dc39a617cbc810947288e1807ae25a5818ef5e7ef8f52db5b3f0fa6dafe11525

Resubmissions

19-10-2021 15:42

211019-s5dkasgbb9 8

19-10-2021 15:32

211019-syrtcahaej 8

Analysis

max time kernel
302s
max time network
308s
platform
windows10_x64
resource
win10-en-20211014
submitted
19-10-2021 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Station-Setup.exe
Size

132.9MB
MD5

c890a32c24beee148d2ae84caa8016ea
SHA1

44386bd7d31cd9ec08b32ec366dec5a9e30abe11
SHA256

dc39a617cbc810947288e1807ae25a5818ef5e7ef8f52db5b3f0fa6dafe11525
SHA512

a120649d06ece2b4224d2f73710e488a73441ff257b484930e8a9b704356bf3b91847fbbfe9a93a522c0bf018e459e2e4841e874f07ba304569214202086d90f

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 25 IoCs

Processes:

Station.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exe

pid	process
1900	Station.exe
1840	Station.exe
1944	Station.exe
2020	Station.exe
1424	Station.exe
2564	Station.exe
1732	Station.exe
2172	Station.exe
3140	Station.exe
1804	Station.exe
3988	Station.exe
1248	Station.exe
3040	Station.exe
3320	Station.exe
1464	Station.exe
2200	Station.exe
2740	Station.exe
2224	Station.exe
1416	Station.exe
4196	Station.exe
4268	Station.exe
4280	Station.exe
4460	Station.exe
4444	Station.exe
4636	Station.exe

Checks computer location settings 2 TTPs 18 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Station.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe
Key value queried	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Control Panel\International\Geo\Nation	Station.exe

Loads dropped DLL 52 IoCs

Processes:

Station-Setup.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exe

pid	process
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1900	Station.exe
1840	Station.exe
1944	Station.exe
2020	Station.exe
1840	Station.exe
1840	Station.exe
1840	Station.exe
1424	Station.exe
2020	Station.exe
2020	Station.exe
2020	Station.exe
2020	Station.exe
2564	Station.exe
1732	Station.exe
2172	Station.exe
3140	Station.exe
2172	Station.exe
2172	Station.exe
2172	Station.exe
2020	Station.exe
1732	Station.exe
1732	Station.exe
1732	Station.exe
1732	Station.exe
1804	Station.exe
1732	Station.exe
3988	Station.exe
1248	Station.exe
3040	Station.exe
3320	Station.exe
2200	Station.exe
2224	Station.exe
2740	Station.exe
1416	Station.exe
4196	Station.exe
4268	Station.exe
4280	Station.exe
4460	Station.exe
2200	Station.exe
4444	Station.exe
4636	Station.exe
3040	Station.exe
4460	Station.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\Software\Microsoft\Windows\CurrentVersion\Run\Station = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\station-desktop-app\\Station.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

33 freegeoip.app
34 freegeoip.app
40 freegeoip.app
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

flow	ioc
33	freegeoip.app
34	freegeoip.app
40	freegeoip.app

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Station.exeStation.exeStation.exeStation.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Station.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Station.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Station.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

3880 reg.exe
1260 reg.exe
1416 reg.exe

pid	process
3880	reg.exe
1260	reg.exe
1416	reg.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Station.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 5c00000001000000040000000008000004000000010000001000000091de0625abdafd32170cbb25172a84670300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877619000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	Station.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	Station.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	Station.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	Station.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee404000000010000001000000091de0625abdafd32170cbb25172a846720000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	Station.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

Station-Setup.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exeStation.exe

pid	process
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
1928	Station-Setup.exe
2020	Station.exe
2020	Station.exe
1944	Station.exe
1944	Station.exe
2564	Station.exe
2564	Station.exe
1732	Station.exe
1732	Station.exe
3140	Station.exe
3140	Station.exe
1804	Station.exe
1804	Station.exe
3988	Station.exe
3988	Station.exe
1248	Station.exe
1248	Station.exe
3040	Station.exe
3040	Station.exe
3320	Station.exe
3320	Station.exe
2200	Station.exe
2200	Station.exe
4196	Station.exe
4196	Station.exe
4280	Station.exe
4280	Station.exe
4268	Station.exe
4268	Station.exe
4460	Station.exe
4460	Station.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Station-Setup.exe

description pid process

Token: SeSecurityPrivilege 1928 Station-Setup.exe

description	pid	process
Token: SeSecurityPrivilege	1928	Station-Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Station.exeStation.exe

description	pid	process	target process
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1840	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1944	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 1944	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 2020	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 2020	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 2564	1900	Station.exe	Station.exe
PID 1900 wrote to memory of 2564	1900	Station.exe	Station.exe
PID 1424 wrote to memory of 1732	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 1732	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe
PID 1424 wrote to memory of 2172	1424	Station.exe	Station.exe

C:\Users\Admin\AppData\Local\Temp\Station-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Station-Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1928

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1900

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=gpu-process --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13106438858936523519 --mojo-platform-channel-handle=1580 --ignored=" --type=renderer " /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1840

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=utility --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=16556132132223503530 --mojo-platform-channel-handle=1820 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1944

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=5237895364260822116 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2020

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=8046263597954035329 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2564

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Station
2⤵
- Modifies registry key
PID:3880

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Station /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe\"" /f
2⤵
- Adds Run key to start application
- Modifies registry key
PID:1260

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=gpu-process --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5257104612525318168 --mojo-platform-channel-handle=1748 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3988

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=3 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=2758356584964904598 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1248

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=3 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=12465764449244609872 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3040

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=7935481308476902404 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:2740

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=4 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=3185966493947718605 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3320

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=4 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=11826408169054423738 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
2⤵
- Executes dropped EXE
PID:1464

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=4 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14369815933583504920 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2200

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --enable-sandbox --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=3 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=2453122783537596208 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:2224

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=6259732559922622890 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:1416

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=5 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15128186313401673811 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=5 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13229489818220743407 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4280

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16837400113402198203 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:4444

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar\preload.js" --background-color=#fff --guest-instance-id=5 --enable-blink-features --disable-blink-features --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13786164198634106983 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4460

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1568,8400739013232341415,15216359232305506008,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16238475146675076523 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:4636

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1424

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1780,12542558693174080440,14106256250315427218,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=6665442688440534569 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1732

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=gpu-process --field-trial-handle=1780,12542558693174080440,14106256250315427218,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15270671619703476577 --mojo-platform-channel-handle=1804 --ignored=" --type=renderer " /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2172

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=utility --field-trial-handle=1780,12542558693174080440,14106256250315427218,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=15107985335512303743 --mojo-platform-channel-handle=1872 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3140

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=renderer --field-trial-handle=1780,12542558693174080440,14106256250315427218,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=station,chrome-extension --secure-schemes=chrome-extension --bypasscsp-schemes=chrome-extension --cors-schemes --fetch-schemes --service-worker-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar" --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=6328945751873205173 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1804

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Station
2⤵
- Modifies registry key
PID:1416

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
"C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe" --type=gpu-process --field-trial-handle=1780,12542558693174080440,14106256250315427218,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14916437522466022665 --mojo-platform-channel-handle=2336 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\station-desktop-app\D3DCompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\Station.exe
MD5
4cbc5d8ad8c7d8c1ae6db9a30bfe313b

SHA1
572c39f6f6d4581841def3676dd9b8e2fc51de86

SHA256
14295d769284e71e666ce46ad53aef39c4eb34b6015544458184d19b0855376f

SHA512
43260aa06f49b5f387d5c521d87b33828cf4f03f646be2508a69a604678564a0b9ebb742f98acdf137e535ad478076f3d90a042fa1020423d4867084d894448a

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\chrome_100_percent.pak
MD5
c56bc01c88f2fd186ae22f10b1bd5900

SHA1
b000e68ccd919010eff8c2e114b7d1b6e702d997

SHA256
d8cbc2234f40b49437a5876bb008b6b43afdf92391dec3f0739be98e448ab671

SHA512
46f9158e0f06a4e415b95a7dabe88cc4f3eecc235cdaf9d744caf4de5e665ae91599e3c2feea0860e9f6eeb2eea45fe4e57542fae95ed9110d44624513de3aa0

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\chrome_200_percent.pak
MD5
9662c1f572ef83f070d2354b0275ec60

SHA1
04ce905a95a1c3b8521a17ac9f57503e7aa3eac9

SHA256
55dd419a1cecca86665ba5e6184d6b58edf714d652e67c5220dd3b407d99afa8

SHA512
b1d34d58f5079b1db9764bce2787969113ac7cb1b83dbc3ebce8c9c287af372a639611ba11246a088243e2098dbd1d6ad51341eff2a57a995868bb0db94a3167

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\icudtl.dat
MD5
9e8b247aa7a609e6632518ecd6634fc0

SHA1
cc43315bec76167be7dfbb7dd0b6d61974204d6c

SHA256
18acc07d9ca59b1e599343b022a9e602a0a0c152866f7e5dce1fedd2dbcd33a0

SHA512
7a9590f410c14886317d7cdae606b50b4a0355061e251aa3bcd3e0c614438298e839ff116553089116423e9bc98c131f35796478517d88a180a5a2d08ff7fa5f

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\locales\en-US.pak
MD5
ce30d32061b772148cbc966915291edc

SHA1
4c5edaed4f3ba6e10443f344e757c26f7ceb4ce9

SHA256
88a07be1329cfde3486dd0376de77e289468a750273970aeae6ad4468c0969f4

SHA512
720fa132a3362ea4f5ea10f30c4996378d1f196210cef13c38579dbacc1f11e55d6dfdaa3aa0a6a574670a962f6e2910a2d66a64a1e7e1d6466b20529f5652cd

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\natives_blob.bin
MD5
1582ffe1b8cb37438bc22edee6cd0a90

SHA1
01af249f33b2e5ffba18ba8f7cd76f2ee0e5f425

SHA256
02586eeaf4ce40d1b34310d885e34fb63e8e9f155fcedbd796536735907cbe80

SHA512
8c66ba4ef15fea573c29f0f6977e290b8fd72f4c8833f31a9b0ef4285f5493e9b27daf3a02c352ed12eadce36cda933d9d97576bfa4dcbbcc04294e73ad9ebfc

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources.pak
MD5
95b94a5784a8b31b3dfb56ed309510cb

SHA1
85e290c41d4be9c0d591404b281dc3931bd78c0f

SHA256
43aa558648917a11fde82e73d9f1878d500098196e675ce2915c26361a05e8d5

SHA512
86ebe9904050d8653a029b52effd977a42e727ca40e62c7d2ceed4685dfaf762678a3402c16d90bb0a05357eebb988614964fce6ae19a67636f6cc3f8578bac4

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\.env.example
MD5
f5e84418e2d1a3f2b8c0af9120743763

SHA1
9222cabdebdd15a5ac99a45645317fbb1f407d7d

SHA256
56e082fa869cc958663de48d69b04b10e31f052a5748117a3b876b42f676a58b

SHA512
c28428cacc64eb12a92b3d39067d9076747981ca1f4b33e9b8962e450136ded4e59021b8932f4b5eb67bba1f64a87a8f8f56ceb168eec44b6575fbb94bfb85b0

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\.env.production
MD5
bd3459f79f44d1a2c60806894c38ed15

SHA1
5535ad89574721ce9caf1b3f922c3e11fd1161a9

SHA256
8662a57760a262d7458bdecb6355193e3c25ada96b72fbc8389b11b7e721f995

SHA512
61898b9ea2fea638621d83bb210616e500f45951204226b8ab4d93a4d2b972e9c20f03b0bd9455a17bbcd942bda9d8f1ad1a2976a454721cc4b4714432fb7155

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\resources\app.asar
MD5
c79ce4958528109f3b1d579fdd5bf218

SHA1
fa84b80afb469a9a8c12c65532bc8fc26881328f

SHA256
3180c6cc4a82b2eb0ef0af7b2cb35304c0593029f63dc03ec9b02f0a037f9856

SHA512
35cdbc09739987c564d2981ae95689aae50f87b0c5f2d3c87c1ba254a8a6a78115b5c493e857a1d07ffcadd40abe3dd4c7006b87c03a2d3245d6e7abc2a18eca

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\swiftshader\libegl.dll
MD5
1a76c3311b6f88a7aeafaae4a4e2e7a8

SHA1
0f57109f7c13b1857dd693344967ab3e67f87181

SHA256
733e0f790eae21e61c38fdd4f790050d11eed5b5057ccf7bbbb572d5440607d1

SHA512
c6daaaacfadb3d662fa1d12799c4bd1f6817df48df44dc9fdcf3c2b185d3e6898f4a6fce7b59a27539d206f5316b1fa0620aec4efb1db7a07893e8a1ede5846f

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\swiftshader\libglesv2.dll
MD5
1ce2b05e35cd252c0659d56a662db583

SHA1
1bb3e8becfa0ed3fc506f331a3bf617b2e1d7149

SHA256
e66d9edeed08bfa60e3499c32c8c7f70b3bf237849ebd1c069305f83e1427752

SHA512
096f2b3ef2f8f7a7252d8ea442092d1042cbff4112d76dcca0c8e54232f7b5119fea4a894236331b49a1f55a7da37a039120b45ff53a042f08bb9140cfc391fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\station-desktop-app\v8_context_snapshot.bin
MD5
791e836529dc39d99117742c225a537d

SHA1
8d035c2446758ec65c41e48d3671004527a55772

SHA256
6baadc6adcd5e51d549a4d2f07b619d2a5b97f99a372f33efd3c84d2a369c747

SHA512
afca91bad91c359af1febc86e5e0cf16b0b2549ccdb6ae1d733f9d66e0d1daa4a3b96273d7888835dfe820722ca8d7e38b1085011dd7d6851a3198cdc18bbac2

Download Submit
C:\Users\Admin\AppData\Roaming\Station\log.log
MD5
b5b41baa3f6a8dae6095fd4fa3b63e6d

SHA1
6eefb2d87bd5af60690cb35b4e12e8867a01dd1e

SHA256
86d93c497384556b6687dba07156e29d9428654e26cc4bde1b9c7c00c9d79f08

SHA512
6a38b1af3786a5f5644f8aa7158ccad982a0a6434e769a38ca0524eeed1c1dfc625f7257767e39e886db8875673917f8e1fda795b821f3f548269ef5be51bb1e

Download Submit
C:\Users\Admin\AppData\Roaming\Stationv2\Code Cache\js\index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Stationv2\Code Cache\js\index-dir\the-real-index
MD5
da1b4b00960bbc49583579ce5200a233

SHA1
d45b805c2f2473b83030f3f957e57b45027f8799

SHA256
e1d89ee6f6baee904dfe0d8f056cd92ae3206a907e3eee0a74097c7422af4aab

SHA512
c7b47de892acff469222e4ce8794ec4f9a51710cf09c958084155d5cd557e7a94c928013e062eac9c07941251670eb3b2f612da37322f4eb0f297c9888a2f128

Download Submit
C:\Users\Admin\AppData\Roaming\Stationv2\Local Storage\leveldb\LOG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Stationv2\Network Persistent State
MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Stationv2\db\station.db
MD5
cbcfafe14dffa57623e2861f80cd6024

SHA1
e579b2031f7f2228bbe815ad6b2e2cf1f5bff3cb

SHA256
69fda08540215f626b33b98e19bd83535556898f9f194648d50f48e5c8f41c6c

SHA512
e898bd81b9a89b2fa802ae2063b30cbb36e4628ae2b7e75c3af7a5822acbd8da42c113baa8e441f61da78fb3c50bb53c12386c68c8f7b858bb61a68a5921292e

Download Submit
C:\Users\Admin\AppData\Roaming\Stationv2\db\station.db-wal
MD5
8c918005829d073015f15ad12957a62a

SHA1
1407cb5ab12ac6878a2ed2f45ad4f26c68f71986

SHA256
7f79fe8b4c63137a4990be7de7d720b3461e708e1bab9d376c77dcc4c68a715e

SHA512
1165526c9fa0c42d3b13bf0b663ec137ce07b181f23095b26c24e241f2904d0167da17715abe16fc3f0a16b023df86b0582a327818cda05641946ce49edf8cc7

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\d3dcompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\d3dcompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\ffmpeg.dll
MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\swiftshader\libEGL.dll
MD5
1a76c3311b6f88a7aeafaae4a4e2e7a8

SHA1
0f57109f7c13b1857dd693344967ab3e67f87181

SHA256
733e0f790eae21e61c38fdd4f790050d11eed5b5057ccf7bbbb572d5440607d1

SHA512
c6daaaacfadb3d662fa1d12799c4bd1f6817df48df44dc9fdcf3c2b185d3e6898f4a6fce7b59a27539d206f5316b1fa0620aec4efb1db7a07893e8a1ede5846f

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\swiftshader\libEGL.dll
MD5
1a76c3311b6f88a7aeafaae4a4e2e7a8

SHA1
0f57109f7c13b1857dd693344967ab3e67f87181

SHA256
733e0f790eae21e61c38fdd4f790050d11eed5b5057ccf7bbbb572d5440607d1

SHA512
c6daaaacfadb3d662fa1d12799c4bd1f6817df48df44dc9fdcf3c2b185d3e6898f4a6fce7b59a27539d206f5316b1fa0620aec4efb1db7a07893e8a1ede5846f

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\swiftshader\libGLESv2.dll
MD5
1ce2b05e35cd252c0659d56a662db583

SHA1
1bb3e8becfa0ed3fc506f331a3bf617b2e1d7149

SHA256
e66d9edeed08bfa60e3499c32c8c7f70b3bf237849ebd1c069305f83e1427752

SHA512
096f2b3ef2f8f7a7252d8ea442092d1042cbff4112d76dcca0c8e54232f7b5119fea4a894236331b49a1f55a7da37a039120b45ff53a042f08bb9140cfc391fb

Download Submit
\Users\Admin\AppData\Local\Programs\station-desktop-app\swiftshader\libGLESv2.dll
MD5
1ce2b05e35cd252c0659d56a662db583

SHA1
1bb3e8becfa0ed3fc506f331a3bf617b2e1d7149

SHA256
e66d9edeed08bfa60e3499c32c8c7f70b3bf237849ebd1c069305f83e1427752

SHA512
096f2b3ef2f8f7a7252d8ea442092d1042cbff4112d76dcca0c8e54232f7b5119fea4a894236331b49a1f55a7da37a039120b45ff53a042f08bb9140cfc391fb

Download Submit
\Users\Admin\AppData\Local\Temp\095c7b5c-6964-4a19-b049-500ccb0fd6df.tmp.node
MD5
e8ee0d19c4c20f399d60ec635610fd64

SHA1
3f8d018830fbea3ad0e59cccc2154996d84a8b2d

SHA256
03ae26ac0a2f12d11b040aa40dba9d3d8b0bef054394ee6b0c415601b664a2bc

SHA512
4b6fbdf7b6af0bc296e9bfc2d93dd6cdff11e18974db3a97a55a03bea12b3884c2dec9e95599f4ba58ee026419015adb3617386d5c6b513f16d0385da9d110df

Download Submit
\Users\Admin\AppData\Local\Temp\277859fc-64ee-43f3-8b70-94059af1085b.tmp.node
MD5
e8ee0d19c4c20f399d60ec635610fd64

SHA1
3f8d018830fbea3ad0e59cccc2154996d84a8b2d

SHA256
03ae26ac0a2f12d11b040aa40dba9d3d8b0bef054394ee6b0c415601b664a2bc

SHA512
4b6fbdf7b6af0bc296e9bfc2d93dd6cdff11e18974db3a97a55a03bea12b3884c2dec9e95599f4ba58ee026419015adb3617386d5c6b513f16d0385da9d110df

Download Submit
\Users\Admin\AppData\Local\Temp\3dd17cd1-23a7-425b-af2a-c0890e0133b4.tmp.node
MD5
95f9559b76e5dc773763c8faa8b3bc33

SHA1
f15fd746dfb5643b1e66e2a38543f489730f7809

SHA256
21e7c7a7e677a000984692d13784f25903bbc50b3ce07105b28014ae74b9e720

SHA512
45ea775a7730aed061e188c9f4a96f16a14124a853d461ccd12ae28348224f74ff20f2c478d324ab959c60a8c05b423e0024307bbbee5e6d22a54ce54bee9cd3

Download Submit
\Users\Admin\AppData\Local\Temp\427e7563-93c1-4ba3-b11d-96ea4dd04460.tmp.node
MD5
95f9559b76e5dc773763c8faa8b3bc33

SHA1
f15fd746dfb5643b1e66e2a38543f489730f7809

SHA256
21e7c7a7e677a000984692d13784f25903bbc50b3ce07105b28014ae74b9e720

SHA512
45ea775a7730aed061e188c9f4a96f16a14124a853d461ccd12ae28348224f74ff20f2c478d324ab959c60a8c05b423e0024307bbbee5e6d22a54ce54bee9cd3

Download Submit
\Users\Admin\AppData\Local\Temp\9350396a-fccf-4139-8147-a3fd4dcef36f.tmp.node
MD5
a8f34346de08c2afed1f4332f961c5b4

SHA1
924db28b733f45253a367e52e046f5664c055ab6

SHA256
6a76ba909aafcac10f64fa6375cc893970c35d0b94148706f4e1206b33baf0ae

SHA512
d0ad30ba8e0c1368a01c94aeff1343c6d3828ccb729393b033d4d94e9b3917deb287ba61b570e27f7b6c3170ad40c765e3a654ccac71d4250e11d8b3613ff881

Download Submit
\Users\Admin\AppData\Local\Temp\9d7b00bc-d90f-4d43-8f05-8ced6ae88cb2.tmp.node
MD5
3bca3a480cb2ec13ec22e2749e1e3c77

SHA1
9f63f9e31f98ecefa0fca07768b187f84d3f7169

SHA256
e01b14db88d119f7b034941768ba876da0fa6d867fb3281f1e7c57c5968bfa6b

SHA512
28442162914500109b54d5206d19532ecb98000bc92556dd9dc2867ce7d5842b36c6f7733d89ea0448757330aea5211f0d04a848f4d34018ed0e6536c6c1a35e

Download Submit
\Users\Admin\AppData\Local\Temp\a7cb3559-d9c6-4b6f-b596-9a7ed0edfe50.tmp.node
MD5
a8f34346de08c2afed1f4332f961c5b4

SHA1
924db28b733f45253a367e52e046f5664c055ab6

SHA256
6a76ba909aafcac10f64fa6375cc893970c35d0b94148706f4e1206b33baf0ae

SHA512
d0ad30ba8e0c1368a01c94aeff1343c6d3828ccb729393b033d4d94e9b3917deb287ba61b570e27f7b6c3170ad40c765e3a654ccac71d4250e11d8b3613ff881

Download Submit
\Users\Admin\AppData\Local\Temp\c94985a3-f43f-4fa1-a467-8f1dd3d6d7fa.tmp.node
MD5
3bca3a480cb2ec13ec22e2749e1e3c77

SHA1
9f63f9e31f98ecefa0fca07768b187f84d3f7169

SHA256
e01b14db88d119f7b034941768ba876da0fa6d867fb3281f1e7c57c5968bfa6b

SHA512
28442162914500109b54d5206d19532ecb98000bc92556dd9dc2867ce7d5842b36c6f7733d89ea0448757330aea5211f0d04a848f4d34018ed0e6536c6c1a35e

Download Submit
\Users\Admin\AppData\Local\Temp\f49c7e37-5249-4f90-9774-9b0568221b7e.tmp.node
MD5
b8aafe143774bf4f0d6c6634d3ac3404

SHA1
9be20afe83497faed88da5ac6084dd5c876b518c

SHA256
e66f80f20838d82176b9aaab6d31e2e17121c15c1943027ee56981c85f550832

SHA512
b25b2efb61a2b5a3730e20f5453253c94581568b8c0bd746b292c1b57fdd49880340c2c1b6c58b417a2d7d93115120726408cd3bd234907e2158259d0c06229e

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\SpiderBanner.dll
MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\StdUtils.dll
MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\System.dll
MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\WinShell.dll
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\WinShell.dll
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\WinShell.dll
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\WinShell.dll
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\nsProcess.dll
MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsa2FB.tmp\nsis7z.dll
MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1248-242-0x000001BB80CD0000-0x000001BB80CD2000-memory.dmp

Filesize
8KB

Download
memory/1248-241-0x000001BB80CD0000-0x000001BB80CD2000-memory.dmp

Filesize
8KB

Download
memory/1248-235-0x0000000000000000-mapping.dmp

Download
memory/1248-236-0x000001BB80CD0000-0x000001BB80CD2000-memory.dmp

Filesize
8KB

Download
memory/1248-237-0x000001BB80CD0000-0x000001BB80CD2000-memory.dmp

Filesize
8KB

Download
memory/1260-211-0x0000000000000000-mapping.dmp

Download
memory/1416-277-0x0000000000000000-mapping.dmp

Download
memory/1416-227-0x0000000000000000-mapping.dmp

Download
memory/1424-172-0x000001F4FC510000-0x000001F4FC512000-memory.dmp

Filesize
8KB

Download
memory/1424-170-0x000001F4FC510000-0x000001F4FC512000-memory.dmp

Filesize
8KB

Download
memory/1424-169-0x000001F4FC510000-0x000001F4FC512000-memory.dmp

Filesize
8KB

Download
memory/1464-252-0x0000013B835F0000-0x0000013B835F2000-memory.dmp

Filesize
8KB

Download
memory/1464-248-0x0000000000000000-mapping.dmp

Download
memory/1732-191-0x000002751B8F0000-0x000002751B8F2000-memory.dmp

Filesize
8KB

Download
memory/1732-194-0x000002751B8F0000-0x000002751B8F2000-memory.dmp

Filesize
8KB

Download
memory/1732-188-0x000002751B8F0000-0x000002751B8F2000-memory.dmp

Filesize
8KB

Download
memory/1732-189-0x000002751B8F0000-0x000002751B8F2000-memory.dmp

Filesize
8KB

Download
memory/1732-186-0x0000000000000000-mapping.dmp

Download
memory/1804-226-0x0000019D4FA20000-0x0000019D4FA22000-memory.dmp

Filesize
8KB

Download
memory/1804-222-0x0000000000000000-mapping.dmp

Download
memory/1804-225-0x0000019D4FA20000-0x0000019D4FA22000-memory.dmp

Filesize
8KB

Download
memory/1804-224-0x0000019D4FA20000-0x0000019D4FA22000-memory.dmp

Filesize
8KB

Download
memory/1804-223-0x0000019D4FA20000-0x0000019D4FA22000-memory.dmp

Filesize
8KB

Download
memory/1840-145-0x0000023AC5860000-0x0000023AC5862000-memory.dmp

Filesize
8KB

Download
memory/1840-160-0x0000023AC5860000-0x0000023AC5862000-memory.dmp

Filesize
8KB

Download
memory/1840-144-0x00007FFF9E340000-0x00007FFF9E341000-memory.dmp

Filesize
4KB

Download
memory/1840-141-0x0000023AC58D9000-0x0000023AC58DA000-memory.dmp

Filesize
4KB

Download
memory/1840-157-0x0000023AC5860000-0x0000023AC5862000-memory.dmp

Filesize
8KB

Download
memory/1840-147-0x0000023AC5860000-0x0000023AC5862000-memory.dmp

Filesize
8KB

Download
memory/1840-142-0x0000000000000000-mapping.dmp

Download
memory/1900-137-0x000002435EB70000-0x000002435EB72000-memory.dmp

Filesize
8KB

Download
memory/1900-126-0x000002435EB70000-0x000002435EB72000-memory.dmp

Filesize
8KB

Download
memory/1900-125-0x000002435EB70000-0x000002435EB72000-memory.dmp

Filesize
8KB

Download
memory/1944-152-0x000001F43C8D0000-0x000001F43C8D2000-memory.dmp

Filesize
8KB

Download
memory/1944-149-0x000001F43C8D0000-0x000001F43C8D2000-memory.dmp

Filesize
8KB

Download
memory/1944-146-0x0000000000000000-mapping.dmp

Download
memory/2020-156-0x000002A8B7760000-0x000002A8B7762000-memory.dmp

Filesize
8KB

Download
memory/2020-151-0x0000000000000000-mapping.dmp

Download
memory/2020-154-0x000002A8B7760000-0x000002A8B7762000-memory.dmp

Filesize
8KB

Download
memory/2020-159-0x000002A8B7760000-0x000002A8B7762000-memory.dmp

Filesize
8KB

Download
memory/2020-161-0x000002A8B7760000-0x000002A8B7762000-memory.dmp

Filesize
8KB

Download
memory/2172-192-0x000001B681C9F000-0x000001B681CA0000-memory.dmp

Filesize
4KB

Download
memory/2172-197-0x000001B681C20000-0x000001B681C22000-memory.dmp

Filesize
8KB

Download
memory/2172-204-0x000001B681C20000-0x000001B681C22000-memory.dmp

Filesize
8KB

Download
memory/2172-206-0x000001B681C20000-0x000001B681C22000-memory.dmp

Filesize
8KB

Download
memory/2172-193-0x0000000000000000-mapping.dmp

Download
memory/2172-198-0x000001B681C20000-0x000001B681C22000-memory.dmp

Filesize
8KB

Download
memory/2200-250-0x0000000000000000-mapping.dmp

Download
memory/2200-253-0x00000181A0BD0000-0x00000181A0BD2000-memory.dmp

Filesize
8KB

Download
memory/2200-254-0x00000181A0BD0000-0x00000181A0BD2000-memory.dmp

Filesize
8KB

Download
memory/2200-258-0x00000181A0BD0000-0x00000181A0BD2000-memory.dmp

Filesize
8KB

Download
memory/2200-257-0x00000181A0BD0000-0x00000181A0BD2000-memory.dmp

Filesize
8KB

Download
memory/2224-264-0x0000000000000000-mapping.dmp

Download
memory/2564-177-0x0000000000000000-mapping.dmp

Download
memory/2564-183-0x000001D2B7DA0000-0x000001D2B7DA2000-memory.dmp

Filesize
8KB

Download
memory/2564-180-0x000001D2B7DA0000-0x000001D2B7DA2000-memory.dmp

Filesize
8KB

Download
memory/2564-182-0x000001D2B7DA0000-0x000001D2B7DA2000-memory.dmp

Filesize
8KB

Download
memory/2564-179-0x000001D2B7DA0000-0x000001D2B7DA2000-memory.dmp

Filesize
8KB

Download
memory/2740-260-0x0000015FEE080000-0x0000015FEE082000-memory.dmp

Filesize
8KB

Download
memory/2740-246-0x0000000000000000-mapping.dmp

Download
memory/2740-245-0x0000015FEE0FF000-0x0000015FEE100000-memory.dmp

Filesize
4KB

Download
memory/3040-239-0x000001E08FA70000-0x000001E08FA72000-memory.dmp

Filesize
8KB

Download
memory/3040-244-0x000001E08FA70000-0x000001E08FA72000-memory.dmp

Filesize
8KB

Download
memory/3040-243-0x000001E08FA70000-0x000001E08FA72000-memory.dmp

Filesize
8KB

Download
memory/3040-240-0x000001E08FA70000-0x000001E08FA72000-memory.dmp

Filesize
8KB

Download
memory/3040-238-0x0000000000000000-mapping.dmp

Download
memory/3140-202-0x0000023735CD0000-0x0000023735CD2000-memory.dmp

Filesize
8KB

Download
memory/3140-203-0x0000023735CD0000-0x0000023735CD2000-memory.dmp

Filesize
8KB

Download
memory/3140-199-0x0000000000000000-mapping.dmp

Download
memory/3320-255-0x00000244F5810000-0x00000244F5812000-memory.dmp

Filesize
8KB

Download
memory/3320-249-0x00000244F5810000-0x00000244F5812000-memory.dmp

Filesize
8KB

Download
memory/3320-251-0x00000244F5810000-0x00000244F5812000-memory.dmp

Filesize
8KB

Download
memory/3320-256-0x00000244F5810000-0x00000244F5812000-memory.dmp

Filesize
8KB

Download
memory/3320-247-0x0000000000000000-mapping.dmp

Download
memory/3880-210-0x0000000000000000-mapping.dmp

Download
memory/3988-231-0x000002C219900000-0x000002C219902000-memory.dmp

Filesize
8KB

Download
memory/3988-233-0x000002C219900000-0x000002C219902000-memory.dmp

Filesize
8KB

Download
memory/3988-232-0x000002C219900000-0x000002C219902000-memory.dmp

Filesize
8KB

Download
memory/3988-234-0x000002C219900000-0x000002C219902000-memory.dmp

Filesize
8KB

Download
memory/3988-230-0x000002C219900000-0x000002C219902000-memory.dmp

Filesize
8KB

Download
memory/3988-229-0x000002C219900000-0x000002C219902000-memory.dmp

Filesize
8KB

Download
memory/3988-228-0x0000000000000000-mapping.dmp

Download
memory/4196-288-0x0000000000000000-mapping.dmp

Download
memory/4268-295-0x0000000000000000-mapping.dmp

Download
memory/4280-296-0x0000000000000000-mapping.dmp

Download
memory/4444-306-0x0000000000000000-mapping.dmp

Download
memory/4460-307-0x0000000000000000-mapping.dmp

Download
memory/4636-321-0x0000000000000000-mapping.dmp

Download