesize

      373KB

      MD5

      70b49c08e24f16528a4728beb12b153c

      SHA1

      38df5fbf15fc3e52300fea45ed4be5359587ddac

      SHA256

      901e7c6539c86f367d41a3e0355f08c93260e1b169b74f196a8ef67fb738d52a

      SHA512

      ef5dc8a983742085f8948e8bc87277d745d56223d5378d782efe425a0e06a1afb78ab6c7f17bbb405fac5a3ad67f81b4d594e1f146a39bf8b21091bf27f17b57

    • C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe.config

      Filesize

      6KB

      MD5

      1b1535565652be6907811bd7a3035cf2

      SHA1

      90a2c8d197dd618fc1d0b4ed1d95c9ca40938174

      SHA256

      7cd74c9ac05823daffbeb89bebb6392f1180f3e3136ed5163ef4c02ff7056e2d

      SHA512

      0e4e7bd2016330d22b600667968b67f4c285f3c06dc2fbacbdc83790c7e31ca3f02062013fb4268f235de06412d6e429a40c58c75a1159d09ab87ce898ec1cb1

    • C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe

      Filesize

      821KB

      MD5

      d413cb41ea3d10d3861db1575edaf391

      SHA1

      427b8ccfb7fd45d76a94a72f9b2889b524011369

      SHA256

      e0e854376e454a2d5fbfa076bf32e8e8b1472e4614729be4b700aeb6593ceb59

      SHA512

      a7ea984c5d11596c282a13fb02a67473817817676cc4b855aac1afb190c9467678cb1179b4b446335cdbb16306746365ece17ff94ce4de53077d06b4e4b26658

    • C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe.config

      Filesize

      2KB

      MD5

      dc8317bbca5445236aa3bb82f84963b7

      SHA1

      ab856d220b047bce64ab657968a7742fa3e149e4

      SHA256

      efb1695a64024244d70aaac4455e5a3749aed245f7ccfc55370fa27b2e436831

      SHA512

      421102dcb0854d40a7b7e3739badea22f20615f2636e0885e5b91a4231cc5555893c97d5437e015c121bc12ea97de0e6d4e5a2a8314abadc9470155e6ae304f9

    • C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe.config

      Filesize

      2KB

      MD5

      16efc06e4038ac20d9b90d8426d3758e

      SHA1

      c1c051c94a1479212f1ab7fbc8c9e1dc95ffe663

      SHA256

      ac8a6fc01693cec2cc2848d8d6a0aea5cd92d4671cc55270335068e46d289b15

      SHA512

      d61c880d82395f7d72d9afe1d92843cb43c925fc9c17265d2a6d6805ac72f0223254aef6cc5606aa41b260ac5ad0c24c6cb7f523b0d59f81f23db77baa114903

    • C:\Program Files (x86)\Avira\VPN\Defaults\ProductSettings.json

      Filesize

      1KB

      MD5

      874cae6f6bb5487a1b2a4a9fe02d544f

      SHA1

      d769e6814da1a5c588c595db49ae20432f823108

      SHA256

      0b582b307dc99b74850ead4708fef3209d0a52943857c3abd05f63d606de9fb6

      SHA512

      f3b69416297b4ca5a940cc738779453ce5f00927696958fe45e84ac022618215bcd3cc74bf635752fb7ce538443cd2227c0c040561159eb294211ae139f64be2

    • C:\Program Files (x86)\Avira\VPN\Newtonsoft.Json.dll

      Filesize

      668KB

      MD5

      de8257a9b2a736b15f2f942ed1e64392

      SHA1

      dd5072bf3c46d4f3b3f4339a8fbdede1e8cca02d

      SHA256

      7a5852c6e62efe55009ddcd75b88cdb7d16fddf47b684c5d638ba2a408901187

      SHA512

      02d177eaa0fdade4fdc5e2bfa5afeec101666422ec2fc0b0602dc3fe4ed5e5ea99568db580a9e50a677f4806a8b1de9f501d7b4d495b3a4fedb16938254c8c9b

    • C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\amd64\tapinstall.exe

      Filesize

      482KB

      MD5

      2b1bddf7f9d3190ff73563a41bcb72be

      SHA1

      8a522e9cb1007b922cec9e5ed2b70f01ff12cf0d

      SHA256

      85ab4bbb77ab248956d0da02ace1a2bc58ce6c6db9f421808ef03ed31bbcf3b6

      SHA512

      6a42ac53262c6bafc8d7a5ff225acb07754af8cf044f0135251d4b3cf983a53494d755052296cf49627b3bbe6acead3aa9bacc33b51d222a1d2a0fe6d2bb4f93

    • C:\Program Files (x86)\Avira\VPN\Serilog.Sinks.File.dll

      Filesize

      35KB

      MD5

      f8076784ba6921883424cd8ee99e7a37

      SHA1

      9eb101f753c8cd2b04a55607eada86dac3b43430

      SHA256

      dca4cee96a2c83a768358a06d34efac551babb07ec2ca92338bcc302651c572e

      SHA512

      450e320be90bf505034aca84726695619873d7e6e6b11a1927826628c8ea697e17e8aa8bc7b441fabc032889ae3124e0716d6972ebc07bf7cc09943a73e2ca71

    • C:\Program Files (x86)\Avira\VPN\Serilog.dll

      Filesize

      129KB

      MD5

      07d1bdc3cc673b6049a4553fbf03d52b

      SHA1

      3c41d1838bc23f268eb444cba4390b042b0836df

      SHA256

      e103d413130745cbe587c18c2305d6254e49c8025f43125390e68a66038fdd8b

      SHA512

      b2489ffdf0cfa8803bb225b8f5d44cbe3dd6e009dfe26bdd6d2e60f462580451f57fabf07bdbaff278350d3d484854769dfab728efa17b0ca068d3407fbeed53

    • C:\Program Files (x86)\Avira\VPN\SharpRavenPortable.dll

      Filesize

      72KB

      MD5

      83cfd775579aec81d095d87a7d7434e8

      SHA1

      59965342456da6b307dd18f2e31f769fc0b4fba8

      SHA256

      608f72350b187749986c8fab79905764752a66b0b47ccba868229b03fa439e9b

      SHA512

      035a1b998356be5b1ed4ca637f521cbe348d9cd5576882b590097c4058512ad025bb974479f82e2d7c7a5fc8ab257792a48659a9e9340d6497f9e5cd0c5d33ae

    • C:\Program Files (x86)\Avira\VPN\VPN.Core.dll

      Filesize

      185KB

      MD5

      845b3a6481fb257dbe40d4299a0caf92

      SHA1

      7c871c272493c610f98ad72d0f6c6444132f9740

      SHA256

      2d3ff7a2c94d0d9dae400307080fdcddc38c111ffe896e4aa6fd9c955b654c70

      SHA512

      a8837a3e26678b672258af5343bd4afcf7f94d222c79dbe2be30b115c4a96bd5c716f223d5ff8ac9707e4b3297288bb574c900017802cbbb6d806b9aebc857e5

    • C:\ProgramData\Avira\VPN\VpnPrivateSettings.backup

      Filesize

      429B

      MD5

      0473d1e10c4aa217a584dad7275e2c53

      SHA1

      3f20878f0e321b182ca9850a5b0ea221a4045ebe

      SHA256

      35a033f7077db801021a2a210597023965ecfeff5927c5384200c49bbff09e59

      SHA512

      60ed95f613759a9a9d750c50b7a0dda25b14fc9b839c277f820d05b73fcf1309a7469baca69970043fb3cadb9a9437ef8b3b77c309dab9aa8f811428dc2d8821

    • C:\ProgramData\Avira\VPN\VpnPrivateSettings.backup

      Filesize

      871B

      MD5

      b8c68efa1befc766d6bc19fea0cc23d8

      SHA1

      d57edb50b158cd6bf6a618de93fdd1ff174ae7ad

      SHA256

      6983168f16840152a00fe462bf8beb93ef096b621fe427c8915f0185f826b5bb

      SHA512

      314755dd1399a60a1a06f819a9837daf0b4f9b66aab94029a82aebca19153f44c4625b39be92f07cf040c396c0ba1481838cc867b533812fda368d30160dce7e

    • C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

      Filesize

      66B

      MD5

      44944cd590899045e3cdeb971fddd252

      SHA1

      33c584007e0df8fea3e677c6892d6b5549d1c94d

      SHA256

      cc05bd02cb929f5ef7a9362698d7794845899dd6510fd41eb5f0a95d708a68dc

      SHA512

      f4f4feec8c79599f41ce83371dd861fea9dd05aaa5211f5be53e2d61df154b6965db17ee8df952a8d8c864fa67aba5b9d1ef0f94608e42a50c057cfd82ccf5ed

    • C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

      Filesize

      868B

      MD5

      24c02e75a9ad3a10a54e5ea5950aaf8a

      SHA1

      b879ff1ef1532db9367a7ebab5777af7223dc9ea

      SHA256

      b2e58002690b00126e5bc3cbc8cee24d6dfb396103b7ef2b8e107f88137081a7

      SHA512

      332690ecaea8e57299f20afe0af4175c338f708d089d0324b233a6c51f69aa538693c5ded85cfbd2d584823a60f581cdf3edeb6942892d40740296aa14d4eef4

    • C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

      Filesize

      899B

      MD5

      e987e0775489db32bcd7abc6dd4c5c9f

      SHA1

      11a917621278ad8b70cb11f603c88537d38dd447

      SHA256

      63b70b988c1533418faf4cfa4f6e41fde922d4e70596149265e976538e72ef38

      SHA512

      c60d4f32f1c49df64bc6d37ecd463e9cb15abe10f43c791014b010de0b13ecdf6b493e7b49363ef2546f7b97c1767dcea54c10796f064ed0bd48fd653ddb3904

    • C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

      Filesize

      6KB

      MD5

      824f3479d10b9ad5a32e1b276774561b

      SHA1

      a0a857af21aa5689c7863315c4c120ea597dd99a

      SHA256

      094ac8e567e2c08ba5244e74801ecf20e38953fec9156032335cf60228f736ef

      SHA512

      e17c53a478022b085c8e67191dab01412803b4bbf994171557fbaed49f8ec42e63b6b4a7faba1586dc4f67463434c753e875d0e1d66fad6da992a4f6b419802d

    • C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

      Filesize

      233B

      MD5

      93b47735782b3de0d0ba287ec1009f52

      SHA1

      5bd9f124b95ff10e71702495088d228742a24f3d

      SHA256

      972a64d60eeacf70b4a869493a6b5c82c1d9685ef9371cd94c2df9b317c2b214

      SHA512

      27be97d48a461d4330cdce7e11562d02612eb910d7cb6d1e97767157bc13282b31f80ecb836b98ea2e7732752cfba2dc7b31791e7ad96ab559ac1cf8a110df8a

    • C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

      Filesize

      312B

      MD5

      d238ecabfa6a1591b65d788e6eda8f24

      SHA1

      0822f6d61ad8272c522ddec0f6ebff4008472e71

      SHA256

      3613f9126613c2f3e1a399a8d7584db833ed84fcad1224bad021e4d5eb7d84a7

      SHA512

      acd015dafbcf2426e669ee966491ac9311e3494d4f0a1098bce749423eae16be6f928032c79d2b10802020f53dcfac977d5ddf8cc4905743f2fe50b37e21e77b

    • C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

      Filesize

      388B

      MD5

      9f772fc6a401415c54b84de83903f789

      SHA1

      03f38058521d9c84f9d67097764803da1297d1dd

      SHA256

      1ce9bf104711a2ca00e123e0f597dcf1df0d6e33b885274bcd2c3928df23bb04

      SHA512

      8c9f0842d4b9bb8560224c9e2723438748b2c6eb0930254143fa5a1ab4b68a491af57710edc716236005076accf0d9913eb78849bfadc895648b719a187cd880

    • C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

      Filesize

      756B

      MD5

      9fdb95b896f5960d25df5682e0b0a070

      SHA1

      ac6f991ca95e7061f84372b32b16eb045d269c7d

      SHA256

      ec2a7e27100fbfffdd07b250fb8515166d2bef83afebecd2788e47136438d2e3

      SHA512

      93c59a7cb81fd2cb4a7f9fbd8e5f3de545392a4863e44493aedba6cd77d35017990fbfcb8458f4657d05635df902ec9f32bf3392b19821825eba755d3d1b9fb3

    • C:\ProgramData\Avira\VPN\VpnSharedSettings.config

      Filesize

      149B

      MD5

      20401fdc541af2476229daa9d3f1d8e8

      SHA1

      6fff5ba803a4860958468585da64a579e3c9f1cf

      SHA256

      6e8b935b0562df5c2f682149af037dc4dde2d2e7b3509a12ad9e98212dc41566

      SHA512

      b46841c3e132e896348ced40097bbbafdb28a6af18ec5f4737ec2b1fa47f46b5eabfbf22a4e3687e1bd938b9e996191ba53a2ec7d7e42276a7d8f3e2c3e71ef4

    • C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

      Filesize

      1.0MB

      MD5

      89579d7c233794e63c2bac3ec0a26619

      SHA1

      50125cc27495fcef2edc99c0f35663ec5e2da21b

      SHA256

      c8800edc3c347af90b9858a7914059c70f072d6764de87d367dc4d6df69d6808

      SHA512

      6220ba6c5c42c10456b6782d6be97b6cd50cac1c7a6cf66741d95bd7aec9ebc059e83ca890f6384472db63a7d295dee4ed26165cfa5fab9cbdcc43498e37eb7e

    • C:\Users\Admin\AppData\Local\Temp\00117830\bhmnlmvpxs.exe

      Filesize

      732KB

      MD5

      71d8f6d5dc35517275bc38ebcc815f9f

      SHA1

      cae4e8c730de5a01d30aabeb3e5cb2136090ed8d

      SHA256

      fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b

      SHA512

      4826f45000ea50d9044e3ef11e83426281fbd5f3f5a25f9786c2e487b4cf26b04f6f900ca6e70440644c9d75f700a4c908ab6f398f59c65ee1bff85dfef4ce59

    • C:\Users\Admin\AppData\Local\Temp\00117830\start.vbs

      Filesize

      206B

      MD5

      3bfe800717572523d057b7cc16630435

      SHA1

      a076bedefbe7ff57ba6b9a48e9b04c563eba4492

      SHA256

      8efc451a0d2579776e55501400299d4c3bf26ad7e671f77e29f43b4a3468c123

      SHA512

      af98c55bd5ed8bcbfb8bb1c53c776277d2efc7feae30b1c17ed831b5617ac7415c15b2c347ced49e754b9494ccb389bd5b7ec08c02e2cd7023834581ad173341

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\FindProcDLL.dll

      Filesize

      3KB

      MD5

      75e7351a0f836b8659e6f315683c29f7

      SHA1

      66b733d1c978d68cadc245e7efbfcae32807429d

      SHA256

      7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee

      SHA512

      f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\INetC.dll

      Filesize

      21KB

      MD5

      92ec4dd8c0ddd8c4305ae1684ab65fb0

      SHA1

      d850013d582a62e502942f0dd282cc0c29c4310e

      SHA256

      5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

      SHA512

      581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\System.dll

      Filesize

      11KB

      MD5

      6f5257c0b8c0ef4d440f4f4fce85fb1b

      SHA1

      b6ac111dfb0d1fc75ad09c56bde7830232395785

      SHA256

      b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

      SHA512

      a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\base64.dll

      Filesize

      40KB

      MD5

      ac6fb776262b63562c00374392fe1c55

      SHA1

      045dcad3edcd1c6865f5dea95ace35f4d9964b78

      SHA256

      7e10ef2723a50b7346449f8bb39efab8a99e2815d33d311ecb8112734f91519d

      SHA512

      2c511c5f2bb265fd247e43c47046a3cddad2b72a0fd3b35fcb70ab53d7fbc070d36eadd93c279680306d30d6ef5730fcbfed01195a85761ae571e2d324416ed5

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\nsExec.dll

      Filesize

      6KB

      MD5

      c129bc26a26be6f5816a03520bb37833

      SHA1

      18100042155f948301701744b131c516bf26ddb8

      SHA256

      d3694fa0503158194129d113fcc1c83177ff5a5f93d898ce0bcfe9ce12f06bf4

      SHA512

      dbe79859c41e00a6e951cee889e7f0de29a712792fb531662285a2d6e384884518c7d5d983894c185b3d31d81213d2477cf4576b0114d352b759fe07a1704e63

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\nsProcess.dll

      Filesize

      70KB

      MD5

      9c452d3cb1f2b06c16467849755cd724

      SHA1

      35f2e9754e9dc226baa8b0cbf21db2b523248a73

      SHA256

      8f80ef429ce7c8a1ac7958ab36ec177f732dc924d14b21230da045e5ed1b255a

      SHA512

      438e406a18db363008776172e20f6422db71c5b1eaeb63f0a8100f05c5365f52ee177851c7710985b529e1b5fb2be2ac8142cc6e0ca08628054b6eabe063fea2

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\nsisXML.dll

      Filesize

      12KB

      MD5

      9f3d5344e7ede1f41f99d8fc37fd01ad

      SHA1

      d0322ce3ba30a924daa1c9e322846a3d8ccda878

      SHA256

      77aa1a74a556f00f16baf9b94637fa997bd4085695ba81bf496223644e43e815

      SHA512

      2849b261b77fa2abf0d0efc7604ccce7f502d20a556eea9877cfe1cbc6d515d8fe41986943081629243b81987cddd54613ee01fc7859ae16eab57f6ca2cd4bfc

    • C:\Users\Admin\AppData\Local\Temp\nscBFA7.tmp\registry.dll

      Filesize

      24KB

      MD5

      2b7007ed0262ca02ef69d8990815cbeb

      SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

      SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

      SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    • C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\NewTextreplace.dll

      Filesize

      10KB

      MD5

      6d57b2cc33721890cd11cc604805362e

      SHA1

      900c5fb5b7cd1194a25a80468076324dc6c03ac8

      SHA256

      86b6cb434a0491ea16bf480e6ad16c935d0668535da17aa7df0dc4392e10d74e

      SHA512

      0e0134b0e9b1e9cffd053bcf05a84b2d7420d85756b7208a27407966878a724e9c91d21ddcccb95c53e0d78f89230fe2cebb68d0f5530711b4c30c99aea803cb

    • C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\VpnInstaller.exe

      Filesize

      7.2MB

      MD5

      94e7257f1dcecb215abd34b2adb6d35c

      SHA1

      0ff59285603c6babbfeab77037201e4da71af466

      SHA256

      c4c462893ebe48a58030a71db03e7bc7caee854271882f3941dfeeadf71a219f

      SHA512

      60c7ecf25051a2cadfc5c7b6e01373c11eceb097db661485c94beeab0d8ad34b25bf19b6b6630ee4544f07090178262fcbc5afd6022ff331da52c301e23765b7

    • C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\newadvsplash.dll

      Filesize

      8KB

      MD5

      55a723e125afbc9b3a41d46f41749068

      SHA1

      01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

      SHA256

      0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

      SHA512

      559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

    • C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\nsExec.dll

      Filesize

      6KB

      MD5

      132e6153717a7f9710dcea4536f364cd

      SHA1

      e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

      SHA256

      d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

      SHA512

      9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

    • C:\Users\Admin\AppData\Local\Temp\nsr977F.tmp\repackme.gif

      Filesize

      6KB

      MD5

      23d3840adb8f4f1efc083a1f7e640191

      SHA1

      adf0c7daa49637767b2abe2f390d1da4780eea9c

      SHA256

      82a1454402156d74f4f23c992d5d772b665546208eff44790871b8dcb36d2304

      SHA512

      7743a17141581ffa8023097678bf2eaf6db7d337af45052d00caba74f21f13e7ffa95097b629c3a28a3366eda873afdce240344adfdf7c0ef662a0ba0fe6db25

    • C:\Users\Admin\AppData\Roaming\dako01fud.exe

      Filesize

      1.8MB

      MD5

      7d768d7481c429a6cc08edcaffb81431

      SHA1

      5ec0e7b013fd958cc72c757022136b00f496423e

      SHA256

      cc3462f899a23fa997c40d6c06a46cd17846de0ae9b4d93d7a708223f825fc5c

      SHA512

      77ecf3b4b09d64815a56bfaffaae3ddbbe09312ea69d917861e293708504722cb495fec5ca8ff74f4a97e142e9874e23fd10e0749ee83f1fa5bea9dd0f05ebbf

    • memory/660-1124-0x0000023365340000-0x000002336534A000-memory.dmp

      Filesize

      40KB

    • memory/660-1126-0x0000023365940000-0x0000023365964000-memory.dmp

      Filesize

      144KB

    • memory/660-1232-0x000002337EF50000-0x000002337EFC6000-memory.dmp

      Filesize

      472KB

    • memory/660-1533-0x000002337F680000-0x000002337F688000-memory.dmp

      Filesize

      32KB

    • memory/660-1154-0x000002337E0C0000-0x000002337E0D0000-memory.dmp

      Filesize

      64KB

    • memory/660-1152-0x000002337E140000-0x000002337E148000-memory.dmp

      Filesize

      32KB

    • memory/660-1151-0x000002337E0B0000-0x000002337E0B8000-memory.dmp

      Filesize

      32KB

    • memory/660-1150-0x000002337E120000-0x000002337E136000-memory.dmp

      Filesize

      88KB

    • memory/660-1135-0x000002337E100000-0x000002337E118000-memory.dmp

      Filesize

      96KB

    • memory/660-1133-0x0000023365360000-0x000002336536C000-memory.dmp

      Filesize

      48KB

    • memory/660-1131-0x0000023365370000-0x0000023365378000-memory.dmp

      Filesize

      32KB

    • memory/660-1130-0x000002337E0D0000-0x000002337E0F2000-memory.dmp

      Filesize

      136KB

    • memory/660-1128-0x000002337E150000-0x000002337E1FA000-memory.dmp

      Filesize

      680KB

    • memory/660-1532-0x000002337F670000-0x000002337F678000-memory.dmp

      Filesize

      32KB

    • memory/660-1123-0x000002337E060000-0x000002337E092000-memory.dmp

      Filesize

      200KB

    • memory/660-1309-0x000002337EEE0000-0x000002337EEE8000-memory.dmp

      Filesize

      32KB

    • memory/660-1310-0x000002337EF10000-0x000002337EF18000-memory.dmp

      Filesize

      32KB

    • memory/660-1313-0x000002337EFE0000-0x000002337EFE8000-memory.dmp

      Filesize

      32KB

    • memory/660-1531-0x000002337F600000-0x000002337F608000-memory.dmp

      Filesize

      32KB

    • memory/660-1312-0x000002337EF40000-0x000002337EF4A000-memory.dmp

      Filesize

      40KB

    • memory/660-1311-0x000002337EF20000-0x000002337EF2C000-memory.dmp

      Filesize

      48KB

    • memory/660-1320-0x000002337EFD0000-0x000002337EFD8000-memory.dmp

      Filesize

      32KB

    • memory/660-1319-0x000002337EF30000-0x000002337EF3E000-memory.dmp

      Filesize

      56KB

    • memory/660-1322-0x000002337F000000-0x000002337F00C000-memory.dmp

      Filesize

      48KB

    • memory/660-1328-0x000002337F0B0000-0x000002337F0E6000-memory.dmp

      Filesize

      216KB

    • memory/660-1327-0x000002337F020000-0x000002337F02C000-memory.dmp

      Filesize

      48KB

    • memory/660-1329-0x000002337F030000-0x000002337F038000-memory.dmp

      Filesize

      32KB

    • memory/660-1257-0x000002337EEF0000-0x000002337EF0E000-memory.dmp

      Filesize

      120KB

    • memory/660-1330-0x000002337F1A0000-0x000002337F24A000-memory.dmp

      Filesize

      680KB

    • memory/660-1326-0x000002337F010000-0x000002337F01E000-memory.dmp

      Filesize

      56KB

    • memory/660-1325-0x000002337F040000-0x000002337F06C000-memory.dmp

      Filesize

      176KB

    • memory/660-1321-0x000002337EFF0000-0x000002337EFF8000-memory.dmp

      Filesize

      32KB

    • memory/660-1340-0x000002337F0F0000-0x000002337F0FA000-memory.dmp

      Filesize

      40KB

    • memory/660-1121-0x0000023365460000-0x0000023365488000-memory.dmp

      Filesize

      160KB

    • memory/660-1469-0x000002337F180000-0x000002337F188000-memory.dmp

      Filesize

      32KB

    • memory/660-1119-0x0000023364F30000-0x0000023364F90000-memory.dmp

      Filesize

      384KB

    • memory/660-1530-0x000002337F5F0000-0x000002337F5F8000-memory.dmp

      Filesize

      32KB

    • memory/660-1529-0x000002337F5E0000-0x000002337F5E8000-memory.dmp

      Filesize

      32KB

    • memory/660-1486-0x000002337F610000-0x000002337F65A000-memory.dmp

      Filesize

      296KB

    • memory/660-1490-0x000002337F5C0000-0x000002337F5C8000-memory.dmp

      Filesize

      32KB

    • memory/660-1491-0x000002337F660000-0x000002337F668000-memory.dmp

      Filesize

      32KB

    • memory/660-1505-0x0000023300000000-0x0000023300528000-memory.dmp

      Filesize

      5.2MB

    • memory/660-1528-0x000002337F5D0000-0x000002337F5D8000-memory.dmp

      Filesize

      32KB

    • memory/884-1485-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

    • memory/884-1314-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

    • memory/884-39-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

    • memory/1160-1543-0x0000000001200000-0x0000000002200000-memory.dmp

      Filesize

      16.0MB

    • memory/1160-1544-0x0000000001200000-0x0000000002200000-memory.dmp

      Filesize

      16.0MB

    • memory/1160-1547-0x0000000001200000-0x0000000002200000-memory.dmp

      Filesize

      16.0MB

    • memory/1160-1546-0x0000000001200000-0x0000000002200000-memory.dmp

      Filesize

      16.0MB

    • memory/1160-1548-0x0000000001200000-0x0000000002200000-memory.dmp

      Filesize

      16.0MB

    • memory/2296-79-0x0000000003020000-0x000000000302B000-memory.dmp

      Filesize

      44KB

    • memory/2296-1109-0x0000000003920000-0x0000000003979000-memory.dmp

      Filesize

      356KB

    • memory/2296-1159-0x0000000003200000-0x000000000320B000-memory.dmp

      Filesize

      44KB

    • memory/3240-1296-0x0000021025C10000-0x0000021025CDE000-memory.dmp

      Filesize

      824KB