babadeda | 76b3d17196dd9e99eadd46e8bc760ec8809a0c723f66fb687ab8576dd1299e34

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BROWSER_.exe
Size

35.1MB
MD5

edde1633579f5e1f0543140cfbfa50fb
SHA1

4233ff7941da62b86fc2c2d92be0572c9ab534c8
SHA256

23b14288d49610a8eef61977b7fc49a963f1261fe29b1668b4443a04eaf493cb
SHA512

e03a1575824ea04d30e3c3290d87e73be689014970e94ddc56f157766bc048faa5129e4589be0b8a404ce75c0fdf4301973c21cb5593a9c6006f26709507bf5c
SSDEEP

786432:SQRwdPcRZMRDY8X9XRTuCpZD7U4qRVOtIqNi0f9jphU7oDM8ETp9an3aZO:1RwdPcRZuDYg1pZfUNRctpNi0f9dhU7a

Score

10^/10

babadeda netsupport crypter evasion loader persistence rat trojan

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

resource	yara_rule
behavioral1/memory/816-148-0x0000000019970000-0x000000001DE70000-memory.dmp	family_babadeda
behavioral1/memory/816-151-0x0000000019970000-0x000000001DE70000-memory.dmp	family_babadeda

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport

Executes dropped EXE 5 IoCs

pid	Process
816	gwspro.exe
536	client32.exe
1432	uninstall.exe
568	GoogleUpdate.exe
1780	GoogleUpdate.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe	GoogleUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0"	GoogleUpdate.exe

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetSupport.url	gwspro.exe

Loads dropped DLL 64 IoCs

pid	Process
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
864	BROWSER_.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe
816	gwspro.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BROWSER_.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	gwspro.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	gwspro.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\psuser.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\psmachine.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_ko.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_sw.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_te.dll	uninstall.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleUpdateSetup.exe	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_es.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\psmachine.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\psmachine_64.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_no.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_en-GB.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ca.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_nl.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_th.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_bg.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_es-419.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_en.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_gu.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_is.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sl.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_ro.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_ur.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_tr.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_uk.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_kn.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_pl.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ta.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_cs.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_it.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_lv.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_uk.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleCrashHandler.exe	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\psuser.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_zh-CN.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleUpdateSetup.exe	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_cs.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sr.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_fil.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_lv.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_th.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\psmachine_64.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_iw.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sw.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_kn.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sv.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleUpdate.exe	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_de.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_vi.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_fa.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_lt.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_pt-BR.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_fi.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_hi.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_ta.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_zh-CN.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleUpdateBroker.exe	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_gu.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_ca.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_es.dll	uninstall.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\goopdateres_fr.dll	uninstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	BROWSER_.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	BROWSER_.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BROWSER_.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ = "GoogleUpdate Update3Web"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ = "ServiceModule"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\ = "GoogleUpdate Update3Web"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CLSID\ = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ProgID\ = "GoogleUpdate.PolicyStatusSvc.1.0"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\PROGID	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID\ = "GoogleUpdate.OnDemandCOMClassSvc"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CurVer\ = "GoogleUpdate.Update3WebSvc.1.0"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\CLSID\ = "{1C4CDEFF-756A-4804-9E77-3E8EB9361016}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\PROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID\ = "GoogleUpdate.CoreClass.1"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ = "Google Update Policy Status Class"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\ = "Google Update Core Class"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID\ = "GoogleUpdate.Update3WebSvc.1.0"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\ = "Google Update Core Class"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID\ = "GoogleUpdate.Update3COMClassService.1.0"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\PROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ = "Google Update Legacy On Demand"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\LocalService = "gupdate"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\ = "Update3COMClass"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ = "Update3COMClass"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0\CLSID\ = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc\CurVer\ = "GoogleUpdate.PolicyStatusSvc.1.0"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\PROGID	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ProgID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\ = "Update3COMClass"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID\ = "GoogleUpdate.Update3COMClassService"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\CLSID\ = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ = "Google Update Core Class"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID\ = "GoogleUpdate.CoreClass"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ServiceParameters = "/comsvc"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\AppID = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID	GoogleUpdate.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
864	BROWSER_.exe
864	BROWSER_.exe
568	GoogleUpdate.exe
568	GoogleUpdate.exe
568	GoogleUpdate.exe
568	GoogleUpdate.exe
568	GoogleUpdate.exe
568	GoogleUpdate.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	536	client32.exe
Token: SeDebugPrivilege	568	GoogleUpdate.exe
Token: SeDebugPrivilege	568	GoogleUpdate.exe
Token: SeDebugPrivilege	568	GoogleUpdate.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
536	client32.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 816	864	BROWSER_.exe	27
PID 864 wrote to memory of 816	864	BROWSER_.exe	27
PID 864 wrote to memory of 816	864	BROWSER_.exe	27
PID 864 wrote to memory of 816	864	BROWSER_.exe	27
PID 816 wrote to memory of 536	816	gwspro.exe	28
PID 816 wrote to memory of 536	816	gwspro.exe	28
PID 816 wrote to memory of 536	816	gwspro.exe	28
PID 816 wrote to memory of 536	816	gwspro.exe	28
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 816 wrote to memory of 1432	816	gwspro.exe	29
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 1432 wrote to memory of 568	1432	uninstall.exe	31
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32
PID 568 wrote to memory of 1780	568	GoogleUpdate.exe	32

C:\Users\Admin\AppData\Local\Temp\BROWSER_.exe
"C:\Users\Admin\AppData\Local\Temp\BROWSER_.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:864
- C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe
  "C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe"
  2⤵
  - Executes dropped EXE
  - Drops startup file
  - Loads dropped DLL
  - Maps connected drives based on registry
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Users\Admin\AppData\Roaming\NetSupport_v_2.28851\client32.exe
    "C:\Users\Admin\AppData\Roaming\NetSupport_v_2.28851\client32.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:536
- - C:\Users\Admin\AppData\Roaming\NetSupport_v_2.28851\uninstall.exe
    "C:\Users\Admin\AppData\Roaming\NetSupport_v_2.28851\uninstall.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:1432
  - - C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Temp\GUM4E9E.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={1266CA4D-0917-452A-19FA-B8B51EF60ACD}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
      4⤵
      Executes dropped EXE
      Sets file execution options in registry
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:568
    - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\GWSHDP.dll

Filesize
277KB

MD5
e1a773c2ceec1d3798be988269b36806

SHA1
06906aee0ddba30e560e4b60e140e0c098519bb2

SHA256
5e920fbcc14ac82ec5abf2ca63523fa17f03a261dc09ee6b1976b291c2ab0097

SHA512
f1468b9b12060a5b5143331cf16d7e30b1c042b621133818cd337d621a8bcc25306dd4c7e97af9ed32573f0da253d6e2d0b88bb75332abf57ae80c75c9055058

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
86279521328398e87699d248628eb13a

SHA1
e4d4c39bda90635f1f5c2fc58b1304e2daac9caf

SHA256
3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337

SHA512
2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
422adad24e8da100f85bf3de86b5f302

SHA1
7004b3ed8663b5890cd25e1a7899a766be912728

SHA256
e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956

SHA512
e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
602a35b140d9d68d7b3e488896158365

SHA1
f1ba615abb54ff786ddbc74dffffd56394bfc892

SHA256
43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52

SHA512
4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
a07afa26ab56a8d3b8b16591a1962005

SHA1
2b6f3143487f747911ee20f039f1ffb1381858ac

SHA256
6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b

SHA512
b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
ed215daa7493bf93c5eadef178a261e0

SHA1
b20c8dc7ba00f98a326f5f4fd55329b72f8e5699

SHA256
8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26

SHA512
3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a9c7db516186c8e367fed757e238c61a

SHA1
1318d6496e7146e773aca85be6d0e9b87a09e284

SHA256
ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659

SHA512
6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
c6385b316bb04ca36d76b077eeb9a61e

SHA1
fc376f68798fecd41fb1c936eed1bce3f2ee6bef

SHA256
060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc

SHA512
bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
cf5f256e8cd76ba85e6c3047f078814a

SHA1
b7cde77313ceaae76a46c1111b33b3d8f47c4214

SHA256
9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1

SHA512
856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
78dfcb76dc8b42411dbc682f78f5c6eb

SHA1
e50f6719fee44c70518cf8442737a688b5f45e62

SHA256
8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f

SHA512
968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
8bd7a27e6ca969d3eb46086d411ce05d

SHA1
3bbf6f55853b1487debca58d7cb5c877d0abd517

SHA256
8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c

SHA512
fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
f681a45c47ebb2c56c1465677ec33ff3

SHA1
06bf7798c51325cf1806e14dea56ff98b05b7846

SHA256
3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af

SHA512
eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
00446e48d60abf044acc72b46d5c3afb

SHA1
0ccc0c5034ac063e1d4af851b0de1f4ea99aff97

SHA256
82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a

SHA512
69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\bz2.dll

Filesize
63KB

MD5
37b38a8e9fbc70f3ed962e5720795a04

SHA1
171692daf0a136154edde6e22c791d238ae8c1d0

SHA256
f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

SHA512
9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\freetype.dll

Filesize
554KB

MD5
839c270a8ba5444eebddd293c61e6333

SHA1
0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

SHA256
ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

SHA512
d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsfiltr.dll

Filesize
8.8MB

MD5
735b7766552aef741b7d76219dfc4e78

SHA1
fed6aba5db69dc0c13d8aafd8e751343eb0e5a2d

SHA256
76a4ad74a53bef71afa0f7be6c055287a11418aa117c2386881d424fd52d3922

SHA512
e3ee40c8377955efd280af9449385b0dab5e3faf2d1c71f1984a5242fd5f320b46389aed5f1d1c022a52836b04c978f9e8934ad7bd2a4d802793a6596cad47c1

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsjpg.dll

Filesize
529KB

MD5
eac122fbb0d32a242ecc412c125314dc

SHA1
7f5a1cb200270e938ce88bb9fd0752af1a222967

SHA256
026b0032a14ea867f640508fa4959e37215af83458d579c469c6f99b7d1b3522

SHA512
3df8c47e5f14c9318b8524465fc3e0eeb5ca17bb93093b27616ef871c33a6e55a57721aae45bd40986f3f09fc92daa85a773a8426ea4b13f45bad47dc26b70d7

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspng.dll

Filesize
309KB

MD5
a32fe44873d30c83c70f8f811d89dfd7

SHA1
a1879a07bdc6b068fbffb27ed2dbfce1cfeac7a0

SHA256
70ab3b3b2f232f2a20e08feadb9ae5286dd10e71f62321f371e5bb532e0b0f38

SHA512
98739f4a890a0b4d3987717047e9b45dcb8919da74781966bddfdbd6e9efe58bbe9ebd7d5fb5ed4fe3ca4edfa1cc462b65f64a00760ab59257f26ae717d13ede

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe

Filesize
21.8MB

MD5
8dc6f7a135d4a70ff1ef4b25dad052ec

SHA1
7c090065de1090fa92ff01f06739fbca04e6936d

SHA256
af81ae71376bb3abc9eb1a9f59c76224a43b2a68aceb6e5ac3d93f05fc259715

SHA512
f6651693e448861a3a6aee89e5c62fa4dc23305ed9b967d388bcad70cd4d2d3a5b8a69166f69577dde4e165f629805d9d3f97c45a9e26f1f4ffaa1a3c2cf0868

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstif.dll

Filesize
337KB

MD5
0d64f5aa32fe233c9e1c904f2c2ee1cb

SHA1
123cba972afcd5fd1807232f6e47dea8e0355fc6

SHA256
8f91fcc534dd362cd396db278bc77e099e640ae512912356a3270d5bb27af1a1

SHA512
f1990718dc1115f23fa5b6f7b5723acf950ce8e964b8ed6604383f72f5aeece5a1e51e6104bb1eefc68d4fc1a2bc269bc76f51edd7f01ccffffbda114a0a6b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstxtr.dll

Filesize
8.8MB

MD5
01a2a91d47aee9ed5ded3906b5445c6a

SHA1
c3877815053c706a72c7a57244c2e8eff799a48d

SHA256
0777a20e126badc87177973bc324963e22ad133b69af0ab71f84b3342487d817

SHA512
dacea5bffdfd0c05b1b87145c9a5ef0e5fb38e67d8c092c1ee45d35b5445f6d417071a1ee96bbd30088c2b2da0c5a43baf5bb35687c2cff4345acb36e6e5be8e

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libnoise.dll

Filesize
174KB

MD5
48bf2825c8e989edf818ae1a82fb7fe1

SHA1
a857a7f315be110cdb0bae1bc8f6e00fc3cd37b0

SHA256
fe279cfc76c514810bbceba281254e6fd9ff696fc33ecfaba175d778e565a866

SHA512
48b4f30ee23f95537cd1a8016758c057437794a6e3e42407bde9c3e8fd8c26a1add34bda0cbe0b9297cd9c01bb3960bbadf5ea6b7de41f69ffd8cad99789a731

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\libup40.dll

Filesize
23KB

MD5
dad62964697e998a6917373c0c115358

SHA1
2d6b1900e093c9c8bcce642792e3fadc90b3b0ac

SHA256
ecaf6da2a4dbe72fca16b9a758ed0bc2751884d9315411285555d8781617ef58

SHA512
fd357e94ab7d7b131d0b8a6d5e2180479d8fa82179c4b04a3d80cf7f2ca796b21d0e8f4f0102734dcadba103138d37000f558dec941a06fb12dcaaa954bef476

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\swfex.dll

Filesize
180KB

MD5
67f16582d51d20bc4aef0a19731d3280

SHA1
61679dbe1d13d9c25000142fd51b9f4e952a7098

SHA256
87eb8bc7404a7f7019dda05896831f77649479dbe761ac1efc8af37e4ea2bcb0

SHA512
159043e070e0e237c2a9fd3721b3bd687cff50f79f12312037d68b471c1d3418c41a7f8a23889ffe4994e5a950b4642a77071e47ad9c358f56f432ed9ce96f96

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\ucrtbase.DLL

Filesize
880KB

MD5
5dafe0bfb955e780b3d50da4524b752f

SHA1
91c0d9fabe748d373215ba21b90278671b5f8957

SHA256
6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9

SHA512
37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Download Submit
C:\Users\Admin\AppData\Roaming\Steelray Project Viewer\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR1DCE.tmp

Filesize
99KB

MD5
2c9676a3167739f36912818acb8e9860

SHA1
cd9e5e56cc408c40c45caf49614c26fc7fde39f6

SHA256
75fc64a55afa86173947948d78ba5de98dfc35c487166a6682fe71ed5f6f877a

SHA512
a6c375511d9d339b889adcca4a95bc23df9e207f86605f6d6d04ab7e211901cdc3012860ed844a5c36737369e01dc70b212f5960d8a662fdc720ad98e1202aa1

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR1E7B.tmp

Filesize
288KB

MD5
122a3741699fb5c0950273245c9dea15

SHA1
811f9149e3310a8e6521da156f92f3aaab012145

SHA256
f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab

SHA512
567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR1F37.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR214A.tmp

Filesize
169KB

MD5
cf2d7b4de923b25955d96d2e65ce76bc

SHA1
8feee81fe77a7649b969d375778d2b78d842cf48

SHA256
0912c84ded4670c427db1f405eb68a5763eae8fa0a735abe44eea81be7dc44ea

SHA512
d26a0983f0323655eddc48863a409d172a4623bd7ed465b5a4675477938de10127323040da77c80201c3a816315d98cace5194207e22b0a6ac2e65ae6795dc4f

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR217A.tmp

Filesize
532KB

MD5
a6f7a08b0676f0564a51b5c47973e635

SHA1
d56f5f9e2580b81717317da6582da9d379426d5b

SHA256
5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c

SHA512
1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR2236.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR2276.tmp

Filesize
14KB

MD5
77fe66d74901495f4b41a5918acd02ff

SHA1
ce5bbd53152cd5b03df8bcc232a1aea36a012764

SHA256
b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522

SHA512
cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR2361.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR2813.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000360\BR2862.tmp

Filesize
150KB

MD5
efd81ea220094b0e91630b648d00e731

SHA1
226635424baf8146af055908c4c12b0a3faecd4f

SHA256
931c52c91ffbe12d820ff96570ba8db8abc36ac2fb852c87f2ef99271d7183fa

SHA512
fca9ffbcf94507cda23b5a68c4a598a25f0a0e22a7d429a125acbf95bdd03fd63ac80cf8738ae22d1730a73edb3325edc5b85af8d3337a62a97ac0f63dbccdbe

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
86279521328398e87699d248628eb13a

SHA1
e4d4c39bda90635f1f5c2fc58b1304e2daac9caf

SHA256
3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337

SHA512
2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
422adad24e8da100f85bf3de86b5f302

SHA1
7004b3ed8663b5890cd25e1a7899a766be912728

SHA256
e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956

SHA512
e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
602a35b140d9d68d7b3e488896158365

SHA1
f1ba615abb54ff786ddbc74dffffd56394bfc892

SHA256
43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52

SHA512
4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
a07afa26ab56a8d3b8b16591a1962005

SHA1
2b6f3143487f747911ee20f039f1ffb1381858ac

SHA256
6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b

SHA512
b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
ed215daa7493bf93c5eadef178a261e0

SHA1
b20c8dc7ba00f98a326f5f4fd55329b72f8e5699

SHA256
8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26

SHA512
3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a9c7db516186c8e367fed757e238c61a

SHA1
1318d6496e7146e773aca85be6d0e9b87a09e284

SHA256
ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659

SHA512
6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
c6385b316bb04ca36d76b077eeb9a61e

SHA1
fc376f68798fecd41fb1c936eed1bce3f2ee6bef

SHA256
060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc

SHA512
bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
cf5f256e8cd76ba85e6c3047f078814a

SHA1
b7cde77313ceaae76a46c1111b33b3d8f47c4214

SHA256
9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1

SHA512
856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
8bd7a27e6ca969d3eb46086d411ce05d

SHA1
3bbf6f55853b1487debca58d7cb5c877d0abd517

SHA256
8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c

SHA512
fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
f681a45c47ebb2c56c1465677ec33ff3

SHA1
06bf7798c51325cf1806e14dea56ff98b05b7846

SHA256
3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af

SHA512
eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
00446e48d60abf044acc72b46d5c3afb

SHA1
0ccc0c5034ac063e1d4af851b0de1f4ea99aff97

SHA256
82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a

SHA512
69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\bz2.dll

Filesize
63KB

MD5
37b38a8e9fbc70f3ed962e5720795a04

SHA1
171692daf0a136154edde6e22c791d238ae8c1d0

SHA256
f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

SHA512
9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\freetype.dll

Filesize
554KB

MD5
839c270a8ba5444eebddd293c61e6333

SHA1
0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

SHA256
ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

SHA512
d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsfiltr.dll

Filesize
8.8MB

MD5
735b7766552aef741b7d76219dfc4e78

SHA1
fed6aba5db69dc0c13d8aafd8e751343eb0e5a2d

SHA256
76a4ad74a53bef71afa0f7be6c055287a11418aa117c2386881d424fd52d3922

SHA512
e3ee40c8377955efd280af9449385b0dab5e3faf2d1c71f1984a5242fd5f320b46389aed5f1d1c022a52836b04c978f9e8934ad7bd2a4d802793a6596cad47c1

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwshdp.dll

Filesize
277KB

MD5
e1a773c2ceec1d3798be988269b36806

SHA1
06906aee0ddba30e560e4b60e140e0c098519bb2

SHA256
5e920fbcc14ac82ec5abf2ca63523fa17f03a261dc09ee6b1976b291c2ab0097

SHA512
f1468b9b12060a5b5143331cf16d7e30b1c042b621133818cd337d621a8bcc25306dd4c7e97af9ed32573f0da253d6e2d0b88bb75332abf57ae80c75c9055058

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwsjpg.dll

Filesize
529KB

MD5
eac122fbb0d32a242ecc412c125314dc

SHA1
7f5a1cb200270e938ce88bb9fd0752af1a222967

SHA256
026b0032a14ea867f640508fa4959e37215af83458d579c469c6f99b7d1b3522

SHA512
3df8c47e5f14c9318b8524465fc3e0eeb5ca17bb93093b27616ef871c33a6e55a57721aae45bd40986f3f09fc92daa85a773a8426ea4b13f45bad47dc26b70d7

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspng.dll

Filesize
309KB

MD5
a32fe44873d30c83c70f8f811d89dfd7

SHA1
a1879a07bdc6b068fbffb27ed2dbfce1cfeac7a0

SHA256
70ab3b3b2f232f2a20e08feadb9ae5286dd10e71f62321f371e5bb532e0b0f38

SHA512
98739f4a890a0b4d3987717047e9b45dcb8919da74781966bddfdbd6e9efe58bbe9ebd7d5fb5ed4fe3ca4edfa1cc462b65f64a00760ab59257f26ae717d13ede

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe

Filesize
21.8MB

MD5
8dc6f7a135d4a70ff1ef4b25dad052ec

SHA1
7c090065de1090fa92ff01f06739fbca04e6936d

SHA256
af81ae71376bb3abc9eb1a9f59c76224a43b2a68aceb6e5ac3d93f05fc259715

SHA512
f6651693e448861a3a6aee89e5c62fa4dc23305ed9b967d388bcad70cd4d2d3a5b8a69166f69577dde4e165f629805d9d3f97c45a9e26f1f4ffaa1a3c2cf0868

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwspro.exe

Filesize
21.8MB

MD5
8dc6f7a135d4a70ff1ef4b25dad052ec

SHA1
7c090065de1090fa92ff01f06739fbca04e6936d

SHA256
af81ae71376bb3abc9eb1a9f59c76224a43b2a68aceb6e5ac3d93f05fc259715

SHA512
f6651693e448861a3a6aee89e5c62fa4dc23305ed9b967d388bcad70cd4d2d3a5b8a69166f69577dde4e165f629805d9d3f97c45a9e26f1f4ffaa1a3c2cf0868

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstif.dll

Filesize
337KB

MD5
0d64f5aa32fe233c9e1c904f2c2ee1cb

SHA1
123cba972afcd5fd1807232f6e47dea8e0355fc6

SHA256
8f91fcc534dd362cd396db278bc77e099e640ae512912356a3270d5bb27af1a1

SHA512
f1990718dc1115f23fa5b6f7b5723acf950ce8e964b8ed6604383f72f5aeece5a1e51e6104bb1eefc68d4fc1a2bc269bc76f51edd7f01ccffffbda114a0a6b1f

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\gwstxtr.dll

Filesize
8.8MB

MD5
01a2a91d47aee9ed5ded3906b5445c6a

SHA1
c3877815053c706a72c7a57244c2e8eff799a48d

SHA256
0777a20e126badc87177973bc324963e22ad133b69af0ab71f84b3342487d817

SHA512
dacea5bffdfd0c05b1b87145c9a5ef0e5fb38e67d8c092c1ee45d35b5445f6d417071a1ee96bbd30088c2b2da0c5a43baf5bb35687c2cff4345acb36e6e5be8e

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\libnoise.dll

Filesize
174KB

MD5
48bf2825c8e989edf818ae1a82fb7fe1

SHA1
a857a7f315be110cdb0bae1bc8f6e00fc3cd37b0

SHA256
fe279cfc76c514810bbceba281254e6fd9ff696fc33ecfaba175d778e565a866

SHA512
48b4f30ee23f95537cd1a8016758c057437794a6e3e42407bde9c3e8fd8c26a1add34bda0cbe0b9297cd9c01bb3960bbadf5ea6b7de41f69ffd8cad99789a731

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\libup40.dll

Filesize
23KB

MD5
dad62964697e998a6917373c0c115358

SHA1
2d6b1900e093c9c8bcce642792e3fadc90b3b0ac

SHA256
ecaf6da2a4dbe72fca16b9a758ed0bc2751884d9315411285555d8781617ef58

SHA512
fd357e94ab7d7b131d0b8a6d5e2180479d8fa82179c4b04a3d80cf7f2ca796b21d0e8f4f0102734dcadba103138d37000f558dec941a06fb12dcaaa954bef476

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\swfex.dll

Filesize
180KB

MD5
67f16582d51d20bc4aef0a19731d3280

SHA1
61679dbe1d13d9c25000142fd51b9f4e952a7098

SHA256
87eb8bc7404a7f7019dda05896831f77649479dbe761ac1efc8af37e4ea2bcb0

SHA512
159043e070e0e237c2a9fd3721b3bd687cff50f79f12312037d68b471c1d3418c41a7f8a23889ffe4994e5a950b4642a77071e47ad9c358f56f432ed9ce96f96

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\ucrtbase.dll

Filesize
880KB

MD5
5dafe0bfb955e780b3d50da4524b752f

SHA1
91c0d9fabe748d373215ba21b90278671b5f8957

SHA256
6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9

SHA512
37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
\Users\Admin\AppData\Roaming\Steelray Project Viewer\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
memory/816-131-0x00000000039E0000-0x00000000039F9000-memory.dmp

Filesize
100KB

Download
memory/816-137-0x0000000008CF0000-0x0000000008D0D000-memory.dmp

Filesize
116KB

Download
memory/816-157-0x0000000020920000-0x0000000020CB3000-memory.dmp

Filesize
3.6MB

Download
memory/816-78-0x00000000002A0000-0x00000000002F6000-memory.dmp

Filesize
344KB

Download
memory/816-75-0x0000000000250000-0x000000000029F000-memory.dmp

Filesize
316KB

Download
memory/816-72-0x00000000001C0000-0x0000000000246000-memory.dmp

Filesize
536KB

Download
memory/816-129-0x00000000003A0000-0x00000000003E1000-memory.dmp

Filesize
260KB

Download
memory/816-132-0x0000000008BA0000-0x0000000008BC2000-memory.dmp

Filesize
136KB

Download
memory/816-86-0x00000000082D0000-0x0000000008B9C000-memory.dmp

Filesize
8.8MB

Download
memory/816-133-0x0000000008BE0000-0x0000000008C3E000-memory.dmp

Filesize
376KB

Download
memory/816-134-0x0000000008C40000-0x0000000008C83000-memory.dmp

Filesize
268KB

Download
memory/816-135-0x0000000008C90000-0x0000000008CE5000-memory.dmp

Filesize
340KB

Download
memory/816-83-0x0000000007A00000-0x00000000082CB000-memory.dmp

Filesize
8.8MB

Download
memory/816-138-0x0000000008D20000-0x0000000008D5B000-memory.dmp

Filesize
236KB

Download
memory/816-140-0x0000000008D80000-0x0000000008DC2000-memory.dmp

Filesize
264KB

Download
memory/816-141-0x0000000008DD0000-0x0000000008E45000-memory.dmp

Filesize
468KB

Download
memory/816-142-0x0000000008E50000-0x0000000008EE3000-memory.dmp

Filesize
588KB

Download
memory/816-143-0x0000000008EF0000-0x000000000904B000-memory.dmp

Filesize
1.4MB

Download
memory/816-144-0x000000000FC10000-0x000000000FCCC000-memory.dmp

Filesize
752KB

Download
memory/816-148-0x0000000019970000-0x000000001DE70000-memory.dmp

Filesize
69.0MB

Download
memory/816-89-0x0000000000300000-0x000000000032E000-memory.dmp

Filesize
184KB

Download
memory/816-150-0x0000000020920000-0x0000000020CB3000-memory.dmp

Filesize
3.6MB

Download
memory/816-151-0x0000000019970000-0x000000001DE70000-memory.dmp

Filesize
69.0MB

Download
memory/816-93-0x0000000000330000-0x000000000035D000-memory.dmp

Filesize
180KB

Download
memory/864-54-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download