neshta | ba89e541dd5307dde546f4437ea5bde0f13c126b3de982deb8d991776ba14094

Analysis

max time kernel
29s
max time network
28s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spotify.exe
Size

9.7MB
MD5

5915c3cf99c9f04ca5e792901424d031
SHA1

3b4b5d92b02f60a91e95fd580a6b5c95bf816c0d
SHA256

ba89e541dd5307dde546f4437ea5bde0f13c126b3de982deb8d991776ba14094
SHA512

73e2b08077835d17cb7072989df497bf6701fd57cea139719588c347cf2cb720a2d75a352d8906d6ede5b8e39020199ddc2768d249454ff54687063b3d736b2a
SSDEEP

196608:0IdeAYqpBzMGo3JCGw072PMPESE5rlnzUVThtCwWCKg61MbQn3fPqegnjPtlFpQf:mqfoGoE072knkyVTCwVKLeO47bQfnn

Score

10^/10

neshta xred backdoor discovery persistence pyinstaller spyware upx

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Detect Neshta payload 25 IoCs

resource	yara_rule
behavioral2/files/0x0007000000024338-26.dat	family_neshta
behavioral2/files/0x0007000000024353-55.dat	family_neshta
behavioral2/memory/4716-186-0x0000000000400000-0x0000000000624000-memory.dmp	family_neshta
behavioral2/memory/1824-354-0x0000000000400000-0x0000000000624000-memory.dmp	family_neshta
behavioral2/memory/4000-480-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5604-492-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4848-456-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/files/0x000700000002435f-369.dat	family_neshta
behavioral2/memory/2284-606-0x0000000000400000-0x0000000000624000-memory.dmp	family_neshta
behavioral2/memory/4732-702-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4760-704-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/388-710-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/644-701-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4756-711-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4612-781-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5848-809-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5368-810-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3448-808-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5652-806-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2296-906-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/708-908-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4376-916-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4716-915-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4756-917-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4612-920-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Neshta family
neshta
Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000800000002432b-4.dat	upx
behavioral2/files/0x000800000002432b-6.dat	upx
behavioral2/files/0x000800000002432b-7.dat	upx
behavioral2/memory/3808-9-0x0000000000980000-0x0000000001426000-memory.dmp	upx
behavioral2/memory/3808-28-0x0000000000980000-0x0000000001426000-memory.dmp	upx

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x0007000000024335-16.dat	pyinstaller
behavioral2/files/0x0007000000024335-29.dat	pyinstaller
behavioral2/files/0x0007000000024335-51.dat	pyinstaller
behavioral2/files/0x0007000000024335-13.dat	pyinstaller

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1104	2192	WerFault.exe	110
1476	4884	WerFault.exe	131
4592	5684	WerFault.exe	145
232	5244	WerFault.exe	160

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe

C:\Users\Admin\AppData\Local\Temp\Spotify.exe
"C:\Users\Admin\AppData\Local\Temp\Spotify.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3416
- C:\Users\Admin\AppData\Local\Temp\2.EXE
  "C:\Users\Admin\AppData\Local\Temp\2.EXE"
  2⤵
  PID:3808
- - C:\Users\Admin\AppData\Local\Temp\1.EXE
    "C:\Users\Admin\AppData\Local\Temp\1.EXE"
    3⤵
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\1.EXE
      "C:\Users\Admin\AppData\Local\Temp\1.EXE"
      4⤵
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\SPOTIFY CHECKER.EXE
    "C:\Users\Admin\AppData\Local\Temp\SPOTIFY CHECKER.EXE"
    3⤵
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\._cache_SPOTIFY CHECKER.EXE
      "C:\Users\Admin\AppData\Local\Temp\._cache_SPOTIFY CHECKER.EXE"
      4⤵
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_SPOTIFY CHECKER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_SPOTIFY CHECKER.EXE"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\._cache_._cache_SPOTIFY CHECKER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_._cache_SPOTIFY CHECKER.EXE"
        6⤵
        
        PID:1060
  - - C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        5⤵
        
        PID:4612
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
        8⤵
        
        PID:4100
        
        C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        9⤵
        
        PID:644
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
        12⤵
        
        PID:4812
        
        C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        12⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        13⤵
        
        PID:5652
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
        14⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
        15⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
        16⤵
        
        PID:3160
        
        C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        16⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        17⤵
        
        PID:4716
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
        18⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
        19⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
        20⤵
        
        PID:4988
        
        C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        20⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        21⤵
        
        PID:3600
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
        22⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
        23⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
        24⤵
        
        PID:4856
        
        C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        24⤵
        
        PID:436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
PID:3920
- C:\ProgramData\Synaptics\Synaptics.exe
  C:\ProgramData\Synaptics\Synaptics.exe
  2⤵
  PID:1824
- - C:\Windows\SysWOW64\._cache_Synaptics.exe
    "C:\Windows\system32\._cache_Synaptics.exe"
    3⤵
    PID:4000
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        5⤵
        
        PID:5652
      - C:\Windows\SysWOW64\._cache__CACHE~2.EXE
        
        "C:\Windows\SysWOW64\._cache__CACHE~2.EXE"
        6⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 1064
        7⤵
        Program crash
        
        PID:1104

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:4280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
PID:4552
- C:\ProgramData\Synaptics\Synaptics.exe
  C:\ProgramData\Synaptics\Synaptics.exe
  2⤵
  PID:4124
- - C:\Windows\SysWOW64\._cache_Synaptics.exe
    "C:\Windows\system32\._cache_Synaptics.exe"
    3⤵
    PID:4760
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE"
      4⤵
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        5⤵
        
        PID:5196
      - C:\Windows\SysWOW64\._cache__CACHE~2.EXE
        
        "C:\Windows\SysWOW64\._cache__CACHE~2.EXE"
        6⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 1036
        7⤵
        Program crash
        
        PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2192 -ip 2192
1⤵
PID:4496

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:4468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
PID:5304
- C:\ProgramData\Synaptics\Synaptics.exe
  C:\ProgramData\Synaptics\Synaptics.exe
  2⤵
  PID:3056
- - C:\Windows\SysWOW64\._cache_Synaptics.exe
    "C:\Windows\system32\._cache_Synaptics.exe"
    3⤵
    PID:3448
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        5⤵
        
        PID:1428
      - C:\Windows\SysWOW64\._cache__CACHE~2.EXE
        
        "C:\Windows\SysWOW64\._cache__CACHE~2.EXE"
        6⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 1036
        7⤵
        Program crash
        
        PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4884 -ip 4884
1⤵
PID:5656

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:3656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
PID:1120
- C:\ProgramData\Synaptics\Synaptics.exe
  C:\ProgramData\Synaptics\Synaptics.exe
  2⤵
  PID:3068
- - C:\Windows\SysWOW64\._cache_Synaptics.exe
    "C:\Windows\system32\._cache_Synaptics.exe"
    3⤵
    PID:2296
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE"
      4⤵
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        5⤵
        
        PID:4964
      - C:\Windows\SysWOW64\._cache__CACHE~2.EXE
        
        "C:\Windows\SysWOW64\._cache__CACHE~2.EXE"
        6⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 1036
        7⤵
        Program crash
        
        PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5684 -ip 5684
1⤵
PID:388

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5244 -ip 5244
1⤵
PID:2844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
PID:5740
- C:\ProgramData\Synaptics\Synaptics.exe
  C:\ProgramData\Synaptics\Synaptics.exe
  2⤵
  PID:4952
- - C:\Windows\SysWOW64\._cache_Synaptics.exe
    "C:\Windows\system32\._cache_Synaptics.exe"
    3⤵
    PID:3204
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE"
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
        5⤵
        
        PID:5068
      - C:\Windows\SysWOW64\._cache__CACHE~2.EXE
        
        "C:\Windows\SysWOW64\._cache__CACHE~2.EXE"
        6⤵
        
        PID:956

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:4124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\RCXE501.tmp

Filesize
753KB

MD5
92ee870f971ecfed59f0174fd55ff3ac

SHA1
3b79ca1addef92072354298dfb6b401021f4a4de

SHA256
3790981f3c8769ba984f67d2f651ef5936d64a95bd1021cf425b53b7f131cca3

SHA512
88a682aa1bdfa2393151d3c3df01c4dabb38d8e071833e27c92b6a9267e09232a068ff06ed32542f34fccd56344c89fd98e7a9a1fd405a4c2f592486f0d46112

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
640KB

MD5
decd55348b2b42a69ef4bb887a4815a4

SHA1
2d2c322817b69b9c04673e25fb77ab2bd7ce7f26

SHA256
0a022b7668d1820241b0add4832ea685534149846c414d72b4971ad52afa0af3

SHA512
deb393771063262f9c5e5d60d221ea8d2fcdc252eb36839656d672c58cc7ff5be6723ee7f7d7d441aea8723b66e0cf2f75790d30c7cbbf66342af086843695cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_._cache_SPOTIFY CHECKER.EXE

Filesize
621KB

MD5
c46587eb6c38c4ff2ff22a68a1465537

SHA1
df4b1c10c8c8ba5b24c92bbb8a6b1a51ac790534

SHA256
68db4aa89bc3d201ec3ced4a125fd4918fd111e5f4eff4b99c75fbb298d5eac6

SHA512
0daf8881770be3e4834156482acd0d7468c0b7d64c0871c0f31666c45d448c10f888805b76b6aa9b574cf6379ee4d8c68188245f95413470b0e09d688b42e6e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_SPOTIFY CHECKER.EXE

Filesize
1.4MB

MD5
0388ca477dd4611832eac0116a84e2db

SHA1
10d162ca6c53b08fb27e2828525c688bbba38c15

SHA256
bf1dcbe6bfa3adc562956592ad9792e4a081ede0ea8a69df7f07a96cd7a57f8c

SHA512
fe5be8c799393f31afcdfcd92c5519b0c6841e94c8625ed38642e1020564330e47a0a1a5a65ad1b1dca8bd47652a8d672ba94a42750ee845546eb35426bf809d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.EXE

Filesize
2.4MB

MD5
0f150d2848e2918227adfb611839fe13

SHA1
8c4a16b7ff68b509b4485dc7464677b4bd7d0684

SHA256
c18f3ce4b79068401ceabb61fa4fb80cf38d2823fed989b34497bb3999176812

SHA512
dea7ef40dfbd5efad96868a07b55dd2249ffe1c193acb06d427c25572aac11d42c270ebe4a370b68718873876994d7937528f565af1083f1b7eaeb6f0fa83791

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.EXE

Filesize
2.3MB

MD5
aca3382091e6c604be65c2c54120b3fa

SHA1
e1d754a8e88756a35a12c45d2b71393424a61936

SHA256
4a77e6759949e7de2283b1317a5f36c9ead580ebdccb96c58afd140a7b4fe12c

SHA512
616ce34b607ccfd21e781da158fc649b9376d26bf4308218e73f80fc20c67d2df707890a1e3fcdb71852bad6ed9e8ad09b51b8977f85e1da78871c107a10e7d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.EXE

Filesize
2.9MB

MD5
a514f2a82d57b43e86faf0d8071ef261

SHA1
3be31d326a33798c4c3004eb49b541f042f583a4

SHA256
556056105474049d8ef8fe0fe52a19c6bffe2b63e38363995127f044887ceaca

SHA512
bcef3e8bc238e90e93fffd7dd8626f456e876df5a0a7bab27119f8b1d524bd8591abc8c48bbda24d2e03605aa2738b420b555ee24b9591a650e62302d081184c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.EXE

Filesize
2.4MB

MD5
c501a68d1e08a0113ee45ebf460d79f3

SHA1
ecc9297e1ae24961de3b53ac7d04796e706462a3

SHA256
b6cabe57314b6300fd688d74970751e3d686e2f7500660f1491a2a74df74aa13

SHA512
006d52cf379a8c1d6a153091385e726ba3e6d82ca271914d10a04c41bd1332ede7831b427be2c951252ab34c64e63e1c38f3ad08a27159b2d0c11ad91ca47bb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.EXE

Filesize
2.5MB

MD5
46dd45aec316ae1625743236b92453fe

SHA1
1aca429658c99fa19f5e6c86334385fdea1a3411

SHA256
35523a72486161706972dd0bfca1a13387d0d78208e55e251afcb00674ddad9d

SHA512
4f1cadfb23d2d792b8a942a7ecb44e2433fd84bae497cf56c161a6149c8b27f352bf341f488ba9e03af62196039be43cd283d987afeb560fbb378ac3beb78601

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.EXE

Filesize
2.5MB

MD5
26ba9e24a2ccbc80156ffafe7fae3068

SHA1
106e588e4884025660f956386074be470830b503

SHA256
dac83710a1c41d8e3f0ac61f6a9f95e3b0831a45ae5157bbfbb1ac68b1bcfca4

SHA512
93baae9e5a83da2947880b17f650a386a63811f01b994c0c60a819d1c92571d32008f38b0ac733a4fa84f829500cd5be845467b598bfcceaedd1b70d24925658

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.EXE

Filesize
2.4MB

MD5
000842cef27fbceb6ef55cca58f092bc

SHA1
076a7c46d78cbfedb2f46cbc56122d4262479562

SHA256
7a1d0bf6b2e17c6f51485bc39b37cb0326724945b1268d36621b786f7979d8c1

SHA512
9a24597b88315a6c500ad6c0a258960230ad0410c293cf5ef69d47891a82137d77ad2eeddd3a7f38ed8e8e06a3a1bd98deb6f0092ad73cb20aeaa7d8fe76683c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_SPOTIFY CHECKER.EXE

Filesize
1.3MB

MD5
956d46642efeaff2d792ff58e4b49b04

SHA1
5fbacd63aa7c0fbcdc43e1649137e4d87f2ea6c1

SHA256
d1c4ca99213496c182feb1611ff9474a179afb4986c609cf96a19cd6c01be1ae

SHA512
9a4eca0a56671b46f91d43892a25b6cc4abc90afc4b2e532d64870d2689e92401bb5510ad53b36764cbdb509d2b8ea9e60b2f161c53e578146f95955dc4e9d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\BUNIFU_UI_V1.5.3.DLL

Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOTIFY CHECKER.EXE

Filesize
2.1MB

MD5
3a1e2a6d13a856ec47096d09af15d98d

SHA1
0440ae7d534e64b87dd2389e3793fb12015aa133

SHA256
a4df6ce48582c3c07631bf6259c05922703984c5028996cae0888332811e387f

SHA512
6ef18c60ffffbedd5febe86401fd6afa27748acb2967186455b253cb6a876427c778c0746701189ceddda5bce68df542d7c0092ca6abde814a54ded6081bd3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_bz2.pyd

Filesize
84KB

MD5
057325e89b4db46e6b18a52d1a691caa

SHA1
8eab0897d679e223aa0d753f6d3d2119f4d72230

SHA256
5ba872caa7fcee0f4fb81c6e0201ceed9bd92a3624f16828dd316144d292a869

SHA512
6bc7606869ca871b7ee5f2d43ec52ed295fa5c3a7df31dbd7e955ddb98c0748aff58d67f09d82edcde9d727e662d1550c6a9cf82f9cb7be021159d4b410e7cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ctypes.pyd

Filesize
131KB

MD5
2185849bc0423f6641ee30804f475478

SHA1
d37ca3e68f4b2111fc0c0cead9695d598795c780

SHA256
199cd8d7db743c316771ef7bbf414ba9a9cdae1f974e90da6103563b2023538d

SHA512
ba89db9f265a546b331482d779ab30131814e42ad3711a837a3450f375d2910bd41b3b3258db90b29cd5afccdc695318fc8ad8cd921a57ce25f69aea539b26ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_decimal.pyd

Filesize
273KB

MD5
f465c15e7baceac920dc58a5fb922c1c

SHA1
3a5a0156f5288f14938494609d377ede0b67d993

SHA256
f4a486a0ca6a53659159a404614c7e7edccb6bfbcdeb844f6cee544436a826cb

SHA512
22902c1bcca7f80ed064e1e822c253bc8242b4e15e34a878a623e0a562a11203b45d5ff43904268322a7ef5cebb8e80e5fe1f1f1bcaa972e219348f84a1daf5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_hashlib.pyd

Filesize
63KB

MD5
cf4120bad9a7f77993dd7a95568d83d7

SHA1
ac477c046d14c5306aa09bb65015330701ef0f89

SHA256
14765e83996fe6d50aedc11bb41d7c427a3e846a6a6293a4a46f7ea7e3f14148

SHA512
f905f9d203f86a7b1fc81be3aba51a82174411878c53fd7a62d17f8e26f5010d195f9371fa7400e2e2dc35fda0db0cbe68367fcaf834dd157542e9ee7a9742b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_lzma.pyd

Filesize
155KB

MD5
3e73bc69efb418e76d38be5857a77027

SHA1
7bee01096669caa7bec81cdc77d6bb2f2346608c

SHA256
6f48e7eba363cb67f3465a6c91b5872454b44fc30b82710dfa4a4489270ce95c

SHA512
b6850e764c8849058488f7051dcabff096709b002d2f427a49e83455838d62a9d3fc7b65285702de2b995858ed433e35a0c4da93c2d5ae34684bf624eb59fa6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_queue.pyd

Filesize
33KB

MD5
59c05030e47bde800ad937ccb98802d8

SHA1
f7b830029a9371b4e500c1548597beb8fbc1864f

SHA256
e4956834df819c1758d17c1c42a152306f7c0ea7b457ca24ce2f6466a6cb1caa

SHA512
4f5e7ef0948155db6712e1bd7f4f31cb81602b325ba4e6e199f67693913b4bb70bb2c983393646c0ac0d86ef81071907d04bceb8ab0d506b7c5ac7c389fe692d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_socket.pyd

Filesize
82KB

MD5
69c4a9a654cf6d1684b73a431949b333

SHA1
3c8886dac45bb21a6b11d25893c83a273ff19e0b

SHA256
8daefaff53e6956f5aea5279a7c71f17d8c63e2b0d54031c3b9e82fcb0fb84db

SHA512
cadcec9a6688b54b36dbd125210d1a742047167dad308907a3c4e976b68483a8c6144e02d5cf26f887744dc41af63b7731551287bb3ef8bd947c38c277783c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ssl.pyd

Filesize
178KB

MD5
ce19076f6b62292ed66fd06e5ba67bba

SHA1
231f6236bdbbe95c662e860d46e56e42c4e3fe28

SHA256
21ca71b2c1766fc68734cb3d1e7c2c0439b86bcfb95e00b367c5fd48c59e617c

SHA512
7357598bc63195c2fd2ddde0376b3ecf5bd0211a286f4a5c1e72e8c68b6e881e7e617f561e7a859c800fe67bec8f4c376e7a6943cab8dacfeda0056b8e864143

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\base_library.zip

Filesize
1.3MB

MD5
1b8f496f9f762876c90adebe5923988b

SHA1
f2f9cf089a0fa8b31299fb6735b3a9e96a332fb1

SHA256
83dad7cc4f32f8379b78f7a4b5676e39325f3ffafa36cc3ffd2aa27d00cf335e

SHA512
5f309e7f8e1252d73d4d7b2e37e8b6d0ba47da9e5ff646afb5febe4ece99d8e7e3c3c3b8ddd4806d5867389ce8679f4d3758682c67a34c18e46bbb70a3cc00c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\certifi\cacert.pem

Filesize
290KB

MD5
234d271ecb91165aaec148ad6326dd39

SHA1
d7fccec47f7a5fbc549222a064f3053601400b6f

SHA256
c55b21f907f7f86d48add093552fb5651749ff5f860508ccbb423d6c1fbd80c7

SHA512
69289a9b1b923d89ba6e914ab601c9aee4d03ff98f4ed8400780d4b88df5f4d92a8ca1a458abcfde00c8455d3676aca9ec03f7d0593c64b7a05ed0895701d7ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\charset_normalizer\md.cp313-win_amd64.pyd

Filesize
10KB

MD5
480b5eb45af69a315bd2c3b1b34459d1

SHA1
e056c3e8b3c4d46163e105e6095703d092676b5b

SHA256
1f8a5173d8bfe6c569e81c738b830800307ed4586d2ae9ac5cc13a468c6e1892

SHA512
2aefd6356cf6f9ab773e0c19d828c065b41447b0da24c98d0fa2e14b9580e5e7e8f5d3b707e73f682cad85a199f134c42b103740caf3173e8f29e75dadda6623

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

Filesize
122KB

MD5
501b867c424a8e3a41a9be4ab22dbeed

SHA1
97bf5d2c9fa5bb833e739b183a01ce53d19f4a6c

SHA256
437ceb75e7bc7c72c9090558397ef3598b0bc7bc499434af5827028083d300ca

SHA512
38b2d7f2587d73d2edf9cb685ef920ea4c511b88ae9cc25f7fc65d04a87e07ac03024228b9119adfd6914441089cf13ad9d67ff144cf86576cb37d97946677ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\libcrypto-3.dll

Filesize
2.1MB

MD5
69f0385e775df084b9e4e61bf7fb4971

SHA1
c0fdd491d2a246c4ab4ca4b1b5f5a9ccec0e24f8

SHA256
084867b6a5f539005772fd965292c2f62c8e571a38dd41a3052aeff34c7f3bbe

SHA512
8b3b4ffa0c694f2b4b8a205c3d2f8ceab9e990298fb8c4286d4e2c3e3c71003b469b3c2973771dcd63a429f0d163dc518d2d471a53aa4f4069a78b20e8f4c0be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\libcrypto-3.dll

Filesize
2.3MB

MD5
560b18e481744a71849109ab2b60afff

SHA1
7d8fdec007b4e2b075366a80d947277231f697c4

SHA256
e7fa7a86093e7bda2d50e518b2b2ba10e5910e51b23915b77f89701796f29433

SHA512
c9c3a31d8a2c12b28a0a98d91771696d47e028b1c699362cda477b32ec4b2fb28bf70a7fbf88f1ddde0c7f32db8fcf43f6fe3b39f44e193af514d63a9bfb1cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\libcrypto-3.dll

Filesize
2.4MB

MD5
7f36565182daf471168d724be8b7e3b0

SHA1
219c6a7091099ecfc095248e0a26d105e05fde6a

SHA256
7b17abca05ba30d675f176e4b94edc6e9cc6a7593a5b45f7a7878fd2007455ba

SHA512
90b53719247ea054b0b535b6b8bc2827f23b2118d0bcf7759f7265291370dfe64e8e112b569e81fd2f820d4d37f2a8099040d51fc9db890668deac1ba6f6a370

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\libssl-3.dll

Filesize
774KB

MD5
4ff168aaa6a1d68e7957175c8513f3a2

SHA1
782f886709febc8c7cebcec4d92c66c4d5dbcf57

SHA256
2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

SHA512
c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\python313.dll

Filesize
2.5MB

MD5
b299b46f5434ba8acecae42b4610629b

SHA1
3c7ca602a4cb76686b7ab2d0132d90360c5206d7

SHA256
b1abc2074b4e1dbc7bcee4999ecec3539fad40e5d402d8839244e80ce333888d

SHA512
c5051a5784eec8ff7dba23d00132f886a7020c080d5168ab16e8b749d31294bfd6fcab4b037e318b64f2f65df2c63d83653c49076785301970e977c951bcd128

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\python313.dll

Filesize
2.3MB

MD5
207ef18282597cec69c8145afdd8c947

SHA1
6c435c41be3cee3dab7157cb5aaf8fbf4b807319

SHA256
04a1ce991a8cbeb80a951903643879a7a178fafad81b303b69f7348cca3bcae8

SHA512
ee24ab9d0c55bb773b35eb2bd8069cc660650c7ccc0c0c57ddd3d572b93ea6a0fc3bcc3cd064c2f05adcd6b62b06a36a3c962d7e4e1f448115acaeac2744fec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\select.pyd

Filesize
31KB

MD5
2663e22900ab5791c6687a264473ae1e

SHA1
d8db587b6c632200ae13be880cc824cdc8390df9

SHA256
baee284995b22d495fd12fa8378077e470978db1522c61bfb9af37fb827f33d1

SHA512
5f29ff4288b9db33976f5f79b9fd07c4900a560bb41fe98c93a33da7a36c0981ffd71f460e81e13e4f6a2debafa6d9284bc1a728734752ba5ad5fbd766659e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41882\unicodedata.pyd

Filesize
694KB

MD5
c0b4c55ce3711af914b2015f707e4452

SHA1
f1c1e9f8a461cfee1199d2100f5c0796733518b6

SHA256
a67eec238162fde20ac24ca7df931792734aad0611be22d1b3a71bc15acf72f3

SHA512
fa6bd9223898ef0c54ca9a67b10207bfce152eadbaec4c91d4e951d0790f455066f5095ed739fa2452aea1420d154beb00bfa9e6e10b46bed687c5d0d7484900

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
5d5e6d2434bd85057b1ac943b3151889

SHA1
4096527b39e2dec755c2da25762601995fa5f996

SHA256
9e47d3bc13dbbe611fd23619290b16af7263977eba55735c66d5aca5f74a883b

SHA512
ea0d132801db9dc7df7ea0a6babd3763098a1710172c28a874c727b07856c07e2596cdf82977c77bc3d3001f5d2cf3184ff4d3b0edca9023c00d18f9a3710b30

Download Submit
memory/388-710-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/644-701-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/708-908-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1060-436-0x0000000004FA0000-0x0000000004FAA000-memory.dmp

Filesize
40KB

Download
memory/1060-379-0x0000000004FE0000-0x0000000005072000-memory.dmp

Filesize
584KB

Download
memory/1060-374-0x00000000056A0000-0x0000000005C44000-memory.dmp

Filesize
5.6MB

Download
memory/1060-359-0x0000000000660000-0x0000000000700000-memory.dmp

Filesize
640KB

Download
memory/1060-441-0x00000000050F0000-0x0000000005132000-memory.dmp

Filesize
264KB

Download
memory/1428-815-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/1824-354-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/2284-606-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/2296-906-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-790-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/3068-921-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/3448-808-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3808-9-0x0000000000980000-0x0000000001426000-memory.dmp

Filesize
10.6MB

Download
memory/3808-28-0x0000000000980000-0x0000000001426000-memory.dmp

Filesize
10.6MB

Download
memory/4000-480-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4124-694-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/4280-341-0x00007FF8E8BD0000-0x00007FF8E8BE0000-memory.dmp

Filesize
64KB

Download
memory/4280-380-0x00007FF8E6270000-0x00007FF8E6280000-memory.dmp

Filesize
64KB

Download
memory/4280-427-0x00007FF8E6270000-0x00007FF8E6280000-memory.dmp

Filesize
64KB

Download
memory/4280-339-0x00007FF8E8BD0000-0x00007FF8E8BE0000-memory.dmp

Filesize
64KB

Download
memory/4280-337-0x00007FF8E8BD0000-0x00007FF8E8BE0000-memory.dmp

Filesize
64KB

Download
memory/4280-344-0x00007FF8E8BD0000-0x00007FF8E8BE0000-memory.dmp

Filesize
64KB

Download
memory/4280-340-0x00007FF8E8BD0000-0x00007FF8E8BE0000-memory.dmp

Filesize
64KB

Download
memory/4376-916-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4612-920-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4612-781-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4664-674-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/4716-186-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/4716-915-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4732-702-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4756-711-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4756-917-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4760-704-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4824-814-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/4848-456-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4964-918-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/5196-779-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/5292-712-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/5356-882-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/5368-810-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5604-492-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5652-806-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5652-607-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/5712-778-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/5848-809-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/6108-342-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download