Overview

overview

10

Static

static

Cloudflare...ll.exe

windows7-x64

10

Cloudflare...ll.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2022 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cloudflare_security_install.exe

  • Size

    34.4MB

  • MD5

    e3763ad6ab1f66bfd0240db96ccdc0be

  • SHA1

    523be6fdb9b5740146f5d24b17193cf62ff4c35f

  • SHA256

    bad534540ed575c213bd34fe1f21c6ffca58169e9c9c83669749c3f6e398ea4b

  • SHA512

    7c2e67ec3652dc2e38c33852720a023606a7dd0f699f7c03e263c845c88c4175b53826bc61ba44d74e2a793391ef32f653e7cbf427d2ad2d9e75cede90208253

  • SSDEEP

    786432:SQRwdPcR5MRDY8X9XRTuCpZD7U4qRVOtIqNi0f9jphU7oDM8ETp9a6KPih:1RwdPcR5uDYg1pZfUNRctpNi0f9dhU7r

Score
10/10
babadedanetsupportcrypterdiscoveryevasionloaderpersistenceratspywarestealertrojan

Malware Config

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 1 IoCs
  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Downloads MZ/PE file
  • Executes dropped EXE 38 IoCs
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs 37 IoCs
    persistence
  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cloudflare_security_install.exe
    "C:\Users\Admin\AppData\Local\Temp\Cloudflare_security_install.exe"
    1⤵
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe
      "C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe"
      2⤵
      • Executes dropped EXE
      • Drops startup file
      • Loads dropped DLL
      • Maps connected drives based on registry
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Users\Admin\AppData\Roaming\NetSupport_v_2.9829\client32.exe
        "C:\Users\Admin\AppData\Roaming\NetSupport_v_2.9829\client32.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1920
      • C:\Users\Admin\AppData\Roaming\NetSupport_v_2.9829\uninstall.exe
        "C:\Users\Admin\AppData\Roaming\NetSupport_v_2.9829\uninstall.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1060
        • C:\Program Files (x86)\Google\Temp\GUMC9A6.tmp\GoogleUpdate.exe
          "C:\Program Files (x86)\Google\Temp\GUMC9A6.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={1266CA4D-0917-452A-19FA-B8B51EF60ACD}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
          4⤵
          • Executes dropped EXE
          • Sets file execution options in registry
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1740
          • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
            "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:940
          • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
            "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:1776
            • C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Registers COM server for autorun
              • Modifies registry class
              PID:1808
            • C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Registers COM server for autorun
              • Modifies registry class
              PID:1744
            • C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Registers COM server for autorun
              • Modifies registry class
              PID:112
          • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
            "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzlFMjY4MjItMzRGMS00QkRDLUIyRTMtOEU3NDQ3QjBFMjE2fSIgdXNlcmlkPSJ7QjNERjM5Q0EtOEZBOS00OUM4LTk3QUMtMTcwOEEyMEUyNkY4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0U5ODFCQzFGLUM4NTItNDY2OS1BRUZFLUYwOUExQUJCODBERX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjcxIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjEzMiIgbGFuZz0icnUiIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9InsxMjY2Q0E0RC0wOTE3LTQ1MkEtMTlGQS1COEI1MUVGNjBBQ0R9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ3MjgiLz48L2FwcD48L3JlcXVlc3Q-
            5⤵
            • Executes dropped EXE
            PID:1536
          • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
            "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={1266CA4D-0917-452A-19FA-B8B51EF60ACD}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{C9E26822-34F1-4BDC-B2E3-8E7447B0E216}"
            5⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1512
  • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\105.0.5195.127_chrome_installer.exe
      "C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\105.0.5195.127_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\gui4DD3.tmp"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1172
      • C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe
        "C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\gui4DD3.tmp"
        3⤵
        • Executes dropped EXE
        • Modifies Installed Components in the registry
        • Registers COM server for autorun
        • Drops file in Program Files directory
        • Modifies registry class
        PID:1472
        • C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe
          "C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=105.0.5195.127 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140260098,0x1402600a8,0x1402600b8
          4⤵
          • Executes dropped EXE
          PID:1492
        • C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe
          "C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
          4⤵
          • Executes dropped EXE
          PID:1752
          • C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe
            "C:\Program Files (x86)\Google\Update\Install\{DBAA4AB0-1DD1-436E-BA71-A8619BFD2722}\CR_9AAAD.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=105.0.5195.127 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140260098,0x1402600a8,0x1402600b8
            5⤵
            • Executes dropped EXE
            PID:1780
    • C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
      "C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1860
    • C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
      "C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2016
    • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzlFMjY4MjItMzRGMS00QkRDLUIyRTMtOEU3NDQ3QjBFMjE2fSIgdXNlcmlkPSJ7QjNERjM5Q0EtOEZBOS00OUM4LTk3QUMtMTcwOEEyMEUyNkY4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezc0RThBOTE0LTkwQTAtNEQxQS05MDRGLTE3MTg3MEZFNkFBNX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA1LjAuNTE5NS4xMjciIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InJ1IiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzMiIGlpZD0iezEyNjZDQTRELTA5MTctNDUyQS0xOUZBLUI4QjUxRUY2MEFDRH0iIGNvaG9ydD0iMTpndS9pMTk6IiBjb2hvcnRuYW1lPSJTdGFibGUgSW5zdGFsbHMgJmFtcDsgVmVyc2lvbiBQaW5zIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL2VkZ2VkbC5tZS5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL2FjaDdkYmJycTdhcXlsZmt4M3dtanJ2ZDN2amFfMTA1LjAuNTE5NS4xMjcvMTA1LjAuNTE5NS4xMjdfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9Ijg5NzAwNDAwIiB0b3RhbD0iODk3MDA0MDAiIGRvd25sb2FkX3RpbWVfbXM9IjE0NzQ4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2NzM0IiBkb3dubG9hZF90aW1lX21zPSIxNjE3NCIgZG93bmxvYWRlZD0iODk3MDA0MDAiIHRvdGFsPSI4OTcwMDQwMCIgaW5zdGFsbF90aW1lX21zPSIxNTA5MSIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1244
  • C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe
    "C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe" -Embedding
    1⤵
    • Executes dropped EXE
    PID:1464
    • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand
      2⤵
      • Executes dropped EXE
      PID:916
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Checks whether UAC is enabled
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1788
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=105.0.5195.127 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef63c5130,0x7fef63c5140,0x7fef63c5150
          4⤵
          • Executes dropped EXE
          PID:1356
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:2
          4⤵
          • Executes dropped EXE
          PID:1744
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:916
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1512 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2004
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2060 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:1
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:2124
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2084 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:1
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:2132
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2524 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:1
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:2176
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2920 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2352
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1364 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:2
          4⤵
          • Executes dropped EXE
          PID:2540
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4120 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:1
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:2612
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2624
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2668
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1924 --field-trial-handle=1160,i,888655591273525816,6626341165485646544,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2816
  • C:\Program Files\Google\Chrome\Application\105.0.5195.127\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\105.0.5195.127\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:2188

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\DECO_32.dll
    Filesize

    222KB

    MD5

    9932706e9fc0d6fd80d0158bc975ea10

    SHA1

    d0aeff5c8b43deb9d35264f10b8eb87642e2c726

    SHA256

    9ce2cd070187852f1ab624c77f1a21b714e43db13366625089a00b3d97f10345

    SHA512

    77a54976f73d394ffe382b92190296382646ac137ff9e12b5567d3bc2265c2ba242b7d6c737103ebdf779610428f49b920a60bf43dc3ae92b3043603646af6a3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\Eztwain3.dll
    Filesize

    955KB

    MD5

    01f52ce786cb11ea2470ec6d77f29b2d

    SHA1

    dc44c0736feb317d3008c7ad52fb2643e2bddbec

    SHA256

    4f8e325f92ec8cb31b895b963042332e057a639d1e16b93f0333db0bc9d71dfd

    SHA512

    f08e230db7ce26a6462d6a32c282560c5cec01dbb749a6ad35f258fd3d5477062b114fbddc91a341515e36fd20fec057595779faa1e3e6e19ac988cbfacb6665

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\GWSHDP.dll
    Filesize

    277KB

    MD5

    e1a773c2ceec1d3798be988269b36806

    SHA1

    06906aee0ddba30e560e4b60e140e0c098519bb2

    SHA256

    5e920fbcc14ac82ec5abf2ca63523fa17f03a261dc09ee6b1976b291c2ab0097

    SHA512

    f1468b9b12060a5b5143331cf16d7e30b1c042b621133818cd337d621a8bcc25306dd4c7e97af9ed32573f0da253d6e2d0b88bb75332abf57ae80c75c9055058

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\JPEGACC.dll
    Filesize

    101KB

    MD5

    10561ddeebed28a3ad75ef436165d802

    SHA1

    8366a8f26dce385215ee73f0c6b7771d7292fc40

    SHA256

    2aa43154f35acdcde7296daf38607a84961ddd9a4754054ea69b1d49be640d98

    SHA512

    a90bfc2c91288592594648e39e2f4f8eebd1fdfce1c708e795582e865741b3ea065ed745cb9a33413d022925ef697ce03f576ec75b180f10c46f80e8902f4027

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\LIBPQ.dll
    Filesize

    247KB

    MD5

    2c78fd25db6f58f66a5a8b4279edac58

    SHA1

    d8efb224382bd4a533891cd30a94479b103870be

    SHA256

    be7ca5471f4bd0a21158fd0f31b5662ef0dbaa7e18d843f672a3e20d30ad42f4

    SHA512

    5475bc9e853248baaf8f71a440d26986f774469ee7281fdbb55ecb69a4e50bc1541be6352f6e1f0fb567ad5e52a95c29c10cb3eb81d227b195170ce64bce6c23

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\brotlicommon.dll
    Filesize

    132KB

    MD5

    0e868ec6a67e491d43ca20ed71c8345d

    SHA1

    b45397b8bafa891a04476f7ffa55fb5bba0e57b9

    SHA256

    441039fe954cfb6e3545aeca5d5750b7e3322eb9efc633508cca1dbefb26b24b

    SHA512

    45e6588671c65ef5eb39abd5f6db790bf1bc8414bfa9073cc9cbbd2bdcd6b9f82a4c6ba47a059521836c34c0504b86b6aa51a19a12317084459d6a6c544829b0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\brotlidec.dll
    Filesize

    42KB

    MD5

    1616310c08ec85ab5f0437fbf82faf84

    SHA1

    c65cb7266cd21f45728097009147596ca08c0a73

    SHA256

    d9fce48811df001c7f8fe60361f1ea270fc37df7aa73a06a853fd102317cf49d

    SHA512

    ddb8a547367cb40d29a5b3ae54edeb157a707d21993b4cbf5f83617d50795fe8c5235e1afe850515f5b3ddd286c5bd704c7a2fec14f5eb6998d4719e79bf9a85

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\bz2.dll
    Filesize

    63KB

    MD5

    37b38a8e9fbc70f3ed962e5720795a04

    SHA1

    171692daf0a136154edde6e22c791d238ae8c1d0

    SHA256

    f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

    SHA512

    9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\fpxacc.dll
    Filesize

    263KB

    MD5

    dc563514fc7f69b9a956b685a163a6c7

    SHA1

    525f2fcafc2beb17966dc937c7b1a773f5bd3034

    SHA256

    37092ad75a8c98198c4a2a1876856884b200a06167cd76c3e9dd117af97e3aa1

    SHA512

    ac6ce021ff20cfd33b4e450cb4ac4572411950bf3dab0f325c084420d884ae6fdf88400ed5525c0014c684e8ae96f51c4711f1b2d02229c31ebf3ed416f2067b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\freetype.dll
    Filesize

    554KB

    MD5

    839c270a8ba5444eebddd293c61e6333

    SHA1

    0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

    SHA256

    ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

    SHA512

    d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsfiltr.dll
    Filesize

    8.8MB

    MD5

    735b7766552aef741b7d76219dfc4e78

    SHA1

    fed6aba5db69dc0c13d8aafd8e751343eb0e5a2d

    SHA256

    76a4ad74a53bef71afa0f7be6c055287a11418aa117c2386881d424fd52d3922

    SHA512

    e3ee40c8377955efd280af9449385b0dab5e3faf2d1c71f1984a5242fd5f320b46389aed5f1d1c022a52836b04c978f9e8934ad7bd2a4d802793a6596cad47c1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsjpg.dll
    Filesize

    529KB

    MD5

    eac122fbb0d32a242ecc412c125314dc

    SHA1

    7f5a1cb200270e938ce88bb9fd0752af1a222967

    SHA256

    026b0032a14ea867f640508fa4959e37215af83458d579c469c6f99b7d1b3522

    SHA512

    3df8c47e5f14c9318b8524465fc3e0eeb5ca17bb93093b27616ef871c33a6e55a57721aae45bd40986f3f09fc92daa85a773a8426ea4b13f45bad47dc26b70d7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspng.dll
    Filesize

    309KB

    MD5

    a32fe44873d30c83c70f8f811d89dfd7

    SHA1

    a1879a07bdc6b068fbffb27ed2dbfce1cfeac7a0

    SHA256

    70ab3b3b2f232f2a20e08feadb9ae5286dd10e71f62321f371e5bb532e0b0f38

    SHA512

    98739f4a890a0b4d3987717047e9b45dcb8919da74781966bddfdbd6e9efe58bbe9ebd7d5fb5ed4fe3ca4edfa1cc462b65f64a00760ab59257f26ae717d13ede

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe
    Filesize

    21.8MB

    MD5

    8dc6f7a135d4a70ff1ef4b25dad052ec

    SHA1

    7c090065de1090fa92ff01f06739fbca04e6936d

    SHA256

    af81ae71376bb3abc9eb1a9f59c76224a43b2a68aceb6e5ac3d93f05fc259715

    SHA512

    f6651693e448861a3a6aee89e5c62fa4dc23305ed9b967d388bcad70cd4d2d3a5b8a69166f69577dde4e165f629805d9d3f97c45a9e26f1f4ffaa1a3c2cf0868

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstif.dll
    Filesize

    337KB

    MD5

    0d64f5aa32fe233c9e1c904f2c2ee1cb

    SHA1

    123cba972afcd5fd1807232f6e47dea8e0355fc6

    SHA256

    8f91fcc534dd362cd396db278bc77e099e640ae512912356a3270d5bb27af1a1

    SHA512

    f1990718dc1115f23fa5b6f7b5723acf950ce8e964b8ed6604383f72f5aeece5a1e51e6104bb1eefc68d4fc1a2bc269bc76f51edd7f01ccffffbda114a0a6b1f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstxtr.dll
    Filesize

    8.8MB

    MD5

    01a2a91d47aee9ed5ded3906b5445c6a

    SHA1

    c3877815053c706a72c7a57244c2e8eff799a48d

    SHA256

    0777a20e126badc87177973bc324963e22ad133b69af0ab71f84b3342487d817

    SHA512

    dacea5bffdfd0c05b1b87145c9a5ef0e5fb38e67d8c092c1ee45d35b5445f6d417071a1ee96bbd30088c2b2da0c5a43baf5bb35687c2cff4345acb36e6e5be8e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwszip.dll
    Filesize

    223KB

    MD5

    6a6097d8afca60c9a260b080f33b9e09

    SHA1

    cb9b800c40a40d3e519ef306becc07ce4fee784f

    SHA256

    2ea236b7434f0d570e5d2f480ffe53fc2dda34a4963ebe2a3ba62cb547a6e98f

    SHA512

    df8b72ddd52b0ead992c272671c71329f8de4ab3764ab59c6e8728a9a258b2037d5d858ec01c4f9493102592922a6e630ae81a66cb07f417369158513883d887

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\imatch.dll
    Filesize

    353KB

    MD5

    14b533e180b8c4a1954e09e4f56f0b05

    SHA1

    51c9da4f81b83319c2efeb4d08ad8971b732f33d

    SHA256

    0e5e4c2ac303baec9c6a5f20d9044ef84c064e48e25ce13cc1c9fb5ac1507b8a

    SHA512

    7c6632eb8c01794af712b1232b32c8ea797ffd29196ba146ac0678ed84a3fb1ccb22c845ccfcea672137dbc8ec6dc58f65ed0fe5b5eaa5a9bdbbfc420f2025c2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libcrypto-3.dll
    Filesize

    2.7MB

    MD5

    6c60acb6b6d3f4532ab36188eb78f376

    SHA1

    825900023ccd8e9293a1f3269ea82a3a20404fe6

    SHA256

    77e9a6177a7ce319567273897f43c265fdadd8af1e8410adc686cd0079588d03

    SHA512

    791c1446dcfd28484a68d568dc4c2fe4d6f897eab395add656a2eb0db9eefdb3949292d328351c9bfa57224f3aa9ff798fff49e270f534b5c71e3e2dfa87362a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libnoise.dll
    Filesize

    174KB

    MD5

    48bf2825c8e989edf818ae1a82fb7fe1

    SHA1

    a857a7f315be110cdb0bae1bc8f6e00fc3cd37b0

    SHA256

    fe279cfc76c514810bbceba281254e6fd9ff696fc33ecfaba175d778e565a866

    SHA512

    48b4f30ee23f95537cd1a8016758c057437794a6e3e42407bde9c3e8fd8c26a1add34bda0cbe0b9297cd9c01bb3960bbadf5ea6b7de41f69ffd8cad99789a731

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libpng16.dll
    Filesize

    162KB

    MD5

    8bb4c17afdeadb4c81da2f407dcb9809

    SHA1

    ce2bb6eddedf31e9dee7e43d4535250da442e852

    SHA256

    1ceae383d27ef1b45d19f7bff2ab8fe02d553c861342ac8c2d6a32f9a6c1b825

    SHA512

    b944a4b1e0e9a3b5418169429810c8933910bcdfe13b87d01027d0a4786ca7ddd44b4540da07a09b9a56a196f7681d31a878b72766991fa3dddc5221bfee82bd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libssl-3.dll
    Filesize

    441KB

    MD5

    c2cc87f43c956c3978d65ee6c23a9f96

    SHA1

    b1f8a79be78054fee8765b7f0c9efd2b625c1d63

    SHA256

    6c79bb2a98f61dadec8b56547d52c8f50edbd861988b0521c064a524d4f879fb

    SHA512

    61eca6ffdf43dc2b9b9059f1a14f963bba43b52db5d468c3da9764fb235666bcddf7ca44fd6b44918ed4edab6304713cb88ba421679aa4911aa4f1b4717a26af

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libup40.dll
    Filesize

    23KB

    MD5

    dad62964697e998a6917373c0c115358

    SHA1

    2d6b1900e093c9c8bcce642792e3fadc90b3b0ac

    SHA256

    ecaf6da2a4dbe72fca16b9a758ed0bc2751884d9315411285555d8781617ef58

    SHA512

    fd357e94ab7d7b131d0b8a6d5e2180479d8fa82179c4b04a3d80cf7f2ca796b21d0e8f4f0102734dcadba103138d37000f558dec941a06fb12dcaaa954bef476

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\swfex.dll
    Filesize

    180KB

    MD5

    67f16582d51d20bc4aef0a19731d3280

    SHA1

    61679dbe1d13d9c25000142fd51b9f4e952a7098

    SHA256

    87eb8bc7404a7f7019dda05896831f77649479dbe761ac1efc8af37e4ea2bcb0

    SHA512

    159043e070e0e237c2a9fd3721b3bd687cff50f79f12312037d68b471c1d3418c41a7f8a23889ffe4994e5a950b4642a77071e47ad9c358f56f432ed9ce96f96

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\util32.dll
    Filesize

    67KB

    MD5

    f0727cb46641ae290305602792f93592

    SHA1

    985a8ff6ffd7bb2031d7d5a480af1c276cadff45

    SHA256

    1edcb48235a8740203238dc23e047a77f9692699439021fe3f30a408e57570b8

    SHA512

    cd3b5a2928f4fc6a428b0e9c995e2151986b3c57034f11f91a44918759f218edcfe6783f3149ac319d64fde3bf9cd404cb5e8579bce5dc89e1410df23dac87e1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\wthnl.dll
    Filesize

    109KB

    MD5

    29421f04688f0b790469d4b4ab5efdb2

    SHA1

    0a57f1c054fe841221f4c255c90d04ca9e409794

    SHA256

    b32cddf0c6e505ea0bb75873b85879c763b73a83b32eaf3bf2b88ea6196ca127

    SHA512

    7bb4fe85d232f31318e3533e8101a8ab960da59ff7cad88138cef68061d00c08066b2041cb0841a8e3b4977531b48a7fc02bb2aa26154a5f0a0aca38208bff7a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\zlib1.dll
    Filesize

    76KB

    MD5

    0ac2236d42d8ced5dbd181bf19637783

    SHA1

    59e317e893831615b7d338f3c328de42c3a04f2d

    SHA256

    59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

    SHA512

    3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR6FA5.tmp
    Filesize

    99KB

    MD5

    2c9676a3167739f36912818acb8e9860

    SHA1

    cd9e5e56cc408c40c45caf49614c26fc7fde39f6

    SHA256

    75fc64a55afa86173947948d78ba5de98dfc35c487166a6682fe71ed5f6f877a

    SHA512

    a6c375511d9d339b889adcca4a95bc23df9e207f86605f6d6d04ab7e211901cdc3012860ed844a5c36737369e01dc70b212f5960d8a662fdc720ad98e1202aa1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR70BF.tmp
    Filesize

    288KB

    MD5

    122a3741699fb5c0950273245c9dea15

    SHA1

    811f9149e3310a8e6521da156f92f3aaab012145

    SHA256

    f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab

    SHA512

    567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR72C3.tmp
    Filesize

    35KB

    MD5

    08ad4cd2a940379f1dcdbdb9884a1375

    SHA1

    c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

    SHA256

    78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

    SHA512

    f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR7340.tmp
    Filesize

    169KB

    MD5

    cf2d7b4de923b25955d96d2e65ce76bc

    SHA1

    8feee81fe77a7649b969d375778d2b78d842cf48

    SHA256

    0912c84ded4670c427db1f405eb68a5763eae8fa0a735abe44eea81be7dc44ea

    SHA512

    d26a0983f0323655eddc48863a409d172a4623bd7ed465b5a4675477938de10127323040da77c80201c3a816315d98cace5194207e22b0a6ac2e65ae6795dc4f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR7479.tmp
    Filesize

    532KB

    MD5

    a6f7a08b0676f0564a51b5c47973e635

    SHA1

    d56f5f9e2580b81717317da6582da9d379426d5b

    SHA256

    5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c

    SHA512

    1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR767D.tmp
    Filesize

    72KB

    MD5

    c04970b55bcf614f24ca75b1de641ae2

    SHA1

    52b182caef513ed1c36f28eb45cedb257fa8ce40

    SHA256

    5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

    SHA512

    a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR76AD.tmp
    Filesize

    14KB

    MD5

    77fe66d74901495f4b41a5918acd02ff

    SHA1

    ce5bbd53152cd5b03df8bcc232a1aea36a012764

    SHA256

    b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522

    SHA512

    cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR77E6.tmp
    Filesize

    14KB

    MD5

    d74aadd701bfacc474c431acab7b9265

    SHA1

    8a2b424d1f949430ddc1faddee3e9ccb79c95de2

    SHA256

    f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

    SHA512

    0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR797D.tmp
    Filesize

    74KB

    MD5

    924b90c3d9e645dfad53f61ea4e91942

    SHA1

    65d397199ff191e5078095036e49f08376f9ae4e

    SHA256

    41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

    SHA512

    76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BRL000006ac\BR79AC.tmp
    Filesize

    150KB

    MD5

    efd81ea220094b0e91630b648d00e731

    SHA1

    226635424baf8146af055908c4c12b0a3faecd4f

    SHA256

    931c52c91ffbe12d820ff96570ba8db8abc36ac2fb852c87f2ef99271d7183fa

    SHA512

    fca9ffbcf94507cda23b5a68c4a598a25f0a0e22a7d429a125acbf95bdd03fd63ac80cf8738ae22d1730a73edb3325edc5b85af8d3337a62a97ac0f63dbccdbe

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\LIBPQ.dll
    Filesize

    247KB

    MD5

    2c78fd25db6f58f66a5a8b4279edac58

    SHA1

    d8efb224382bd4a533891cd30a94479b103870be

    SHA256

    be7ca5471f4bd0a21158fd0f31b5662ef0dbaa7e18d843f672a3e20d30ad42f4

    SHA512

    5475bc9e853248baaf8f71a440d26986f774469ee7281fdbb55ecb69a4e50bc1541be6352f6e1f0fb567ad5e52a95c29c10cb3eb81d227b195170ce64bce6c23

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\brotlicommon.dll
    Filesize

    132KB

    MD5

    0e868ec6a67e491d43ca20ed71c8345d

    SHA1

    b45397b8bafa891a04476f7ffa55fb5bba0e57b9

    SHA256

    441039fe954cfb6e3545aeca5d5750b7e3322eb9efc633508cca1dbefb26b24b

    SHA512

    45e6588671c65ef5eb39abd5f6db790bf1bc8414bfa9073cc9cbbd2bdcd6b9f82a4c6ba47a059521836c34c0504b86b6aa51a19a12317084459d6a6c544829b0

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\brotlidec.dll
    Filesize

    42KB

    MD5

    1616310c08ec85ab5f0437fbf82faf84

    SHA1

    c65cb7266cd21f45728097009147596ca08c0a73

    SHA256

    d9fce48811df001c7f8fe60361f1ea270fc37df7aa73a06a853fd102317cf49d

    SHA512

    ddb8a547367cb40d29a5b3ae54edeb157a707d21993b4cbf5f83617d50795fe8c5235e1afe850515f5b3ddd286c5bd704c7a2fec14f5eb6998d4719e79bf9a85

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\bz2.dll
    Filesize

    63KB

    MD5

    37b38a8e9fbc70f3ed962e5720795a04

    SHA1

    171692daf0a136154edde6e22c791d238ae8c1d0

    SHA256

    f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

    SHA512

    9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\deco_32.dll
    Filesize

    222KB

    MD5

    9932706e9fc0d6fd80d0158bc975ea10

    SHA1

    d0aeff5c8b43deb9d35264f10b8eb87642e2c726

    SHA256

    9ce2cd070187852f1ab624c77f1a21b714e43db13366625089a00b3d97f10345

    SHA512

    77a54976f73d394ffe382b92190296382646ac137ff9e12b5567d3bc2265c2ba242b7d6c737103ebdf779610428f49b920a60bf43dc3ae92b3043603646af6a3

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\eztwain3.dll
    Filesize

    955KB

    MD5

    01f52ce786cb11ea2470ec6d77f29b2d

    SHA1

    dc44c0736feb317d3008c7ad52fb2643e2bddbec

    SHA256

    4f8e325f92ec8cb31b895b963042332e057a639d1e16b93f0333db0bc9d71dfd

    SHA512

    f08e230db7ce26a6462d6a32c282560c5cec01dbb749a6ad35f258fd3d5477062b114fbddc91a341515e36fd20fec057595779faa1e3e6e19ac988cbfacb6665

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\fpxacc.dll
    Filesize

    263KB

    MD5

    dc563514fc7f69b9a956b685a163a6c7

    SHA1

    525f2fcafc2beb17966dc937c7b1a773f5bd3034

    SHA256

    37092ad75a8c98198c4a2a1876856884b200a06167cd76c3e9dd117af97e3aa1

    SHA512

    ac6ce021ff20cfd33b4e450cb4ac4572411950bf3dab0f325c084420d884ae6fdf88400ed5525c0014c684e8ae96f51c4711f1b2d02229c31ebf3ed416f2067b

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\freetype.dll
    Filesize

    554KB

    MD5

    839c270a8ba5444eebddd293c61e6333

    SHA1

    0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

    SHA256

    ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

    SHA512

    d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsfiltr.dll
    Filesize

    8.8MB

    MD5

    735b7766552aef741b7d76219dfc4e78

    SHA1

    fed6aba5db69dc0c13d8aafd8e751343eb0e5a2d

    SHA256

    76a4ad74a53bef71afa0f7be6c055287a11418aa117c2386881d424fd52d3922

    SHA512

    e3ee40c8377955efd280af9449385b0dab5e3faf2d1c71f1984a5242fd5f320b46389aed5f1d1c022a52836b04c978f9e8934ad7bd2a4d802793a6596cad47c1

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwshdp.dll
    Filesize

    277KB

    MD5

    e1a773c2ceec1d3798be988269b36806

    SHA1

    06906aee0ddba30e560e4b60e140e0c098519bb2

    SHA256

    5e920fbcc14ac82ec5abf2ca63523fa17f03a261dc09ee6b1976b291c2ab0097

    SHA512

    f1468b9b12060a5b5143331cf16d7e30b1c042b621133818cd337d621a8bcc25306dd4c7e97af9ed32573f0da253d6e2d0b88bb75332abf57ae80c75c9055058

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsjpg.dll
    Filesize

    529KB

    MD5

    eac122fbb0d32a242ecc412c125314dc

    SHA1

    7f5a1cb200270e938ce88bb9fd0752af1a222967

    SHA256

    026b0032a14ea867f640508fa4959e37215af83458d579c469c6f99b7d1b3522

    SHA512

    3df8c47e5f14c9318b8524465fc3e0eeb5ca17bb93093b27616ef871c33a6e55a57721aae45bd40986f3f09fc92daa85a773a8426ea4b13f45bad47dc26b70d7

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspng.dll
    Filesize

    309KB

    MD5

    a32fe44873d30c83c70f8f811d89dfd7

    SHA1

    a1879a07bdc6b068fbffb27ed2dbfce1cfeac7a0

    SHA256

    70ab3b3b2f232f2a20e08feadb9ae5286dd10e71f62321f371e5bb532e0b0f38

    SHA512

    98739f4a890a0b4d3987717047e9b45dcb8919da74781966bddfdbd6e9efe58bbe9ebd7d5fb5ed4fe3ca4edfa1cc462b65f64a00760ab59257f26ae717d13ede

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe
    Filesize

    21.8MB

    MD5

    8dc6f7a135d4a70ff1ef4b25dad052ec

    SHA1

    7c090065de1090fa92ff01f06739fbca04e6936d

    SHA256

    af81ae71376bb3abc9eb1a9f59c76224a43b2a68aceb6e5ac3d93f05fc259715

    SHA512

    f6651693e448861a3a6aee89e5c62fa4dc23305ed9b967d388bcad70cd4d2d3a5b8a69166f69577dde4e165f629805d9d3f97c45a9e26f1f4ffaa1a3c2cf0868

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe
    Filesize

    21.8MB

    MD5

    8dc6f7a135d4a70ff1ef4b25dad052ec

    SHA1

    7c090065de1090fa92ff01f06739fbca04e6936d

    SHA256

    af81ae71376bb3abc9eb1a9f59c76224a43b2a68aceb6e5ac3d93f05fc259715

    SHA512

    f6651693e448861a3a6aee89e5c62fa4dc23305ed9b967d388bcad70cd4d2d3a5b8a69166f69577dde4e165f629805d9d3f97c45a9e26f1f4ffaa1a3c2cf0868

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstif.dll
    Filesize

    337KB

    MD5

    0d64f5aa32fe233c9e1c904f2c2ee1cb

    SHA1

    123cba972afcd5fd1807232f6e47dea8e0355fc6

    SHA256

    8f91fcc534dd362cd396db278bc77e099e640ae512912356a3270d5bb27af1a1

    SHA512

    f1990718dc1115f23fa5b6f7b5723acf950ce8e964b8ed6604383f72f5aeece5a1e51e6104bb1eefc68d4fc1a2bc269bc76f51edd7f01ccffffbda114a0a6b1f

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstxtr.dll
    Filesize

    8.8MB

    MD5

    01a2a91d47aee9ed5ded3906b5445c6a

    SHA1

    c3877815053c706a72c7a57244c2e8eff799a48d

    SHA256

    0777a20e126badc87177973bc324963e22ad133b69af0ab71f84b3342487d817

    SHA512

    dacea5bffdfd0c05b1b87145c9a5ef0e5fb38e67d8c092c1ee45d35b5445f6d417071a1ee96bbd30088c2b2da0c5a43baf5bb35687c2cff4345acb36e6e5be8e

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\gwszip.dll
    Filesize

    223KB

    MD5

    6a6097d8afca60c9a260b080f33b9e09

    SHA1

    cb9b800c40a40d3e519ef306becc07ce4fee784f

    SHA256

    2ea236b7434f0d570e5d2f480ffe53fc2dda34a4963ebe2a3ba62cb547a6e98f

    SHA512

    df8b72ddd52b0ead992c272671c71329f8de4ab3764ab59c6e8728a9a258b2037d5d858ec01c4f9493102592922a6e630ae81a66cb07f417369158513883d887

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\imatch.dll
    Filesize

    353KB

    MD5

    14b533e180b8c4a1954e09e4f56f0b05

    SHA1

    51c9da4f81b83319c2efeb4d08ad8971b732f33d

    SHA256

    0e5e4c2ac303baec9c6a5f20d9044ef84c064e48e25ce13cc1c9fb5ac1507b8a

    SHA512

    7c6632eb8c01794af712b1232b32c8ea797ffd29196ba146ac0678ed84a3fb1ccb22c845ccfcea672137dbc8ec6dc58f65ed0fe5b5eaa5a9bdbbfc420f2025c2

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\libcrypto-3.dll
    Filesize

    2.7MB

    MD5

    6c60acb6b6d3f4532ab36188eb78f376

    SHA1

    825900023ccd8e9293a1f3269ea82a3a20404fe6

    SHA256

    77e9a6177a7ce319567273897f43c265fdadd8af1e8410adc686cd0079588d03

    SHA512

    791c1446dcfd28484a68d568dc4c2fe4d6f897eab395add656a2eb0db9eefdb3949292d328351c9bfa57224f3aa9ff798fff49e270f534b5c71e3e2dfa87362a

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\libnoise.dll
    Filesize

    174KB

    MD5

    48bf2825c8e989edf818ae1a82fb7fe1

    SHA1

    a857a7f315be110cdb0bae1bc8f6e00fc3cd37b0

    SHA256

    fe279cfc76c514810bbceba281254e6fd9ff696fc33ecfaba175d778e565a866

    SHA512

    48b4f30ee23f95537cd1a8016758c057437794a6e3e42407bde9c3e8fd8c26a1add34bda0cbe0b9297cd9c01bb3960bbadf5ea6b7de41f69ffd8cad99789a731

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\libpng16.dll
    Filesize

    162KB

    MD5

    8bb4c17afdeadb4c81da2f407dcb9809

    SHA1

    ce2bb6eddedf31e9dee7e43d4535250da442e852

    SHA256

    1ceae383d27ef1b45d19f7bff2ab8fe02d553c861342ac8c2d6a32f9a6c1b825

    SHA512

    b944a4b1e0e9a3b5418169429810c8933910bcdfe13b87d01027d0a4786ca7ddd44b4540da07a09b9a56a196f7681d31a878b72766991fa3dddc5221bfee82bd

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\libssl-3.dll
    Filesize

    441KB

    MD5

    c2cc87f43c956c3978d65ee6c23a9f96

    SHA1

    b1f8a79be78054fee8765b7f0c9efd2b625c1d63

    SHA256

    6c79bb2a98f61dadec8b56547d52c8f50edbd861988b0521c064a524d4f879fb

    SHA512

    61eca6ffdf43dc2b9b9059f1a14f963bba43b52db5d468c3da9764fb235666bcddf7ca44fd6b44918ed4edab6304713cb88ba421679aa4911aa4f1b4717a26af

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\libup40.dll
    Filesize

    23KB

    MD5

    dad62964697e998a6917373c0c115358

    SHA1

    2d6b1900e093c9c8bcce642792e3fadc90b3b0ac

    SHA256

    ecaf6da2a4dbe72fca16b9a758ed0bc2751884d9315411285555d8781617ef58

    SHA512

    fd357e94ab7d7b131d0b8a6d5e2180479d8fa82179c4b04a3d80cf7f2ca796b21d0e8f4f0102734dcadba103138d37000f558dec941a06fb12dcaaa954bef476

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\swfex.dll
    Filesize

    180KB

    MD5

    67f16582d51d20bc4aef0a19731d3280

    SHA1

    61679dbe1d13d9c25000142fd51b9f4e952a7098

    SHA256

    87eb8bc7404a7f7019dda05896831f77649479dbe761ac1efc8af37e4ea2bcb0

    SHA512

    159043e070e0e237c2a9fd3721b3bd687cff50f79f12312037d68b471c1d3418c41a7f8a23889ffe4994e5a950b4642a77071e47ad9c358f56f432ed9ce96f96

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\util32.dll
    Filesize

    67KB

    MD5

    f0727cb46641ae290305602792f93592

    SHA1

    985a8ff6ffd7bb2031d7d5a480af1c276cadff45

    SHA256

    1edcb48235a8740203238dc23e047a77f9692699439021fe3f30a408e57570b8

    SHA512

    cd3b5a2928f4fc6a428b0e9c995e2151986b3c57034f11f91a44918759f218edcfe6783f3149ac319d64fde3bf9cd404cb5e8579bce5dc89e1410df23dac87e1

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\wthnl.dll
    Filesize

    109KB

    MD5

    29421f04688f0b790469d4b4ab5efdb2

    SHA1

    0a57f1c054fe841221f4c255c90d04ca9e409794

    SHA256

    b32cddf0c6e505ea0bb75873b85879c763b73a83b32eaf3bf2b88ea6196ca127

    SHA512

    7bb4fe85d232f31318e3533e8101a8ab960da59ff7cad88138cef68061d00c08066b2041cb0841a8e3b4977531b48a7fc02bb2aa26154a5f0a0aca38208bff7a

    Download Submit

  • \Users\Admin\AppData\Roaming\Steelray Project Viewer\zlib1.dll
    Filesize

    76KB

    MD5

    0ac2236d42d8ced5dbd181bf19637783

    SHA1

    59e317e893831615b7d338f3c328de42c3a04f2d

    SHA256

    59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

    SHA512

    3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

    Download Submit

  • memory/1708-54-0x0000000075451000-0x0000000075453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-176-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-129-0x0000000008C50000-0x0000000008C93000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1976-134-0x0000000008CA0000-0x0000000008CF5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/1976-143-0x0000000008EF0000-0x000000000904B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1976-142-0x0000000008E50000-0x0000000008EE3000-memory.dmp

    Filesize

    588KB

    Download

  • memory/1976-155-0x0000000020920000-0x0000000020CB3000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1976-154-0x0000000019970000-0x000000001DE70000-memory.dmp

    Filesize

    69.0MB

    Download

  • memory/1976-141-0x0000000008DD0000-0x0000000008E45000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1976-140-0x0000000008D80000-0x0000000008DC2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1976-138-0x0000000008D20000-0x0000000008D5B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1976-72-0x00000000001E0000-0x0000000000266000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1976-137-0x0000000008D00000-0x0000000008D1D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1976-75-0x0000000000270000-0x00000000002BF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1976-144-0x000000000F610000-0x000000000F6CC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1976-170-0x0000000019970000-0x000000001DE70000-memory.dmp

    Filesize

    69.0MB

    Download

  • memory/1976-118-0x00000000039E0000-0x00000000039F9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1976-78-0x00000000002C0000-0x0000000000316000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1976-126-0x0000000008BF0000-0x0000000008C4E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1976-83-0x0000000007A20000-0x00000000082EB000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1976-121-0x0000000008BC0000-0x0000000008BE2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1976-86-0x00000000082F0000-0x0000000008BBC000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1976-110-0x00000000003A0000-0x00000000003E1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1976-93-0x0000000000320000-0x000000000034D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1976-89-0x00000000000B0000-0x00000000000DE000-memory.dmp

    Filesize

    184KB

    Download