Analysis
-
max time kernel
600s -
max time network
275s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
26-07-2021 01:48
Static task
static1
Behavioral task
behavioral1
Sample
1DED78A44A6A508EDE0D043BDF0FBDFE.exe
Resource
win7v20210410
General
-
Target
1DED78A44A6A508EDE0D043BDF0FBDFE.exe
-
Size
29.6MB
-
MD5
1ded78a44a6a508ede0d043bdf0fbdfe
-
SHA1
096b5221378ebf385ded0d5c1298ceaec0264b34
-
SHA256
bf74501ed4ba4b301a715cd9110fe2f91ef7124656016d99dbb2f1146a80d232
-
SHA512
07a880cc3dd70a25852f1ec2b38aaf443fe28d9fbc0a4629b31216790d96a9b753fcaa0aeda56de280663c198df1a617d74563446b5c453d6f48c33ac24fb1c5
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 21 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI17002\python38.dll acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\python38.dll acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\_ctypes.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\_ctypes.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\libffi-7.dll acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\libffi-7.dll acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\_socket.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\_socket.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\select.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\select.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\_bz2.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\_bz2.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\_lzma.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\_lzma.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\pyexpat.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\pyexpat.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\win32api.pyd acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\win32api.pyd acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\pywintypes38.dll acprotect \Users\Admin\AppData\Local\Temp\_MEI17002\pywintypes38.dll acprotect C:\Users\Admin\AppData\Local\Temp\_MEI17002\pythoncom38.dll acprotect -
Enumerates VirtualBox DLL files 2 TTPs
-
Looks for VirtualBox drivers on disk 2 TTPs
-
Looks for VirtualBox executables on disk 2 TTPs
-
Drops file in Drivers directory 8 IoCs
Processes:
1DED78A44A6A508EDE0D043BDF0FBDFE.exedescription ioc process File created C:\Windows\SysWOW64\drivers\en-US\pacer.sys.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\en-US\qwavedrv.sys.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\en-US\scfilter.sys.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\en-US\tcpip.sys.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\gm.dls.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\gmreadme.txt.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\en-US\bfe.dll.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe -
Looks for VMWare drivers on disk 2 TTPs
-
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI17002\python38.dll upx \Users\Admin\AppData\Local\Temp\_MEI17002\python38.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\_ctypes.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\_ctypes.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\libffi-7.dll upx \Users\Admin\AppData\Local\Temp\_MEI17002\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\_socket.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\select.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\_bz2.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\_bz2.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\_lzma.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\_lzma.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\pyexpat.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\pyexpat.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\win32api.pyd upx \Users\Admin\AppData\Local\Temp\_MEI17002\win32api.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\pywintypes38.dll upx \Users\Admin\AppData\Local\Temp\_MEI17002\pywintypes38.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI17002\pythoncom38.dll upx -
Loads dropped DLL 55 IoCs
Processes:
1DED78A44A6A508EDE0D043BDF0FBDFE.exepid process 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1368 1DED78A44A6A508EDE0D043BDF0FBDFE.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 64 IoCs
Processes:
1DED78A44A6A508EDE0D043BDF0FBDFE.exedescription ioc process File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SnippingTool-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\sisraid4.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\KBDSW09.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\oflc.rs.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\ar-SA\mlang.dll.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-CoreClientUAPE-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\elxstor.inf_amd64_neutral_4263942b9dfe9077\elxstor.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Server-Help-Package.ClientHomePremium~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Shell-WinIP-Package~31bf3856ad364e35~amd64~ko-KR~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\net1qx64.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\hdaudss.PNF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\C_932.NLS.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2534111~31bf3856ad364e35~amd64~~6.1.1.0.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Multimedia-Package~31bf3856ad364e35~amd64~es-ES~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\cxraphd.rom.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\mdmbr005.PNF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\inetcpl.cpl.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\VIDRESZR.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Xps-Foundation-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot2\edb0046B.log.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\KBDCA.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~amd64~it-IT~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\wialx006.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9\iscsi.PNF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\mdmgl001.PNF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-CoreClientUAUE-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Base-WinIP-Package~31bf3856ad364e35~amd64~hi-IN~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\Dism\en-US\OSProvider.dll.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\WindowsSideShowEnhancedDriver.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\kstvtune.ax.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\WMVDECOD.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Starter-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\mdmeric2.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\hcw72b64.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_neutral_492d4e047d14bde9\mdmeiger.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\C_875.NLS.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\KBDHE.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\KBDHELA3.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WinMan-WinIP-Package~31bf3856ad364e35~amd64~~7.2.7601.16406.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Server-Help-Package.ClientHomeBasic~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\irprops.cpl.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\WsmTxt.xsl.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_64_for_KB3109118~31bf3856ad364e35~amd64~~6.1.4.0.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-WinIP-Package~31bf3856ad364e35~amd64~sr-LATN-CS~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\prngt002.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\netl160a.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\merlinc.rom.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\winspool.drv.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SystemRestore-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Client-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2731771_SP1~31bf3856ad364e35~amd64~~6.1.1.1.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~amd64~he-IL~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~lv-LV~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\SysWOW64\cs-CZ\d2d1.dll.mui.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\prnhp003.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\System32\DriverStore\en-US\wiaca00b.inf_loc.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe -
Drops file in Program Files directory 64 IoCs
Processes:
1DED78A44A6A508EDE0D043BDF0FBDFE.exedescription ioc process File created C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUCRES.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00941_.WMF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\EXPTOOWS.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME15.CSS.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_GreenTea.gif.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WPEQU532.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0293832.WMF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\ADVCMP.DIC.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\ALARM.WAV.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\he.pak.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02278_.WMF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\WORDIRM.XML.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\Office64MUISet.XML.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18193_.WMF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\IPMS.ICO.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RSSITEML.ICO.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\uk.pak.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\DVD Maker\Shared\Filters.xml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe -
Drops file in Windows directory 64 IoCs
Processes:
1DED78A44A6A508EDE0D043BDF0FBDFE.exedescription ioc process File created C:\Windows\servicing\Packages\Microsoft-Windows-PowerShell-WTR-Package~31bf3856ad364e35~amd64~~7.2.7601.16406.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\diagnostics\system\Performance\RS_SwitchIntoDMA.ps1.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\corbeli.ttf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\iirsp2.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Help\mui\0409\qos.CHM.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\EditAppSetting.aspx.resx.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.188dd00b#\3221164d1505204d3c0586c81505c2cc\System.Web.Abstractions.ni.dll.aux.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\phagspab.ttf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\prcp.nlp.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-IIS-WebServer-AddOn-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package-MiniLP~31bf3856ad364e35~amd64~lv-LV~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\debug\PASSWD.LOG.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\diagnostics\system\Printer\TS_DefaultPrinter.ps1.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Media\Calligraphy\Windows Error.wav.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\MOF\ServiceModel.mof.uninstall.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\app936.fon.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\v_mscdsc.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-Multimedia-Package~31bf3856ad364e35~amd64~bg-BG~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\oem1.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\prnlx00x.PNF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers\mozilla.browser.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\normnfc.nlp.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Package_429_for_KB3109118~31bf3856ad364e35~amd64~~6.1.4.0.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\cvgasys.fon.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\managePermissions.aspx.resx.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\Browsers\EZWap.browser.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\stexstor.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\8514fixg.fon.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\mdmzyp.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Package_416_for_KB3109118~31bf3856ad364e35~amd64~~6.1.4.0.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~de-DE~7.1.7601.16492.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\lsi_sas2.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Installer\5671.msi.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\diagnostics\system\Power\RS_Adjustwirelessadaptersettings.ps1.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\serifee.fon.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\mdmgl004.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounters.h.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_hightrust.config.default.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\MOF\ServiceModel35.mof.uninstall.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Package_250_for_KB3109118~31bf3856ad364e35~amd64~~6.1.4.0.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~amd64~zh-TW~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv43e0ae6e#\155f8a911bfaadd919c85d61838cdd1e\System.ServiceModel.Routing.ni.dll.aux.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\diagnostics\system\Printer\RS_NoPrinterInstalled.ps1.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\upcdb.ttf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~zh-CN~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Performance\WinSAT\Clip_1080_5sec_MPEG2_HD_15mbps.mpg.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package-MiniLP~31bf3856ad364e35~amd64~sk-SK~7.1.7601.16492.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-Graphics-Package~31bf3856ad364e35~amd64~hi-IN~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\PolicyDefinitions\en-US\Snmp.adml.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~fr-FR~7.1.7601.16492.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Fonts\GOUDYSTO.TTF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Media\Characters\Windows Battery Low.wav.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\default.aspx.resx.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\mdmbsb.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-Multimedia-Package~31bf3856ad364e35~amd64~da-DK~7.1.7601.16492.mum.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\ph3xibc0.PNF.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\inf\usbport.inf.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe File created C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-Graphics-Package~31bf3856ad364e35~amd64~el-GR~7.1.7601.16492.cat.VY Canis Majoris.UY Scuti.Galaxy 1DED78A44A6A508EDE0D043BDF0FBDFE.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
1DED78A44A6A508EDE0D043BDF0FBDFE.exedescription pid process target process PID 1700 wrote to memory of 1368 1700 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1DED78A44A6A508EDE0D043BDF0FBDFE.exe PID 1700 wrote to memory of 1368 1700 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1DED78A44A6A508EDE0D043BDF0FBDFE.exe PID 1700 wrote to memory of 1368 1700 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1DED78A44A6A508EDE0D043BDF0FBDFE.exe PID 1700 wrote to memory of 1368 1700 1DED78A44A6A508EDE0D043BDF0FBDFE.exe 1DED78A44A6A508EDE0D043BDF0FBDFE.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1DED78A44A6A508EDE0D043BDF0FBDFE.exe"C:\Users\Admin\AppData\Local\Temp\1DED78A44A6A508EDE0D043BDF0FBDFE.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1DED78A44A6A508EDE0D043BDF0FBDFE.exe"C:\Users\Admin\AppData\Local\Temp\1DED78A44A6A508EDE0D043BDF0FBDFE.exe"2⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\VCRUNTIME140.dllMD5
2ebf45da71bd8ef910a7ece7e4647173
SHA14ecc9c2d4abe2180d345f72c65758ef4791d6f06
SHA256cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b
SHA512a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\_bz2.pydMD5
e9fae9b6f0758331a385060966b66b7f
SHA15fbf7cb86247c05bdab2e7527ebad70cc0ad7e03
SHA2560a2106470a9c2ac51d8831ac3f4a90dd346de26847d61e9705c6865943411b7e
SHA51213ca0703c46f6e39fcde977cd12033757510606c293a52919eea89f75edb4d2a9a9821964a46e9d4ff08c5b02f89854cb8542616e415ef6c394f7fb539f74b3c
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\_ctypes.pydMD5
4fba2913988a82476c8625460c01b07c
SHA1538cde472fddff84e2d83858d58fea696c3bb1de
SHA2560ab0edd31e8c1092bee28028ddd1836cee749085625a8c02bdc5ad039e937e03
SHA5125afbb15780d000e3dd830a8011d6e9a719d41771feb6dfb50eb15b4607f004bce3bea646290b2d63a85d0d36147a779c0e51f417f0b55c8cdc472854f94077c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\_lzma.pydMD5
a85b1e72c3404a3d72907ce3ceb17576
SHA1b15f3ab6b37608a5ece35604f4d9e5f53ee53645
SHA2560d4909bd506596007dfeaa641f0dad6bf95dc7728ccd7ee27ab41026c8b72167
SHA512eb029e1d784cc87073b33c0aac09dfeea105e146046f756a37c02122bdcbcf27cc2acf77c76989ca4faa51c58f56e5809ed3d44e3b06b8d598d5845bc04194e2
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\_socket.pydMD5
f6a7cc5f63bc826f8184bd3db9c918fe
SHA13f4fb9a3984c6d7fa0c6cc539de932c022845c64
SHA256a203cb6a97b3c487e0e303ca6ba1903f05bb37bc75c357d90aa9050d94665394
SHA512da3f33d80c2b9f81b2e0e5a86ba37e65aa6f39fe9811e6b376d86f04350240d35f6c19c8d4f8dae2a725a9b060827fe99c5619c6dee6fa1ddd2aea12817604c5
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-file-l1-2-0.dllMD5
5576fdd1f244be3f29072f3d0ef710e1
SHA1653a08eee34c6391ce6bc3786875505578058a29
SHA25626c712d65bd2d3621dbd75ec9cd9c25b5a43035137171c64c101c66f6943daa0
SHA512d9e08ef90645037fbb06e7e6c98a5d66837de1c1f51381a4ec0473ef2dc3085838d90ed69d9f0902cb2c6e41b603c7061637eb79655c1131d33c2a7c67a2f9c3
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-file-l2-1-0.dllMD5
718b88fc6f158a62309419cdc7c511ed
SHA1294701dfa10801bf6bf8e8d6e3ec471ea81255d4
SHA2568cd67dbc62070c1288e83d5789f41664951fb0c120070ab5334ac7719a5c8ac9
SHA5128d41158b776fe31f9b2e785c9e1c90f86d69fe85ec777c171fd5063b73faf20a7473cb3ff4afae9666c6e4473210b94a837b847a0d2455fec2516e7ca6304c56
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-localization-l1-2-0.dllMD5
a28c593b3efad3870be8c59957a65ca5
SHA1fe90b4dff833d2a488e36c02d8cd0da1e9eb4bdd
SHA2567ff7b17ecc55f978dab562a5bd26826085d9f80131ed415cee7c3b95c95b246a
SHA512b34230e6ae04335975ee9bb8759767a8e74bbd1e220fa17568d95c755b3f959291a45a45cd27f845d38b940b2062145c21fabadd1985ec92b49e4761942bd90c
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-processthreads-l1-1-1.dllMD5
eba234a05bd7fa9650ef9184d67554f2
SHA1ca1d5a8e1cbbf741baced4040aa4b57131f2737b
SHA256c51565cc52ea3e372acca10ffad2cd2ae43eaa8bca18742b045c7e99919b775f
SHA5120f3bb6bbc8d865d2c5261509ee4480953c6d89526ceca67b36eb96d0430f56e9d4b8dbd236588ac150a1219c36e412a3916dbf0719f75e984aa65fbda1821dea
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-timezone-l1-1-0.dllMD5
f605bbc701e9a9ac82d5fe9533d46ebd
SHA1e3231c03659dcd4edaf1869849e1b5060c8a9481
SHA256b4d6282b721ec240ccf03c396e0aa589d113e6e5d49942ac7e1d9bedc50561e4
SHA512c158db8a931fad6261673142cafec366d1c70bd962788dde99b7895b2057b29aa26fc07e2ee7bfc2a8204ea07d1faf03cd313bc4836cdbb642226babd9bf4f2b
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-conio-l1-1-0.dllMD5
4be787d220b988d8936584b1c534b9a4
SHA1e06f728abcb6ee4892d6ce4075a72d6567560c26
SHA256b0fc7123806fbc54b32584cda425ab8c7553ca6d1fe382c8c137bbdd5872c5f1
SHA51232204579e3f27b31d5043b08e7d014d00774f4008331b53134012be194eb8c696dfd3690d09b4ec6685c99b6b7801be1ec9dc234fee1088e961022344dfd902c
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-convert-l1-1-0.dllMD5
c4a790e9b5371d5179bff78b3577edcc
SHA160d4c670643ca8e0bb6f482b7133efd3c59037df
SHA256f3334fd8cde800152651200258dc4719271010677e1a55218c5f24bc6e7c7ff5
SHA512b32df7ab4f4ab53c2357ef1e872740736f34f74a72a1ab07ba889a77f09ff2f7918c572c8255f70365729a1bd3f0ade23c09b08d4c0a44dc4e45318f4515fed8
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-environment-l1-1-0.dllMD5
6f1a2d17995baff500d9a2e2ea4bf493
SHA118de93491e362de93f9e61c00f1c94aef2d880c5
SHA2562ed73364a84581e67b5ce98ee8f69ddc03f49a202a94f367e9855b50eb8ae9a4
SHA512d56bf9a90f05ba17119886a82218e60b1a2c31dd05396ab4894523658c6299a353aada786b6272ce1fe88886d17ac43f0d71dbef569ddbcc71d1621ff27fe5d7
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-filesystem-l1-1-0.dllMD5
34664ea68d4dc7b94015a90869b55604
SHA15bd6abb07694159e4bb9b979669bd674747892ea
SHA256c45fd7fe182b3edd287f5ae36e8e77198885be931607ca207af7dc8489b60bad
SHA5124ac1b9caa40988e313e6075445906c372e8f0d6fd3e3092d2358e9584bb0f0c51586c8579ea8c4031d314a6d5ece31bfa8f4025225800f33ef9b290edb8d7dc3
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-heap-l1-1-0.dllMD5
fd5925326354d9186891eb6da64da666
SHA13786f18ffd4b8f2e053f1568529c6b2c4a3d1b69
SHA25605e695d316b0ab969cc221a99bf6f2581cbe5dadd2b966e811d151dfc9dbaeb4
SHA512aad816e7c124ab0cbb3d1f5b472ed5e74f568df7b2da14d802d3e25a86fb3bda3c4d1f60ccd89aa07a941d48befabd0506403e4f3a10b770947649c1e234032e
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-locale-l1-1-0.dllMD5
9a69eb348d7bc3c58e2e30fb2b8dd62b
SHA1f18b5d1efed27de795207b413f19cf2643d9cadd
SHA25670e06ed73bec7ac66c43ebaa03a020a2b976eb480ded429db74d31d47933fe78
SHA512f3a74a7b311884179cefeeb07551c09385f6f5d76a378a4f5be66d5a155c3a8820e256b5a312f5f9ff24a5d87b7ee65db503c7c721149c50e62263b0fc9adf5e
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-math-l1-1-0.dllMD5
5559d8f37665f327c295b4cd1638a3f2
SHA136d1a51b7d1741b0c3659be51fcb5d0c997752f1
SHA2560c257ab2ba4553470b14c159fea39673fd7cfd02cedc2aa1294ab75618e19f7f
SHA512aad4b0fe7172c1472deefa1dcd10072af73c14c50cb8e0b6e1b189dc9ce3bb043cf8dbb8306045bf36d0f46c9272d87664ed11670ebccdd16528ef2a35d59510
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-process-l1-1-0.dllMD5
0691f7dbc96e4f42908e337fc20ffe9f
SHA14828f5a36e20e72e7679f0a70061a3c091c4f41f
SHA25673747a60a92703f2eb0d83826093203357538a72ca321cfadc2e60427a6ed053
SHA512cb6f40517be63ddca0bdb9649d5da50c11856c53c3200830eb2939e08ace338678455adf346df84ea1f81fd6d0e91e4bfbe58aa5933ce87bc5337442af1bffc3
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-runtime-l1-1-0.dllMD5
9eceedbc48924ad17950e0ef64bfc78d
SHA18bad15420dceb3e250dc88fe6ec8c5c5fd0953cb
SHA2569b5dfbb6027d28c1a41cab008148e4a98bcd3d6a6d43269cd08dd8bbc366aa0f
SHA512f986673bcfd71cbed8ede8e8063d3911d499c9600017781f38ab2014db0e24467b0ebf398400d949219e84c13596248530fb9de297af83f98967f7faee55fcd3
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-stdio-l1-1-0.dllMD5
6cc5e2392b5617175da2406b7187c6c8
SHA1055cd8fd422de7630a256774bd90e70b1346a8a7
SHA25615d2aac51ef02eb8242e7c121d4f405237da415e4a05f41a16b8e3640dc27298
SHA5126b99ca77f45063ba4ecdaea214f42e8ee3431ce03e54f5119c284385408f438273ba3c881bb71bcf4059f8ae5ce6f05a1cf36fc84a65d9bfa9ce595a0a0be295
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-string-l1-1-0.dllMD5
8db568b36f13feeefd150da0b63adcbe
SHA103bb29284802db358609c2cd10398d8a5077e417
SHA2568597f9f239b350b86350f3cdb326bdca49cb23022703fe049f838998a8a32cd5
SHA5128d57fa2975e45c2df82634135e57f29579778a118e033f036bb093e654a9a9d6a0b450c45b24d68fac2232d3255dbe9c88368ea8f6d697a86d035417b9ce61e6
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-time-l1-1-0.dllMD5
8f5eca7b9be54bede759b2ba2f018bb2
SHA1f7fb27990f9629332074fe4a3703dd3cdacf78b9
SHA2569e5d937c72c6d5709b907130cf4c2bd12e3427e44d217a2047d461940c281c1f
SHA51245de9e9b66303554487016d448c11cc38e6ead5b48b8660cc311c182a7b3cc20a83063eef0f4071ca126341b8083f4a55523445b13e060e5b745527e3b6b44d4
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-utility-l1-1-0.dllMD5
2bc2d1ef644e67c00e139eacd6d6f656
SHA156f6f85fc0a8f9f382aadd9768ae777895fcfc60
SHA256c6acad7eecd63b54c2f12610b273a6bf5b4db737c0f8ce7670e778dd7a394e39
SHA512ece35c75a697812a113c8fcb625a7e23868e9697bae814665d28cd016af5aedeae21e0d4374f611992bb29e9edb9bba732d5113d7a4a779ee8def28b99509a5d
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\base_library.zipMD5
5b9dbac77705ebeafb101b3f9b0fb50f
SHA16bb77af71ea5a2059d77779334674462fe7419df
SHA256db13fc22122682b641e2f3eb1ff402255136fb27edabf0d6a317ae090730f570
SHA5121ee42d058b8c1e1eaea03de954dd69f40dcf60ff171421c2add1e52185484a63be7fff05e2bfcb8d50fa298ff9f1db62dff10a4cb975d28d903c70b34dfe0e5c
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\libffi-7.dllMD5
e3adbe89834e45e41962a5c932f93eca
SHA14b1e91af7655f4649c934c923b44c24f3726ce1c
SHA2560d248e8b0fa8dc6d4339721b5848b2bec4a1a914ba5745fdb027e936cd63e3e3
SHA512e3ec88c578c78ecf41277aa2311bc7811e63f55f61e6b2dd881cdc9a3e686f585b1003dc1691170b1a3cfc00a8a854a780e914b582a01546b97f3711ed331d87
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\pyexpat.pydMD5
c196bf14884ed47d3b4bc9d41f4ae043
SHA1b39f52f0292076ed35de23dc64d76b909ce3fc46
SHA256ded2a5518f3039f2727f29aa079a04c7814a87c9f03a199c5001a03758c124df
SHA512ed65521e7cb9783de96fda70fee42c69e87531204f5bf6190c51b1904d10d5905f2e46763f81aa67dd9038a72cc69f4bd310dc3a5735db8f3e58c9b64db644f3
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\python3.DLLMD5
47dd8b3e1a9ad80cfd9e50153a2ef577
SHA11b69768c1743571c552b1eaa09579af59198c14d
SHA2566220d665d93cd623f342deffa5d62d0ce35ac15927f4dad3a8fb608b8f7e8955
SHA5126cb2601b62e22c9ed3234415fc25272facb8a5abcf5e3a122e481a426d90e155bad977df877156718c7cd1dd7f943fc38fb4bd39d8d78791d0035fe665395baf
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\python38.dllMD5
c96b5b88cbfec579e8aa4eb061603f83
SHA1ba9850334ef20ebc17538df26478b875ac35ebce
SHA256f95f40113dc6b6457ec23daab5f54042f58d20d0830571aba15bcd16f2936ffe
SHA512b7ceaf174d98a9674d95eecded01a79e4c7c21540a5c8ca31470a57009570bf84acc403acfa54f14f64389deec77270ae4e6fd712935c3744fa4cf2aa9e4a2cb
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\pythoncom38.dllMD5
8d13b419296379ce2459cc15a00f897a
SHA19f34f9438218639e3248ce39928808d64e37ca5d
SHA256e475f187f0dbc23bdaf1f61bf616ad4c0baebe769b19ac99b24fce9a28bef15a
SHA5126b2dda6e8b47771793e88c9fdea69421f7422c2a02c462d4a3aafdc7878575c82cf806cf5dd2c85b682ce17ef84f794dc9e57fa0af4eecc47d602e69f9e064ea
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\pywintypes38.dllMD5
85f3ec1106488f70c9236ce2c065d97a
SHA1c7860b6a07e7611a45cb3d9d729ebb3b26ff08ba
SHA25687750c95d4b12abe9de797f49b4378ca5232f627e340e1e2297a81d614e6c9a4
SHA5126239275508e1aae9557ac86d8aabeee48169dc953c1a4d952d11316672137c918377a1f43c45be1447427f466a9e8b6c1e509070bfa60f1144a8aa98200169b6
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\select.pydMD5
8386c8ac090a77f74d05c17600048a73
SHA169c640d1cb5e69850898bfb7fff7a95f0625a172
SHA25687cb6704e8c2c4161709c1a14e85b133a7b83213804b167c7b3e03e65a9c0680
SHA5122a0f745779cbee527540dc0bea9ef47301feb1bd04834e8aa4e19e137615f76ea57d1c8045b86576a4c85233d8132d3a56694a9a3acea39d5977f55a4e62e082
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\ucrtbase.dllMD5
a924b24d71829da17e8908e05a5321e4
SHA1fa5c69798b997c34c87a8b32130f664cdef8c124
SHA256f32a61d91264aff96efd719915bed80785a8db4c8d881d6da28909b620fe466f
SHA5129223ec0e6e0f70b92473e897e4fd4635a19e9ca3aff2fe7c5c065764b58e86460442991787525ed53e425ecd36f2881a6df34c35d2a0e21b7ac4bc61bf1cbeab
-
C:\Users\Admin\AppData\Local\Temp\_MEI17002\win32api.pydMD5
2bd654748ea63ee6c78460d3e8b08618
SHA133bc8a14d146191dfde557e501ea23f1b54ecc82
SHA256cab4e9344cc5f79b3043f03d13affd82cdc19ef59a2f9bce78db9ac981738173
SHA5122281079ce618ce7ce52881c16ee8748271423d33360228da381d4535047b75293681c5438304303fd78b7d2a67d58a81f93f92ad3128960ba741a01b6141dd1e
-
\Users\Admin\AppData\Local\Temp\_MEI17002\VCRUNTIME140.dllMD5
2ebf45da71bd8ef910a7ece7e4647173
SHA14ecc9c2d4abe2180d345f72c65758ef4791d6f06
SHA256cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b
SHA512a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457
-
\Users\Admin\AppData\Local\Temp\_MEI17002\_bz2.pydMD5
e9fae9b6f0758331a385060966b66b7f
SHA15fbf7cb86247c05bdab2e7527ebad70cc0ad7e03
SHA2560a2106470a9c2ac51d8831ac3f4a90dd346de26847d61e9705c6865943411b7e
SHA51213ca0703c46f6e39fcde977cd12033757510606c293a52919eea89f75edb4d2a9a9821964a46e9d4ff08c5b02f89854cb8542616e415ef6c394f7fb539f74b3c
-
\Users\Admin\AppData\Local\Temp\_MEI17002\_ctypes.pydMD5
4fba2913988a82476c8625460c01b07c
SHA1538cde472fddff84e2d83858d58fea696c3bb1de
SHA2560ab0edd31e8c1092bee28028ddd1836cee749085625a8c02bdc5ad039e937e03
SHA5125afbb15780d000e3dd830a8011d6e9a719d41771feb6dfb50eb15b4607f004bce3bea646290b2d63a85d0d36147a779c0e51f417f0b55c8cdc472854f94077c6
-
\Users\Admin\AppData\Local\Temp\_MEI17002\_lzma.pydMD5
a85b1e72c3404a3d72907ce3ceb17576
SHA1b15f3ab6b37608a5ece35604f4d9e5f53ee53645
SHA2560d4909bd506596007dfeaa641f0dad6bf95dc7728ccd7ee27ab41026c8b72167
SHA512eb029e1d784cc87073b33c0aac09dfeea105e146046f756a37c02122bdcbcf27cc2acf77c76989ca4faa51c58f56e5809ed3d44e3b06b8d598d5845bc04194e2
-
\Users\Admin\AppData\Local\Temp\_MEI17002\_socket.pydMD5
f6a7cc5f63bc826f8184bd3db9c918fe
SHA13f4fb9a3984c6d7fa0c6cc539de932c022845c64
SHA256a203cb6a97b3c487e0e303ca6ba1903f05bb37bc75c357d90aa9050d94665394
SHA512da3f33d80c2b9f81b2e0e5a86ba37e65aa6f39fe9811e6b376d86f04350240d35f6c19c8d4f8dae2a725a9b060827fe99c5619c6dee6fa1ddd2aea12817604c5
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-file-l1-2-0.dllMD5
5576fdd1f244be3f29072f3d0ef710e1
SHA1653a08eee34c6391ce6bc3786875505578058a29
SHA25626c712d65bd2d3621dbd75ec9cd9c25b5a43035137171c64c101c66f6943daa0
SHA512d9e08ef90645037fbb06e7e6c98a5d66837de1c1f51381a4ec0473ef2dc3085838d90ed69d9f0902cb2c6e41b603c7061637eb79655c1131d33c2a7c67a2f9c3
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-file-l2-1-0.dllMD5
718b88fc6f158a62309419cdc7c511ed
SHA1294701dfa10801bf6bf8e8d6e3ec471ea81255d4
SHA2568cd67dbc62070c1288e83d5789f41664951fb0c120070ab5334ac7719a5c8ac9
SHA5128d41158b776fe31f9b2e785c9e1c90f86d69fe85ec777c171fd5063b73faf20a7473cb3ff4afae9666c6e4473210b94a837b847a0d2455fec2516e7ca6304c56
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-localization-l1-2-0.dllMD5
a28c593b3efad3870be8c59957a65ca5
SHA1fe90b4dff833d2a488e36c02d8cd0da1e9eb4bdd
SHA2567ff7b17ecc55f978dab562a5bd26826085d9f80131ed415cee7c3b95c95b246a
SHA512b34230e6ae04335975ee9bb8759767a8e74bbd1e220fa17568d95c755b3f959291a45a45cd27f845d38b940b2062145c21fabadd1985ec92b49e4761942bd90c
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-processthreads-l1-1-1.dllMD5
eba234a05bd7fa9650ef9184d67554f2
SHA1ca1d5a8e1cbbf741baced4040aa4b57131f2737b
SHA256c51565cc52ea3e372acca10ffad2cd2ae43eaa8bca18742b045c7e99919b775f
SHA5120f3bb6bbc8d865d2c5261509ee4480953c6d89526ceca67b36eb96d0430f56e9d4b8dbd236588ac150a1219c36e412a3916dbf0719f75e984aa65fbda1821dea
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-timezone-l1-1-0.dllMD5
f605bbc701e9a9ac82d5fe9533d46ebd
SHA1e3231c03659dcd4edaf1869849e1b5060c8a9481
SHA256b4d6282b721ec240ccf03c396e0aa589d113e6e5d49942ac7e1d9bedc50561e4
SHA512c158db8a931fad6261673142cafec366d1c70bd962788dde99b7895b2057b29aa26fc07e2ee7bfc2a8204ea07d1faf03cd313bc4836cdbb642226babd9bf4f2b
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-conio-l1-1-0.dllMD5
4be787d220b988d8936584b1c534b9a4
SHA1e06f728abcb6ee4892d6ce4075a72d6567560c26
SHA256b0fc7123806fbc54b32584cda425ab8c7553ca6d1fe382c8c137bbdd5872c5f1
SHA51232204579e3f27b31d5043b08e7d014d00774f4008331b53134012be194eb8c696dfd3690d09b4ec6685c99b6b7801be1ec9dc234fee1088e961022344dfd902c
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-convert-l1-1-0.dllMD5
c4a790e9b5371d5179bff78b3577edcc
SHA160d4c670643ca8e0bb6f482b7133efd3c59037df
SHA256f3334fd8cde800152651200258dc4719271010677e1a55218c5f24bc6e7c7ff5
SHA512b32df7ab4f4ab53c2357ef1e872740736f34f74a72a1ab07ba889a77f09ff2f7918c572c8255f70365729a1bd3f0ade23c09b08d4c0a44dc4e45318f4515fed8
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-environment-l1-1-0.dllMD5
6f1a2d17995baff500d9a2e2ea4bf493
SHA118de93491e362de93f9e61c00f1c94aef2d880c5
SHA2562ed73364a84581e67b5ce98ee8f69ddc03f49a202a94f367e9855b50eb8ae9a4
SHA512d56bf9a90f05ba17119886a82218e60b1a2c31dd05396ab4894523658c6299a353aada786b6272ce1fe88886d17ac43f0d71dbef569ddbcc71d1621ff27fe5d7
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-filesystem-l1-1-0.dllMD5
34664ea68d4dc7b94015a90869b55604
SHA15bd6abb07694159e4bb9b979669bd674747892ea
SHA256c45fd7fe182b3edd287f5ae36e8e77198885be931607ca207af7dc8489b60bad
SHA5124ac1b9caa40988e313e6075445906c372e8f0d6fd3e3092d2358e9584bb0f0c51586c8579ea8c4031d314a6d5ece31bfa8f4025225800f33ef9b290edb8d7dc3
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-heap-l1-1-0.dllMD5
fd5925326354d9186891eb6da64da666
SHA13786f18ffd4b8f2e053f1568529c6b2c4a3d1b69
SHA25605e695d316b0ab969cc221a99bf6f2581cbe5dadd2b966e811d151dfc9dbaeb4
SHA512aad816e7c124ab0cbb3d1f5b472ed5e74f568df7b2da14d802d3e25a86fb3bda3c4d1f60ccd89aa07a941d48befabd0506403e4f3a10b770947649c1e234032e
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-locale-l1-1-0.dllMD5
9a69eb348d7bc3c58e2e30fb2b8dd62b
SHA1f18b5d1efed27de795207b413f19cf2643d9cadd
SHA25670e06ed73bec7ac66c43ebaa03a020a2b976eb480ded429db74d31d47933fe78
SHA512f3a74a7b311884179cefeeb07551c09385f6f5d76a378a4f5be66d5a155c3a8820e256b5a312f5f9ff24a5d87b7ee65db503c7c721149c50e62263b0fc9adf5e
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-math-l1-1-0.dllMD5
5559d8f37665f327c295b4cd1638a3f2
SHA136d1a51b7d1741b0c3659be51fcb5d0c997752f1
SHA2560c257ab2ba4553470b14c159fea39673fd7cfd02cedc2aa1294ab75618e19f7f
SHA512aad4b0fe7172c1472deefa1dcd10072af73c14c50cb8e0b6e1b189dc9ce3bb043cf8dbb8306045bf36d0f46c9272d87664ed11670ebccdd16528ef2a35d59510
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-process-l1-1-0.dllMD5
0691f7dbc96e4f42908e337fc20ffe9f
SHA14828f5a36e20e72e7679f0a70061a3c091c4f41f
SHA25673747a60a92703f2eb0d83826093203357538a72ca321cfadc2e60427a6ed053
SHA512cb6f40517be63ddca0bdb9649d5da50c11856c53c3200830eb2939e08ace338678455adf346df84ea1f81fd6d0e91e4bfbe58aa5933ce87bc5337442af1bffc3
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-runtime-l1-1-0.dllMD5
9eceedbc48924ad17950e0ef64bfc78d
SHA18bad15420dceb3e250dc88fe6ec8c5c5fd0953cb
SHA2569b5dfbb6027d28c1a41cab008148e4a98bcd3d6a6d43269cd08dd8bbc366aa0f
SHA512f986673bcfd71cbed8ede8e8063d3911d499c9600017781f38ab2014db0e24467b0ebf398400d949219e84c13596248530fb9de297af83f98967f7faee55fcd3
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-stdio-l1-1-0.dllMD5
6cc5e2392b5617175da2406b7187c6c8
SHA1055cd8fd422de7630a256774bd90e70b1346a8a7
SHA25615d2aac51ef02eb8242e7c121d4f405237da415e4a05f41a16b8e3640dc27298
SHA5126b99ca77f45063ba4ecdaea214f42e8ee3431ce03e54f5119c284385408f438273ba3c881bb71bcf4059f8ae5ce6f05a1cf36fc84a65d9bfa9ce595a0a0be295
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-string-l1-1-0.dllMD5
8db568b36f13feeefd150da0b63adcbe
SHA103bb29284802db358609c2cd10398d8a5077e417
SHA2568597f9f239b350b86350f3cdb326bdca49cb23022703fe049f838998a8a32cd5
SHA5128d57fa2975e45c2df82634135e57f29579778a118e033f036bb093e654a9a9d6a0b450c45b24d68fac2232d3255dbe9c88368ea8f6d697a86d035417b9ce61e6
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-time-l1-1-0.dllMD5
8f5eca7b9be54bede759b2ba2f018bb2
SHA1f7fb27990f9629332074fe4a3703dd3cdacf78b9
SHA2569e5d937c72c6d5709b907130cf4c2bd12e3427e44d217a2047d461940c281c1f
SHA51245de9e9b66303554487016d448c11cc38e6ead5b48b8660cc311c182a7b3cc20a83063eef0f4071ca126341b8083f4a55523445b13e060e5b745527e3b6b44d4
-
\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-crt-utility-l1-1-0.dllMD5
2bc2d1ef644e67c00e139eacd6d6f656
SHA156f6f85fc0a8f9f382aadd9768ae777895fcfc60
SHA256c6acad7eecd63b54c2f12610b273a6bf5b4db737c0f8ce7670e778dd7a394e39
SHA512ece35c75a697812a113c8fcb625a7e23868e9697bae814665d28cd016af5aedeae21e0d4374f611992bb29e9edb9bba732d5113d7a4a779ee8def28b99509a5d
-
\Users\Admin\AppData\Local\Temp\_MEI17002\libffi-7.dllMD5
e3adbe89834e45e41962a5c932f93eca
SHA14b1e91af7655f4649c934c923b44c24f3726ce1c
SHA2560d248e8b0fa8dc6d4339721b5848b2bec4a1a914ba5745fdb027e936cd63e3e3
SHA512e3ec88c578c78ecf41277aa2311bc7811e63f55f61e6b2dd881cdc9a3e686f585b1003dc1691170b1a3cfc00a8a854a780e914b582a01546b97f3711ed331d87
-
\Users\Admin\AppData\Local\Temp\_MEI17002\pyexpat.pydMD5
c196bf14884ed47d3b4bc9d41f4ae043
SHA1b39f52f0292076ed35de23dc64d76b909ce3fc46
SHA256ded2a5518f3039f2727f29aa079a04c7814a87c9f03a199c5001a03758c124df
SHA512ed65521e7cb9783de96fda70fee42c69e87531204f5bf6190c51b1904d10d5905f2e46763f81aa67dd9038a72cc69f4bd310dc3a5735db8f3e58c9b64db644f3
-
\Users\Admin\AppData\Local\Temp\_MEI17002\python3.dllMD5
47dd8b3e1a9ad80cfd9e50153a2ef577
SHA11b69768c1743571c552b1eaa09579af59198c14d
SHA2566220d665d93cd623f342deffa5d62d0ce35ac15927f4dad3a8fb608b8f7e8955
SHA5126cb2601b62e22c9ed3234415fc25272facb8a5abcf5e3a122e481a426d90e155bad977df877156718c7cd1dd7f943fc38fb4bd39d8d78791d0035fe665395baf
-
\Users\Admin\AppData\Local\Temp\_MEI17002\python38.dllMD5
c96b5b88cbfec579e8aa4eb061603f83
SHA1ba9850334ef20ebc17538df26478b875ac35ebce
SHA256f95f40113dc6b6457ec23daab5f54042f58d20d0830571aba15bcd16f2936ffe
SHA512b7ceaf174d98a9674d95eecded01a79e4c7c21540a5c8ca31470a57009570bf84acc403acfa54f14f64389deec77270ae4e6fd712935c3744fa4cf2aa9e4a2cb
-
\Users\Admin\AppData\Local\Temp\_MEI17002\pywintypes38.dllMD5
85f3ec1106488f70c9236ce2c065d97a
SHA1c7860b6a07e7611a45cb3d9d729ebb3b26ff08ba
SHA25687750c95d4b12abe9de797f49b4378ca5232f627e340e1e2297a81d614e6c9a4
SHA5126239275508e1aae9557ac86d8aabeee48169dc953c1a4d952d11316672137c918377a1f43c45be1447427f466a9e8b6c1e509070bfa60f1144a8aa98200169b6
-
\Users\Admin\AppData\Local\Temp\_MEI17002\select.pydMD5
8386c8ac090a77f74d05c17600048a73
SHA169c640d1cb5e69850898bfb7fff7a95f0625a172
SHA25687cb6704e8c2c4161709c1a14e85b133a7b83213804b167c7b3e03e65a9c0680
SHA5122a0f745779cbee527540dc0bea9ef47301feb1bd04834e8aa4e19e137615f76ea57d1c8045b86576a4c85233d8132d3a56694a9a3acea39d5977f55a4e62e082
-
\Users\Admin\AppData\Local\Temp\_MEI17002\ucrtbase.dllMD5
a924b24d71829da17e8908e05a5321e4
SHA1fa5c69798b997c34c87a8b32130f664cdef8c124
SHA256f32a61d91264aff96efd719915bed80785a8db4c8d881d6da28909b620fe466f
SHA5129223ec0e6e0f70b92473e897e4fd4635a19e9ca3aff2fe7c5c065764b58e86460442991787525ed53e425ecd36f2881a6df34c35d2a0e21b7ac4bc61bf1cbeab
-
\Users\Admin\AppData\Local\Temp\_MEI17002\win32api.pydMD5
2bd654748ea63ee6c78460d3e8b08618
SHA133bc8a14d146191dfde557e501ea23f1b54ecc82
SHA256cab4e9344cc5f79b3043f03d13affd82cdc19ef59a2f9bce78db9ac981738173
SHA5122281079ce618ce7ce52881c16ee8748271423d33360228da381d4535047b75293681c5438304303fd78b7d2a67d58a81f93f92ad3128960ba741a01b6141dd1e
-
memory/1368-124-0x0000000075161000-0x0000000075163000-memory.dmpFilesize
8KB
-
memory/1368-60-0x0000000000000000-mapping.dmp