c91c6c4c1162115c8d7f82f2d9f4098ee61fbe9051d3350b0a2f97fa2ce3e6f2

Resubmissions

02-09-2021 19:12

210902-xwla1aeefq 10

02-09-2021 19:09

210902-xtsbjabea9 8

Analysis

max time kernel
613s
max time network
617s
platform
windows7_x64
resource
win7-de
submitted
02-09-2021 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anime-Fighters-Infin_734316524.exe
Size

3.9MB
MD5

bd2b73492acf20dec004360b1605032d
SHA1

60ddf3c107d94bbeb102a2d7ede945eb5edd2b35
SHA256

12b6272825140a15eabec58f97b49aed3ce5db7816a0b3c2674f6ae8746367ca
SHA512

dae236259e32a9e4b789f020dbd8082b376e3c2b56fd94523a44cf4b5a557f3661aeefc24b5605218ba0479ee1b9a8cb7b5c1df6c103673a99f13bc4210c90da

Score

8^/10

discovery

Malware Config

Signatures

Blocklisted process makes network request 64 IoCs

Processes:

MsiExec.exe

flow	pid	process
30	2020	MsiExec.exe
32	2020	MsiExec.exe
33	2020	MsiExec.exe
35	2020	MsiExec.exe
37	2020	MsiExec.exe
39	2020	MsiExec.exe
41	2020	MsiExec.exe
42	2020	MsiExec.exe
43	2020	MsiExec.exe
44	2020	MsiExec.exe
45	2020	MsiExec.exe
46	2020	MsiExec.exe
47	2020	MsiExec.exe
48	2020	MsiExec.exe
49	2020	MsiExec.exe
50	2020	MsiExec.exe
51	2020	MsiExec.exe
52	2020	MsiExec.exe
53	2020	MsiExec.exe
54	2020	MsiExec.exe
55	2020	MsiExec.exe
56	2020	MsiExec.exe
57	2020	MsiExec.exe
58	2020	MsiExec.exe
59	2020	MsiExec.exe
60	2020	MsiExec.exe
61	2020	MsiExec.exe
62	2020	MsiExec.exe
63	2020	MsiExec.exe
64	2020	MsiExec.exe
65	2020	MsiExec.exe
66	2020	MsiExec.exe
67	2020	MsiExec.exe
68	2020	MsiExec.exe
69	2020	MsiExec.exe
70	2020	MsiExec.exe
71	2020	MsiExec.exe
72	2020	MsiExec.exe
73	2020	MsiExec.exe
74	2020	MsiExec.exe
75	2020	MsiExec.exe
76	2020	MsiExec.exe
77	2020	MsiExec.exe
78	2020	MsiExec.exe
79	2020	MsiExec.exe
80	2020	MsiExec.exe
81	2020	MsiExec.exe
82	2020	MsiExec.exe
83	2020	MsiExec.exe
84	2020	MsiExec.exe
85	2020	MsiExec.exe
86	2020	MsiExec.exe
87	2020	MsiExec.exe
90	2020	MsiExec.exe
91	2020	MsiExec.exe
92	2020	MsiExec.exe
93	2020	MsiExec.exe
94	2020	MsiExec.exe
95	2020	MsiExec.exe
96	2020	MsiExec.exe
97	2020	MsiExec.exe
98	2020	MsiExec.exe
99	2020	MsiExec.exe
100	2020	MsiExec.exe

Downloads MZ/PE file

Executes dropped EXE 10 IoCs

Processes:

Anime-Fighters-Infin_734316524.tmpExpedita.exegkCNs.exewqWOaEHcTC5wXL.exeAdvancedWindowsManager.exeAdvancedWindowsManager.exeAdvancedWindowsManager.exeAdvancedWindowsManager.exeAdvancedWindowsManager.exeAdvancedWindowsManager.exe

pid	process
1440	Anime-Fighters-Infin_734316524.tmp
1172	Expedita.exe
1572	gkCNs.exe
1976	wqWOaEHcTC5wXL.exe
2380	AdvancedWindowsManager.exe
2404	AdvancedWindowsManager.exe
2444	AdvancedWindowsManager.exe
3232	AdvancedWindowsManager.exe
3296	AdvancedWindowsManager.exe
3280	AdvancedWindowsManager.exe

Loads dropped DLL 46 IoCs

Processes:

Anime-Fighters-Infin_734316524.exeAnime-Fighters-Infin_734316524.tmpExpedita.exewqWOaEHcTC5wXL.exeMsiExec.exeMsiExec.exeMsiExec.exetaskeng.exe

pid	process
820	Anime-Fighters-Infin_734316524.exe
1440	Anime-Fighters-Infin_734316524.tmp
1440	Anime-Fighters-Infin_734316524.tmp
1440	Anime-Fighters-Infin_734316524.tmp
1440	Anime-Fighters-Infin_734316524.tmp
1172	Expedita.exe
1172	Expedita.exe
1172	Expedita.exe
1976	wqWOaEHcTC5wXL.exe
1976	wqWOaEHcTC5wXL.exe
1976	wqWOaEHcTC5wXL.exe
2036	MsiExec.exe
2036	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
1976	wqWOaEHcTC5wXL.exe
2020	MsiExec.exe
2020	MsiExec.exe
1016	MsiExec.exe
1016	MsiExec.exe
1016	MsiExec.exe
1016	MsiExec.exe
1016	MsiExec.exe
1016	MsiExec.exe
1016	MsiExec.exe
2020	MsiExec.exe
2344	taskeng.exe
2344	taskeng.exe
2344	taskeng.exe
2396
2416
2344	taskeng.exe
2344	taskeng.exe
3224
3248
2344	taskeng.exe
2344	taskeng.exe
4156
5668

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

wqWOaEHcTC5wXL.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\P:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\U:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\R:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\T:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\H:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\K:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\L:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\O:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\V:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\Y:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\F:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\G:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\W:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\I:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\N:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\Z:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\M:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\Q:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\S:	wqWOaEHcTC5wXL.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in Program Files directory 22 IoCs

Processes:

Anime-Fighters-Infin_734316524.tmpmsiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\Vel\is-CSSVQ.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\magnam\is-S8I62.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\nesciunt\is-NLHP9.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\nesciunt\is-ONAOJ.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\voluptas\is-PEUP3.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe	msiexec.exe
File created	C:\Program Files (x86)\Vel\nesciunt\is-7V7QR.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\unins000.dat	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\is-2F8D1.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\is-DN7MR.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\nesciunt\is-VEBGP.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk	msiexec.exe
File opened for modification	C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini	msiexec.exe
File opened for modification	C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url	msiexec.exe
File opened for modification	C:\Program Files (x86)\Vel\magnam\Expedita.exe	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\is-1QC0U.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\magnam\is-UFCLM.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\magnam\is-A6L77.tmp	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\Vel\voluptas\is-OH5EB.tmp	Anime-Fighters-Infin_734316524.tmp
File opened for modification	C:\Program Files (x86)\Vel\unins000.dat	Anime-Fighters-Infin_734316524.tmp
File created	C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url	msiexec.exe

Drops file in Windows directory 30 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSIDB94.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDCCE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEE93.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDF01.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF11.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF31D.tmp	msiexec.exe
File created	C:\Windows\Installer\f74d604.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f74d604.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID79C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEBE1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEBF2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF00D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF0C9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f74d606.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDAA9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE03A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE1F1.tmp	msiexec.exe
File created	C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe	msiexec.exe
File created	C:\Windows\Installer\f74d608.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE116.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIED2C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF9F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDC6F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDD9A.tmp	msiexec.exe
File created	C:\Windows\Installer\f74d606.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF166.tmp	msiexec.exe
File created	C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

1004 taskkill.exe
764 taskkill.exe

pid	process
1004	taskkill.exe
764	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 24 IoCs

Processes:

msiexec.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9\C414548CC3098124D97E31A29BF7FD26	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductName = "Windows Manager"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\PackageName = "Windows Manager - Postback Y.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\PackageCode = "6BBF4B2F4524B25478C17BFBEE2559F7"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductIcon = "C:\\Windows\\Installer\\{C845414C-903C-4218-9DE7-132AB97FDF62}\\logo.exe"	msiexec.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

wqWOaEHcTC5wXL.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	wqWOaEHcTC5wXL.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	wqWOaEHcTC5wXL.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	wqWOaEHcTC5wXL.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	wqWOaEHcTC5wXL.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	wqWOaEHcTC5wXL.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	wqWOaEHcTC5wXL.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	wqWOaEHcTC5wXL.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Anime-Fighters-Infin_734316524.tmpExpedita.exeMsiExec.exeMsiExec.exemsiexec.exe

pid	process
1440	Anime-Fighters-Infin_734316524.tmp
1440	Anime-Fighters-Infin_734316524.tmp
1172	Expedita.exe
1172	Expedita.exe
1172	Expedita.exe
2036	MsiExec.exe
2020	MsiExec.exe
2020	MsiExec.exe
1208	msiexec.exe
1208	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exewqWOaEHcTC5wXL.exe

description	pid	process
Token: SeRestorePrivilege	1208	msiexec.exe
Token: SeTakeOwnershipPrivilege	1208	msiexec.exe
Token: SeSecurityPrivilege	1208	msiexec.exe
Token: SeCreateTokenPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeAssignPrimaryTokenPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeLockMemoryPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeIncreaseQuotaPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeMachineAccountPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeTcbPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSecurityPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeTakeOwnershipPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeLoadDriverPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSystemProfilePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSystemtimePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeProfSingleProcessPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeIncBasePriorityPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreatePagefilePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreatePermanentPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeBackupPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeRestorePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeShutdownPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeDebugPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeAuditPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSystemEnvironmentPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeChangeNotifyPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeRemoteShutdownPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeUndockPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSyncAgentPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeEnableDelegationPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeManageVolumePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeImpersonatePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreateGlobalPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreateTokenPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeAssignPrimaryTokenPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeLockMemoryPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeIncreaseQuotaPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeMachineAccountPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeTcbPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSecurityPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeTakeOwnershipPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeLoadDriverPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSystemProfilePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSystemtimePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeProfSingleProcessPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeIncBasePriorityPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreatePagefilePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreatePermanentPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeBackupPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeRestorePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeShutdownPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeDebugPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeAuditPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSystemEnvironmentPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeChangeNotifyPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeRemoteShutdownPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeUndockPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeSyncAgentPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeEnableDelegationPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeManageVolumePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeImpersonatePrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreateGlobalPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeCreateTokenPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeAssignPrimaryTokenPrivilege	1976	wqWOaEHcTC5wXL.exe
Token: SeLockMemoryPrivilege	1976	wqWOaEHcTC5wXL.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

Anime-Fighters-Infin_734316524.tmpwqWOaEHcTC5wXL.exe

pid process

1440 Anime-Fighters-Infin_734316524.tmp
1976 wqWOaEHcTC5wXL.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Anime-Fighters-Infin_734316524.exeAnime-Fighters-Infin_734316524.tmpExpedita.exemsiexec.exewqWOaEHcTC5wXL.exeMsiExec.exegkCNs.execmd.exetaskeng.exe

description	pid	process	target process
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 820 wrote to memory of 1440	820	Anime-Fighters-Infin_734316524.exe	Anime-Fighters-Infin_734316524.tmp
PID 1440 wrote to memory of 1172	1440	Anime-Fighters-Infin_734316524.tmp	Expedita.exe
PID 1440 wrote to memory of 1172	1440	Anime-Fighters-Infin_734316524.tmp	Expedita.exe
PID 1440 wrote to memory of 1172	1440	Anime-Fighters-Infin_734316524.tmp	Expedita.exe
PID 1440 wrote to memory of 1172	1440	Anime-Fighters-Infin_734316524.tmp	Expedita.exe
PID 1172 wrote to memory of 1572	1172	Expedita.exe	gkCNs.exe
PID 1172 wrote to memory of 1572	1172	Expedita.exe	gkCNs.exe
PID 1172 wrote to memory of 1572	1172	Expedita.exe	gkCNs.exe
PID 1172 wrote to memory of 1572	1172	Expedita.exe	gkCNs.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1172 wrote to memory of 1976	1172	Expedita.exe	wqWOaEHcTC5wXL.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2036	1208	msiexec.exe	MsiExec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1976 wrote to memory of 1604	1976	wqWOaEHcTC5wXL.exe	msiexec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 2020	1208	msiexec.exe	MsiExec.exe
PID 2020 wrote to memory of 1004	2020	MsiExec.exe	taskkill.exe
PID 2020 wrote to memory of 1004	2020	MsiExec.exe	taskkill.exe
PID 2020 wrote to memory of 1004	2020	MsiExec.exe	taskkill.exe
PID 2020 wrote to memory of 1004	2020	MsiExec.exe	taskkill.exe
PID 1572 wrote to memory of 1128	1572	gkCNs.exe	cmd.exe
PID 1572 wrote to memory of 1128	1572	gkCNs.exe	cmd.exe
PID 1572 wrote to memory of 1128	1572	gkCNs.exe	cmd.exe
PID 1572 wrote to memory of 1128	1572	gkCNs.exe	cmd.exe
PID 1128 wrote to memory of 764	1128	cmd.exe	taskkill.exe
PID 1128 wrote to memory of 764	1128	cmd.exe	taskkill.exe
PID 1128 wrote to memory of 764	1128	cmd.exe	taskkill.exe
PID 1128 wrote to memory of 764	1128	cmd.exe	taskkill.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 1208 wrote to memory of 1016	1208	msiexec.exe	MsiExec.exe
PID 2344 wrote to memory of 2380	2344	taskeng.exe	AdvancedWindowsManager.exe
PID 2344 wrote to memory of 2380	2344	taskeng.exe	AdvancedWindowsManager.exe

C:\Users\Admin\AppData\Local\Temp\Anime-Fighters-Infin_734316524.exe
"C:\Users\Admin\AppData\Local\Temp\Anime-Fighters-Infin_734316524.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:820

C:\Users\Admin\AppData\Local\Temp\is-PKLQ7.tmp\Anime-Fighters-Infin_734316524.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PKLQ7.tmp\Anime-Fighters-Infin_734316524.tmp" /SL5="$E014E,3656070,140800,C:\Users\Admin\AppData\Local\Temp\Anime-Fighters-Infin_734316524.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1440

C:\Program Files (x86)\Vel\magnam\Expedita.exe
"C:\Program Files (x86)\Vel/\magnam\Expedita.exe" 32cb7aca069a0c8bb8d51fccce1d3826
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1172

C:\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe
C:\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe /usthree SUB=32cb7aca069a0c8bb8d51fccce1d3826
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1572

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "gkCNs.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe" & exit
5⤵
- Suspicious use of WriteProcessMemory
PID:1128

C:\Windows\SysWOW64\taskkill.exe
taskkill /im "gkCNs.exe" /f
6⤵
- Kills process with taskkill
PID:764

C:\Users\Admin\AppData\Local\Temp\kXSlPqf1\wqWOaEHcTC5wXL.exe
C:\Users\Admin\AppData\Local\Temp\kXSlPqf1\wqWOaEHcTC5wXL.exe /qn CAMPAIGN="642"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1976

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=642 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\kXSlPqf1\wqWOaEHcTC5wXL.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\kXSlPqf1\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1630350480 /qn CAMPAIGN=""642"" " CAMPAIGN="642"
5⤵
PID:1604

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1208

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C115DC0351BBB2F3D0A3D75754AAD056 C
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2036

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8543C417F4BA96B1183CA79320DCE105
2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f
3⤵
- Kills process with taskkill
PID:1004

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DBC15EFC4D3412395EA5CF3E8B488CE7 M Global\MSI0000
2⤵
- Loads dropped DLL
PID:1016

C:\Windows\system32\taskeng.exe
taskeng.exe {4F9639BC-F9ED-45D8-90D6-35D48B2B4BD4} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2344

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 115 -t 8080
2⤵
- Executes dropped EXE
PID:2380

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 114 -t 8080
2⤵
- Executes dropped EXE
PID:2404

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080
2⤵
- Executes dropped EXE
PID:2444

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 112 -t 8080
2⤵
- Executes dropped EXE
PID:3232

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 111 -t 8080
2⤵
- Executes dropped EXE
PID:3280

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 110 -t 8080
2⤵
- Executes dropped EXE
PID:3296

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Vel\magnam\Expedita.exe
MD5
8c8b1e33a4bf38b9b76bc1cbb961ed96

SHA1
cd033cf4183b91ab93ffb5ed49ce789b18009054

SHA256
7c5882ad4c9b9b10bd55c37d3390a0f19bba8c198f9db8f4497fe605d725c8a7

SHA512
4a27d39411d56281678b1b0847f2051b50d4d4730445cefe80324ae4c07f46123114b10a2c5f1857fecebf191c4116907a3bb873aba6b061fec401fcc8284e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D
MD5
0a82df3614268536a0afde569de119de

SHA1
4445132a22acd3ddb9f3f3d78c120b48cf3d17db

SHA256
48b010ffa02994062ce48f483820c85f79dfbd22dbd36e9b78e02aebd1a1e1dc

SHA512
e68723c7420e23d18a7dd54a2f457c397bd25e5bc0d9abd489b9ea7d1a78018403dd23d6eed04423aea563719df82fdcf038f01fef039310accf03a8a67bb2df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_7ACDCC18BE3F9272783F723CF7E4C78B
MD5
337372f698a268fc1818d86a743874ec

SHA1
0c1b23bbd7d09af7ddf2ad5b9d3f2d51ce175f85

SHA256
c0e7f9368f4b82146eb85a8449245c433f40cbd8d6c29e29c3445b5ad17223fd

SHA512
39401b8fbddc912f4fbc4411f8094a98da09cc6b58be202d315e2bb9840c062f0dd21a00aa84d57f4bd641e7adba4469a9e049210fc8900d984333bc7e928261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D
MD5
75b3af99bff46a83c909248937f37bce

SHA1
1e3c4457656a113c8cc9c80b3312f4977cf07e74

SHA256
ede9307d69a0c182436781f35686c2ebb96b6755dc599306da8ae31f3e4fa1ec

SHA512
11abfadf7da821deb00131e30e4baae740ff5a44ca987fdcece7bb9bb4794c913fe048c76ed4770ff54cdc90d4351dd3655c34041637f6c3e9804d7f2759767b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
1bc9312e34c44adbd3c8f405ea48f0cf

SHA1
6d195735b22a41bd00dd29c86b0c78761267f575

SHA256
d18978a6e8525427e8fbfb82b8ad727c7531d5342df5e69105f0d6ba670d7dd1

SHA512
fab2bbdfc289ecfc7056564b1a2c4e76cba3c024a280d92b117ad0f45bafb503a64ff5ffbed131307ce91758c87e223e501e1095b5fa9bc33d1d1e365179df1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_7ACDCC18BE3F9272783F723CF7E4C78B
MD5
d6dd506d9d82ef813fdb8ad00e6dd9c7

SHA1
d2873b7cd679754fb27f319324b347bd57611a83

SHA256
134a6178a2456e8a0e59383eddb919246568799c98a532c1b2d85cf122365c97

SHA512
07ba0b73019457036f9578903233a1df38ed21defcab48fd2de06cea80e408f192765703007dba8a8623f76fc3ac32e2c3bb91d87065bc3fd3abf9e0b3d65418

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\6073fee5118372253d99d22b\1.0.0\tracking.ini
MD5
6be3889975ece6da5a773d9df6298bd3

SHA1
ba37c78d8b5c926afb51871193e9a21ad82c279b

SHA256
d2ae8331501ba00eb42d1b17d9da04f7b3e2ae3897c7f32eda3ea2722585f286

SHA512
424789fb048207ca758f999412883c3c34d2b5a44550f11e18f03575c1199e8b2a16c2b5aa7afca0c79c0a80a40974ace975ad8a1112a3385d5a6e009b946575

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICDD7.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID20D.tmp
MD5
43d68e8389e7df33189d1c1a05a19ac8

SHA1
caf9cc610985e5cfdbae0c057233a6194ecbfed4

SHA256
85dc7518ad5aa46ef572f17050e3b004693784d1855cca9390da1143a64fceae

SHA512
58a76b4cb8f53cee73a8fc2afbd69388a1f2ea30ea3c0007beaa361cb0cc3d4d18c1fa8ccf036a2d2cf8fa07b01451000a704a626d95bd050afe6ba808e6de1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PKLQ7.tmp\Anime-Fighters-Infin_734316524.tmp
MD5
3e82d951014d6fa1f34b7ea9a6bab125

SHA1
8135d385bcb6cad13dc3f4524e6a3b4584939b22

SHA256
ec822c16b67f304645977e8b20a81b06eb9d577e890aeec33155d3b19fe61854

SHA512
4a8c24ddb0841c5e75bd6b9c1f3015c2be637827db914f4279c3445e9c82ab1eb7790b0611cafdaff99b5115ecd255d913b03e5d11c2a7d094e04a24bb1681bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PKLQ7.tmp\Anime-Fighters-Infin_734316524.tmp
MD5
3e82d951014d6fa1f34b7ea9a6bab125

SHA1
8135d385bcb6cad13dc3f4524e6a3b4584939b22

SHA256
ec822c16b67f304645977e8b20a81b06eb9d577e890aeec33155d3b19fe61854

SHA512
4a8c24ddb0841c5e75bd6b9c1f3015c2be637827db914f4279c3445e9c82ab1eb7790b0611cafdaff99b5115ecd255d913b03e5d11c2a7d094e04a24bb1681bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe
MD5
510bdc47bcc20fb075a12a62b61fe1e8

SHA1
cc74647eba86347185b7c776cd275a75183bd6a4

SHA256
39d84e0c1fa355e2ec5f5d6080b189ca8682c831ab1ae25ebb30b24298295de6

SHA512
a947609d7953f5a15334b7666da65aca327ff1124bfd6b7d2e6b715e7595fe0c6614782861c3e9d945a070b885ac53b48cffdcf12bcb630caa0036ebaa8225d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe
MD5
510bdc47bcc20fb075a12a62b61fe1e8

SHA1
cc74647eba86347185b7c776cd275a75183bd6a4

SHA256
39d84e0c1fa355e2ec5f5d6080b189ca8682c831ab1ae25ebb30b24298295de6

SHA512
a947609d7953f5a15334b7666da65aca327ff1124bfd6b7d2e6b715e7595fe0c6614782861c3e9d945a070b885ac53b48cffdcf12bcb630caa0036ebaa8225d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\kXSlPqf1\wqWOaEHcTC5wXL.exe
MD5
c313ddb7df24003d25bf62c5a218b215

SHA1
20a3404b7e17b530885fa0be130e784f827986ee

SHA256
e3bc81a59fc45dfdfcc57b0078437061cb8c3396e1d593fcf187e3cdf0373ed1

SHA512
542e2746626a066f3e875ae2f0d15e2c4beb5887376bb0218090f0e8492a6fdb11fa02b035d7d4200562811df7d2187b8a993a0b7f65489535919bdf11eb4cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\kXSlPqf1\wqWOaEHcTC5wXL.exe
MD5
c313ddb7df24003d25bf62c5a218b215

SHA1
20a3404b7e17b530885fa0be130e784f827986ee

SHA256
e3bc81a59fc45dfdfcc57b0078437061cb8c3396e1d593fcf187e3cdf0373ed1

SHA512
542e2746626a066f3e875ae2f0d15e2c4beb5887376bb0218090f0e8492a6fdb11fa02b035d7d4200562811df7d2187b8a993a0b7f65489535919bdf11eb4cff

Download Submit
C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi
MD5
98e537669f4ce0062f230a14bcfcaf35

SHA1
a19344f6a5e59c71f51e86119f5fa52030a92810

SHA256
6f515aac05311f411968ee6e48d287a1eb452e404ffeff75ee0530dcf3243735

SHA512
1ebc254289610be65882a6ceb1beebbf2be83006117f0a6ccbddd19ab7dc807978232a13ad5fa39b6f06f694d4f7c75760b773d70b87c0badef1da89bb7af3ac

Download Submit
C:\Windows\Installer\MSID79C.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
C:\Windows\Installer\MSIDAA9.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
C:\Windows\Installer\MSIDB94.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
C:\Windows\Installer\MSIDC6F.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
C:\Windows\Installer\MSIDCCE.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
C:\Windows\Installer\MSIDD9A.tmp
MD5
43d68e8389e7df33189d1c1a05a19ac8

SHA1
caf9cc610985e5cfdbae0c057233a6194ecbfed4

SHA256
85dc7518ad5aa46ef572f17050e3b004693784d1855cca9390da1143a64fceae

SHA512
58a76b4cb8f53cee73a8fc2afbd69388a1f2ea30ea3c0007beaa361cb0cc3d4d18c1fa8ccf036a2d2cf8fa07b01451000a704a626d95bd050afe6ba808e6de1e

Download Submit
C:\Windows\Installer\MSIDF01.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
C:\Windows\Installer\MSIE03A.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
C:\Windows\Installer\MSIE116.tmp
MD5
5f1b243813a203c66ba735139d8ce0c7

SHA1
c60a57668d348a61e4e2f12115afb9f9024162ba

SHA256
52d5b228221cd5276e4ee2a038e0ce0cf494d5af9c23ac45dcbfadc3115c8cb2

SHA512
083c6d1af44847db4b6fb90349234128141a838d1d438d5c24f5063539a8087f0814d06cfa162aeace20e162292f64c7635b4a0e81b2ca972706cfbc484adfb5

Download Submit
C:\Windows\Installer\MSIE1F1.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
C:\Windows\Installer\MSIEBF2.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
C:\Windows\Installer\MSIED2C.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
C:\Windows\Installer\MSIEE93.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
C:\Windows\Installer\MSIEF11.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
C:\Windows\Installer\MSIEF9F.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
C:\Windows\Installer\MSIF00D.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
C:\Windows\Installer\MSIF0C9.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Program Files (x86)\Vel\magnam\Expedita.exe
MD5
8c8b1e33a4bf38b9b76bc1cbb961ed96

SHA1
cd033cf4183b91ab93ffb5ed49ce789b18009054

SHA256
7c5882ad4c9b9b10bd55c37d3390a0f19bba8c198f9db8f4497fe605d725c8a7

SHA512
4a27d39411d56281678b1b0847f2051b50d4d4730445cefe80324ae4c07f46123114b10a2c5f1857fecebf191c4116907a3bb873aba6b061fec401fcc8284e8a

Download Submit
\Users\Admin\AppData\Local\Temp\INACA9B.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
\Users\Admin\AppData\Local\Temp\MSICDD7.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
\Users\Admin\AppData\Local\Temp\MSID20D.tmp
MD5
43d68e8389e7df33189d1c1a05a19ac8

SHA1
caf9cc610985e5cfdbae0c057233a6194ecbfed4

SHA256
85dc7518ad5aa46ef572f17050e3b004693784d1855cca9390da1143a64fceae

SHA512
58a76b4cb8f53cee73a8fc2afbd69388a1f2ea30ea3c0007beaa361cb0cc3d4d18c1fa8ccf036a2d2cf8fa07b01451000a704a626d95bd050afe6ba808e6de1e

Download Submit
\Users\Admin\AppData\Local\Temp\is-536RA.tmp\_isetup\_iscrypt.dll
MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
\Users\Admin\AppData\Local\Temp\is-536RA.tmp\_isetup\_shfoldr.dll
MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-536RA.tmp\_isetup\_shfoldr.dll
MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-PKLQ7.tmp\Anime-Fighters-Infin_734316524.tmp
MD5
3e82d951014d6fa1f34b7ea9a6bab125

SHA1
8135d385bcb6cad13dc3f4524e6a3b4584939b22

SHA256
ec822c16b67f304645977e8b20a81b06eb9d577e890aeec33155d3b19fe61854

SHA512
4a8c24ddb0841c5e75bd6b9c1f3015c2be637827db914f4279c3445e9c82ab1eb7790b0611cafdaff99b5115ecd255d913b03e5d11c2a7d094e04a24bb1681bc

Download Submit
\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe
MD5
510bdc47bcc20fb075a12a62b61fe1e8

SHA1
cc74647eba86347185b7c776cd275a75183bd6a4

SHA256
39d84e0c1fa355e2ec5f5d6080b189ca8682c831ab1ae25ebb30b24298295de6

SHA512
a947609d7953f5a15334b7666da65aca327ff1124bfd6b7d2e6b715e7595fe0c6614782861c3e9d945a070b885ac53b48cffdcf12bcb630caa0036ebaa8225d9

Download Submit
\Users\Admin\AppData\Local\Temp\jv2OLAY8\gkCNs.exe
MD5
510bdc47bcc20fb075a12a62b61fe1e8

SHA1
cc74647eba86347185b7c776cd275a75183bd6a4

SHA256
39d84e0c1fa355e2ec5f5d6080b189ca8682c831ab1ae25ebb30b24298295de6

SHA512
a947609d7953f5a15334b7666da65aca327ff1124bfd6b7d2e6b715e7595fe0c6614782861c3e9d945a070b885ac53b48cffdcf12bcb630caa0036ebaa8225d9

Download Submit
\Users\Admin\AppData\Local\Temp\kXSlPqf1\wqWOaEHcTC5wXL.exe
MD5
c313ddb7df24003d25bf62c5a218b215

SHA1
20a3404b7e17b530885fa0be130e784f827986ee

SHA256
e3bc81a59fc45dfdfcc57b0078437061cb8c3396e1d593fcf187e3cdf0373ed1

SHA512
542e2746626a066f3e875ae2f0d15e2c4beb5887376bb0218090f0e8492a6fdb11fa02b035d7d4200562811df7d2187b8a993a0b7f65489535919bdf11eb4cff

Download Submit
\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\decoder.dll
MD5
2ca6d4ed5dd15fb7934c87e857f5ebfc

SHA1
383a55cc0ab890f41b71ca67e070ac7c903adeb6

SHA256
39412aacdcddc4b2b3cfeb126456edb125ce8cadb131ca5c23c031db4431c5fc

SHA512
ce11aa5bd7b0da4baf07146e8377ff0331c1d4b04aaa4408373b4dd0fe2c3f82c84b179d9a90d26cdaa02180f22276d96cf491f9ede66f5f1da6f43cc72e5ac4

Download Submit
\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\decoder.dll
MD5
2ca6d4ed5dd15fb7934c87e857f5ebfc

SHA1
383a55cc0ab890f41b71ca67e070ac7c903adeb6

SHA256
39412aacdcddc4b2b3cfeb126456edb125ce8cadb131ca5c23c031db4431c5fc

SHA512
ce11aa5bd7b0da4baf07146e8377ff0331c1d4b04aaa4408373b4dd0fe2c3f82c84b179d9a90d26cdaa02180f22276d96cf491f9ede66f5f1da6f43cc72e5ac4

Download Submit
\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\decoder.dll
MD5
2ca6d4ed5dd15fb7934c87e857f5ebfc

SHA1
383a55cc0ab890f41b71ca67e070ac7c903adeb6

SHA256
39412aacdcddc4b2b3cfeb126456edb125ce8cadb131ca5c23c031db4431c5fc

SHA512
ce11aa5bd7b0da4baf07146e8377ff0331c1d4b04aaa4408373b4dd0fe2c3f82c84b179d9a90d26cdaa02180f22276d96cf491f9ede66f5f1da6f43cc72e5ac4

Download Submit
\Windows\Installer\MSID79C.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
\Windows\Installer\MSIDAA9.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
\Windows\Installer\MSIDB94.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
\Windows\Installer\MSIDC6F.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
\Windows\Installer\MSIDCCE.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
\Windows\Installer\MSIDD9A.tmp
MD5
43d68e8389e7df33189d1c1a05a19ac8

SHA1
caf9cc610985e5cfdbae0c057233a6194ecbfed4

SHA256
85dc7518ad5aa46ef572f17050e3b004693784d1855cca9390da1143a64fceae

SHA512
58a76b4cb8f53cee73a8fc2afbd69388a1f2ea30ea3c0007beaa361cb0cc3d4d18c1fa8ccf036a2d2cf8fa07b01451000a704a626d95bd050afe6ba808e6de1e

Download Submit
\Windows\Installer\MSIDF01.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
\Windows\Installer\MSIE03A.tmp
MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
\Windows\Installer\MSIE116.tmp
MD5
5f1b243813a203c66ba735139d8ce0c7

SHA1
c60a57668d348a61e4e2f12115afb9f9024162ba

SHA256
52d5b228221cd5276e4ee2a038e0ce0cf494d5af9c23ac45dcbfadc3115c8cb2

SHA512
083c6d1af44847db4b6fb90349234128141a838d1d438d5c24f5063539a8087f0814d06cfa162aeace20e162292f64c7635b4a0e81b2ca972706cfbc484adfb5

Download Submit
\Windows\Installer\MSIE1F1.tmp
MD5
7468eca4e3b4dbea0711a81ae9e6e3f2

SHA1
4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d

SHA256
73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837

SHA512
3f93a70c8cc05426e08a404c9d1922a46dd4122e7f42bc292f3b5064903a15e13069b58cb615918cc06deaf31bd5805a925cbd656aabc5d78068eb7224a63f56

Download Submit
\Windows\Installer\MSIEBF2.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Windows\Installer\MSIED2C.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Windows\Installer\MSIEE93.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Windows\Installer\MSIEF11.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Windows\Installer\MSIEF9F.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Windows\Installer\MSIF00D.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
\Windows\Installer\MSIF0C9.tmp
MD5
9824aa0d785bef52b2f5ca21b7eacf8e

SHA1
54ae25b7ea5e6bd3e0a77f10650c6f441a0b1764

SHA256
e59b2b4d1466e834f1c797319b920ea13b3cdb04a7777dac9a31c6551ff5715a

SHA512
67d421cc29d53fca937e5afa492610ea3e6370dc46edcdc8568255ea53de8d04498cec43ee3e2a6c91fde92c4b2b6552fd3ae02cb3d6c88f28f1f3f4ede6e07a

Download Submit
memory/764-132-0x0000000000000000-mapping.dmp

Download
memory/820-53-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/820-62-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1004-111-0x0000000000000000-mapping.dmp

Download
memory/1016-136-0x0000000000000000-mapping.dmp

Download
memory/1128-131-0x0000000000000000-mapping.dmp

Download
memory/1172-73-0x0000000004570000-0x0000000004572000-memory.dmp

Filesize
8KB

Download
memory/1172-71-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1172-70-0x0000000000400000-0x00000000019C2000-memory.dmp

Filesize
21.8MB

Download
memory/1172-67-0x0000000000000000-mapping.dmp

Download
memory/1208-90-0x000007FEFBF41000-0x000007FEFBF43000-memory.dmp

Filesize
8KB

Download
memory/1440-56-0x0000000000000000-mapping.dmp

Download
memory/1440-63-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1440-64-0x0000000074B71000-0x0000000074B73000-memory.dmp

Filesize
8KB

Download
memory/1572-89-0x0000000000400000-0x0000000002B5E000-memory.dmp

Filesize
39.4MB

Download
memory/1572-86-0x0000000000230000-0x0000000000278000-memory.dmp

Filesize
288KB

Download
memory/1572-76-0x0000000000000000-mapping.dmp

Download
memory/1604-98-0x0000000000000000-mapping.dmp

Download
memory/1976-79-0x0000000000000000-mapping.dmp

Download
memory/1976-85-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1976-84-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/2020-106-0x0000000000000000-mapping.dmp

Download
memory/2036-92-0x0000000000000000-mapping.dmp

Download
memory/2380-150-0x0000000000000000-mapping.dmp

Download
memory/2404-151-0x0000000000000000-mapping.dmp

Download
memory/2444-152-0x0000000000000000-mapping.dmp

Download
memory/3232-153-0x0000000000000000-mapping.dmp

Download
memory/3280-154-0x0000000000000000-mapping.dmp

Download
memory/3296-155-0x0000000000000000-mapping.dmp

Download