7a5691baf2e74ac79c48dbeb2661e7612574ad8bc51fc56527b5e4db51453941

Analysis

max time kernel
148s
max time network
138s
platform
windows10_x64
resource
win10-en-20210920
submitted
24-10-2021 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Calculator%20Installation.exe
Size

88KB
MD5

ef2818932fe97195e172a75e4bcf7883
SHA1

836981179fdfc636ca84242c909f491b85a2298a
SHA256

7a5691baf2e74ac79c48dbeb2661e7612574ad8bc51fc56527b5e4db51453941
SHA512

64b24dbbd1782d4c23eb04b671772b8e9c213faab387b5ecc6f8d351e14f8d93621ca033931e4bbe48dbe10900818a4424b47582c4435ea6b731a26365884c42

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 15 IoCs

Processes:

setup.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exe

pid	process
3132	setup.exe
4112	Calculator.exe
916	Calculator.exe
1216	Calculator.exe
2380	Calculator.exe
2700	Calculator.exe
4580	Calculator.exe
4812	Calculator.exe
4840	Calculator.exe
4136	Calculator.exe
1516	Calculator.exe
2404	Calculator.exe
2956	Calculator.exe
4736	Calculator.exe
3160	Calculator.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Calculator.exeCalculator.exeCalculator.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	Calculator.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	Calculator.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	Calculator.exe

Loads dropped DLL 54 IoCs

Processes:

Calculator%20Installation.exesetup.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exe

pid	process
3588	Calculator%20Installation.exe
3588	Calculator%20Installation.exe
3588	Calculator%20Installation.exe
3588	Calculator%20Installation.exe
3588	Calculator%20Installation.exe
3132	setup.exe
3132	setup.exe
3132	setup.exe
3132	setup.exe
4112	Calculator.exe
3132	setup.exe
3132	setup.exe
3588	Calculator%20Installation.exe
4112	Calculator.exe
4112	Calculator.exe
916	Calculator.exe
1216	Calculator.exe
2380	Calculator.exe
2380	Calculator.exe
2380	Calculator.exe
2700	Calculator.exe
2700	Calculator.exe
2700	Calculator.exe
2380	Calculator.exe
4580	Calculator.exe
4580	Calculator.exe
4580	Calculator.exe
4812	Calculator.exe
4812	Calculator.exe
4812	Calculator.exe
4812	Calculator.exe
4840	Calculator.exe
4840	Calculator.exe
4840	Calculator.exe
4840	Calculator.exe
4136	Calculator.exe
4136	Calculator.exe
4136	Calculator.exe
4136	Calculator.exe
1516	Calculator.exe
1516	Calculator.exe
1516	Calculator.exe
2404	Calculator.exe
2404	Calculator.exe
2404	Calculator.exe
2956	Calculator.exe
2956	Calculator.exe
2956	Calculator.exe
4736	Calculator.exe
4736	Calculator.exe
4736	Calculator.exe
3160	Calculator.exe
3160	Calculator.exe
3160	Calculator.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Calculator = "C:\\Users\\Admin\\AppData\\Roaming\\Calculator\\Calculator.exe --loGQqfG2tg"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe	nsis_installer_1
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe	nsis_installer_2
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe	nsis_installer_1
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe	nsis_installer_2

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Calculator%20Installation.exeCalculator.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Calculator%20Installation.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800000f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Calculator%20Installation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Calculator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Calculator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Calculator.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

Calculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exeCalculator.exe

pid	process
2380	Calculator.exe
2380	Calculator.exe
2700	Calculator.exe
2700	Calculator.exe
4112	Calculator.exe
4112	Calculator.exe
4580	Calculator.exe
4580	Calculator.exe
4812	Calculator.exe
4812	Calculator.exe
4840	Calculator.exe
4840	Calculator.exe
4136	Calculator.exe
4136	Calculator.exe
1516	Calculator.exe
1516	Calculator.exe
2404	Calculator.exe
2404	Calculator.exe
2956	Calculator.exe
2956	Calculator.exe
4736	Calculator.exe
4736	Calculator.exe
3160	Calculator.exe
3160	Calculator.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Calculator.exe

pid process

4112 Calculator.exe

pid	process
4112	Calculator.exe

Suspicious use of WriteProcessMemory 31 IoCs

Processes:

Calculator%20Installation.exesetup.exeCalculator.exeCalculator.exe

description	pid	process	target process
PID 3588 wrote to memory of 3132	3588	Calculator%20Installation.exe	setup.exe
PID 3588 wrote to memory of 3132	3588	Calculator%20Installation.exe	setup.exe
PID 3588 wrote to memory of 3132	3588	Calculator%20Installation.exe	setup.exe
PID 3132 wrote to memory of 4112	3132	setup.exe	Calculator.exe
PID 3132 wrote to memory of 4112	3132	setup.exe	Calculator.exe
PID 4112 wrote to memory of 916	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 916	4112	Calculator.exe	Calculator.exe
PID 916 wrote to memory of 1216	916	Calculator.exe	Calculator.exe
PID 916 wrote to memory of 1216	916	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2380	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2380	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2700	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2700	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4580	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4580	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4812	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4812	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4840	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4840	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4136	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4136	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 1516	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 1516	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2404	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2404	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2956	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 2956	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4736	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 4736	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 3160	4112	Calculator.exe	Calculator.exe
PID 4112 wrote to memory of 3160	4112	Calculator.exe	Calculator.exe

C:\Users\Admin\AppData\Local\Temp\Calculator%20Installation.exe
"C:\Users\Admin\AppData\Local\Temp\Calculator%20Installation.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3588

C:\Users\Admin\AppData\Roaming\Calculator\setup.exe
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe -cid= -sid= -silent=1
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3132

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" "--loGQqfG2tg"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4112

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Calculator\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Calculator\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Calculator\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Calculator\User Data" --annotation=plat=Win64 --annotation=prod=Calculator --annotation=ver=0.0.13 --initial-client-data=0xbc,0xc0,0xc4,0x1cc,0x1e8,0x7ffdcbf8dec0,0x7ffdcbf8ded0,0x7ffdcbf8dee0
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:916

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Calculator\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Calculator\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Calculator --annotation=ver=0.0.13 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff6adc89e70,0x7ff6adc89e80,0x7ff6adc89e90
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1216

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=gpu-process --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1596 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2380

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=1676 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:2700

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=gpu-process --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3000 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4136

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Calculator\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2012 /prefetch:1
4⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4840

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Calculator\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2612 /prefetch:1
4⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4812

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=2192 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4580

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=3500 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1516

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=3244 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2404

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=3300 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2956

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=2072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4736

C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe
"C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,8999926057085387143,4619625373485676953,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Calculator\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4112_708504735" --mojo-platform-channel-handle=2816 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3160

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Calculator\User Data\Crashpad\settings.dat

MD5
95a2a7288f446b513a22f97cd7b84f33

SHA1
8b8beab7ca65bd912d636e0b74f69ac3fa369eb0

SHA256
426f51ffbb079fb7d7893b6e595bc8fc6c54d8593df99d0bc900d86b6597c652

SHA512
3bfb3634c37be604a26f9413e10e811eacf0b921368e887318c1e5b71660dd4d736946aec751ab1fb4821a4c92ac44834f26b98f03bf6122a1d7ab24ab84f5a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4112_708504735\package.json

MD5
82a054bff5fe7df0b14e0ba82ff40f88

SHA1
f1a8c9335bd167d6af53d3f77b6dc3fb08089ad8

SHA256
f4ec75c0fa2306ac5900be89362845346db0512ff1a8a2fd62cbc997fe261409

SHA512
b5576c01528f1c3d2dbaa45f8a4e70c5921ce58d07cd3c566d880cd76d05476b80f0438f0094637bdd36c09a1ddd7c8e35b1765256fe44b0904846a4549fdebf

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\Calculator.exe

MD5
3603954fe0b843459fbd995a93288643

SHA1
2e3d4e63a6c3e375f3911c0d882b19c2ffa1620e

SHA256
9723fb861f07fe7eda6b7bb0881f6889a04d7a9a459cf8ac9cdb77f7ba50e1db

SHA512
eda0f8040146e6fb19e7dee7790b4388f4e96636cafb1e854931ecb9ac08f3e548d887fe4a27a52d34166a96d5d544991255d5368026e859863f3fccc599c10b

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\D3DCompiler_47.dll

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\icudtl.dat

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\locales\en-US.pak

MD5
6e6323706a87a161cb4f4fb59916bcce

SHA1
38b88778e6acb2cf27a48011f0428b6ca5945cbf

SHA256
068bd63f731820d7ff03446c6eb2569fb69b1bbf4ba365cce7508dc5a59423b9

SHA512
71bd2f222a655e8be38b988619a63d6bd7895e31a2a89da6004808cd2308dc0e362120edc9507827b1dbb0d7f43e49bc75ab1d161e2c84d6d8a9edd49e3ffad1

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\node.dll

MD5
6d00677c769b9d28a4122f7ea7afbc68

SHA1
3c0cec7e48613ad6503ef7bd0339828c3bf98bdb

SHA256
a1bb5c3c28c07925cc2d7e1a80d36579224bf14d83387ba471547077c240192d

SHA512
fa03fc54e6307317daccd2c617ed406cd8f9181aff1089e86033501269f2b83d39e9da6f5d29d725fb08865471156931edbc88d1c6a8a02d466d4348ebed76ac

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\nw_100_percent.pak

MD5
85826b177f5532dbad5eff338aa81361

SHA1
21c6abc1fa9700f9309d1d99819ba690af369833

SHA256
d5d5622189847beda0617052286a32cbfa88b0c194f9035c40a7092005904f5f

SHA512
247a295c1f277c50faac91a8b0409fe4eee9bf6bdca04bfc80f2608391bf844a456e7d1927f0221044beb12d190f0e114411b90f0bdf90627cdad5f713af31c8

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\nw_200_percent.pak

MD5
9e0924015c9355db6caaafab6e4ea90c

SHA1
f65340bf16bd80336f5ac40d554b153e0aed585b

SHA256
ede94da69ea9272c4a605fda6cfca27a33770f04f26cf302fdf3e309b2860eb7

SHA512
c1c21010bb4eab2ed3fd36154ce29b0d4caf762e71f11eddf8531dd64b8dbd39e381d0d1dbe37e2a6455301f2fe3cce0a0288955d7ce2433d6e029e09db8a3cb

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\resources.pak

MD5
1431ef4479b1594d9be5a02bd85e0ba7

SHA1
39d3de3bf666fa581586ae04281c572289090d65

SHA256
940a701912e042194824cfdb11d0cf0acde07a8a4964ff53181a0d61ee661a6f

SHA512
d8a9801dbd4b80eb62e9ff8a257a160c59040f6e7471ea89ef733761baadc0e627bfcf00fe96210a3e5d2e36a2ec271417e580b6dfab1fc8171ad77509b6ccbc

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe

MD5
e7ba2d91b03af2e0e1efe092ea2c085d

SHA1
046f29bfbdab581b096c34d95534d53287095058

SHA256
88782f6b5a447cee7ce4407ca4131c94620c4cdc1e3758b5f070a37a25af7b64

SHA512
09e8b16adba3df99be23767331d9820e5cff85b6b1cac058cb04a8b66b98447969934f3084d2763a772332a80697c7df43114db99bd77f899c174bd5ab795c59

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\setup.exe

MD5
e7ba2d91b03af2e0e1efe092ea2c085d

SHA1
046f29bfbdab581b096c34d95534d53287095058

SHA256
88782f6b5a447cee7ce4407ca4131c94620c4cdc1e3758b5f070a37a25af7b64

SHA512
09e8b16adba3df99be23767331d9820e5cff85b6b1cac058cb04a8b66b98447969934f3084d2763a772332a80697c7df43114db99bd77f899c174bd5ab795c59

Download Submit
C:\Users\Admin\AppData\Roaming\Calculator\v8_context_snapshot.bin

MD5
65f8eac5f9b81906a1c1c3441bf78c6e

SHA1
cdf77b892033195746c55a3ef51f5922ee27cb10

SHA256
4d5d1956e9af5e9d6b7987552009acef9ab0db494d2ff7a34d6f2326f4989d0b

SHA512
4cfedae9eb42c151e4789df15524030f0c3f055bf835389e5b2c6eafac6cdf5475ae53f498aa33d55266d629abf7df27935634361e56ff21ddde572c1b10aa9d

Download Submit
\??\pipe\crashpad_4112_DDBMJBIUFNZSGJJW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsmE1B8.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsmE1B8.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsmE1B8.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsmE1B8.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsmE1B8.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsmE1B8.tmp\System.dll

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
\Users\Admin\AppData\Local\Temp\nsx15F7.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsx15F7.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsx15F7.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsx15F7.tmp\INetC.dll

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
\Users\Admin\AppData\Local\Temp\nsx15F7.tmp\NsisCrypt.dll

MD5
a3e9024e53c55893b1e4f62a2bd93ca8

SHA1
aa289e93d68bd15bfcdec3bb00cf1ef930074a1e

SHA256
7183cf34924885dbadb7f3af7f1b788f23b337144ab69cd0d89a5134a74263ad

SHA512
a124cf63e9db33de10fda6ba0c78cbb366d9cc7ef26f90031dba03c111dfdcd4a9bd378e1075211fd12e63da2beffa973f8c3f5b283be5debb06e820aa02750b

Download Submit
\Users\Admin\AppData\Local\Temp\nsx15F7.tmp\System.dll

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
\Users\Admin\AppData\Roaming\Calculator\d3dcompiler_47.dll

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
\Users\Admin\AppData\Roaming\Calculator\ffmpeg.dll

MD5
0644850e99415a97cab58768d748882a

SHA1
cb499d7e6e63c0486cfdafa7ffe1b8a2335e1f6a

SHA256
935fcb56f2451633061a0418b8f65d966de2d2688788eac1ca8419ae5c5752c0

SHA512
88241c79023583c5baa1f931f14286c25ae583552ab2e881f4ed5c1208679ac11d98c9d4452525289db9ecae4aa663819ce7a923094d5d872bd4a0b2f79ac448

Download Submit
\Users\Admin\AppData\Roaming\Calculator\node.dll

MD5
6d00677c769b9d28a4122f7ea7afbc68

SHA1
3c0cec7e48613ad6503ef7bd0339828c3bf98bdb

SHA256
a1bb5c3c28c07925cc2d7e1a80d36579224bf14d83387ba471547077c240192d

SHA512
fa03fc54e6307317daccd2c617ed406cd8f9181aff1089e86033501269f2b83d39e9da6f5d29d725fb08865471156931edbc88d1c6a8a02d466d4348ebed76ac

Download Submit
\Users\Admin\AppData\Roaming\Calculator\node.dll

MD5
6d00677c769b9d28a4122f7ea7afbc68

SHA1
3c0cec7e48613ad6503ef7bd0339828c3bf98bdb

SHA256
a1bb5c3c28c07925cc2d7e1a80d36579224bf14d83387ba471547077c240192d

SHA512
fa03fc54e6307317daccd2c617ed406cd8f9181aff1089e86033501269f2b83d39e9da6f5d29d725fb08865471156931edbc88d1c6a8a02d466d4348ebed76ac

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw.dll

MD5
1f05c1781050415f90f28bc960f69a7b

SHA1
3f148269bd26e5b598cbfe4aa50139e67747b282

SHA256
39b11a34a235038b943b043de6dd8ca1d16182f934cff74cd7b2967ae8c7bb19

SHA512
64169f010c9e42c4dba068d5f2da762537cb2094483a55c6de2a304d0dbbff5462ff40afd889571227b8844256999dfb4277d4029b2292d22347641b27ff78dd

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
\Users\Admin\AppData\Roaming\Calculator\nw_elf.dll

MD5
493a0d17daaa2f1a0c2e5723ed748e05

SHA1
316f77ac6e8aea60e76ebd4bbbe4ff5c65a59ae4

SHA256
a0f65b98cf5425335345c736fd026d5cf8984283e402dc746092c1edd7f4ebd7

SHA512
7c87e1cf803dbe785f58be5f633c19e00d0c61f3a7759e5da3a90cc5e97165d833866872c50a0a52e42b80056a98e1020d02cd6c8f81efe4e76452f20a139f84

Download Submit
memory/916-143-0x000002CD9AC70000-0x000002CD9AC72000-memory.dmp

Filesize
8KB

Download
memory/916-144-0x000002CD9AC70000-0x000002CD9AC72000-memory.dmp

Filesize
8KB

Download
memory/916-141-0x0000000000000000-mapping.dmp

Download
memory/1216-146-0x0000000000000000-mapping.dmp

Download
memory/1216-149-0x00000215B1BF0000-0x00000215B1BF2000-memory.dmp

Filesize
8KB

Download
memory/1216-148-0x00000215B1BF0000-0x00000215B1BF2000-memory.dmp

Filesize
8KB

Download
memory/1516-212-0x0000000000000000-mapping.dmp

Download
memory/1516-213-0x0000026646F90000-0x0000026646F92000-memory.dmp

Filesize
8KB

Download
memory/1516-214-0x0000026646F90000-0x0000026646F92000-memory.dmp

Filesize
8KB

Download
memory/2380-178-0x000001CE26880000-0x000001CE26882000-memory.dmp

Filesize
8KB

Download
memory/2380-173-0x000001CE26880000-0x000001CE26882000-memory.dmp

Filesize
8KB

Download
memory/2380-162-0x000001CE26880000-0x000001CE26882000-memory.dmp

Filesize
8KB

Download
memory/2380-161-0x000001CE26880000-0x000001CE26882000-memory.dmp

Filesize
8KB

Download
memory/2380-158-0x0000000000000000-mapping.dmp

Download
memory/2404-216-0x0000021DC5980000-0x0000021DC5982000-memory.dmp

Filesize
8KB

Download
memory/2404-215-0x0000000000000000-mapping.dmp

Download
memory/2404-217-0x0000021DC5980000-0x0000021DC5982000-memory.dmp

Filesize
8KB

Download
memory/2700-159-0x0000000000000000-mapping.dmp

Download
memory/2700-165-0x000001B0714D0000-0x000001B0714D2000-memory.dmp

Filesize
8KB

Download
memory/2700-168-0x000001B0714D0000-0x000001B0714D2000-memory.dmp

Filesize
8KB

Download
memory/2956-219-0x000001DFD6B90000-0x000001DFD6B92000-memory.dmp

Filesize
8KB

Download
memory/2956-220-0x000001DFD6B90000-0x000001DFD6B92000-memory.dmp

Filesize
8KB

Download
memory/2956-218-0x0000000000000000-mapping.dmp

Download
memory/3132-120-0x0000000000000000-mapping.dmp

Download
memory/3160-226-0x000002963B530000-0x000002963B532000-memory.dmp

Filesize
8KB

Download
memory/3160-224-0x0000000000000000-mapping.dmp

Download
memory/3160-225-0x000002963B530000-0x000002963B532000-memory.dmp

Filesize
8KB

Download
memory/4112-130-0x0000014244010000-0x0000014244012000-memory.dmp

Filesize
8KB

Download
memory/4112-129-0x0000014244010000-0x0000014244012000-memory.dmp

Filesize
8KB

Download
memory/4112-126-0x0000000000000000-mapping.dmp

Download
memory/4136-210-0x0000019E77190000-0x0000019E77192000-memory.dmp

Filesize
8KB

Download
memory/4136-206-0x0000000000000000-mapping.dmp

Download
memory/4136-209-0x0000019E77190000-0x0000019E77192000-memory.dmp

Filesize
8KB

Download
memory/4136-211-0x0000019E77190000-0x0000019E77192000-memory.dmp

Filesize
8KB

Download
memory/4136-208-0x0000019E77190000-0x0000019E77192000-memory.dmp

Filesize
8KB

Download
memory/4580-177-0x0000029E6EF70000-0x0000029E6EF72000-memory.dmp

Filesize
8KB

Download
memory/4580-180-0x0000029E6EF70000-0x0000029E6EF72000-memory.dmp

Filesize
8KB

Download
memory/4580-175-0x0000000000000000-mapping.dmp

Download
memory/4736-222-0x00000157BDFC0000-0x00000157BDFC2000-memory.dmp

Filesize
8KB

Download
memory/4736-221-0x0000000000000000-mapping.dmp

Download
memory/4736-223-0x00000157BDFC0000-0x00000157BDFC2000-memory.dmp

Filesize
8KB

Download
memory/4812-198-0x000001EE78130000-0x000001EE78132000-memory.dmp

Filesize
8KB

Download
memory/4812-204-0x000001EE78130000-0x000001EE78132000-memory.dmp

Filesize
8KB

Download
memory/4812-185-0x000001EE78130000-0x000001EE78132000-memory.dmp

Filesize
8KB

Download
memory/4812-191-0x000001EE78130000-0x000001EE78132000-memory.dmp

Filesize
8KB

Download
memory/4812-179-0x0000000000000000-mapping.dmp

Download
memory/4840-190-0x000001C1A7860000-0x000001C1A7862000-memory.dmp

Filesize
8KB

Download
memory/4840-193-0x000001C1A7860000-0x000001C1A7862000-memory.dmp

Filesize
8KB

Download
memory/4840-205-0x000001C1A7860000-0x000001C1A7862000-memory.dmp

Filesize
8KB

Download
memory/4840-203-0x000001C1A7860000-0x000001C1A7862000-memory.dmp

Filesize
8KB

Download
memory/4840-183-0x0000000000000000-mapping.dmp

Download