Overview

overview

10

Static

static

1

789543351b...3c.exe

windows7_x64

10

789543351b...3c.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    24-06-2021 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    789543351b1c5d10216ff9319e835a3c.exe

  • Size

    83KB

  • MD5

    789543351b1c5d10216ff9319e835a3c

  • SHA1

    929dc87f7358e7ae0a3bebc54c42ac227a856b79

  • SHA256

    9f8cd68021a1987bcb5115056f67fbdc12d24718e51c9103c696702512d78725

  • SHA512

    8f8413fa6aa56bcab18ac3371dc8df14174cdde765c3e2eadf47159617aa638623413063ac39619282b56ab1fec30b6ef44bb2ea001dd81de2475fc8bb476e13

Score
10/10
dcratzloaderbootkitbotnetdiscoveryevasioninfostealerpersistenceratspywarestealertrojan

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Modifies system executable filetype association 2 TTPs 21 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs
    persistence
  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Downloads MZ/PE file
  • Executes dropped EXE 62 IoCs
  • Modifies Installed Components in the registry 2 TTPs
    persistence
  • Modifies Windows Firewall 1 TTPs
    evasion
  • Sets DLL path for service in the registry 2 TTPs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops Chrome extension 1 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Writes to the Master Boot Record (MBR) 1 TTPs 6 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789543351b1c5d10216ff9319e835a3c.exe
    "C:\Users\Admin\AppData\Local\Temp\789543351b1c5d10216ff9319e835a3c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\AppData\Local\Temp\IMedia-553.exe
      "C:\Users\Admin\AppData\Local\Temp\IMedia-553.exe"
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2452
      • C:\Program Files (x86)\IMedia\IMediaB.exe
        "C:\Program Files (x86)\IMedia\IMediaB.exe" install
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3172
      • C:\Program Files (x86)\IMedia\IMediaT.exe
        "C:\Program Files (x86)\IMedia\IMediaT.exe" install
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2848
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks /delete /TN _Newdd_ddddfgd_sdfqefjkjkjkj_IMedia_e3df_TEE /f
          4⤵
            PID:3404
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /sc ONLOGON /tn _Newdd_ddddfgd_sdfqefjkjkjkj_IMedia_e3df_TEE /tr "\"C:\Program Files (x86)\IMedia\IMediaB.exe\" taskactive" /rl HIGHEST
            4⤵
            • Creates scheduled task(s)
            PID:2532
        • C:\Program Files (x86)\IMedia\IMediaDesk.exe
          "C:\Program Files (x86)\IMedia\IMediaDesk.exe" install
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:992
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\system32\rundll32.exe" /s "C:\Program Files (x86)\IMedia\IMedia64.dll" DllGetClassObjectEx
            4⤵
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1052
            • C:\Windows\system32\rundll32.exe
              "C:\Windows\system32\rundll32.exe" /s "C:\Program Files (x86)\IMedia\IMedia64.dll" DllGetClassObjectEx
              5⤵
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:1400
        • C:\Program Files (x86)\IMedia\IMedia.exe
          "C:\Program Files (x86)\IMedia\IMedia.exe" install
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:3708
      • C:\Users\Admin\AppData\Local\Temp\syzs03_1000219144.exe
        "C:\Users\Admin\AppData\Local\Temp\syzs03_1000219144.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Writes to the Master Boot Record (MBR)
        • Suspicious use of WriteProcessMemory
        PID:3724
        • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Market.exe
          "C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Market.exe"
          3⤵
          • Executes dropped EXE
          PID:2320
        • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\Tinst.exe
          "C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\Tinst.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2216
          • C:\Windows\SysWOW64\Netsh.exe
            "C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="AppMarket" dir=in program="c:\program files\txgameassistant\appmarket\AppMarket.exe" action=allow
            4⤵
              PID:2832
            • C:\Windows\SysWOW64\Netsh.exe
              "C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="TInst" dir=in program="c:\program files\txgameassistant\appmarket\TInst.exe" action=allow
              4⤵
                PID:3928
              • C:\Windows\SysWOW64\Netsh.exe
                "C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="bugreport" dir=in program="c:\program files\txgameassistant\appmarket\bugreport.exe" action=allow
                4⤵
                  PID:3156
                • C:\Windows\SysWOW64\Netsh.exe
                  "C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="QQExternal" dir=in program="c:\program files\txgameassistant\appmarket\QQExternal.exe" action=allow
                  4⤵
                    PID:2848
                  • C:\Windows\SysWOW64\Netsh.exe
                    "C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="GameDownload" dir=in program="c:\program files\txgameassistant\appmarket\GameDownload.exe" action=allow
                    4⤵
                      PID:2180
                    • C:\Windows\SysWOW64\Netsh.exe
                      "C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="TUpdate" dir=in program="c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe" action=allow
                      4⤵
                        PID:2284
                    • C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
                      "C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe" -from TGBDownloader
                      3⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Writes to the Master Boot Record (MBR)
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of WriteProcessMemory
                      PID:1276
                      • C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe
                        "C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe" --conf-path="C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.cfg" --daemon --log="C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.log"
                        4⤵
                        • Executes dropped EXE
                        PID:2176
                      • C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
                        "C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=gpu-process --field-trial-handle=2368,18052736311222120022,12913811502584897603,131072 --disable-features=OutOfBlinkCors --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.10.1683.80" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=6510007798590649164 --mojo-platform-channel-handle=2460 /prefetch:2
                        4⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:3988
                      • C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
                        "C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=utility --field-trial-handle=2368,18052736311222120022,12913811502584897603,131072 --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.10.1683.80" --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=14422246541074373669 --mojo-platform-channel-handle=3152 /prefetch:8
                        4⤵
                        • Executes dropped EXE
                        • Modifies system certificate store
                        PID:3120
                      • C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
                        "C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=renderer --no-sandbox --force-device-scale-factor=1.00 --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --field-trial-handle=2368,18052736311222120022,12913811502584897603,131072 --disable-features=OutOfBlinkCors --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.10.1683.80" --disable-pdf-extension=1 --ppapi-flash-path="PepperFlash\pepflashplayer.dll" --ppapi-flash-version=18.0.0.209 --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=11061101416229369007 --renderer-client-id=3 --mojo-platform-channel-handle=3212 /prefetch:1
                        4⤵
                        • Executes dropped EXE
                        • Checks computer location settings
                        PID:2792
                      • C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
                        "C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=gpu-process --field-trial-handle=2368,18052736311222120022,12913811502584897603,131072 --disable-features=OutOfBlinkCors --disable-gpu-sandbox --use-gl=disabled --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.10.1683.80" --lang=en-US --gpu-preferences=KAAAAAAAAADoAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=3042554983926852001 --mojo-platform-channel-handle=3600 /prefetch:2
                        4⤵
                        • Executes dropped EXE
                        PID:4540
                  • C:\Users\Admin\AppData\Local\Temp\Fastpdf_setup_ver21042017.420.1.1.1.exe
                    "C:\Users\Admin\AppData\Local\Temp\Fastpdf_setup_ver21042017.420.1.1.1.exe"
                    2⤵
                    • Executes dropped EXE
                    • Drops file in Program Files directory
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4588
                    • C:\Program Files (x86)\fastpdf\fastpdf_ext_process64.exe
                      "C:\Program Files (x86)\fastpdf\fastpdf_ext_process64.exe" /ext:1
                      3⤵
                      • Executes dropped EXE
                      • Suspicious use of FindShellTrayWindow
                      PID:1460
                      • C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe
                        "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" /action:install
                        4⤵
                        • Modifies system executable filetype association
                        • Executes dropped EXE
                        PID:4092
                    • C:\Program Files (x86)\fastpdf\fastpdf_ext_process64.exe
                      "C:\Program Files (x86)\fastpdf\fastpdf_ext_process64.exe" /ext:1
                      3⤵
                      • Executes dropped EXE
                      • Modifies registry class
                      • Suspicious use of FindShellTrayWindow
                      PID:4960
                      • C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe
                        "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" /action:install
                        4⤵
                        • Modifies system executable filetype association
                        • Executes dropped EXE
                        • Modifies registry class
                        PID:4280
                    • C:\Program Files (x86)\fastpdf\fastpdf_ext_process64.exe
                      "C:\Program Files (x86)\fastpdf\fastpdf_ext_process64.exe" /ext:1
                      3⤵
                      • Executes dropped EXE
                      • Suspicious use of FindShellTrayWindow
                      PID:2248
                      • C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe
                        "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" /action:install
                        4⤵
                        • Modifies system executable filetype association
                        • Executes dropped EXE
                        PID:3340
                    • C:\Program Files (x86)\fastpdf\fastpdf.exe
                      "C:\Program Files (x86)\fastpdf\fastpdf.exe" -refreshdesktop=1
                      3⤵
                      • Executes dropped EXE
                      PID:4100
                      • C:\Windows\system32\ie4uinit.exe
                        "C:\Windows\system32\ie4uinit.exe" -show
                        4⤵
                        • Modifies Internet Explorer settings
                        • Modifies registry class
                        PID:4644
                    • C:\Program Files (x86)\fastpdf\fastpdf.exe
                      "C:\Program Files (x86)\fastpdf\fastpdf.exe" -associate=1
                      3⤵
                      • Executes dropped EXE
                      • Modifies registry class
                      PID:4832
                      • C:\Windows\system32\ie4uinit.exe
                        "C:\Windows\system32\ie4uinit.exe" -show
                        4⤵
                        • Modifies Internet Explorer settings
                        • Modifies registry class
                        PID:4396
                  • C:\Users\Admin\AppData\Local\Temp\leishenzip_247915520_tiangua_001.exe
                    "C:\Users\Admin\AppData\Local\Temp\leishenzip_247915520_tiangua_001.exe"
                    2⤵
                    • Executes dropped EXE
                    • Writes to the Master Boot Record (MBR)
                    • Drops file in Windows directory
                    PID:4636
                    • C:\Windows\SysWOW64\regsvr32.exe
                      regsvr32.exe /s /u C:\Users\Admin\AppData\Roaming\雷神压缩\ThorShell64.dll
                      3⤵
                        PID:5100
                      • C:\Windows\SysWOW64\regsvr32.exe
                        regsvr32.exe /s /u C:\Users\Admin\AppData\Roaming\雷神压缩\ThorHelp64.dll
                        3⤵
                          PID:4212
                        • C:\Windows\SysWOW64\regsvr32.exe
                          regsvr32.exe /s /u C:\Users\Admin\AppData\Roaming\雷神压缩\ThorService.dll
                          3⤵
                            PID:4276
                          • C:\Windows\SysWOW64\regsvr32.exe
                            regsvr32.exe /s C:\Users\Admin\AppData\Roaming\雷神压缩\ThorShell64.dll
                            3⤵
                              PID:4680
                              • C:\Windows\system32\regsvr32.exe
                                /s C:\Users\Admin\AppData\Roaming\雷神压缩\ThorShell64.dll
                                4⤵
                                • Modifies system executable filetype association
                                PID:4668
                            • C:\Windows\SysWOW64\regsvr32.exe
                              regsvr32.exe /s C:\Users\Admin\AppData\Roaming\雷神压缩\ThorHelp64.dll
                              3⤵
                                PID:4908
                                • C:\Windows\system32\regsvr32.exe
                                  /s C:\Users\Admin\AppData\Roaming\雷神压缩\ThorHelp64.dll
                                  4⤵
                                  • Modifies registry class
                                  PID:4964
                              • C:\Users\Admin\AppData\Roaming\雷神压缩\ThorFileManager.exe
                                "C:\Users\Admin\AppData\Roaming\雷神压缩\ThorFileManager.exe" --register_application
                                3⤵
                                • Executes dropped EXE
                                • Modifies registry class
                                PID:4228
                              • C:\Users\Admin\AppData\Roaming\雷神压缩\ThorReport.exe
                                "C:\Users\Admin\AppData\Roaming\雷神压缩\ThorReport.exe"
                                3⤵
                                • Executes dropped EXE
                                • Writes to the Master Boot Record (MBR)
                                PID:196
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -u -p 196 -s 376
                                  4⤵
                                  • Program crash
                                  PID:4684
                            • C:\Users\Admin\AppData\Local\Temp\FlashZip_2710.exe
                              "C:\Users\Admin\AppData\Local\Temp\FlashZip_2710.exe" -8122a41aa4ae
                              2⤵
                              • Executes dropped EXE
                              PID:4696
                              • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                "C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCWNYmzoMeWFUU0CM2Dtga35YuzOEd3hN6CIB20FaUT10MxhIaCtAGtPOMDxEPyeMSm2ET0QMbW2FqhSNiGtFdl6IoCU0j1HZsj4ZsmYNu2YI25oZFmfYXybYnmgMH9ZNXzJgP5UNeTGQCz8MJzJU7x3YajkFNjZNLW9QuxyMbDxIHx5NRmCZDmZOTTFMnxpOsWFUG4nMyztVkhPMa29MRudZtXLholy -2596b1ef9f0a=27
                                3⤵
                                • Executes dropped EXE
                                • Drops file in System32 directory
                                PID:4764
                                • C:\Windows\SysWOW64\regsvr32.exe
                                  "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\ShiningZip\ZipCnu64.dll"
                                  4⤵
                                    PID:1588
                                    • C:\Windows\system32\regsvr32.exe
                                      /s "C:\Users\Admin\AppData\Local\ShiningZip\ZipCnu64.dll"
                                      5⤵
                                        PID:4188
                                    • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                      "C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNgm1oYejFcU4CZ2Dthaj5ZujOZdmhN6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Aq=S -2596b1ef9f0a=27
                                      4⤵
                                      • Executes dropped EXE
                                      PID:5092
                                      • C:\Users\Admin\AppData\Local\ShiningZip\SZipTray.exe
                                        "C:\Users\Admin\AppData\Local\ShiningZip\SZipTray.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNMmyoOeTFNUkCO2WtUay5MuGOEdyhN6yIA2tFNUG1YMyhOaTtEG0PYM2xIP3eMSD2NTjQPbX2sqiSaiWtQdi6OojUEj2HNsy4wsiYdujYE2ioOFjfEXsbInngVHyZbXCJIP6UIemGhC08dJHJA763Layk9NkZbLC95uiyabWx5Hn5aRHCVDvZaT2FVnqpasSF5Gjnbyit9kGPbaG9FRzdatFLpopycWCS9I0TcZ2Vtgf9Y0mGpsynakiWIHszIJmO1vkNNgSpI46vIgjYY11TZdjqd5ihNkGTMSyjY0znMzyZM3GzITybNT2QUiw6N1jyciwUNWmPRrmEYv2mUP29MfGLFxlkZnjnAyzgI6imwCiDYh2U9QufZnmjlXndI2jypS79IAmYxDhTb8mXQWi7OkjdEWshI4mGlLuHdoGXVmyRdzCHIg6PMzSHwiiZctGrFpyMYpWD03i8OyirJETaa5GFFsuKWFm1lCwMITi1wEiiZuGTxksob3WjFXp6bPi4IX6NIaljJZ1AbDkB1ihmapWS4MiLfaXl04=v -2596b1ef9f0a=27
                                        5⤵
                                        • Executes dropped EXE
                                        • Maps connected drives based on registry
                                        • Modifies Internet Explorer settings
                                        PID:4996
                                      • C:\Users\Admin\AppData\Local\ShiningZip\SZipTray.exe
                                        "C:\Users\Admin\AppData\Local\ShiningZip\SZipTray.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNMmyoOeTFNUkCO2WtUay5MuGOEdyhN6yIA2tFNUG1YMyhOaTtEG0PYM2xIP3eMSD2NTjQPbX2sqiSaiWtQdi6OojUEj3HNsi4wsiYdujYE2ioOFjfIXsbInngVHyZbXCJIP6UIemGhC08dJHJA763Layk9NkZbLC95uiyabWx5Hn5aRHCVDvZaT2FVnqpasSF5Gjnbyit9kkPLa29lRtdZt3LMovycW3SlI5TbZmVcgu9c0GG5snnIkiWwHizbJWOQv1NIgjpo4ivMgjYl1lTMdTqd5hhYkjTASyjY0znAzwZM32zUT1bMTmQQi56M1myYi5UNWWPMr3EMvWmVPl9NfjLhxlkYn2nMyigL6CmJCjDbh2U5QmfanWjcXidO2nysSi9bAGYFDuTZ8CXIW67MkSdwWiha4WG5L0HZoXXJm0RIzjHogxPLzCHJiwZYtXrJphMbpSDI368IyirIEsaI5mFRssKbFG11ChMaTW14EiiOuiTJksoa3WjJXm6dPW45XfNda2jVZpAeDWBEiimfpXS0M=L -2596b1ef9f0a=27
                                        5⤵
                                        • Executes dropped EXE
                                        • Modifies Internet Explorer settings
                                        • Suspicious use of FindShellTrayWindow
                                        PID:3568
                                • C:\Users\Admin\AppData\Local\Temp\OfficeDownloaderInstall_0_100016_lanshan.exe
                                  "C:\Users\Admin\AppData\Local\Temp\OfficeDownloaderInstall_0_100016_lanshan.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  PID:4860
                                  • C:\Windows\SysWOW64\Wbem\wmic.exe
                                    wmic bios get SerialNumber
                                    3⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4892
                                  • C:\Windows\SysWOW64\Wbem\wmic.exe
                                    wmic bios get SerialNumber
                                    3⤵
                                      PID:5056
                                    • C:\Users\Admin\AppData\Local\Temp\4_4_5\LanShanOffice_1_000000_lanshan64.exe
                                      C:\Users\Admin\AppData\Local\Temp\4_4_5\LanShanOffice_1_000000_lanshan64.exe --s -shortcut=1 -fileacc=1 -channel=100016
                                      3⤵
                                      • Executes dropped EXE
                                      • Drops file in Program Files directory
                                      PID:2532
                                  • C:\Users\Admin\AppData\Local\Temp\k52zip20210520-220-21.exe
                                    C:\Users\Admin\AppData\Local\Temp\k52zip20210520-220-21.exe
                                    2⤵
                                    • Executes dropped EXE
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    PID:4968
                                    • C:\Program Files (x86)\k52zip\kzip_casual64.exe
                                      "C:\Program Files (x86)\k52zip\kzip_casual64.exe" --worker=kzip_ext --register
                                      3⤵
                                      • Executes dropped EXE
                                      • Modifies registry class
                                      • Suspicious use of FindShellTrayWindow
                                      PID:5084
                                      • C:\Program Files (x86)\k52zip\kzip_main.exe
                                        "C:\Program Files (x86)\k52zip\kzip_main.exe" -action=rptinject -res:1 -hres:"Invalid window handle"
                                        4⤵
                                        • Executes dropped EXE
                                        PID:992
                                    • C:\Program Files (x86)\k52zip\kzip_main.exe
                                      "C:\Program Files (x86)\k52zip\kzip_main.exe" -action:assext
                                      3⤵
                                      • Executes dropped EXE
                                      • Modifies registry class
                                      PID:4732
                                    • C:\Program Files (x86)\k52zip\krecommend.exe
                                      "C:\Program Files (x86)\k52zip\krecommend.exe" /product:11 /type:1 /sence:1
                                      3⤵
                                      • Executes dropped EXE
                                      PID:4012
                                  • C:\Users\Admin\AppData\Local\Temp\pic_soft45181.exe
                                    C:\Users\Admin\AppData\Local\Temp\pic_soft45181.exe
                                    2⤵
                                    • Executes dropped EXE
                                    PID:4848
                                    • C:\Users\Admin\AppData\Local\Temp\Mtkantu\Install.exe
                                      "C:\Users\Admin\AppData\Local\Temp\Mtkantu\Install.exe"
                                      3⤵
                                      • Executes dropped EXE
                                      PID:4008
                                      • C:\Users\Admin\AppData\Local\Mtkantu\update.exe
                                        C:\Users\Admin\AppData\Local\Mtkantu\update.exe
                                        4⤵
                                        • Executes dropped EXE
                                        • Drops Chrome extension
                                        PID:4556
                                  • C:\Users\Admin\AppData\Local\Temp\abckantu_2722097895_shouheng_001.exe
                                    C:\Users\Admin\AppData\Local\Temp\abckantu_2722097895_shouheng_001.exe
                                    2⤵
                                    • Executes dropped EXE
                                    • Writes to the Master Boot Record (MBR)
                                    • Drops file in Windows directory
                                    PID:4216
                                    • C:\Windows\SysWOW64\regsvr32.exe
                                      regsvr32.exe /s /u C:\Users\Admin\AppData\Roaming\PhotoViewer\ShellExt64.dll
                                      3⤵
                                        PID:4616
                                      • C:\Windows\SysWOW64\regsvr32.exe
                                        regsvr32.exe /s /u C:\Users\Admin\AppData\Roaming\PhotoViewer\PVShellExt64.dll
                                        3⤵
                                          PID:200
                                        • C:\Windows\SysWOW64\regsvr32.exe
                                          regsvr32.exe /s /u C:\Users\Admin\AppData\Roaming\PhotoViewer\Checker.dll
                                          3⤵
                                            PID:1296
                                          • C:\Windows\SysWOW64\regsvr32.exe
                                            regsvr32.exe /s C:\Users\Admin\AppData\Roaming\PhotoViewer\PreviewExt64.dll
                                            3⤵
                                              PID:3016
                                              • C:\Windows\system32\regsvr32.exe
                                                /s C:\Users\Admin\AppData\Roaming\PhotoViewer\PreviewExt64.dll
                                                4⤵
                                                • Modifies registry class
                                                PID:2932
                                            • C:\Windows\SysWOW64\regsvr32.exe
                                              regsvr32.exe /s C:\Users\Admin\AppData\Roaming\PhotoViewer\PVShellExt64.dll
                                              3⤵
                                                PID:4588
                                                • C:\Windows\system32\regsvr32.exe
                                                  /s C:\Users\Admin\AppData\Roaming\PhotoViewer\PVShellExt64.dll
                                                  4⤵
                                                    PID:4520
                                                • C:\Windows\SysWOW64\regsvr32.exe
                                                  regsvr32.exe /s C:\Users\Admin\AppData\Roaming\PhotoViewer\Checker.dll
                                                  3⤵
                                                    PID:4416
                                                  • C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe
                                                    "C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe" -unregdigitext
                                                    3⤵
                                                    • Executes dropped EXE
                                                    PID:4228
                                                  • C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe
                                                    "C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe" -regall
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • Modifies registry class
                                                    PID:4548
                                                  • C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe
                                                    "C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe" -deloldshellext
                                                    3⤵
                                                    • Executes dropped EXE
                                                    PID:4604
                                                  • C:\Users\Admin\AppData\Roaming\PhotoViewer\PdfReader.exe
                                                    "C:\Users\Admin\AppData\Roaming\PhotoViewer\PdfReader.exe" -regall
                                                    3⤵
                                                    • Executes dropped EXE
                                                    PID:3508
                                                  • C:\Users\Admin\AppData\Roaming\PhotoViewer\Report.exe
                                                    "C:\Users\Admin\AppData\Roaming\PhotoViewer\Report.exe"
                                                    3⤵
                                                      PID:4468
                                                • C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
                                                  "C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Writes to the Master Boot Record (MBR)
                                                  • Drops file in System32 directory
                                                  PID:500
                                                • C:\Program Files (x86)\fastpdf\fpprotect.exe
                                                  "C:\Program Files (x86)\fastpdf\fpprotect.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:4488
                                                  • C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe
                                                    "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" -action:check_plugin_register
                                                    2⤵
                                                    • Modifies system executable filetype association
                                                    • Executes dropped EXE
                                                    • Modifies registry class
                                                    PID:200
                                                  • C:\Program Files (x86)\fastpdf\fastpdf.exe
                                                    "C:\Program Files (x86)\fastpdf\fastpdf.exe" -sactive=1
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: AddClipboardFormatListener
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4592
                                                • C:\Users\Admin\AppData\Local\ShiningZip\SZipService.exe
                                                  C:\Users\Admin\AppData\Local\ShiningZip\SZipService.exe -3ba07688d9f4
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Modifies data under HKEY_USERS
                                                  PID:2984
                                                  • C:\Users\Admin\AppData\Local\ShiningZip\SZipUpdate.exe
                                                    C:\Users\Admin\AppData\Local\ShiningZip\SZipUpdate.exe -e61475c863c7=27 -c9c0eef9ccd6=LCTNNmioOeDFZUkCN2jtga55YuWOJdlhM6SIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Qq=S -2596b1ef9f0a=27
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:584
                                                  • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                                    C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe -e61475c863c7=27 -c9c0eef9ccd6=LCTNEm2oNeDFFUiCN22tMa25ZuTOldjhZ6SIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Qq=S -2596b1ef9f0a=27
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:1056
                                                    • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                                      "C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNgm1oYejFcU4CZ2Dthaj5ZujOZdmhN6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Qq=S -2596b1ef9f0a=27
                                                      3⤵
                                                      • Executes dropped EXE
                                                      PID:4672
                                                • \??\c:\windows\syswow64\svchost.exe
                                                  c:\windows\syswow64\svchost.exe -k szpsrvrgroup -s szpsrvr
                                                  1⤵
                                                  • Modifies data under HKEY_USERS
                                                  PID:4708
                                                  • C:\Users\Admin\AppData\Local\Zipdktp\SZipConfig.exe
                                                    C:\Users\Admin\AppData\Local\Zipdktp\SZipConfig.exe -e61475c863c7=27 -c9c0eef9ccd6=LCTNImwoZeDFgUwCY2ztVal5NuDOMdwhO6CIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Yq=S -2596b1ef9f0a=27
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:4356
                                                • C:\Windows\SysWOW64\svchost.exe
                                                  C:\Windows\SysWOW64\svchost.exe -k thorzip_updatesvc
                                                  1⤵
                                                    PID:4208
                                                  • C:\Windows\SysWOW64\svchost.exe
                                                    C:\Windows\SysWOW64\svchost.exe -k thorzip_updatesvc
                                                    1⤵
                                                      PID:4188
                                                    • C:\Program Files (x86)\k52zip\kzipservice.exe
                                                      "C:\Program Files (x86)\k52zip\kzipservice.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:2376
                                                    • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                                      "C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNRmjoOeDFIU5CO2Dtdam5NuGOQd0hM6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2IqgS -2596b1ef9f0a=27
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:1004
                                                    • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                                      "C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNEm2oNeDFFUiCN22tMa25ZuTOldjhZ6SIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Iq=S -2596b1ef9f0a=27
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:4656
                                                      • C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe
                                                        "C:\Users\Admin\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNgm1oYejFcU4CZ2Dthaj5ZujOZdmhN6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Iq=S -2596b1ef9f0a=27
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:4196
                                                    • C:\Windows\SysWOW64\svchost.exe
                                                      C:\Windows\SysWOW64\svchost.exe -k PhotoviewerService
                                                      1⤵
                                                        PID:4360
                                                      • C:\Windows\SysWOW64\svchost.exe
                                                        C:\Windows\SysWOW64\svchost.exe -k PhotoviewerService
                                                        1⤵
                                                          PID:4476
                                                        • C:\Program Files (x86)\k52zip\kzip_main.exe
                                                          "C:\Program Files (x86)\k52zip\kzip_main.exe" -from:shell_ext -menu_item:0 -action:showmenu
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:3952
                                                        • C:\Users\Admin\AppData\Local\kfastpic\11\kfpnewupdate.exe
                                                          "C:\Users\Admin\AppData\Local\kfastpic\11\kfpnewupdate.exe" /from:17
                                                          1⤵
                                                            PID:4568
                                                          • C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe
                                                            "C:\Users\Admin\AppData\Roaming\PhotoViewer\PhotoViewer.exe" -regcapturehotkey
                                                            1⤵
                                                            • Executes dropped EXE
                                                            PID:4224
                                                          • C:\Program Files (x86)\fastpdf\fastpdf.exe
                                                            "C:\Program Files (x86)\fastpdf\fastpdf.exe" /setdefault:1
                                                            1⤵
                                                              PID:3892

                                                            Network

                                                            MITRE ATT&CK Matrix ATT&CK v6

                                                            Initial Access

                                                            Execution

                                                            Scheduled Task

                                                            1
                                                            T1053

                                                            Persistence

                                                            Change Default File Association

                                                            1
                                                            T1042

                                                            Registry Run Keys / Startup Folder

                                                            3
                                                            T1060

                                                            Modify Existing Service

                                                            1
                                                            T1031

                                                            Bootkit

                                                            1
                                                            T1067

                                                            Scheduled Task

                                                            1
                                                            T1053

                                                            Privilege Escalation

                                                            Scheduled Task

                                                            1
                                                            T1053

                                                            Defense Evasion

                                                            Modify Registry

                                                            5
                                                            T1112

                                                            Install Root Certificate

                                                            1
                                                            T1130

                                                            Credential Access

                                                            Credentials in Files

                                                            1
                                                            T1081

                                                            Discovery

                                                            Query Registry

                                                            5
                                                            T1012

                                                            System Information Discovery

                                                            6
                                                            T1082

                                                            Peripheral Device Discovery

                                                            1
                                                            T1120

                                                            Lateral Movement

                                                            Collection

                                                            Data from Local System

                                                            1
                                                            T1005

                                                            Exfiltration

                                                            Command and Control

                                                            Impact

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Program Files (x86)\IMedia\IMedia.exe
                                                              MD5

                                                              903c1b83b7b9106440dda28aa3698a6a

                                                              SHA1

                                                              625b83e7f3f784e024685b1b61846e633a40425d

                                                              SHA256

                                                              eba964b6534b490cd29bef1bdba67cfd748bbfdf32b8aa81fb68f2fda2d498b4

                                                              SHA512

                                                              d9fe1fbdd39d22d064661b698c0d896186637765a6e005788f7508f57e2ee38d488e5eccd56450be7d3ec95d5b955de9aa6ba03b41b542b2b118835be508c0c2

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMedia.exe
                                                              MD5

                                                              903c1b83b7b9106440dda28aa3698a6a

                                                              SHA1

                                                              625b83e7f3f784e024685b1b61846e633a40425d

                                                              SHA256

                                                              eba964b6534b490cd29bef1bdba67cfd748bbfdf32b8aa81fb68f2fda2d498b4

                                                              SHA512

                                                              d9fe1fbdd39d22d064661b698c0d896186637765a6e005788f7508f57e2ee38d488e5eccd56450be7d3ec95d5b955de9aa6ba03b41b542b2b118835be508c0c2

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMedia64.dll
                                                              MD5

                                                              48f1abb480690cea0992905cdcbb131c

                                                              SHA1

                                                              744ee09ea4094622ebc7374ead52370939a10f39

                                                              SHA256

                                                              32835910ecf2df98d5973991ecf3676752d7dc67728f4adc1def50609c7b7c8b

                                                              SHA512

                                                              709b714bc2129709b613737c3c0f7ca72244f43f7a433ce64441d7f4a9a072a6eb85f4a9bddf9f7a7f5cc24c18eea677e8194938e75e40289a73b122a5e6ebe3

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMediaB.exe
                                                              MD5

                                                              1c1a7e640e4c5bc026f4d4be3e027160

                                                              SHA1

                                                              e597a0bbb3509755ed4734d7bb690811ef83cee1

                                                              SHA256

                                                              e25c758f34ee0ddae57f999f4fb8aae8dba138554978a803c3abaff5f014e44b

                                                              SHA512

                                                              76fbf0dbe42521e0a2cdcc283073fecf47efec3350b88267900fac65a09ac30854f74c9837960594a6d0bebf73460e7c9fc090f2db99c3f4103d318f5eb6eedb

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMediaB.exe
                                                              MD5

                                                              1c1a7e640e4c5bc026f4d4be3e027160

                                                              SHA1

                                                              e597a0bbb3509755ed4734d7bb690811ef83cee1

                                                              SHA256

                                                              e25c758f34ee0ddae57f999f4fb8aae8dba138554978a803c3abaff5f014e44b

                                                              SHA512

                                                              76fbf0dbe42521e0a2cdcc283073fecf47efec3350b88267900fac65a09ac30854f74c9837960594a6d0bebf73460e7c9fc090f2db99c3f4103d318f5eb6eedb

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMediaDesk.exe
                                                              MD5

                                                              dde40d98050d34f343fe04d899c3be81

                                                              SHA1

                                                              05a3d59b179cf41ae25bc9d0d00db9ac3715a097

                                                              SHA256

                                                              449a1f593cb542a546a393d2d12eec23fc9b5a84462edb9c0ad1f4f943e1431f

                                                              SHA512

                                                              542b708eab706734eccbc581ee7636354d6aa1d3b202d709832d998c53cce543b591922638af0109a4afbbe1f01e2789690f7ba802f2ef724dde85bb1bf98fbe

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMediaDesk.exe
                                                              MD5

                                                              dde40d98050d34f343fe04d899c3be81

                                                              SHA1

                                                              05a3d59b179cf41ae25bc9d0d00db9ac3715a097

                                                              SHA256

                                                              449a1f593cb542a546a393d2d12eec23fc9b5a84462edb9c0ad1f4f943e1431f

                                                              SHA512

                                                              542b708eab706734eccbc581ee7636354d6aa1d3b202d709832d998c53cce543b591922638af0109a4afbbe1f01e2789690f7ba802f2ef724dde85bb1bf98fbe

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMediaT.exe
                                                              MD5

                                                              767d847e1d357c33940d4f714f90da96

                                                              SHA1

                                                              14172fd6e5e99c526478cda0b472689c900504b7

                                                              SHA256

                                                              815a4e28a3d3d8b797916b9c95fb83d5d3bfc1dbee4eee9ba35466d219b30c18

                                                              SHA512

                                                              5da6d3597865885e9c603f68cc7c1860b3df4fb80725592fcf702cc0c4be97cb6c44c698f267c3931c3e440af8dc7bcd9d7abc74a9e88d381c5cfb04af742c5d

                                                              Download Submit
                                                            • C:\Program Files (x86)\IMedia\IMediaT.exe
                                                              MD5

                                                              767d847e1d357c33940d4f714f90da96

                                                              SHA1

                                                              14172fd6e5e99c526478cda0b472689c900504b7

                                                              SHA256

                                                              815a4e28a3d3d8b797916b9c95fb83d5d3bfc1dbee4eee9ba35466d219b30c18

                                                              SHA512

                                                              5da6d3597865885e9c603f68cc7c1860b3df4fb80725592fcf702cc0c4be97cb6c44c698f267c3931c3e440af8dc7bcd9d7abc74a9e88d381c5cfb04af742c5d

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Market.exe
                                                              MD5

                                                              da12dfb041b409e76d6661e7ad02eb9b

                                                              SHA1

                                                              598694fb09f1ba710610cbe18e0887a4dca37943

                                                              SHA256

                                                              3934a331888c62d6efd436e71f335849ca401cd4aea2edab8f563cb04edd132f

                                                              SHA512

                                                              22fecd0ce6587f12c83ee702547c448d1ea958ba1e3c90786f6edbd7c544bf9cb2324120f8aac6c59e7036297542e41686a60f04e603a5bd9de7371730661c0d

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Market.exe
                                                              MD5

                                                              da12dfb041b409e76d6661e7ad02eb9b

                                                              SHA1

                                                              598694fb09f1ba710610cbe18e0887a4dca37943

                                                              SHA256

                                                              3934a331888c62d6efd436e71f335849ca401cd4aea2edab8f563cb04edd132f

                                                              SHA512

                                                              22fecd0ce6587f12c83ee702547c448d1ea958ba1e3c90786f6edbd7c544bf9cb2324120f8aac6c59e7036297542e41686a60f04e603a5bd9de7371730661c0d

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\AECommonDll.dll
                                                              MD5

                                                              56bf4cf65918a67a3ab14046c756b552

                                                              SHA1

                                                              0d3138919585bedfd5fc8eb4333beb57016ca24f

                                                              SHA256

                                                              c6872ce41e31e68be9e4461243ae19e6012966ab43a0d513f775ff940ba39eae

                                                              SHA512

                                                              60a7ce0a2a1043de26339eadc8b7735053e6e3dffbb462aa4cbf9a0bd782d42fafca8f0769121a57c12ed117e866db430bd4b658fd63ac07416d305bed304266

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\AowGame.xml
                                                              MD5

                                                              59cb1bafb0fe0e415f03cd9b49069164

                                                              SHA1

                                                              e812c08598766acb454c5f5c76b966b6873cdc8b

                                                              SHA256

                                                              0103f094c6865ef2c4c0213190a5d13f337b0a9bddf58f4a1910bf91ceadb2c9

                                                              SHA512

                                                              09c019bd1bed60fc3b8d274d2f514cea240ec2d98476a8937dde20369d8472f23ad0d7a33c11b52fa28a465a3ee1ae5bda63ee5f9f76c27b0fc0e18045dd4918

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\Config.ini
                                                              MD5

                                                              ba50063cd1a85f562d5c6a92f28fc062

                                                              SHA1

                                                              41d01f5bc2c800424277dc39ddfb4a70bdbaf00e

                                                              SHA256

                                                              1d02987a9b23cb3c11ad6c8123446efcd8e43c0069a616ff09dfc80426a82861

                                                              SHA512

                                                              2fe0aa3e2b6dd171f25d792991328737a15905d290a3d32c4fbe6bc452976c6cd88e157b98a032f1348e53d26e4eeae9928d430e700849baa95e9c73207079b3

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\TInst.exe
                                                              MD5

                                                              67def83aee9714097ae67fa55a757383

                                                              SHA1

                                                              bede677829357926277f7d4b45de84e22c432a4b

                                                              SHA256

                                                              57de79e660ba1484f506a8aa90cfdb087aa7db99737d488efc74363c4d78882d

                                                              SHA512

                                                              bc4cc54cc33c4cb043925aa5b3e5cb090acaa86ce5a0b844982a2569ada69993d6e58c72b029e39d1165b965a10871b82b3bb22a6ddf21c1811f28ad9cb672ac

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\Tinst.exe
                                                              MD5

                                                              67def83aee9714097ae67fa55a757383

                                                              SHA1

                                                              bede677829357926277f7d4b45de84e22c432a4b

                                                              SHA256

                                                              57de79e660ba1484f506a8aa90cfdb087aa7db99737d488efc74363c4d78882d

                                                              SHA512

                                                              bc4cc54cc33c4cb043925aa5b3e5cb090acaa86ce5a0b844982a2569ada69993d6e58c72b029e39d1165b965a10871b82b3bb22a6ddf21c1811f28ad9cb672ac

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\aowgameex2.dat
                                                              MD5

                                                              a860fbdb56190eededbb9527abc20e32

                                                              SHA1

                                                              248c422cce200525f90679f49c1f9a22133a5de5

                                                              SHA256

                                                              a7f94e7cf4f162bdc89f7a191c3fd8a073a68f156ee43b13942267f62a4436e7

                                                              SHA512

                                                              776336b8a2d478ce685c346634526959ee11bff8c064f0177445af096641ad2657ccde5a0da571cda98c2a33c9d25c095bdfae4cc2ac7c47d7690216c1a6c1de

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-console-l1-1-0.dll
                                                              MD5

                                                              11e55839fcb3a53bdfed2a27fb7d5e80

                                                              SHA1

                                                              e585a1ed88696cd310c12f91ffa27f17f354b4f4

                                                              SHA256

                                                              f6bdc8ffd172b44f4d169707d9a457aeef619872661229b8629ee4f15eefff0d

                                                              SHA512

                                                              bec9419e35de03cc145b3c974833f73f1a5082d886de4739351b93bb4cc6c0234efd0e35ad845faba83fa600c4a7d5343eaae949a837d00d5528e6db79438ee4

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-datetime-l1-1-0.dll
                                                              MD5

                                                              9f3cf9f22836c32d988d7c7e0a977e1b

                                                              SHA1

                                                              1e7bbd6175bdb04826e60de07aa496493c9b3a3b

                                                              SHA256

                                                              7d588a5a958e32875d7bd346d1371e6ebfd9d5d2ede47755942badfc9c74e207

                                                              SHA512

                                                              16c98e6aec67ffe4558c6d3f881301490be5d8a714c1adc6735005613251adb8e1c2cb9b1c0d2504a9a99c61a06b0e30c944ca603fc00fbb18cd20ba1c9bd697

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-debug-l1-1-0.dll
                                                              MD5

                                                              64978e199a7239d2c911876447a7f05b

                                                              SHA1

                                                              0048ce6724db08c64441ce6e573676bc8ae94bf9

                                                              SHA256

                                                              92b947f1d6236f86ed7e105cff19e23c13d1968861426511b775905e1d26b47a

                                                              SHA512

                                                              9c64211895473ffc7162b56b0b8e732dec54cf03ea9b9b36fe3cc3339c35fc71fc7173d4e146989db399cb1bcb063079378bb6f778f7d2591cd545550038397c

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-errorhandling-l1-1-0.dll
                                                              MD5

                                                              9d74d89f2679c0c5ddb35a1ef30bd182

                                                              SHA1

                                                              22eaed07a6e477a4001f9467b5462cf4cc15cc16

                                                              SHA256

                                                              e207ffc6fef144e5d393e79de75f8f20d223f1ac33a011eeb822d30fa2031046

                                                              SHA512

                                                              725626e961d32398ea5aa120ac0339deeb493fc02ee7ef4d8e586173fdbf768b5cbb1f16f093ae4ecfee87e661170f8f832777640a353df5d651af4a62a2d819

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-file-l1-1-0.dll
                                                              MD5

                                                              d826d27c73d9f2420fb39fbe0745c7f0

                                                              SHA1

                                                              6e68e239f1a58185c7dad0fcfaac9ecfd2e5726c

                                                              SHA256

                                                              c0e5d482bd93bf71a73c01d0c1ec0722ea3260eba1f4c87e797bae334b5e9870

                                                              SHA512

                                                              c49843eb10e4e54c66e0e194dbd29ceab9094bdfe745b6a858cb03e34d73a6326f54804e5e5505deacc87146cbdfba17a0f02e62e76c685bce0cd1ff41962ff4

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-file-l1-2-0.dll
                                                              MD5

                                                              ec4f2cb68dcf7e96516eb284003be8bb

                                                              SHA1

                                                              fb9237719b5e21b9db176e41bdf125e6e7c01b11

                                                              SHA256

                                                              3816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088

                                                              SHA512

                                                              6cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-file-l1-2-1.dll
                                                              MD5

                                                              a32230b9bfdb8813e94d095222aafa11

                                                              SHA1

                                                              04b9d7d2a3f92a0054af2547fb6176385cc9738b

                                                              SHA256

                                                              7068d2b8aea252294e6b5c3bf3630475d0a91e11877f11a04e8ed1f91196410f

                                                              SHA512

                                                              6484c7c7fe574d797c74c285353040dfa364b9a9425cbfa4a4c8bba698176656c78e228a33c9eeae39a97caf2ab192f1f02dba472824f8a5757db5f14c76e2b0

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-file-l2-1-0.dll
                                                              MD5

                                                              b9287eb7bcbfdcec2e8d4198fd266509

                                                              SHA1

                                                              1375b6ff6121ec140668881f4a0b02f0c517f6c7

                                                              SHA256

                                                              096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895

                                                              SHA512

                                                              b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-handle-l1-1-0.dll
                                                              MD5

                                                              6a35a52d536e34ba060a19d06b1dac80

                                                              SHA1

                                                              0494a9cbf898e5babb6e697fc2de04a128d2fc35

                                                              SHA256

                                                              a369ef130749bf8cd9f67055179e6f537f200c060af47493d49473912a95021e

                                                              SHA512

                                                              a8aeb58bcf4b314212c2ab5a8fd3c2edeb97e680f774171d4a79390aa23bb62a414aef0ecd5286ffb68b7ed8f6e713ff1892d6d4cc2cbb67de916c6062e762d9

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-heap-l1-1-0.dll
                                                              MD5

                                                              ee5c2fb7bc23bfd06ff32556cc7c3b4d

                                                              SHA1

                                                              5d60ebf016219bbec340d353a4fa541fff596d3f

                                                              SHA256

                                                              efc9f0e32bce971900ddf66a1a9e68daa3bfb2099a1ba9f24c6ee82da2cbd6e8

                                                              SHA512

                                                              5d1b8a130c27d8eb63ca0c836bdf63e76afb311de26ed4f25b073bda843ebfa25e136849e3882822257e3783058f30af818a96764d60821a40329cff4e1badac

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-interlocked-l1-1-0.dll
                                                              MD5

                                                              48a5e206d92f3102256ec65e8d570ee0

                                                              SHA1

                                                              76024fad398dfa4734afce0cc2e5ac117f090ba6

                                                              SHA256

                                                              a272ae4fc60e511f48950b08f106fcdd3bc86831df908ee78d630f1ae921880c

                                                              SHA512

                                                              65407da566b571e050c25448be6042e84b0c1c7248422cba00b543af9de425a723b0c7c54c4eb6f534e42b1679a058562d500875ddc4f2b52e6b8e6107b1b575

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-libraryloader-l1-1-0.dll
                                                              MD5

                                                              e33f52e89dfc376eaf7aa655f260ca76

                                                              SHA1

                                                              b66e1f934f491544190714966031b6dfd2e349ec

                                                              SHA256

                                                              0bd03e89a539aaa3100e2f7d9a058964730320e55aee1f85be8fd243eea7017a

                                                              SHA512

                                                              95cb889599801ba7fa225b633d0fe25fdcc8b495dee5eba05b15a6e53a8a3643b5defe1a881236c40f4fa4365d6775ece067dbb526afdf2015f4d1355c9dfc57

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-localization-l1-2-0.dll
                                                              MD5

                                                              dbb81fcc74c59490008ee59bffff5a6d

                                                              SHA1

                                                              edbb465ab3bea3a4df3f05e5a4e816edbe195c3b

                                                              SHA256

                                                              f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1

                                                              SHA512

                                                              2847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-memory-l1-1-0.dll
                                                              MD5

                                                              0ee9e0c830a7534dcfc9be72146796f9

                                                              SHA1

                                                              cecc860b494135482ae693f8e252301073a98578

                                                              SHA256

                                                              8f3f0fd765a37f48162f0bd00c3047e79b4eda355223bfcbed4d35b51349cfcc

                                                              SHA512

                                                              47161e02f4478464ab45c1e3bf9d244d34613e0e68ebe48511a9a0c4e7f8ddb0c1dfd59707c6968c5d76d5027cd19ef748d1235bf74b976410ea6672a6a4bcaf

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-namedpipe-l1-1-0.dll
                                                              MD5

                                                              1557093add722d1c5a97c359bfcd0d77

                                                              SHA1

                                                              a8ce995f00a12a81a13d3ef47ce0834178ed69a4

                                                              SHA256

                                                              3a20635a223e68418c22858413e8c603aac25723de1cb0f54dd675349ec3213d

                                                              SHA512

                                                              b7acd6882b4d36b52f1e49e4b61ddd025de8503f765b72c94ec5a0d85b6ced513c348f7c4898675728c851a2632ad71c78937cdec9dff994b7b27ed2d85cdddd

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-processenvironment-l1-1-0.dll
                                                              MD5

                                                              2a61e4e21bf255107884b6520af5bbcc

                                                              SHA1

                                                              884eb1a835bcde4e7fd98134f0be797229f4239a

                                                              SHA256

                                                              64742ee0729cbe72555247b0165fae03bea7a6b0147869253dae3bb0072173e8

                                                              SHA512

                                                              d0ca104904352586bbd3da654125b3df9355fe250938a465e8e900d135cec397f1118fdf54829b076df82b8e45fcd7656c2c7aa33ad3c0af5189f7a55e43f498

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-processthreads-l1-1-0.dll
                                                              MD5

                                                              d5c4b8f7260563f72150a84fe884ee31

                                                              SHA1

                                                              dae1185359ed25a4974504cd1ceaacde28d4318e

                                                              SHA256

                                                              02839f3b2bdf6adfc89d2f800cc8acda59a40c3e7ce14ef3026f4c72e202297d

                                                              SHA512

                                                              09ca23413eecf1df94aa36e53fc6fff0f402f21eda2ef79be6aa087818a5bb82ed98db790a2b5cf4ef91a8f70d8e27f56313bc2054a26872d2cad611c472f0b7

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-processthreads-l1-1-1.dll
                                                              MD5

                                                              f61b9ecb79cd20fc2e8fce87286cfe43

                                                              SHA1

                                                              7a48accbe43e156f886f1f2836f74e1043feec59

                                                              SHA256

                                                              bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386

                                                              SHA512

                                                              42ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-profile-l1-1-0.dll
                                                              MD5

                                                              a472bd416bdc12668523670360650910

                                                              SHA1

                                                              831d930ef9917e0dccacd8e7f7fd6f3d90082441

                                                              SHA256

                                                              48dceeea29558966c391cda34e5755386c2e7e252ea0a03d8d1f21e3cb370c5b

                                                              SHA512

                                                              166134e6c3403f4437e10afb514a55677481d3b03f7cfdf17917a0bb6fa1f387feae58d7dd5dfbc375eae66d24f10c3163ba5958c22beb6978c0b778c2883b6f

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-rtlsupport-l1-1-0.dll
                                                              MD5

                                                              525a156e0ff61306fd44bf7937cacfae

                                                              SHA1

                                                              6a9a88317a55c939c0cb9f77256f5c3f961d0562

                                                              SHA256

                                                              41c69b545d931045a280f83b2f5fbe0ea18c35ac42dfca54b661b42fe8e4f982

                                                              SHA512

                                                              c99147eba45e9561b7a2802b0c15a2df2ac886ce95a95f2980f8bf4d1dff92a69b94f11cd17383b577303f24295b1b7e52b8c80ad26c0bb08862c726b9cd8841

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-string-l1-1-0.dll
                                                              MD5

                                                              e57ec98e69961e45cc7a4e0666d26b7d

                                                              SHA1

                                                              70462a1d68bf49908fcb7186743a47a1affc5d7d

                                                              SHA256

                                                              52c9b061c4c74eeb70019edde2b690c7e9d9744979a3b718d6687b3a83f00def

                                                              SHA512

                                                              4a450bcbce0eb3f98f78af07673227a55cdf8e7840fa892196cbb8d0f90551b32731f70f171644f8097fda97d57caa4b7430023671b19881764613231a20cdc9

                                                              Download Submit
                                                            • C:\Temp\TxGameDownload\Component\AppMarket\da12dfb041b409e76d6661e7ad02eb9b\Setup\api-ms-win-core-synch-l1-1-0.dll
                                                              MD5

                                                              99572ae21d1c8afe3d02f1124979e911

                                                              SHA1

                                                              5b17addc80b1406a3eaa615f5e37d92e953a0bb7

                                                              SHA256

                                                              e7d39dcb79d739ec030e9a4e2165b264a24c400566056e1fda267fdd1a8b36bd

                                                              SHA512

                                                              27ca8149d1f0c625de90a3f4cd4a4930ab0c1362ee10a7131ebfd2a88065c2a34c8ad7fb6d95ce33072146b9309488cbfe122984606d631b99d925e3fc42fcff

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Temp\IMedia-553.exe
                                                              MD5

                                                              78b3398cb13acd149db2a5c1c356fbc4

                                                              SHA1

                                                              f5746e719ff984ab9176250903a674e538665835

                                                              SHA256

                                                              53580dbf677b57a87a0850e0901a1efd6b64ef712938454462fad12ab2568ed3

                                                              SHA512

                                                              507c2b129563714a470ee08b9279d50e899e234ba3b2ef52d7874df42756e745ad9afa39c54d61f7aab97f7fb14f2e7570666208363dc6341c96778f2032a166

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Temp\IMedia-553.exe
                                                              MD5

                                                              78b3398cb13acd149db2a5c1c356fbc4

                                                              SHA1

                                                              f5746e719ff984ab9176250903a674e538665835

                                                              SHA256

                                                              53580dbf677b57a87a0850e0901a1efd6b64ef712938454462fad12ab2568ed3

                                                              SHA512

                                                              507c2b129563714a470ee08b9279d50e899e234ba3b2ef52d7874df42756e745ad9afa39c54d61f7aab97f7fb14f2e7570666208363dc6341c96778f2032a166

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Temp\syzs03_1000219144.exe
                                                              MD5

                                                              978f6dedc60783400095644b456890e9

                                                              SHA1

                                                              6c4436ab56188ac5ba8786cd76f0de15996f6fe8

                                                              SHA256

                                                              f2d4cc7e40d526ad84229d06e4ffd05d68c22359e6c4b5695087a7d8b735aeab

                                                              SHA512

                                                              0ce5c41bae0988e8e82f5c1723a907e8de99c951ca93f990ea3bc02d14d3d8ce4616622a6323f7ae41fc29773368488729ee281bee1f95f9d1f0a31034df5e3d

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Temp\syzs03_1000219144.exe
                                                              MD5

                                                              978f6dedc60783400095644b456890e9

                                                              SHA1

                                                              6c4436ab56188ac5ba8786cd76f0de15996f6fe8

                                                              SHA256

                                                              f2d4cc7e40d526ad84229d06e4ffd05d68c22359e6c4b5695087a7d8b735aeab

                                                              SHA512

                                                              0ce5c41bae0988e8e82f5c1723a907e8de99c951ca93f990ea3bc02d14d3d8ce4616622a6323f7ae41fc29773368488729ee281bee1f95f9d1f0a31034df5e3d

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Roaming\IMedia\Config\SoftInfo.ini
                                                              MD5

                                                              cd738748e9ab1cf713c9e07e5fbe1dfc

                                                              SHA1

                                                              d069563efb4b34cd15e2586b6df218f7036e4095

                                                              SHA256

                                                              bff42cbb497bb24fafc4beb32942d000e6b32c361e5c85903fd199ff91d6c816

                                                              SHA512

                                                              f0f4f5833c284eda753b575037ec41deaf6dc22ea4517515152ef586bd1467c9d68bfb4fcc523cf305dbdecb79f5fdfe15e52a2812b847f0ef26b3780865fc3f

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Roaming\IMedia\SoftInfoConfig.cfg
                                                              MD5

                                                              86303559a33932e1a9dbc9c95e0f2a6f

                                                              SHA1

                                                              7c8c7ef982f6ae627850b961db751c87c266fe53

                                                              SHA256

                                                              8886067d7f8bb36f1c065fa47423961b425b807f91b0248eaa869983b9841ba2

                                                              SHA512

                                                              c1e3709315185425536b55e698fc9908ecc6de1f7e0f1c4b18426b4b1b15fd6b9b1877f1f49463c0fc0d0cda5195c407224d8d116768177234d037c141b22990

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Roaming\IMedia\SoftInfoConfig.cfg
                                                              MD5

                                                              86303559a33932e1a9dbc9c95e0f2a6f

                                                              SHA1

                                                              7c8c7ef982f6ae627850b961db751c87c266fe53

                                                              SHA256

                                                              8886067d7f8bb36f1c065fa47423961b425b807f91b0248eaa869983b9841ba2

                                                              SHA512

                                                              c1e3709315185425536b55e698fc9908ecc6de1f7e0f1c4b18426b4b1b15fd6b9b1877f1f49463c0fc0d0cda5195c407224d8d116768177234d037c141b22990

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Roaming\IMedia\SoftInfoConfig.cfg
                                                              MD5

                                                              86303559a33932e1a9dbc9c95e0f2a6f

                                                              SHA1

                                                              7c8c7ef982f6ae627850b961db751c87c266fe53

                                                              SHA256

                                                              8886067d7f8bb36f1c065fa47423961b425b807f91b0248eaa869983b9841ba2

                                                              SHA512

                                                              c1e3709315185425536b55e698fc9908ecc6de1f7e0f1c4b18426b4b1b15fd6b9b1877f1f49463c0fc0d0cda5195c407224d8d116768177234d037c141b22990

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Roaming\IMedia\SoftInfoConfig.cfg
                                                              MD5

                                                              86303559a33932e1a9dbc9c95e0f2a6f

                                                              SHA1

                                                              7c8c7ef982f6ae627850b961db751c87c266fe53

                                                              SHA256

                                                              8886067d7f8bb36f1c065fa47423961b425b807f91b0248eaa869983b9841ba2

                                                              SHA512

                                                              c1e3709315185425536b55e698fc9908ecc6de1f7e0f1c4b18426b4b1b15fd6b9b1877f1f49463c0fc0d0cda5195c407224d8d116768177234d037c141b22990

                                                              Download Submit
                                                            • \Program Files (x86)\IMedia\IMedia64.dll
                                                              MD5

                                                              48f1abb480690cea0992905cdcbb131c

                                                              SHA1

                                                              744ee09ea4094622ebc7374ead52370939a10f39

                                                              SHA256

                                                              32835910ecf2df98d5973991ecf3676752d7dc67728f4adc1def50609c7b7c8b

                                                              SHA512

                                                              709b714bc2129709b613737c3c0f7ca72244f43f7a433ce64441d7f4a9a072a6eb85f4a9bddf9f7a7f5cc24c18eea677e8194938e75e40289a73b122a5e6ebe3

                                                              Download Submit
                                                            • \Program Files (x86)\IMedia\IMedia64.dll
                                                              MD5

                                                              48f1abb480690cea0992905cdcbb131c

                                                              SHA1

                                                              744ee09ea4094622ebc7374ead52370939a10f39

                                                              SHA256

                                                              32835910ecf2df98d5973991ecf3676752d7dc67728f4adc1def50609c7b7c8b

                                                              SHA512

                                                              709b714bc2129709b613737c3c0f7ca72244f43f7a433ce64441d7f4a9a072a6eb85f4a9bddf9f7a7f5cc24c18eea677e8194938e75e40289a73b122a5e6ebe3

                                                              Download Submit
                                                            • \Program Files (x86)\IMedia\IMedia64.dll
                                                              MD5

                                                              48f1abb480690cea0992905cdcbb131c

                                                              SHA1

                                                              744ee09ea4094622ebc7374ead52370939a10f39

                                                              SHA256

                                                              32835910ecf2df98d5973991ecf3676752d7dc67728f4adc1def50609c7b7c8b

                                                              SHA512

                                                              709b714bc2129709b613737c3c0f7ca72244f43f7a433ce64441d7f4a9a072a6eb85f4a9bddf9f7a7f5cc24c18eea677e8194938e75e40289a73b122a5e6ebe3

                                                              Download Submit
                                                            • \Program Files (x86)\IMedia\IMedia64.dll
                                                              MD5

                                                              48f1abb480690cea0992905cdcbb131c

                                                              SHA1

                                                              744ee09ea4094622ebc7374ead52370939a10f39

                                                              SHA256

                                                              32835910ecf2df98d5973991ecf3676752d7dc67728f4adc1def50609c7b7c8b

                                                              SHA512

                                                              709b714bc2129709b613737c3c0f7ca72244f43f7a433ce64441d7f4a9a072a6eb85f4a9bddf9f7a7f5cc24c18eea677e8194938e75e40289a73b122a5e6ebe3

                                                              Download Submit
                                                            • \Program Files (x86)\IMedia\IMedia64.dll
                                                              MD5

                                                              48f1abb480690cea0992905cdcbb131c

                                                              SHA1

                                                              744ee09ea4094622ebc7374ead52370939a10f39

                                                              SHA256

                                                              32835910ecf2df98d5973991ecf3676752d7dc67728f4adc1def50609c7b7c8b

                                                              SHA512

                                                              709b714bc2129709b613737c3c0f7ca72244f43f7a433ce64441d7f4a9a072a6eb85f4a9bddf9f7a7f5cc24c18eea677e8194938e75e40289a73b122a5e6ebe3

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\NSISdl.dll
                                                              MD5

                                                              254f13dfd61c5b7d2119eb2550491e1d

                                                              SHA1

                                                              5083f6804ee3475f3698ab9e68611b0128e22fd6

                                                              SHA256

                                                              fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

                                                              SHA512

                                                              fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\System.dll
                                                              MD5

                                                              00a0194c20ee912257df53bfe258ee4a

                                                              SHA1

                                                              d7b4e319bc5119024690dc8230b9cc919b1b86b2

                                                              SHA256

                                                              dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

                                                              SHA512

                                                              3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\System.dll
                                                              MD5

                                                              00a0194c20ee912257df53bfe258ee4a

                                                              SHA1

                                                              d7b4e319bc5119024690dc8230b9cc919b1b86b2

                                                              SHA256

                                                              dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

                                                              SHA512

                                                              3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Temp\nsl2254.tmp\System.dll
                                                              MD5

                                                              00a0194c20ee912257df53bfe258ee4a

                                                              SHA1

                                                              d7b4e319bc5119024690dc8230b9cc919b1b86b2

                                                              SHA256

                                                              dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

                                                              SHA512

                                                              3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

                                                              Download Submit
                                                            • \Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll
                                                              MD5

                                                              2814acbd607ba47bdbcdf6ac3076ee95

                                                              SHA1

                                                              50ab892071bed2bb2365ca1d4bf5594e71c6b13b

                                                              SHA256

                                                              5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

                                                              SHA512

                                                              34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

                                                              Download Submit
                                                            • memory/196-245-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/200-224-0x00000000007A0000-0x00000000007BA000-memory.dmp
                                                              Filesize

                                                              104KB

                                                              Download
                                                            • memory/200-223-0x0000000001F90000-0x0000000001FE7000-memory.dmp
                                                              Filesize

                                                              348KB

                                                              Download
                                                            • memory/200-222-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/584-225-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/992-131-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/992-299-0x0000000002DE0000-0x0000000002DE1000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/1052-142-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/1056-226-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/1056-228-0x0000000010000000-0x0000000010158000-memory.dmp
                                                              Filesize

                                                              1.3MB

                                                              Download
                                                            • memory/1276-197-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/1400-145-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/1460-234-0x0000000002C80000-0x0000000002D95000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/1460-227-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/1588-216-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2176-198-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2180-195-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2216-163-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2248-247-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2248-252-0x0000000002BA0000-0x0000000002CB5000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/2284-196-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2320-159-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2376-273-0x0000000034630000-0x0000000034640000-memory.dmp
                                                              Filesize

                                                              64KB

                                                              Download
                                                            • memory/2452-120-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2532-148-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2792-201-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2832-191-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2848-194-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/2848-127-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3120-200-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3156-193-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3172-158-0x0000000003550000-0x00000000037D9000-memory.dmp
                                                              Filesize

                                                              2.5MB

                                                              Download
                                                            • memory/3172-125-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3340-254-0x00000000007B0000-0x0000000000807000-memory.dmp
                                                              Filesize

                                                              348KB

                                                              Download
                                                            • memory/3340-251-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3404-134-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3568-286-0x0000000010000000-0x00000000101BA000-memory.dmp
                                                              Filesize

                                                              1.7MB

                                                              Download
                                                            • memory/3568-285-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3708-135-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3724-152-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3892-309-0x0000000004390000-0x00000000044A1000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/3892-311-0x0000000002930000-0x0000000002931000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/3928-192-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/3952-307-0x0000000002D50000-0x0000000002D51000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/3988-199-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4012-292-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4092-232-0x0000000000690000-0x00000000006AA000-memory.dmp
                                                              Filesize

                                                              104KB

                                                              Download
                                                            • memory/4092-231-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4092-233-0x0000000000690000-0x00000000006E7000-memory.dmp
                                                              Filesize

                                                              348KB

                                                              Download
                                                            • memory/4100-265-0x0000000003F60000-0x0000000004071000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/4100-267-0x0000000000A60000-0x0000000000A61000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/4100-257-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4188-218-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4196-281-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4212-217-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4216-294-0x0000000010000000-0x00000000100E0000-memory.dmp
                                                              Filesize

                                                              896KB

                                                              Download
                                                            • memory/4228-243-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4276-219-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4280-244-0x00000000020B0000-0x0000000002107000-memory.dmp
                                                              Filesize

                                                              348KB

                                                              Download
                                                            • memory/4280-240-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4280-242-0x0000000000460000-0x000000000047A000-memory.dmp
                                                              Filesize

                                                              104KB

                                                              Download
                                                            • memory/4396-269-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4488-220-0x000000006FFF0000-0x0000000070000000-memory.dmp
                                                              Filesize

                                                              64KB

                                                              Download
                                                            • memory/4488-221-0x0000000000680000-0x000000000069C000-memory.dmp
                                                              Filesize

                                                              112KB

                                                              Download
                                                            • memory/4540-202-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4568-306-0x0000000002190000-0x0000000002191000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/4588-204-0x00000000007C0000-0x00000000007C1000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/4588-203-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4592-302-0x0000000004090000-0x0000000004091000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/4592-303-0x00000000040B0000-0x00000000040C0000-memory.dmp
                                                              Filesize

                                                              64KB

                                                              Download
                                                            • memory/4592-301-0x0000000004210000-0x0000000004321000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/4636-205-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4636-206-0x0000000010000000-0x00000000100E8000-memory.dmp
                                                              Filesize

                                                              928KB

                                                              Download
                                                            • memory/4644-271-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4668-236-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4672-255-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4680-235-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4696-210-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4732-290-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4732-293-0x0000000003730000-0x0000000003731000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/4764-211-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4832-268-0x0000000000760000-0x0000000000761000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/4832-264-0x0000000003D10000-0x0000000003E21000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/4832-259-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4832-270-0x000000006FFF0000-0x0000000070000000-memory.dmp
                                                              Filesize

                                                              64KB

                                                              Download
                                                            • memory/4860-212-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4892-213-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4908-237-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4960-239-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4960-241-0x0000000002C20000-0x0000000002D35000-memory.dmp
                                                              Filesize

                                                              1.1MB

                                                              Download
                                                            • memory/4964-238-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4968-256-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/4968-266-0x0000000000670000-0x00000000007BA000-memory.dmp
                                                              Filesize

                                                              1.3MB

                                                              Download
                                                            • memory/4996-274-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/5056-214-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/5084-289-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/5092-246-0x0000000000000000-mapping.dmp
                                                              Download
                                                            • memory/5100-215-0x0000000000000000-mapping.dmp
                                                              Download