b100a8cb051da84ce2be6f80cd9d298907af9cf6d7c01ee8ed1b91149b713417

Analysis

max time kernel
162s
max time network
194s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/09/2022, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AppWizardSetup_1.97.19.exe
Size

10.0MB
MD5

677ddda900f89500cfc039c3bf5ba9f7
SHA1

295ba9b84a4353aa3df196558449dc37b448aa02
SHA256

b100a8cb051da84ce2be6f80cd9d298907af9cf6d7c01ee8ed1b91149b713417
SHA512

6b970c9c986e728a06d8ed58766d4e5eaec0bfe4e5c1a0c97c3364aee3ac01e47d42d82c5eff12f3870bfcc34ea4f5492b2c2a9521a350df2bcf584df7d6f9fb
SSDEEP

196608:wbxLIVzWN6fvobkIOgewBQvKKr3AMkY+pEz2AkzjCFpJqVT/7nzUHAe:CKzWN6faOmccMiEvkXKWVLLzkAe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 16 IoCs

pid	Process
1996	AppWizardSetup_1.97.19.tmp
1328	AppWizard.exe
992	downloader.exe
1936	downloader.exe
1848	syspin.exe
540	syspin.exe
1768	syspin.exe
1964	syspin.exe
1660	syspin.exe
1636	syspin.exe
972	syspin.exe
1248	syspin.exe
924	syspin.exe
784	syspin.exe
1708	syspin.exe
612	syspin.exe

Loads dropped DLL 37 IoCs

pid	Process
1048	AppWizardSetup_1.97.19.exe
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
992	downloader.exe
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1880	Process not Found
1996	AppWizardSetup_1.97.19.tmp
1508	Process not Found
1996	AppWizardSetup_1.97.19.tmp
896	Process not Found
1996	AppWizardSetup_1.97.19.tmp
624	Process not Found
1996	AppWizardSetup_1.97.19.tmp
1884	Process not Found
1996	AppWizardSetup_1.97.19.tmp
1672	Process not Found
1996	AppWizardSetup_1.97.19.tmp
1972	Process not Found
1996	AppWizardSetup_1.97.19.tmp
740	Process not Found
1996	AppWizardSetup_1.97.19.tmp
1624	Process not Found
1996	AppWizardSetup_1.97.19.tmp
1520	Process not Found
1996	AppWizardSetup_1.97.19.tmp
772	Process not Found
1996	AppWizardSetup_1.97.19.tmp
620	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\AppWizard\WAR_THUNDER.ico	Explorer.EXE
File opened for modification	C:\Program Files (x86)\appwizard\war_thunder.ico	Explorer.EXE
File opened for modification	C:\Program Files (x86)\AppWizard\AppWizard.exe	AppWizardSetup_1.97.19.tmp
File opened for modification	C:\Program Files (x86)\AppWizard\Uninstall.exe	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\unins000.dat	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\is-CPV8R.tmp	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\is-Q9JTC.tmp	AppWizardSetup_1.97.19.tmp
File opened for modification	C:\Program Files (x86)\AppWizard\WORLD_OF_WARSHIPS.ico	Explorer.EXE
File opened for modification	C:\Program Files (x86)\appwizard\crossout.ico	Explorer.EXE
File opened for modification	C:\Program Files (x86)\AppWizard\syspin.exe	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\is-689AC.tmp	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\is-4VPN7.tmp	AppWizardSetup_1.97.19.tmp
File opened for modification	C:\Program Files (x86)\AppWizard\unins000.dat	AppWizardSetup_1.97.19.tmp
File opened for modification	C:\Program Files (x86)\appwizard\world_of_warships.ico	Explorer.EXE
File opened for modification	C:\Program Files (x86)\AppWizard\CROSSOUT.ico	Explorer.EXE
File created	C:\Program Files (x86)\AppWizard\is-BJF44.tmp	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\is-4G5HA.tmp	AppWizardSetup_1.97.19.tmp
File created	C:\Program Files (x86)\AppWizard\is-D2J00.tmp	AppWizardSetup_1.97.19.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	AppWizardSetup_1.97.19.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	AppWizardSetup_1.97.19.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	AppWizardSetup_1.97.19.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	AppWizardSetup_1.97.19.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	AppWizardSetup_1.97.19.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	AppWizardSetup_1.97.19.tmp

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	52	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	51	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1996	AppWizardSetup_1.97.19.tmp
1996	AppWizardSetup_1.97.19.tmp
1328	AppWizard.exe
1328	AppWizard.exe
1328	AppWizard.exe
1328	AppWizard.exe
1328	AppWizard.exe
1328	AppWizard.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	AppWizardSetup_1.97.19.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1328	AppWizard.exe

Suspicious use of UnmapMainImage 19 IoCs

pid	Process
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE
1216	Explorer.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1048 wrote to memory of 1996	1048	AppWizardSetup_1.97.19.exe	27
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 1328	1996	AppWizardSetup_1.97.19.tmp	31
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 1996 wrote to memory of 992	1996	AppWizardSetup_1.97.19.tmp	32
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 992 wrote to memory of 1936	992	downloader.exe	34
PID 1996 wrote to memory of 1848	1996	AppWizardSetup_1.97.19.tmp	36
PID 1996 wrote to memory of 1848	1996	AppWizardSetup_1.97.19.tmp	36
PID 1996 wrote to memory of 1848	1996	AppWizardSetup_1.97.19.tmp	36
PID 1996 wrote to memory of 1848	1996	AppWizardSetup_1.97.19.tmp	36
PID 1848 wrote to memory of 1216	1848	syspin.exe	15
PID 1848 wrote to memory of 1216	1848	syspin.exe	15
PID 1996 wrote to memory of 540	1996	AppWizardSetup_1.97.19.tmp	39
PID 1996 wrote to memory of 540	1996	AppWizardSetup_1.97.19.tmp	39
PID 1996 wrote to memory of 540	1996	AppWizardSetup_1.97.19.tmp	39
PID 1996 wrote to memory of 540	1996	AppWizardSetup_1.97.19.tmp	39
PID 540 wrote to memory of 1216	540	syspin.exe	15
PID 540 wrote to memory of 1216	540	syspin.exe	15
PID 1996 wrote to memory of 1768	1996	AppWizardSetup_1.97.19.tmp	41
PID 1996 wrote to memory of 1768	1996	AppWizardSetup_1.97.19.tmp	41
PID 1996 wrote to memory of 1768	1996	AppWizardSetup_1.97.19.tmp	41
PID 1996 wrote to memory of 1768	1996	AppWizardSetup_1.97.19.tmp	41
PID 1768 wrote to memory of 1216	1768	syspin.exe	15
PID 1768 wrote to memory of 1216	1768	syspin.exe	15
PID 1996 wrote to memory of 1964	1996	AppWizardSetup_1.97.19.tmp	43
PID 1996 wrote to memory of 1964	1996	AppWizardSetup_1.97.19.tmp	43
PID 1996 wrote to memory of 1964	1996	AppWizardSetup_1.97.19.tmp	43
PID 1996 wrote to memory of 1964	1996	AppWizardSetup_1.97.19.tmp	43
PID 1964 wrote to memory of 1216	1964	syspin.exe	15
PID 1964 wrote to memory of 1216	1964	syspin.exe	15
PID 1996 wrote to memory of 1660	1996	AppWizardSetup_1.97.19.tmp	45
PID 1996 wrote to memory of 1660	1996	AppWizardSetup_1.97.19.tmp	45
PID 1996 wrote to memory of 1660	1996	AppWizardSetup_1.97.19.tmp	45
PID 1996 wrote to memory of 1660	1996	AppWizardSetup_1.97.19.tmp	45
PID 1660 wrote to memory of 1216	1660	syspin.exe	15
PID 1660 wrote to memory of 1216	1660	syspin.exe	15
PID 1996 wrote to memory of 1636	1996	AppWizardSetup_1.97.19.tmp	47
PID 1996 wrote to memory of 1636	1996	AppWizardSetup_1.97.19.tmp	47
PID 1996 wrote to memory of 1636	1996	AppWizardSetup_1.97.19.tmp	47
PID 1996 wrote to memory of 1636	1996	AppWizardSetup_1.97.19.tmp	47
PID 1636 wrote to memory of 1216	1636	syspin.exe	15
PID 1636 wrote to memory of 1216	1636	syspin.exe	15

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1216
- C:\Users\Admin\AppData\Local\Temp\AppWizardSetup_1.97.19.exe
  "C:\Users\Admin\AppData\Local\Temp\AppWizardSetup_1.97.19.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\is-VMCEE.tmp\AppWizardSetup_1.97.19.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-VMCEE.tmp\AppWizardSetup_1.97.19.tmp" /SL5="$60122,9685758,726016,C:\Users\Admin\AppData\Local\Temp\AppWizardSetup_1.97.19.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Program Files (x86)\AppWizard\AppWizard.exe
      "C:\Program Files (x86)\AppWizard\AppWizard.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe
      "C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe" --sync --partner 28178 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y VID=847"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe
        
        C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe --stat dwnldr/p=28178/fail=1
        5⤵
        Executes dropped EXE
        
        PID:1936
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\Desktop\World of Warships.lnk" 5386
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1848
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\Desktop\World of Warships.lnk" 51201
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:540
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk" 5386
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1768
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk" 51201
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1964
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\Desktop\Crossout.lnk" 5386
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1660
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\Desktop\Crossout.lnk" 51201
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1636
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk" 5386
      4⤵
      Executes dropped EXE
      PID:972
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk" 51201
      4⤵
      Executes dropped EXE
      PID:1248
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\Desktop\War Thunder.lnk" 5386
      4⤵
      Executes dropped EXE
      PID:924
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\Desktop\War Thunder.lnk" 51201
      4⤵
      Executes dropped EXE
      PID:784
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk" 5386
      4⤵
      Executes dropped EXE
      PID:1708
  - - C:\Program Files (x86)\AppWizard\syspin.exe
      "C:\Program Files (x86)\AppWizard\syspin.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk" 51201
      4⤵
      Executes dropped EXE
      PID:612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AppWizard\AppWizard.exe

Filesize
12.5MB

MD5
ffa9ada8b78f6b9f46f6b7d1d320f25e

SHA1
b4a9600075e14607dba960d954f769a90d08f323

SHA256
5b282bc459953786f637d6888c3e9ec3c4dd348759dcb132aa48560241b8235f

SHA512
bf82c7a1f9a76b1f44bc00f08c475151f44a13f061a59b79ec35a3bb2ea9cf9c49c376cb9a6ca347e0ee495a3169cd9fb1e82e679ba2a5523ce672ffa9d889dd

Download Submit
C:\Program Files (x86)\AppWizard\AppWizard.exe

Filesize
12.5MB

MD5
ffa9ada8b78f6b9f46f6b7d1d320f25e

SHA1
b4a9600075e14607dba960d954f769a90d08f323

SHA256
5b282bc459953786f637d6888c3e9ec3c4dd348759dcb132aa48560241b8235f

SHA512
bf82c7a1f9a76b1f44bc00f08c475151f44a13f061a59b79ec35a3bb2ea9cf9c49c376cb9a6ca347e0ee495a3169cd9fb1e82e679ba2a5523ce672ffa9d889dd

Download Submit
C:\Program Files (x86)\AppWizard\CROSSOUT.ico

Filesize
102KB

MD5
1716ea325b5a0426a9d0d3b8f46e9ebb

SHA1
7be6a62db7e76971f95899e1a61bbd1b30390de5

SHA256
0a56962379cfab01a4492d4ccbb45d7257e493a2f778d0f1a00a050789546a6f

SHA512
26f4aa571469a5bd0fddd122af43d05faddeb65537b93ce68397b2a0edc87d7d18ac9e0a9ac1372113777c3173da5cfd65032e16306f88432d3faddaa4c7e761

Download Submit
C:\Program Files (x86)\AppWizard\WAR_THUNDER.ico

Filesize
71KB

MD5
6d25c407ba5ec6bb6fa34c3f0d169f6c

SHA1
23a2c0585adac519b7afc333a8b81c4e560fc06e

SHA256
a657a3d6bf520b6629500d5eddfae332f09566a1904494283ece409000ff7586

SHA512
de17dd001bd70a786eae28ed079f3ebd993efcaa69174230f842252d36507c80657900dc0f9379c3f7cf9d82364a3ca66465c43fd64be438a02f4317a1e09ece

Download Submit
C:\Program Files (x86)\AppWizard\WORLD_OF_WARSHIPS.ico

Filesize
66KB

MD5
570761a7e30d245758db8c897d9b4008

SHA1
2fe8f0045bc3f1549297d553999aac31500902a6

SHA256
9ccc82983e136a630f65b937c8b69d34b6b31b57d3a1862511bc6e7a6f882bb4

SHA512
65b2a5500382ab579f5e93bb5137bc540c5d4a4b8c63accfb8210a0577e10e8ba530bf7c858ed7e254747b383e8eff53b6dc5187a3ebc2455d081ef858109131

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
60KB

MD5
6c6a24456559f305308cb1fb6c5486b3

SHA1
3273ac27d78572f16c3316732b9756ebc22cb6ed

SHA256
efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

SHA512
587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
333fa9714f5f85f53bb0ddffe9aa6713

SHA1
c75be7b2db620567c52579ab48417d429ed14d8a

SHA256
3fdf9b4c056af9087a2c79f5bedfed13be11c3846c0b388803d71480fbf18a52

SHA512
8fe82c7b595b232d4b6a11a82e359b478a8b95c081b4bae9dbcd32d9e94e698096f0d2667d5bf9e8600e376e817dc48653980251be17f7e84bacc4ff4e4ae859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
61dd7572e6ae4d20abe65c003c2bd440

SHA1
fc6c95dfc86181c6d644198888c3f6d17ad49457

SHA256
a0f1f4a9cac5ce0d8587c5380e7d65689e61392f6bdb0a902d1c5b3bd1a0eead

SHA512
835ad73ebde76692bdbcfdb7737ca3c7e5570746bfd764f17292faeedb0dfda0538b53a6f2f5bd3e9b377b8558d33c328ef0d96b2ea2ca32968a5487028ea353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4f150e46e727a58c0da885832bceca30

SHA1
abaa0c7bc01d07786ae608766f8819d6b18f70f5

SHA256
b0df41bdd01d8c13671185d0a469f6ed065bf5718c7051ba9bd395ff76a44938

SHA512
bbb7a3c7a74121428939cda7880a3c4310589061baac47def8fc323142331c8cb6712eb66c9dd720e5b65e9345a81c28f06831083b44f3f7da4d0a98ae606a71

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe

Filesize
198KB

MD5
64f01094081e5214edde9d6d75fca1b5

SHA1
d7364c6fb350843c004e18fc0bce468eaa64718f

SHA256
5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0

SHA512
a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe

Filesize
198KB

MD5
64f01094081e5214edde9d6d75fca1b5

SHA1
d7364c6fb350843c004e18fc0bce468eaa64718f

SHA256
5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0

SHA512
a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe

Filesize
198KB

MD5
64f01094081e5214edde9d6d75fca1b5

SHA1
d7364c6fb350843c004e18fc0bce468eaa64718f

SHA256
5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0

SHA512
a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VMCEE.tmp\AppWizardSetup_1.97.19.tmp

Filesize
2.4MB

MD5
20bf8d856af2c17cc1af74eaa988f7f6

SHA1
f84a01cfd9e4e98caa2fb380471cb5eeecbf6a23

SHA256
8a2c9e81e612e434f5a26ffc06fb23da1aa053cfba57f6a048e4865417b124e4

SHA512
d119e20c59a5aa52f987db97455f985027683fe55ac838b1f08d28e88e2f53419ef855b05c99f76a49a7351ec67a485d518eea54d8cc6a0e0fe848f5ce3d1431

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VMCEE.tmp\AppWizardSetup_1.97.19.tmp

Filesize
2.4MB

MD5
20bf8d856af2c17cc1af74eaa988f7f6

SHA1
f84a01cfd9e4e98caa2fb380471cb5eeecbf6a23

SHA256
8a2c9e81e612e434f5a26ffc06fb23da1aa053cfba57f6a048e4865417b124e4

SHA512
d119e20c59a5aa52f987db97455f985027683fe55ac838b1f08d28e88e2f53419ef855b05c99f76a49a7351ec67a485d518eea54d8cc6a0e0fe848f5ce3d1431

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk

Filesize
1KB

MD5
dc4ff7689569722f7c834d163aa08639

SHA1
3b555db867009380136404ce058f15e2fe46df5c

SHA256
ca55a1c59a03b833bbc3eeefcb910db99ca7a8798d2caa3d1e5357f263ac97f8

SHA512
07737215f144b1d3deca066bb962606a51afa970aa3a36e255b8e8c9c3dadf4ed7e108a856319ff972306cf48be00cd4ac04376cc2dac947b7074ea0e2f2743e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk

Filesize
1KB

MD5
d257e09a77dfd00921fee507aa12d627

SHA1
aa00849b753ac68ba2d2fc946bc386fb32591653

SHA256
252b603f41906bfbe5cd5da49a01ab8d5f8965e83ca1549535c714d15f64352f

SHA512
a2c568404441e3a6e94b6dc18a89c40a2a025160a87ab9f1c72f2b380c38fecd35ec0ad5f7cdb34732135e84cc3d46fa05a81da74f942c4fc03c1a7383ab20af

Download Submit
C:\Users\Admin\Desktop\Crossout.lnk

Filesize
1KB

MD5
aeb7a8df27889882c38fe6f76b8d47c9

SHA1
efca08dab150087a04d80e17edd608463d64b2a9

SHA256
9335c00f9fde9372a8b5e4261ed97590fbd45bbbf7d7139733ef1ab09b8494b5

SHA512
d403581e48778f981b6c84191cd0eed2c04e63af52c2f60073e7681995dea2a83c313ed489d22a178811044d955005964b898488d7f1103a50bd90436a2cf2c2

Download Submit
C:\Users\Admin\Desktop\War Thunder.lnk

Filesize
1KB

MD5
7fecf2aed5168eb94b3c155360cceb60

SHA1
33d61056040e4460fecae25119e7c525a06194da

SHA256
a9cdfab8c2ce3906e9212888e1cc4576289e752abc73b12339d3232cffa3375b

SHA512
8f026a61131d5b29a8bf658cfb8eda7b4abafbf7ba1ca0584edc2a4d7cc328505229614e1a1ab0fba630c3b52dcd65133e80cf07e08ec119ce6603fba5fb3505

Download Submit
C:\Users\Admin\Desktop\World of Warships.lnk

Filesize
1KB

MD5
023b992a1ccd3bf386ee845bf3d5cd97

SHA1
427b8ddc2078ba046c0586ff3b4caa2c0063e276

SHA256
7d36fbf87ddf63443eb6e1f6390d1e532e7c674e31764e98a54255bff42cf5a9

SHA512
bb136786fbf73328f1be451dd3faf9d58f42ba05b6d41df1f8034032cb8f04706d86c1e28c9557b9952164a31f4b58904fd380d8b9552a05fdb2ce2d72b1ba3d

Download Submit
\Program Files (x86)\AppWizard\AppWizard.exe

Filesize
12.5MB

MD5
ffa9ada8b78f6b9f46f6b7d1d320f25e

SHA1
b4a9600075e14607dba960d954f769a90d08f323

SHA256
5b282bc459953786f637d6888c3e9ec3c4dd348759dcb132aa48560241b8235f

SHA512
bf82c7a1f9a76b1f44bc00f08c475151f44a13f061a59b79ec35a3bb2ea9cf9c49c376cb9a6ca347e0ee495a3169cd9fb1e82e679ba2a5523ce672ffa9d889dd

Download Submit
\Program Files (x86)\AppWizard\AppWizard.exe

Filesize
12.5MB

MD5
ffa9ada8b78f6b9f46f6b7d1d320f25e

SHA1
b4a9600075e14607dba960d954f769a90d08f323

SHA256
5b282bc459953786f637d6888c3e9ec3c4dd348759dcb132aa48560241b8235f

SHA512
bf82c7a1f9a76b1f44bc00f08c475151f44a13f061a59b79ec35a3bb2ea9cf9c49c376cb9a6ca347e0ee495a3169cd9fb1e82e679ba2a5523ce672ffa9d889dd

Download Submit
\Program Files (x86)\AppWizard\AppWizard.exe

Filesize
12.5MB

MD5
ffa9ada8b78f6b9f46f6b7d1d320f25e

SHA1
b4a9600075e14607dba960d954f769a90d08f323

SHA256
5b282bc459953786f637d6888c3e9ec3c4dd348759dcb132aa48560241b8235f

SHA512
bf82c7a1f9a76b1f44bc00f08c475151f44a13f061a59b79ec35a3bb2ea9cf9c49c376cb9a6ca347e0ee495a3169cd9fb1e82e679ba2a5523ce672ffa9d889dd

Download Submit
\Program Files (x86)\AppWizard\Uninstall.exe

Filesize
650KB

MD5
bc0bd84c0b5966c1523f5d7e7c3dbb7a

SHA1
3a879945ab218f18257d412a37b859f517c26545

SHA256
2c87cd61180a1cd28b7ec7064fe8da0915fc7ce44bf986942b8079941909d1e2

SHA512
c7f379e159f813fda110744f89954447cad594bce6fd1e525729161c792393b816b26b070cf39a5aa7ea1663cc8580810c4de0b7640ffc1a6fdbb07c3afe2cb9

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Program Files (x86)\AppWizard\syspin.exe

Filesize
19KB

MD5
2a2562abc95e695eab3eeffbe16ead5f

SHA1
b72a07d05e0d8f07b7c06312c34b7cf26920a6b3

SHA256
07d6c3a19a8e3e243e9545a41dd30a9ee1e9ad79cdd6d446c229d689e5ab574a

SHA512
4aa9598ffa686aca161532a60341a226052ca2c7beaf0f864009f5b92c8e45aa1738b3b17c9a02b3d9140eef74c06ff8c9e7a42dc9e47d1951ec9bbc588628e2

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe

Filesize
198KB

MD5
64f01094081e5214edde9d6d75fca1b5

SHA1
d7364c6fb350843c004e18fc0bce468eaa64718f

SHA256
5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0

SHA512
a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\downloader.exe

Filesize
198KB

MD5
64f01094081e5214edde9d6d75fca1b5

SHA1
d7364c6fb350843c004e18fc0bce468eaa64718f

SHA256
5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0

SHA512
a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\params.dll

Filesize
3KB

MD5
969ce988621ed50c93912b105bc6dab0

SHA1
ede3444ca9fcef23254d8dfdf5b626d7db6d4452

SHA256
adcecdf9f78ffca7143bb43ae6c5ef171a061f026da40a1e5deb7fc79597ef89

SHA512
efa7bdb989ebd4d0bebff9469825e5369534e87032d99a5bc427c741f8c1a285a91d3040236cf99f8509277d7f7857a1d91bde014fc7a68c5118540981b07902

Download Submit
\Users\Admin\AppData\Local\Temp\is-HA4EB.tmp\resource.dll

Filesize
1.6MB

MD5
1d61244742fc07ad93f546ed295f0315

SHA1
81ff2afa7e6e1d9fed9135574a8784e9f3074271

SHA256
b79aa0c165ab022d86400f108e5e3252a3f68cc65bc7c04fc2e2429ffa913b97

SHA512
19427da93561a0a569c3b49b00bc091dcd6b4c9e2b88c41a8f769228275de67cc958e09d2170db838079e1bce060175c92b873b1189324c64e2d2524092f5494

Download Submit
\Users\Admin\AppData\Local\Temp\is-VMCEE.tmp\AppWizardSetup_1.97.19.tmp

Filesize
2.4MB

MD5
20bf8d856af2c17cc1af74eaa988f7f6

SHA1
f84a01cfd9e4e98caa2fb380471cb5eeecbf6a23

SHA256
8a2c9e81e612e434f5a26ffc06fb23da1aa053cfba57f6a048e4865417b124e4

SHA512
d119e20c59a5aa52f987db97455f985027683fe55ac838b1f08d28e88e2f53419ef855b05c99f76a49a7351ec67a485d518eea54d8cc6a0e0fe848f5ce3d1431

Download Submit
memory/1048-189-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1048-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/1048-61-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1048-55-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1216-117-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-125-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-149-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-188-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-151-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-152-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-134-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-132-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-142-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-187-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-159-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-176-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-186-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-118-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-115-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-166-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-182-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-108-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-169-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-101-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-98-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1216-96-0x0000000002A20000-0x0000000002A2A000-memory.dmp

Filesize
40KB

Download
memory/1996-68-0x0000000074711000-0x0000000074713000-memory.dmp

Filesize
8KB

Download